diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-11-25 20:50:08 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-11-25 20:50:08 -0500 |
commit | fc34acd36eecdec95171b98ef2516e3d4daa5c41 (patch) | |
tree | 18df71d4d0046aa7aeecf6a8980276827ad1ba14 /net | |
parent | a6483b790f8efcd8db190c1c0ff93f9d9efe919a (diff) |
netns xfrm: xfrm_user module in netns
Grab netns either from netlink socket, state or policy.
SA and SPD flush are in init_net for now, this requires little
attention, see below.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r-- | net/xfrm/xfrm_user.c | 76 |
1 files changed, 45 insertions, 31 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 8b5b01dfb77a..ab8b138e5e2f 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
@@ -316,11 +316,12 @@ static void xfrm_update_ae_params(struct xfrm_state *x, struct nlattr **attrs) | |||
316 | x->replay_maxdiff = nla_get_u32(rt); | 316 | x->replay_maxdiff = nla_get_u32(rt); |
317 | } | 317 | } |
318 | 318 | ||
319 | static struct xfrm_state *xfrm_state_construct(struct xfrm_usersa_info *p, | 319 | static struct xfrm_state *xfrm_state_construct(struct net *net, |
320 | struct xfrm_usersa_info *p, | ||
320 | struct nlattr **attrs, | 321 | struct nlattr **attrs, |
321 | int *errp) | 322 | int *errp) |
322 | { | 323 | { |
323 | struct xfrm_state *x = xfrm_state_alloc(&init_net); | 324 | struct xfrm_state *x = xfrm_state_alloc(net); |
324 | int err = -ENOMEM; | 325 | int err = -ENOMEM; |
325 | 326 | ||
326 | if (!x) | 327 | if (!x) |
@@ -391,6 +392,7 @@ error_no_put: | |||
391 | static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | 392 | static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, |
392 | struct nlattr **attrs) | 393 | struct nlattr **attrs) |
393 | { | 394 | { |
395 | struct net *net = sock_net(skb->sk); | ||
394 | struct xfrm_usersa_info *p = nlmsg_data(nlh); | 396 | struct xfrm_usersa_info *p = nlmsg_data(nlh); |
395 | struct xfrm_state *x; | 397 | struct xfrm_state *x; |
396 | int err; | 398 | int err; |
@@ -403,7 +405,7 @@ static int xfrm_add_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
403 | if (err) | 405 | if (err) |
404 | return err; | 406 | return err; |
405 | 407 | ||
406 | x = xfrm_state_construct(p, attrs, &err); | 408 | x = xfrm_state_construct(net, p, attrs, &err); |
407 | if (!x) | 409 | if (!x) |
408 | return err; | 410 | return err; |
409 | 411 | ||
@@ -431,7 +433,8 @@ out: | |||
431 | return err; | 433 | return err; |
432 | } | 434 | } |
433 | 435 | ||
434 | static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, | 436 | static struct xfrm_state *xfrm_user_state_lookup(struct net *net, |
437 | struct xfrm_usersa_id *p, | ||
435 | struct nlattr **attrs, | 438 | struct nlattr **attrs, |
436 | int *errp) | 439 | int *errp) |
437 | { | 440 | { |
@@ -440,7 +443,7 @@ static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, | |||
440 | 443 | ||
441 | if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { | 444 | if (xfrm_id_proto_match(p->proto, IPSEC_PROTO_ANY)) { |
442 | err = -ESRCH; | 445 | err = -ESRCH; |
443 | x = xfrm_state_lookup(&init_net, &p->daddr, p->spi, p->proto, p->family); | 446 | x = xfrm_state_lookup(net, &p->daddr, p->spi, p->proto, p->family); |
444 | } else { | 447 | } else { |
445 | xfrm_address_t *saddr = NULL; | 448 | xfrm_address_t *saddr = NULL; |
446 | 449 | ||
@@ -451,7 +454,7 @@ static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, | |||
451 | } | 454 | } |
452 | 455 | ||
453 | err = -ESRCH; | 456 | err = -ESRCH; |
454 | x = xfrm_state_lookup_byaddr(&init_net, &p->daddr, saddr, | 457 | x = xfrm_state_lookup_byaddr(net, &p->daddr, saddr, |
455 | p->proto, p->family); | 458 | p->proto, p->family); |
456 | } | 459 | } |
457 | 460 | ||
@@ -464,6 +467,7 @@ static struct xfrm_state *xfrm_user_state_lookup(struct xfrm_usersa_id *p, | |||
464 | static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | 467 | static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, |
465 | struct nlattr **attrs) | 468 | struct nlattr **attrs) |
466 | { | 469 | { |
470 | struct net *net = sock_net(skb->sk); | ||
467 | struct xfrm_state *x; | 471 | struct xfrm_state *x; |
468 | int err = -ESRCH; | 472 | int err = -ESRCH; |
469 | struct km_event c; | 473 | struct km_event c; |
@@ -472,7 +476,7 @@ static int xfrm_del_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
472 | u32 sessionid = NETLINK_CB(skb).sessionid; | 476 | u32 sessionid = NETLINK_CB(skb).sessionid; |
473 | u32 sid = NETLINK_CB(skb).sid; | 477 | u32 sid = NETLINK_CB(skb).sid; |
474 | 478 | ||
475 | x = xfrm_user_state_lookup(p, attrs, &err); | 479 | x = xfrm_user_state_lookup(net, p, attrs, &err); |
476 | if (x == NULL) | 480 | if (x == NULL) |
477 | return err; | 481 | return err; |
478 | 482 | ||
@@ -615,6 +619,7 @@ static int xfrm_dump_sa_done(struct netlink_callback *cb) | |||
615 | 619 | ||
616 | static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) | 620 | static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) |
617 | { | 621 | { |
622 | struct net *net = sock_net(skb->sk); | ||
618 | struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1]; | 623 | struct xfrm_state_walk *walk = (struct xfrm_state_walk *) &cb->args[1]; |
619 | struct xfrm_dump_info info; | 624 | struct xfrm_dump_info info; |
620 | 625 | ||
@@ -631,7 +636,7 @@ static int xfrm_dump_sa(struct sk_buff *skb, struct netlink_callback *cb) | |||
631 | xfrm_state_walk_init(walk, 0); | 636 | xfrm_state_walk_init(walk, 0); |
632 | } | 637 | } |
633 | 638 | ||
634 | (void) xfrm_state_walk(&init_net, walk, dump_one_state, &info); | 639 | (void) xfrm_state_walk(net, walk, dump_one_state, &info); |
635 | 640 | ||
636 | return skb->len; | 641 | return skb->len; |
637 | } | 642 | } |
@@ -776,13 +781,13 @@ static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
776 | static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | 781 | static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, |
777 | struct nlattr **attrs) | 782 | struct nlattr **attrs) |
778 | { | 783 | { |
779 | struct net *net = &init_net; | 784 | struct net *net = sock_net(skb->sk); |
780 | struct xfrm_usersa_id *p = nlmsg_data(nlh); | 785 | struct xfrm_usersa_id *p = nlmsg_data(nlh); |
781 | struct xfrm_state *x; | 786 | struct xfrm_state *x; |
782 | struct sk_buff *resp_skb; | 787 | struct sk_buff *resp_skb; |
783 | int err = -ESRCH; | 788 | int err = -ESRCH; |
784 | 789 | ||
785 | x = xfrm_user_state_lookup(p, attrs, &err); | 790 | x = xfrm_user_state_lookup(net, p, attrs, &err); |
786 | if (x == NULL) | 791 | if (x == NULL) |
787 | goto out_noput; | 792 | goto out_noput; |
788 | 793 | ||
@@ -823,7 +828,7 @@ static int verify_userspi_info(struct xfrm_userspi_info *p) | |||
823 | static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, | 828 | static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, |
824 | struct nlattr **attrs) | 829 | struct nlattr **attrs) |
825 | { | 830 | { |
826 | struct net *net = &init_net; | 831 | struct net *net = sock_net(skb->sk); |
827 | struct xfrm_state *x; | 832 | struct xfrm_state *x; |
828 | struct xfrm_userspi_info *p; | 833 | struct xfrm_userspi_info *p; |
829 | struct sk_buff *resp_skb; | 834 | struct sk_buff *resp_skb; |
@@ -1082,9 +1087,9 @@ static void copy_to_user_policy(struct xfrm_policy *xp, struct xfrm_userpolicy_i | |||
1082 | p->share = XFRM_SHARE_ANY; /* XXX xp->share */ | 1087 | p->share = XFRM_SHARE_ANY; /* XXX xp->share */ |
1083 | } | 1088 | } |
1084 | 1089 | ||
1085 | static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp) | 1090 | static struct xfrm_policy *xfrm_policy_construct(struct net *net, struct xfrm_userpolicy_info *p, struct nlattr **attrs, int *errp) |
1086 | { | 1091 | { |
1087 | struct xfrm_policy *xp = xfrm_policy_alloc(&init_net, GFP_KERNEL); | 1092 | struct xfrm_policy *xp = xfrm_policy_alloc(net, GFP_KERNEL); |
1088 | int err; | 1093 | int err; |
1089 | 1094 | ||
1090 | if (!xp) { | 1095 | if (!xp) { |
@@ -1114,6 +1119,7 @@ static struct xfrm_policy *xfrm_policy_construct(struct xfrm_userpolicy_info *p, | |||
1114 | static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | 1119 | static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, |
1115 | struct nlattr **attrs) | 1120 | struct nlattr **attrs) |
1116 | { | 1121 | { |
1122 | struct net *net = sock_net(skb->sk); | ||
1117 | struct xfrm_userpolicy_info *p = nlmsg_data(nlh); | 1123 | struct xfrm_userpolicy_info *p = nlmsg_data(nlh); |
1118 | struct xfrm_policy *xp; | 1124 | struct xfrm_policy *xp; |
1119 | struct km_event c; | 1125 | struct km_event c; |
@@ -1130,7 +1136,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1130 | if (err) | 1136 | if (err) |
1131 | return err; | 1137 | return err; |
1132 | 1138 | ||
1133 | xp = xfrm_policy_construct(p, attrs, &err); | 1139 | xp = xfrm_policy_construct(net, p, attrs, &err); |
1134 | if (!xp) | 1140 | if (!xp) |
1135 | return err; | 1141 | return err; |
1136 | 1142 | ||
@@ -1267,6 +1273,7 @@ static int xfrm_dump_policy_done(struct netlink_callback *cb) | |||
1267 | 1273 | ||
1268 | static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) | 1274 | static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) |
1269 | { | 1275 | { |
1276 | struct net *net = sock_net(skb->sk); | ||
1270 | struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1]; | 1277 | struct xfrm_policy_walk *walk = (struct xfrm_policy_walk *) &cb->args[1]; |
1271 | struct xfrm_dump_info info; | 1278 | struct xfrm_dump_info info; |
1272 | 1279 | ||
@@ -1283,7 +1290,7 @@ static int xfrm_dump_policy(struct sk_buff *skb, struct netlink_callback *cb) | |||
1283 | xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY); | 1290 | xfrm_policy_walk_init(walk, XFRM_POLICY_TYPE_ANY); |
1284 | } | 1291 | } |
1285 | 1292 | ||
1286 | (void) xfrm_policy_walk(&init_net, walk, dump_one_policy, &info); | 1293 | (void) xfrm_policy_walk(net, walk, dump_one_policy, &info); |
1287 | 1294 | ||
1288 | return skb->len; | 1295 | return skb->len; |
1289 | } | 1296 | } |
@@ -1315,7 +1322,7 @@ static struct sk_buff *xfrm_policy_netlink(struct sk_buff *in_skb, | |||
1315 | static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | 1322 | static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, |
1316 | struct nlattr **attrs) | 1323 | struct nlattr **attrs) |
1317 | { | 1324 | { |
1318 | struct net *net = &init_net; | 1325 | struct net *net = sock_net(skb->sk); |
1319 | struct xfrm_policy *xp; | 1326 | struct xfrm_policy *xp; |
1320 | struct xfrm_userpolicy_id *p; | 1327 | struct xfrm_userpolicy_id *p; |
1321 | u8 type = XFRM_POLICY_TYPE_MAIN; | 1328 | u8 type = XFRM_POLICY_TYPE_MAIN; |
@@ -1395,6 +1402,7 @@ out: | |||
1395 | static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | 1402 | static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, |
1396 | struct nlattr **attrs) | 1403 | struct nlattr **attrs) |
1397 | { | 1404 | { |
1405 | struct net *net = sock_net(skb->sk); | ||
1398 | struct km_event c; | 1406 | struct km_event c; |
1399 | struct xfrm_usersa_flush *p = nlmsg_data(nlh); | 1407 | struct xfrm_usersa_flush *p = nlmsg_data(nlh); |
1400 | struct xfrm_audit audit_info; | 1408 | struct xfrm_audit audit_info; |
@@ -1403,7 +1411,7 @@ static int xfrm_flush_sa(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1403 | audit_info.loginuid = NETLINK_CB(skb).loginuid; | 1411 | audit_info.loginuid = NETLINK_CB(skb).loginuid; |
1404 | audit_info.sessionid = NETLINK_CB(skb).sessionid; | 1412 | audit_info.sessionid = NETLINK_CB(skb).sessionid; |
1405 | audit_info.secid = NETLINK_CB(skb).sid; | 1413 | audit_info.secid = NETLINK_CB(skb).sid; |
1406 | err = xfrm_state_flush(&init_net, p->proto, &audit_info); | 1414 | err = xfrm_state_flush(net, p->proto, &audit_info); |
1407 | if (err) | 1415 | if (err) |
1408 | return err; | 1416 | return err; |
1409 | c.data.proto = p->proto; | 1417 | c.data.proto = p->proto; |
@@ -1462,7 +1470,7 @@ nla_put_failure: | |||
1462 | static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, | 1470 | static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, |
1463 | struct nlattr **attrs) | 1471 | struct nlattr **attrs) |
1464 | { | 1472 | { |
1465 | struct net *net = &init_net; | 1473 | struct net *net = sock_net(skb->sk); |
1466 | struct xfrm_state *x; | 1474 | struct xfrm_state *x; |
1467 | struct sk_buff *r_skb; | 1475 | struct sk_buff *r_skb; |
1468 | int err; | 1476 | int err; |
@@ -1501,6 +1509,7 @@ static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1501 | static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, | 1509 | static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, |
1502 | struct nlattr **attrs) | 1510 | struct nlattr **attrs) |
1503 | { | 1511 | { |
1512 | struct net *net = sock_net(skb->sk); | ||
1504 | struct xfrm_state *x; | 1513 | struct xfrm_state *x; |
1505 | struct km_event c; | 1514 | struct km_event c; |
1506 | int err = - EINVAL; | 1515 | int err = - EINVAL; |
@@ -1515,7 +1524,7 @@ static int xfrm_new_ae(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1515 | if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) | 1524 | if (!(nlh->nlmsg_flags&NLM_F_REPLACE)) |
1516 | return err; | 1525 | return err; |
1517 | 1526 | ||
1518 | x = xfrm_state_lookup(&init_net, &p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); | 1527 | x = xfrm_state_lookup(net, &p->sa_id.daddr, p->sa_id.spi, p->sa_id.proto, p->sa_id.family); |
1519 | if (x == NULL) | 1528 | if (x == NULL) |
1520 | return -ESRCH; | 1529 | return -ESRCH; |
1521 | 1530 | ||
@@ -1540,6 +1549,7 @@ out: | |||
1540 | static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | 1549 | static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, |
1541 | struct nlattr **attrs) | 1550 | struct nlattr **attrs) |
1542 | { | 1551 | { |
1552 | struct net *net = sock_net(skb->sk); | ||
1543 | struct km_event c; | 1553 | struct km_event c; |
1544 | u8 type = XFRM_POLICY_TYPE_MAIN; | 1554 | u8 type = XFRM_POLICY_TYPE_MAIN; |
1545 | int err; | 1555 | int err; |
@@ -1552,7 +1562,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1552 | audit_info.loginuid = NETLINK_CB(skb).loginuid; | 1562 | audit_info.loginuid = NETLINK_CB(skb).loginuid; |
1553 | audit_info.sessionid = NETLINK_CB(skb).sessionid; | 1563 | audit_info.sessionid = NETLINK_CB(skb).sessionid; |
1554 | audit_info.secid = NETLINK_CB(skb).sid; | 1564 | audit_info.secid = NETLINK_CB(skb).sid; |
1555 | err = xfrm_policy_flush(&init_net, type, &audit_info); | 1565 | err = xfrm_policy_flush(net, type, &audit_info); |
1556 | if (err) | 1566 | if (err) |
1557 | return err; | 1567 | return err; |
1558 | c.data.type = type; | 1568 | c.data.type = type; |
@@ -1566,6 +1576,7 @@ static int xfrm_flush_policy(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1566 | static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | 1576 | static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, |
1567 | struct nlattr **attrs) | 1577 | struct nlattr **attrs) |
1568 | { | 1578 | { |
1579 | struct net *net = sock_net(skb->sk); | ||
1569 | struct xfrm_policy *xp; | 1580 | struct xfrm_policy *xp; |
1570 | struct xfrm_user_polexpire *up = nlmsg_data(nlh); | 1581 | struct xfrm_user_polexpire *up = nlmsg_data(nlh); |
1571 | struct xfrm_userpolicy_info *p = &up->pol; | 1582 | struct xfrm_userpolicy_info *p = &up->pol; |
@@ -1577,7 +1588,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1577 | return err; | 1588 | return err; |
1578 | 1589 | ||
1579 | if (p->index) | 1590 | if (p->index) |
1580 | xp = xfrm_policy_byid(&init_net, type, p->dir, p->index, 0, &err); | 1591 | xp = xfrm_policy_byid(net, type, p->dir, p->index, 0, &err); |
1581 | else { | 1592 | else { |
1582 | struct nlattr *rt = attrs[XFRMA_SEC_CTX]; | 1593 | struct nlattr *rt = attrs[XFRMA_SEC_CTX]; |
1583 | struct xfrm_sec_ctx *ctx; | 1594 | struct xfrm_sec_ctx *ctx; |
@@ -1594,7 +1605,7 @@ static int xfrm_add_pol_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1594 | if (err) | 1605 | if (err) |
1595 | return err; | 1606 | return err; |
1596 | } | 1607 | } |
1597 | xp = xfrm_policy_bysel_ctx(&init_net, type, p->dir, &p->sel, ctx, 0, &err); | 1608 | xp = xfrm_policy_bysel_ctx(net, type, p->dir, &p->sel, ctx, 0, &err); |
1598 | security_xfrm_policy_free(ctx); | 1609 | security_xfrm_policy_free(ctx); |
1599 | } | 1610 | } |
1600 | if (xp == NULL) | 1611 | if (xp == NULL) |
@@ -1629,12 +1640,13 @@ out: | |||
1629 | static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, | 1640 | static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh, |
1630 | struct nlattr **attrs) | 1641 | struct nlattr **attrs) |
1631 | { | 1642 | { |
1643 | struct net *net = sock_net(skb->sk); | ||
1632 | struct xfrm_state *x; | 1644 | struct xfrm_state *x; |
1633 | int err; | 1645 | int err; |
1634 | struct xfrm_user_expire *ue = nlmsg_data(nlh); | 1646 | struct xfrm_user_expire *ue = nlmsg_data(nlh); |
1635 | struct xfrm_usersa_info *p = &ue->state; | 1647 | struct xfrm_usersa_info *p = &ue->state; |
1636 | 1648 | ||
1637 | x = xfrm_state_lookup(&init_net, &p->id.daddr, p->id.spi, p->id.proto, p->family); | 1649 | x = xfrm_state_lookup(net, &p->id.daddr, p->id.spi, p->id.proto, p->family); |
1638 | 1650 | ||
1639 | err = -ENOENT; | 1651 | err = -ENOENT; |
1640 | if (x == NULL) | 1652 | if (x == NULL) |
@@ -1663,13 +1675,14 @@ out: | |||
1663 | static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, | 1675 | static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, |
1664 | struct nlattr **attrs) | 1676 | struct nlattr **attrs) |
1665 | { | 1677 | { |
1678 | struct net *net = sock_net(skb->sk); | ||
1666 | struct xfrm_policy *xp; | 1679 | struct xfrm_policy *xp; |
1667 | struct xfrm_user_tmpl *ut; | 1680 | struct xfrm_user_tmpl *ut; |
1668 | int i; | 1681 | int i; |
1669 | struct nlattr *rt = attrs[XFRMA_TMPL]; | 1682 | struct nlattr *rt = attrs[XFRMA_TMPL]; |
1670 | 1683 | ||
1671 | struct xfrm_user_acquire *ua = nlmsg_data(nlh); | 1684 | struct xfrm_user_acquire *ua = nlmsg_data(nlh); |
1672 | struct xfrm_state *x = xfrm_state_alloc(&init_net); | 1685 | struct xfrm_state *x = xfrm_state_alloc(net); |
1673 | int err = -ENOMEM; | 1686 | int err = -ENOMEM; |
1674 | 1687 | ||
1675 | if (!x) | 1688 | if (!x) |
@@ -1683,7 +1696,7 @@ static int xfrm_add_acquire(struct sk_buff *skb, struct nlmsghdr *nlh, | |||
1683 | } | 1696 | } |
1684 | 1697 | ||
1685 | /* build an XP */ | 1698 | /* build an XP */ |
1686 | xp = xfrm_policy_construct(&ua->policy, attrs, &err); | 1699 | xp = xfrm_policy_construct(net, &ua->policy, attrs, &err); |
1687 | if (!xp) { | 1700 | if (!xp) { |
1688 | kfree(x); | 1701 | kfree(x); |
1689 | return err; | 1702 | return err; |
@@ -2041,7 +2054,7 @@ static int build_expire(struct sk_buff *skb, struct xfrm_state *x, struct km_eve | |||
2041 | 2054 | ||
2042 | static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) | 2055 | static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) |
2043 | { | 2056 | { |
2044 | struct net *net = &init_net; | 2057 | struct net *net = xs_net(x); |
2045 | struct sk_buff *skb; | 2058 | struct sk_buff *skb; |
2046 | 2059 | ||
2047 | skb = nlmsg_new(xfrm_expire_msgsize(), GFP_ATOMIC); | 2060 | skb = nlmsg_new(xfrm_expire_msgsize(), GFP_ATOMIC); |
@@ -2056,7 +2069,7 @@ static int xfrm_exp_state_notify(struct xfrm_state *x, struct km_event *c) | |||
2056 | 2069 | ||
2057 | static int xfrm_aevent_state_notify(struct xfrm_state *x, struct km_event *c) | 2070 | static int xfrm_aevent_state_notify(struct xfrm_state *x, struct km_event *c) |
2058 | { | 2071 | { |
2059 | struct net *net = &init_net; | 2072 | struct net *net = xs_net(x); |
2060 | struct sk_buff *skb; | 2073 | struct sk_buff *skb; |
2061 | 2074 | ||
2062 | skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); | 2075 | skb = nlmsg_new(xfrm_aevent_msgsize(), GFP_ATOMIC); |
@@ -2122,7 +2135,7 @@ static inline size_t xfrm_sa_len(struct xfrm_state *x) | |||
2122 | 2135 | ||
2123 | static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) | 2136 | static int xfrm_notify_sa(struct xfrm_state *x, struct km_event *c) |
2124 | { | 2137 | { |
2125 | struct net *net = &init_net; | 2138 | struct net *net = xs_net(x); |
2126 | struct xfrm_usersa_info *p; | 2139 | struct xfrm_usersa_info *p; |
2127 | struct xfrm_usersa_id *id; | 2140 | struct xfrm_usersa_id *id; |
2128 | struct nlmsghdr *nlh; | 2141 | struct nlmsghdr *nlh; |
@@ -2266,6 +2279,7 @@ static int xfrm_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *xt, | |||
2266 | static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, | 2279 | static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, |
2267 | u8 *data, int len, int *dir) | 2280 | u8 *data, int len, int *dir) |
2268 | { | 2281 | { |
2282 | struct net *net = sock_net(sk); | ||
2269 | struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; | 2283 | struct xfrm_userpolicy_info *p = (struct xfrm_userpolicy_info *)data; |
2270 | struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); | 2284 | struct xfrm_user_tmpl *ut = (struct xfrm_user_tmpl *) (p + 1); |
2271 | struct xfrm_policy *xp; | 2285 | struct xfrm_policy *xp; |
@@ -2304,7 +2318,7 @@ static struct xfrm_policy *xfrm_compile_policy(struct sock *sk, int opt, | |||
2304 | if (p->dir > XFRM_POLICY_OUT) | 2318 | if (p->dir > XFRM_POLICY_OUT) |
2305 | return NULL; | 2319 | return NULL; |
2306 | 2320 | ||
2307 | xp = xfrm_policy_alloc(&init_net, GFP_KERNEL); | 2321 | xp = xfrm_policy_alloc(net, GFP_KERNEL); |
2308 | if (xp == NULL) { | 2322 | if (xp == NULL) { |
2309 | *dir = -ENOBUFS; | 2323 | *dir = -ENOBUFS; |
2310 | return NULL; | 2324 | return NULL; |
@@ -2357,7 +2371,7 @@ nlmsg_failure: | |||
2357 | 2371 | ||
2358 | static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) | 2372 | static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_event *c) |
2359 | { | 2373 | { |
2360 | struct net *net = &init_net; | 2374 | struct net *net = xp_net(xp); |
2361 | struct sk_buff *skb; | 2375 | struct sk_buff *skb; |
2362 | 2376 | ||
2363 | skb = nlmsg_new(xfrm_polexpire_msgsize(xp), GFP_ATOMIC); | 2377 | skb = nlmsg_new(xfrm_polexpire_msgsize(xp), GFP_ATOMIC); |
@@ -2372,7 +2386,7 @@ static int xfrm_exp_policy_notify(struct xfrm_policy *xp, int dir, struct km_eve | |||
2372 | 2386 | ||
2373 | static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) | 2387 | static int xfrm_notify_policy(struct xfrm_policy *xp, int dir, struct km_event *c) |
2374 | { | 2388 | { |
2375 | struct net *net = &init_net; | 2389 | struct net *net = xp_net(xp); |
2376 | struct xfrm_userpolicy_info *p; | 2390 | struct xfrm_userpolicy_info *p; |
2377 | struct xfrm_userpolicy_id *id; | 2391 | struct xfrm_userpolicy_id *id; |
2378 | struct nlmsghdr *nlh; | 2392 | struct nlmsghdr *nlh; |