diff options
-rw-r--r-- | net/ipv4/icmp.c | 21 | ||||
-rw-r--r-- | net/ipv4/ip_output.c | 2 |
2 files changed, 14 insertions, 9 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 63ffc7d86f98..a7321a82df6d 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c | |||
@@ -405,7 +405,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) | |||
405 | .tos = RT_TOS(ip_hdr(skb)->tos) } }, | 405 | .tos = RT_TOS(ip_hdr(skb)->tos) } }, |
406 | .proto = IPPROTO_ICMP }; | 406 | .proto = IPPROTO_ICMP }; |
407 | security_skb_classify_flow(skb, &fl); | 407 | security_skb_classify_flow(skb, &fl); |
408 | if (ip_route_output_key(&init_net, &rt, &fl)) | 408 | if (ip_route_output_key(rt->u.dst.dev->nd_net, &rt, &fl)) |
409 | goto out_unlock; | 409 | goto out_unlock; |
410 | } | 410 | } |
411 | if (icmpv4_xrlim_allow(rt, icmp_param->data.icmph.type, | 411 | if (icmpv4_xrlim_allow(rt, icmp_param->data.icmph.type, |
@@ -437,9 +437,11 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info) | |||
437 | struct ipcm_cookie ipc; | 437 | struct ipcm_cookie ipc; |
438 | __be32 saddr; | 438 | __be32 saddr; |
439 | u8 tos; | 439 | u8 tos; |
440 | struct net *net; | ||
440 | 441 | ||
441 | if (!rt) | 442 | if (!rt) |
442 | goto out; | 443 | goto out; |
444 | net = rt->u.dst.dev->nd_net; | ||
443 | 445 | ||
444 | /* | 446 | /* |
445 | * Find the original header. It is expected to be valid, of course. | 447 | * Find the original header. It is expected to be valid, of course. |
@@ -515,7 +517,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info) | |||
515 | struct net_device *dev = NULL; | 517 | struct net_device *dev = NULL; |
516 | 518 | ||
517 | if (rt->fl.iif && sysctl_icmp_errors_use_inbound_ifaddr) | 519 | if (rt->fl.iif && sysctl_icmp_errors_use_inbound_ifaddr) |
518 | dev = dev_get_by_index(&init_net, rt->fl.iif); | 520 | dev = dev_get_by_index(net, rt->fl.iif); |
519 | 521 | ||
520 | if (dev) { | 522 | if (dev) { |
521 | saddr = inet_select_addr(dev, 0, RT_SCOPE_LINK); | 523 | saddr = inet_select_addr(dev, 0, RT_SCOPE_LINK); |
@@ -569,7 +571,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info) | |||
569 | struct rtable *rt2; | 571 | struct rtable *rt2; |
570 | 572 | ||
571 | security_skb_classify_flow(skb_in, &fl); | 573 | security_skb_classify_flow(skb_in, &fl); |
572 | if (__ip_route_output_key(&init_net, &rt, &fl)) | 574 | if (__ip_route_output_key(net, &rt, &fl)) |
573 | goto out_unlock; | 575 | goto out_unlock; |
574 | 576 | ||
575 | /* No need to clone since we're just using its address. */ | 577 | /* No need to clone since we're just using its address. */ |
@@ -591,14 +593,14 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info) | |||
591 | if (xfrm_decode_session_reverse(skb_in, &fl, AF_INET)) | 593 | if (xfrm_decode_session_reverse(skb_in, &fl, AF_INET)) |
592 | goto out_unlock; | 594 | goto out_unlock; |
593 | 595 | ||
594 | if (inet_addr_type(&init_net, fl.fl4_src) == RTN_LOCAL) | 596 | if (inet_addr_type(net, fl.fl4_src) == RTN_LOCAL) |
595 | err = __ip_route_output_key(&init_net, &rt2, &fl); | 597 | err = __ip_route_output_key(net, &rt2, &fl); |
596 | else { | 598 | else { |
597 | struct flowi fl2 = {}; | 599 | struct flowi fl2 = {}; |
598 | struct dst_entry *odst; | 600 | struct dst_entry *odst; |
599 | 601 | ||
600 | fl2.fl4_dst = fl.fl4_src; | 602 | fl2.fl4_dst = fl.fl4_src; |
601 | if (ip_route_output_key(&init_net, &rt2, &fl2)) | 603 | if (ip_route_output_key(net, &rt2, &fl2)) |
602 | goto out_unlock; | 604 | goto out_unlock; |
603 | 605 | ||
604 | /* Ugh! */ | 606 | /* Ugh! */ |
@@ -666,6 +668,9 @@ static void icmp_unreach(struct sk_buff *skb) | |||
666 | int hash, protocol; | 668 | int hash, protocol; |
667 | struct net_protocol *ipprot; | 669 | struct net_protocol *ipprot; |
668 | u32 info = 0; | 670 | u32 info = 0; |
671 | struct net *net; | ||
672 | |||
673 | net = skb->dst->dev->nd_net; | ||
669 | 674 | ||
670 | /* | 675 | /* |
671 | * Incomplete header ? | 676 | * Incomplete header ? |
@@ -696,7 +701,7 @@ static void icmp_unreach(struct sk_buff *skb) | |||
696 | "and DF set.\n", | 701 | "and DF set.\n", |
697 | NIPQUAD(iph->daddr)); | 702 | NIPQUAD(iph->daddr)); |
698 | } else { | 703 | } else { |
699 | info = ip_rt_frag_needed(&init_net, iph, | 704 | info = ip_rt_frag_needed(net, iph, |
700 | ntohs(icmph->un.frag.mtu)); | 705 | ntohs(icmph->un.frag.mtu)); |
701 | if (!info) | 706 | if (!info) |
702 | goto out; | 707 | goto out; |
@@ -734,7 +739,7 @@ static void icmp_unreach(struct sk_buff *skb) | |||
734 | */ | 739 | */ |
735 | 740 | ||
736 | if (!sysctl_icmp_ignore_bogus_error_responses && | 741 | if (!sysctl_icmp_ignore_bogus_error_responses && |
737 | inet_addr_type(&init_net, iph->daddr) == RTN_BROADCAST) { | 742 | inet_addr_type(net, iph->daddr) == RTN_BROADCAST) { |
738 | if (net_ratelimit()) | 743 | if (net_ratelimit()) |
739 | printk(KERN_WARNING "%u.%u.%u.%u sent an invalid ICMP " | 744 | printk(KERN_WARNING "%u.%u.%u.%u sent an invalid ICMP " |
740 | "type %u, code %u " | 745 | "type %u, code %u " |
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 1725e0613982..18070ca65771 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c | |||
@@ -1379,7 +1379,7 @@ void ip_send_reply(struct sock *sk, struct sk_buff *skb, struct ip_reply_arg *ar | |||
1379 | .dport = tcp_hdr(skb)->source } }, | 1379 | .dport = tcp_hdr(skb)->source } }, |
1380 | .proto = sk->sk_protocol }; | 1380 | .proto = sk->sk_protocol }; |
1381 | security_skb_classify_flow(skb, &fl); | 1381 | security_skb_classify_flow(skb, &fl); |
1382 | if (ip_route_output_key(&init_net, &rt, &fl)) | 1382 | if (ip_route_output_key(sk->sk_net, &rt, &fl)) |
1383 | return; | 1383 | return; |
1384 | } | 1384 | } |
1385 | 1385 | ||