netfilter: netns nat: fix ipt_MASQUERADE in netns

First, allow entry in notifier hook. Second, start conntrack cleanup in netns to which netdevice belongs. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>

netfilter: netns nat: fix ipt_MASQUERADE in netns
First, allow entry in notifier hook. Second, start conntrack cleanup in netns to which netdevice belongs. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
b8b8063e · Alexey Dobriyan · Patrick McHardy · 0e6e75af · b8b8063e
Commit b8b8063e authored Oct 08, 2008 by Alexey Dobriyan Committed by Patrick McHardy Oct 08, 2008
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 4 deletions

net/ipv4/netfilter/ipt_MASQUERADE.c net/ipv4/netfilter/ipt_MASQUERADE.c +2 -4

No files found.
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -119,9 +119,7 @@ static int masq_device_event(struct notifier_block *this,
 			     void *ptr)
 {
 	const struct net_device *dev = ptr;
+	struct net *net = dev_net(dev);
-	if (!net_eq(dev_net(dev), &init_net))
-		return NOTIFY_DONE;
 	if (event == NETDEV_DOWN) {
 		/* Device was downed.  Search entire table for
@@ -129,7 +127,7 @@ static int masq_device_event(struct notifier_block *this,
 		   and forget them. */
 		NF_CT_ASSERT(dev->ifindex != 0);
-		nf_ct_iterate_cleanup(&init_net, device_cmp,
+		nf_ct_iterate_cleanup(net, device_cmp,
 				      (void *)(long)dev->ifindex);
 	}