Commit 52479b62 authored by Alexey Dobriyan's avatar Alexey Dobriyan Committed by David S. Miller

netns xfrm: lookup in netns

Pass netns to xfrm_lookup()/__xfrm_lookup(). For that pass netns
to flow_cache_lookup() and resolver callback.

Take it from socket or netdevice. Stub DECnet to init_net.
Signed-off-by: default avatarAlexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent cdcbca7c
...@@ -291,21 +291,21 @@ enum { ...@@ -291,21 +291,21 @@ enum {
struct flowi; struct flowi;
#ifndef CONFIG_XFRM #ifndef CONFIG_XFRM
static inline int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, static inline int xfrm_lookup(struct net *net, struct dst_entry **dst_p,
struct sock *sk, int flags) struct flowi *fl, struct sock *sk, int flags)
{ {
return 0; return 0;
} }
static inline int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, static inline int __xfrm_lookup(struct net *net, struct dst_entry **dst_p,
struct sock *sk, int flags) struct flowi *fl, struct sock *sk, int flags)
{ {
return 0; return 0;
} }
#else #else
extern int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, extern int xfrm_lookup(struct net *net, struct dst_entry **dst_p,
struct sock *sk, int flags); struct flowi *fl, struct sock *sk, int flags);
extern int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, extern int __xfrm_lookup(struct net *net, struct dst_entry **dst_p,
struct sock *sk, int flags); struct flowi *fl, struct sock *sk, int flags);
#endif #endif
#endif #endif
......
...@@ -84,12 +84,13 @@ struct flowi { ...@@ -84,12 +84,13 @@ struct flowi {
#define FLOW_DIR_OUT 1 #define FLOW_DIR_OUT 1
#define FLOW_DIR_FWD 2 #define FLOW_DIR_FWD 2
struct net;
struct sock; struct sock;
typedef int (*flow_resolve_t)(struct flowi *key, u16 family, u8 dir, typedef int (*flow_resolve_t)(struct net *net, struct flowi *key, u16 family,
void **objp, atomic_t **obj_refp); u8 dir, void **objp, atomic_t **obj_refp);
extern void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir, extern void *flow_cache_lookup(struct net *net, struct flowi *key, u16 family,
flow_resolve_t resolver); u8 dir, flow_resolve_t resolver);
extern void flow_cache_flush(void); extern void flow_cache_flush(void);
extern atomic_t flow_cache_genid; extern atomic_t flow_cache_genid;
......
...@@ -165,7 +165,7 @@ static int flow_key_compare(struct flowi *key1, struct flowi *key2) ...@@ -165,7 +165,7 @@ static int flow_key_compare(struct flowi *key1, struct flowi *key2)
return 0; return 0;
} }
void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir, void *flow_cache_lookup(struct net *net, struct flowi *key, u16 family, u8 dir,
flow_resolve_t resolver) flow_resolve_t resolver)
{ {
struct flow_cache_entry *fle, **head; struct flow_cache_entry *fle, **head;
...@@ -225,7 +225,7 @@ void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir, ...@@ -225,7 +225,7 @@ void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir,
void *obj; void *obj;
atomic_t *obj_ref; atomic_t *obj_ref;
err = resolver(key, family, dir, &obj, &obj_ref); err = resolver(net, key, family, dir, &obj, &obj_ref);
if (fle && !err) { if (fle && !err) {
fle->genid = atomic_read(&flow_cache_genid); fle->genid = atomic_read(&flow_cache_genid);
......
...@@ -168,7 +168,7 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, ...@@ -168,7 +168,7 @@ static void dccp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
goto out; goto out;
} }
err = xfrm_lookup(&dst, &fl, sk, 0); err = xfrm_lookup(net, &dst, &fl, sk, 0);
if (err < 0) { if (err < 0) {
sk->sk_err_soft = -err; sk->sk_err_soft = -err;
goto out; goto out;
...@@ -279,7 +279,7 @@ static int dccp_v6_send_response(struct sock *sk, struct request_sock *req) ...@@ -279,7 +279,7 @@ static int dccp_v6_send_response(struct sock *sk, struct request_sock *req)
if (final_p) if (final_p)
ipv6_addr_copy(&fl.fl6_dst, final_p); ipv6_addr_copy(&fl.fl6_dst, final_p);
err = xfrm_lookup(&dst, &fl, sk, 0); err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0);
if (err < 0) if (err < 0)
goto done; goto done;
...@@ -343,7 +343,7 @@ static void dccp_v6_ctl_send_reset(struct sock *sk, struct sk_buff *rxskb) ...@@ -343,7 +343,7 @@ static void dccp_v6_ctl_send_reset(struct sock *sk, struct sk_buff *rxskb)
/* sk = NULL, but it is safe for now. RST socket required. */ /* sk = NULL, but it is safe for now. RST socket required. */
if (!ip6_dst_lookup(ctl_sk, &skb->dst, &fl)) { if (!ip6_dst_lookup(ctl_sk, &skb->dst, &fl)) {
if (xfrm_lookup(&skb->dst, &fl, NULL, 0) >= 0) { if (xfrm_lookup(net, &skb->dst, &fl, NULL, 0) >= 0) {
ip6_xmit(ctl_sk, skb, &fl, NULL, 0); ip6_xmit(ctl_sk, skb, &fl, NULL, 0);
DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS); DCCP_INC_STATS_BH(DCCP_MIB_OUTSEGS);
DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS); DCCP_INC_STATS_BH(DCCP_MIB_OUTRSTS);
...@@ -569,7 +569,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk, ...@@ -569,7 +569,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk,
if (final_p) if (final_p)
ipv6_addr_copy(&fl.fl6_dst, final_p); ipv6_addr_copy(&fl.fl6_dst, final_p);
if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0) if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
goto out; goto out;
} }
...@@ -1004,7 +1004,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, ...@@ -1004,7 +1004,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
if (final_p) if (final_p)
ipv6_addr_copy(&fl.fl6_dst, final_p); ipv6_addr_copy(&fl.fl6_dst, final_p);
err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT); err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
if (err < 0) { if (err < 0) {
if (err == -EREMOTE) if (err == -EREMOTE)
err = ip6_dst_blackhole(sk, &dst, &fl); err = ip6_dst_blackhole(sk, &dst, &fl);
......
...@@ -1184,7 +1184,7 @@ static int dn_route_output_key(struct dst_entry **pprt, struct flowi *flp, int f ...@@ -1184,7 +1184,7 @@ static int dn_route_output_key(struct dst_entry **pprt, struct flowi *flp, int f
err = __dn_route_output_key(pprt, flp, flags); err = __dn_route_output_key(pprt, flp, flags);
if (err == 0 && flp->proto) { if (err == 0 && flp->proto) {
err = xfrm_lookup(pprt, flp, NULL, 0); err = xfrm_lookup(&init_net, pprt, flp, NULL, 0);
} }
return err; return err;
} }
...@@ -1195,8 +1195,8 @@ int dn_route_output_sock(struct dst_entry **pprt, struct flowi *fl, struct sock ...@@ -1195,8 +1195,8 @@ int dn_route_output_sock(struct dst_entry **pprt, struct flowi *fl, struct sock
err = __dn_route_output_key(pprt, fl, flags & MSG_TRYHARD); err = __dn_route_output_key(pprt, fl, flags & MSG_TRYHARD);
if (err == 0 && fl->proto) { if (err == 0 && fl->proto) {
err = xfrm_lookup(pprt, fl, sk, (flags & MSG_DONTWAIT) ? err = xfrm_lookup(&init_net, pprt, fl, sk,
0 : XFRM_LOOKUP_WAIT); (flags & MSG_DONTWAIT) ? 0 : XFRM_LOOKUP_WAIT);
} }
return err; return err;
} }
......
...@@ -562,7 +562,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info) ...@@ -562,7 +562,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
/* No need to clone since we're just using its address. */ /* No need to clone since we're just using its address. */
rt2 = rt; rt2 = rt;
err = xfrm_lookup((struct dst_entry **)&rt, &fl, NULL, 0); err = xfrm_lookup(net, (struct dst_entry **)&rt, &fl, NULL, 0);
switch (err) { switch (err) {
case 0: case 0:
if (rt != rt2) if (rt != rt2)
...@@ -601,7 +601,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info) ...@@ -601,7 +601,7 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
if (err) if (err)
goto relookup_failed; goto relookup_failed;
err = xfrm_lookup((struct dst_entry **)&rt2, &fl, NULL, err = xfrm_lookup(net, (struct dst_entry **)&rt2, &fl, NULL,
XFRM_LOOKUP_ICMP); XFRM_LOOKUP_ICMP);
switch (err) { switch (err) {
case 0: case 0:
......
...@@ -66,7 +66,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type) ...@@ -66,7 +66,7 @@ int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type)
#ifdef CONFIG_XFRM #ifdef CONFIG_XFRM
if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) && if (!(IPCB(skb)->flags & IPSKB_XFRM_TRANSFORMED) &&
xfrm_decode_session(skb, &fl, AF_INET) == 0) xfrm_decode_session(skb, &fl, AF_INET) == 0)
if (xfrm_lookup(&skb->dst, &fl, skb->sk, 0)) if (xfrm_lookup(net, &skb->dst, &fl, skb->sk, 0))
return -1; return -1;
#endif #endif
...@@ -97,7 +97,7 @@ int ip_xfrm_me_harder(struct sk_buff *skb) ...@@ -97,7 +97,7 @@ int ip_xfrm_me_harder(struct sk_buff *skb)
dst = ((struct xfrm_dst *)dst)->route; dst = ((struct xfrm_dst *)dst)->route;
dst_hold(dst); dst_hold(dst);
if (xfrm_lookup(&dst, &fl, skb->sk, 0) < 0) if (xfrm_lookup(dev_net(dst->dev), &dst, &fl, skb->sk, 0) < 0)
return -1; return -1;
dst_release(skb->dst); dst_release(skb->dst);
......
...@@ -2761,7 +2761,7 @@ int ip_route_output_flow(struct net *net, struct rtable **rp, struct flowi *flp, ...@@ -2761,7 +2761,7 @@ int ip_route_output_flow(struct net *net, struct rtable **rp, struct flowi *flp,
flp->fl4_src = (*rp)->rt_src; flp->fl4_src = (*rp)->rt_src;
if (!flp->fl4_dst) if (!flp->fl4_dst)
flp->fl4_dst = (*rp)->rt_dst; flp->fl4_dst = (*rp)->rt_dst;
err = __xfrm_lookup((struct dst_entry **)rp, flp, sk, err = __xfrm_lookup(net, (struct dst_entry **)rp, flp, sk,
flags ? XFRM_LOOKUP_WAIT : 0); flags ? XFRM_LOOKUP_WAIT : 0);
if (err == -EREMOTE) if (err == -EREMOTE)
err = ipv4_dst_blackhole(net, rp, flp); err = ipv4_dst_blackhole(net, rp, flp);
......
...@@ -637,7 +637,7 @@ int inet6_sk_rebuild_header(struct sock *sk) ...@@ -637,7 +637,7 @@ int inet6_sk_rebuild_header(struct sock *sk)
if (final_p) if (final_p)
ipv6_addr_copy(&fl.fl6_dst, final_p); ipv6_addr_copy(&fl.fl6_dst, final_p);
if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) { if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) {
sk->sk_err_soft = -err; sk->sk_err_soft = -err;
return err; return err;
} }
......
...@@ -175,7 +175,8 @@ int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len) ...@@ -175,7 +175,8 @@ int ip6_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
if (final_p) if (final_p)
ipv6_addr_copy(&fl.fl6_dst, final_p); ipv6_addr_copy(&fl.fl6_dst, final_p);
if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) { err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
if (err < 0) {
if (err == -EREMOTE) if (err == -EREMOTE)
err = ip6_dst_blackhole(sk, &dst, &fl); err = ip6_dst_blackhole(sk, &dst, &fl);
if (err < 0) if (err < 0)
......
...@@ -427,7 +427,7 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info, ...@@ -427,7 +427,7 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
/* No need to clone since we're just using its address. */ /* No need to clone since we're just using its address. */
dst2 = dst; dst2 = dst;
err = xfrm_lookup(&dst, &fl, sk, 0); err = xfrm_lookup(net, &dst, &fl, sk, 0);
switch (err) { switch (err) {
case 0: case 0:
if (dst != dst2) if (dst != dst2)
...@@ -446,7 +446,7 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info, ...@@ -446,7 +446,7 @@ void icmpv6_send(struct sk_buff *skb, int type, int code, __u32 info,
if (ip6_dst_lookup(sk, &dst2, &fl)) if (ip6_dst_lookup(sk, &dst2, &fl))
goto relookup_failed; goto relookup_failed;
err = xfrm_lookup(&dst2, &fl, sk, XFRM_LOOKUP_ICMP); err = xfrm_lookup(net, &dst2, &fl, sk, XFRM_LOOKUP_ICMP);
switch (err) { switch (err) {
case 0: case 0:
dst_release(dst); dst_release(dst);
...@@ -552,7 +552,7 @@ static void icmpv6_echo_reply(struct sk_buff *skb) ...@@ -552,7 +552,7 @@ static void icmpv6_echo_reply(struct sk_buff *skb)
err = ip6_dst_lookup(sk, &dst, &fl); err = ip6_dst_lookup(sk, &dst, &fl);
if (err) if (err)
goto out; goto out;
if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0)
goto out; goto out;
if (ipv6_addr_is_multicast(&fl.fl6_dst)) if (ipv6_addr_is_multicast(&fl.fl6_dst))
......
...@@ -219,7 +219,7 @@ int inet6_csk_xmit(struct sk_buff *skb, int ipfragok) ...@@ -219,7 +219,7 @@ int inet6_csk_xmit(struct sk_buff *skb, int ipfragok)
if (final_p) if (final_p)
ipv6_addr_copy(&fl.fl6_dst, final_p); ipv6_addr_copy(&fl.fl6_dst, final_p);
if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) { if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0) {
sk->sk_route_caps = 0; sk->sk_route_caps = 0;
kfree_skb(skb); kfree_skb(skb);
return err; return err;
......
...@@ -846,6 +846,7 @@ static int ip6_tnl_xmit2(struct sk_buff *skb, ...@@ -846,6 +846,7 @@ static int ip6_tnl_xmit2(struct sk_buff *skb,
int encap_limit, int encap_limit,
__u32 *pmtu) __u32 *pmtu)
{ {
struct net *net = dev_net(dev);
struct ip6_tnl *t = netdev_priv(dev); struct ip6_tnl *t = netdev_priv(dev);
struct net_device_stats *stats = &t->dev->stats; struct net_device_stats *stats = &t->dev->stats;
struct ipv6hdr *ipv6h = ipv6_hdr(skb); struct ipv6hdr *ipv6h = ipv6_hdr(skb);
...@@ -861,9 +862,9 @@ static int ip6_tnl_xmit2(struct sk_buff *skb, ...@@ -861,9 +862,9 @@ static int ip6_tnl_xmit2(struct sk_buff *skb,
if ((dst = ip6_tnl_dst_check(t)) != NULL) if ((dst = ip6_tnl_dst_check(t)) != NULL)
dst_hold(dst); dst_hold(dst);
else { else {
dst = ip6_route_output(dev_net(dev), NULL, fl); dst = ip6_route_output(net, NULL, fl);
if (dst->error || xfrm_lookup(&dst, fl, NULL, 0) < 0) if (dst->error || xfrm_lookup(net, &dst, fl, NULL, 0) < 0)
goto tx_err_link_failure; goto tx_err_link_failure;
} }
......
...@@ -1466,7 +1466,7 @@ static void mld_sendpack(struct sk_buff *skb) ...@@ -1466,7 +1466,7 @@ static void mld_sendpack(struct sk_buff *skb)
&ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr,
skb->dev->ifindex); skb->dev->ifindex);
err = xfrm_lookup(&skb->dst, &fl, NULL, 0); err = xfrm_lookup(net, &skb->dst, &fl, NULL, 0);
if (err) if (err)
goto err_out; goto err_out;
...@@ -1831,7 +1831,7 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type) ...@@ -1831,7 +1831,7 @@ static void igmp6_send(struct in6_addr *addr, struct net_device *dev, int type)
&ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr, &ipv6_hdr(skb)->saddr, &ipv6_hdr(skb)->daddr,
skb->dev->ifindex); skb->dev->ifindex);
err = xfrm_lookup(&skb->dst, &fl, NULL, 0); err = xfrm_lookup(net, &skb->dst, &fl, NULL, 0);
if (err) if (err)
goto err_out; goto err_out;
......
...@@ -524,7 +524,7 @@ void ndisc_send_skb(struct sk_buff *skb, ...@@ -524,7 +524,7 @@ void ndisc_send_skb(struct sk_buff *skb,
return; return;
} }
err = xfrm_lookup(&dst, &fl, NULL, 0); err = xfrm_lookup(net, &dst, &fl, NULL, 0);
if (err < 0) { if (err < 0) {
kfree_skb(skb); kfree_skb(skb);
return; return;
...@@ -1524,7 +1524,7 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh, ...@@ -1524,7 +1524,7 @@ void ndisc_send_redirect(struct sk_buff *skb, struct neighbour *neigh,
if (dst == NULL) if (dst == NULL)
return; return;
err = xfrm_lookup(&dst, &fl, NULL, 0); err = xfrm_lookup(net, &dst, &fl, NULL, 0);
if (err) if (err)
return; return;
......
...@@ -29,7 +29,7 @@ int ip6_route_me_harder(struct sk_buff *skb) ...@@ -29,7 +29,7 @@ int ip6_route_me_harder(struct sk_buff *skb)
#ifdef CONFIG_XFRM #ifdef CONFIG_XFRM
if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) && if (!(IP6CB(skb)->flags & IP6SKB_XFRM_TRANSFORMED) &&
xfrm_decode_session(skb, &fl, AF_INET6) == 0) xfrm_decode_session(skb, &fl, AF_INET6) == 0)
if (xfrm_lookup(&skb->dst, &fl, skb->sk, 0)) if (xfrm_lookup(net, &skb->dst, &fl, skb->sk, 0))
return -1; return -1;
#endif #endif
......
...@@ -97,7 +97,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb) ...@@ -97,7 +97,7 @@ static void send_reset(struct net *net, struct sk_buff *oldskb)
dst = ip6_route_output(net, NULL, &fl); dst = ip6_route_output(net, NULL, &fl);
if (dst == NULL) if (dst == NULL)
return; return;
if (dst->error || xfrm_lookup(&dst, &fl, NULL, 0)) if (dst->error || xfrm_lookup(net, &dst, &fl, NULL, 0))
return; return;
hh_len = (dst->dev->hard_header_len + 15)&~15; hh_len = (dst->dev->hard_header_len + 15)&~15;
......
...@@ -860,7 +860,8 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk, ...@@ -860,7 +860,8 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk,
if (final_p) if (final_p)
ipv6_addr_copy(&fl.fl6_dst, final_p); ipv6_addr_copy(&fl.fl6_dst, final_p);
if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) { err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
if (err < 0) {
if (err == -EREMOTE) if (err == -EREMOTE)
err = ip6_dst_blackhole(sk, &dst, &fl); err = ip6_dst_blackhole(sk, &dst, &fl);
if (err < 0) if (err < 0)
......
...@@ -259,7 +259,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb) ...@@ -259,7 +259,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
if (final_p) if (final_p)
ipv6_addr_copy(&fl.fl6_dst, final_p); ipv6_addr_copy(&fl.fl6_dst, final_p);
if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0) if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
goto out_free; goto out_free;
} }
......
...@@ -260,7 +260,8 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, ...@@ -260,7 +260,8 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
if (final_p) if (final_p)
ipv6_addr_copy(&fl.fl6_dst, final_p); ipv6_addr_copy(&fl.fl6_dst, final_p);
if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) { err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
if (err < 0) {
if (err == -EREMOTE) if (err == -EREMOTE)
err = ip6_dst_blackhole(sk, &dst, &fl); err = ip6_dst_blackhole(sk, &dst, &fl);
if (err < 0) if (err < 0)
...@@ -390,7 +391,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, ...@@ -390,7 +391,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
goto out; goto out;
} }
if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) { if ((err = xfrm_lookup(net, &dst, &fl, sk, 0)) < 0) {
sk->sk_err_soft = -err; sk->sk_err_soft = -err;
goto out; goto out;
} }
...@@ -492,7 +493,7 @@ static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req) ...@@ -492,7 +493,7 @@ static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req)
goto done; goto done;
if (final_p) if (final_p)
ipv6_addr_copy(&fl.fl6_dst, final_p); ipv6_addr_copy(&fl.fl6_dst, final_p);
if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0) if ((err = xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
goto done; goto done;
skb = tcp_make_synack(sk, dst, req); skb = tcp_make_synack(sk, dst, req);
...@@ -1018,7 +1019,7 @@ static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win, ...@@ -1018,7 +1019,7 @@ static void tcp_v6_send_response(struct sk_buff *skb, u32 seq, u32 ack, u32 win,
* namespace * namespace
*/ */
if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) { if (!ip6_dst_lookup(ctl_sk, &buff->dst, &fl)) {
if (xfrm_lookup(&buff->dst, &fl, NULL, 0) >= 0) { if (xfrm_lookup(net, &buff->dst, &fl, NULL, 0) >= 0) {
ip6_xmit(ctl_sk, buff, &fl, NULL, 0); ip6_xmit(ctl_sk, buff, &fl, NULL, 0);
TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS); TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
if (rst) if (rst)
...@@ -1316,7 +1317,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, ...@@ -1316,7 +1317,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
if (final_p) if (final_p)
ipv6_addr_copy(&fl.fl6_dst, final_p); ipv6_addr_copy(&fl.fl6_dst, final_p);
if ((xfrm_lookup(&dst, &fl, sk, 0)) < 0) if ((xfrm_lookup(sock_net(sk), &dst, &fl, sk, 0)) < 0)
goto out; goto out;
} }
......
...@@ -849,7 +849,8 @@ int udpv6_sendmsg(struct kiocb *iocb, struct sock *sk, ...@@ -849,7 +849,8 @@ int udpv6_sendmsg(struct kiocb *iocb, struct sock *sk,
if (final_p) if (final_p)
ipv6_addr_copy(&fl.fl6_dst, final_p); ipv6_addr_copy(&fl.fl6_dst, final_p);
if ((err = __xfrm_lookup(&dst, &fl, sk, XFRM_LOOKUP_WAIT)) < 0) { err = __xfrm_lookup(sock_net(sk), &dst, &fl, sk, XFRM_LOOKUP_WAIT);
if (err < 0) {
if (err == -EREMOTE) if (err == -EREMOTE)
err = ip6_dst_blackhole(sk, &dst, &fl); err = ip6_dst_blackhole(sk, &dst, &fl);
if (err < 0) if (err < 0)
......
...@@ -940,7 +940,8 @@ static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl, ...@@ -940,7 +940,8 @@ static int xfrm_policy_match(struct xfrm_policy *pol, struct flowi *fl,
return ret; return ret;
} }
static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, static struct xfrm_policy *xfrm_policy_lookup_bytype(struct net *net, u8 type,
struct flowi *fl,
u16 family, u8 dir) u16 family, u8 dir)
{ {
int err; int err;
...@@ -956,7 +957,7 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, ...@@ -956,7 +957,7 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl,
return NULL; return NULL;
read_lock_bh(&xfrm_policy_lock); read_lock_bh(&xfrm_policy_lock);
chain = policy_hash_direct(&init_net, daddr, saddr, family, dir); chain = policy_hash_direct(net, daddr, saddr, family, dir);
ret = NULL; ret = NULL;
hlist_for_each_entry(pol, entry, chain, bydst) { hlist_for_each_entry(pol, entry, chain, bydst) {
err = xfrm_policy_match(pol, fl, type, family, dir); err = xfrm_policy_match(pol, fl, type, family, dir);
...@@ -973,7 +974,7 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, ...@@ -973,7 +974,7 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl,
break; break;
} }
} }
chain = &init_net.xfrm.policy_inexact[dir]; chain = &net->xfrm.policy_inexact[dir];
hlist_for_each_entry(pol, entry, chain, bydst) { hlist_for_each_entry(pol, entry, chain, bydst) {
err = xfrm_policy_match(pol, fl, type, family, dir); err = xfrm_policy_match(pol, fl, type, family, dir);
if (err) { if (err) {
...@@ -996,14 +997,14 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl, ...@@ -996,14 +997,14 @@ static struct xfrm_policy *xfrm_policy_lookup_bytype(u8 type, struct flowi *fl,
return ret; return ret;
} }
static int xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir, static int xfrm_policy_lookup(struct net *net, struct flowi *fl, u16 family,
void **objp, atomic_t **obj_refp) u8 dir, void **objp, atomic_t **obj_refp)
{ {
struct xfrm_policy *pol; struct xfrm_policy *pol;
int err = 0; int err = 0;
#ifdef CONFIG_XFRM_SUB_POLICY #ifdef CONFIG_XFRM_SUB_POLICY
pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_SUB, fl, family, dir); pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_SUB, fl, family, dir);
if (IS_ERR(pol)) { if (IS_ERR(pol)) {
err = PTR_ERR(pol); err = PTR_ERR(pol);
pol = NULL; pol = NULL;
...@@ -1011,7 +1012,7 @@ static int xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir, ...@@ -1011,7 +1012,7 @@ static int xfrm_policy_lookup(struct flowi *fl, u16 family, u8 dir,
if (pol || err) if (pol || err)
goto end; goto end;
#endif #endif
pol = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, fl, family, dir); pol = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_MAIN, fl, family, dir);
if (IS_ERR(pol)) { if (IS_ERR(pol)) {
err = PTR_ERR(pol); err = PTR_ERR(pol);
pol = NULL; pol = NULL;
...@@ -1537,7 +1538,7 @@ static int stale_bundle(struct dst_entry *dst); ...@@ -1537,7 +1538,7 @@ static int stale_bundle(struct dst_entry *dst);
* At the moment we eat a raw IP route. Mostly to speed up lookups * At the moment we eat a raw IP route. Mostly to speed up lookups
* on interfaces with disabled IPsec. * on interfaces with disabled IPsec.
*/ */
int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, int __xfrm_lookup(struct net *net, struct dst_entry **dst_p, struct flowi *fl,
struct sock *sk, int flags) struct sock *sk, int flags)
{ {
struct xfrm_policy *policy; struct xfrm_policy *policy;
...@@ -1575,10 +1576,10 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, ...@@ -1575,10 +1576,10 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
if (!policy) { if (!policy) {
/* To accelerate a bit... */ /* To accelerate a bit... */
if ((dst_orig->flags & DST_NOXFRM) || if ((dst_orig->flags & DST_NOXFRM) ||
!init_net.xfrm.policy_count[XFRM_POLICY_OUT]) !net->xfrm.policy_count[XFRM_POLICY_OUT])
goto nopol; goto nopol;
policy = flow_cache_lookup(fl, dst_orig->ops->family, policy = flow_cache_lookup(net, fl, dst_orig->ops->family,
dir, xfrm_policy_lookup); dir, xfrm_policy_lookup);
err = PTR_ERR(policy); err = PTR_ERR(policy);
if (IS_ERR(policy)) { if (IS_ERR(policy)) {
...@@ -1635,7 +1636,8 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, ...@@ -1635,7 +1636,8 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
#ifdef CONFIG_XFRM_SUB_POLICY #ifdef CONFIG_XFRM_SUB_POLICY
if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) {
pols[1] = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, pols[1] = xfrm_policy_lookup_bytype(net,
XFRM_POLICY_TYPE_MAIN,
fl, family, fl, family,
XFRM_POLICY_OUT); XFRM_POLICY_OUT);
if (pols[1]) { if (pols[1]) {
...@@ -1683,11 +1685,11 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, ...@@ -1683,11 +1685,11 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
if (err == -EAGAIN && (flags & XFRM_LOOKUP_WAIT)) { if (err == -EAGAIN && (flags & XFRM_LOOKUP_WAIT)) {
DECLARE_WAITQUEUE(wait, current); DECLARE_WAITQUEUE(wait, current);
add_wait_queue(&init_net.xfrm.km_waitq, &wait); add_wait_queue(&net->xfrm.km_waitq, &wait);
set_current_state(TASK_INTERRUPTIBLE); set_current_state(TASK_INTERRUPTIBLE);
schedule(); schedule();
set_current_state(TASK_RUNNING); set_current_state(TASK_RUNNING);
remove_wait_queue(&init_net.xfrm.km_waitq, &wait); remove_wait_queue(&net->xfrm.km_waitq, &wait);
nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family); nx = xfrm_tmpl_resolve(pols, npols, fl, xfrm, family);
...@@ -1781,10 +1783,10 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, ...@@ -1781,10 +1783,10 @@ int __xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
} }
EXPORT_SYMBOL(__xfrm_lookup); EXPORT_SYMBOL(__xfrm_lookup);
int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl, int xfrm_lookup(struct net *net, struct dst_entry **dst_p, struct flowi *fl,
struct sock *sk, int flags) struct sock *sk, int flags)
{ {
int err = __xfrm_lookup(dst_p, fl, sk, flags); int err = __xfrm_lookup(net, dst_p, fl, sk, flags);
if (err == -EREMOTE) { if (err == -EREMOTE) {
dst_release(*dst_p); dst_release(*dst_p);
...@@ -1936,7 +1938,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, ...@@ -1936,7 +1938,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
} }
if (!pol) if (!pol)
pol = flow_cache_lookup(&fl, family, fl_dir, pol = flow_cache_lookup(&init_net, &fl, family, fl_dir,
xfrm_policy_lookup); xfrm_policy_lookup);
if (IS_ERR(pol)) { if (IS_ERR(pol)) {
...@@ -1959,7 +1961,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, ...@@ -1959,7 +1961,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
npols ++; npols ++;
#ifdef CONFIG_XFRM_SUB_POLICY #ifdef CONFIG_XFRM_SUB_POLICY
if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) {
pols[1] = xfrm_policy_lookup_bytype(XFRM_POLICY_TYPE_MAIN, pols[1] = xfrm_policy_lookup_bytype(&init_net, XFRM_POLICY_TYPE_MAIN,
&fl, family, &fl, family,
XFRM_POLICY_IN); XFRM_POLICY_IN);
if (pols[1]) { if (pols[1]) {
...@@ -2049,7 +2051,7 @@ int __xfrm_route_forward(struct sk_buff *skb, unsigned short family) ...@@ -2049,7 +2051,7 @@ int __xfrm_route_forward(struct sk_buff *skb, unsigned short family)
return 0; return 0;
} }
return xfrm_lookup(&skb->dst, &fl, NULL, 0) == 0; return xfrm_lookup(&init_net, &skb->dst, &fl, NULL, 0) == 0;
} }
EXPORT_SYMBOL(__xfrm_route_forward); EXPORT_SYMBOL(__xfrm_route_forward);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment