Commit d815d90b authored by Eric W. Biederman's avatar Eric W. Biederman Committed by Pablo Neira Ayuso

netfilter: Push struct net down into nf_afinfo.reroute

The network namespace is needed when routing a packet.
Stop making nf_afinfo.reroute guess which network namespace
is the proper namespace to route the packet in.
Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 372892ec
...@@ -283,7 +283,7 @@ struct nf_afinfo { ...@@ -283,7 +283,7 @@ struct nf_afinfo {
struct flowi *fl, bool strict); struct flowi *fl, bool strict);
void (*saveroute)(const struct sk_buff *skb, void (*saveroute)(const struct sk_buff *skb,
struct nf_queue_entry *entry); struct nf_queue_entry *entry);
int (*reroute)(struct sk_buff *skb, int (*reroute)(struct net *net, struct sk_buff *skb,
const struct nf_queue_entry *entry); const struct nf_queue_entry *entry);
int route_key_size; int route_key_size;
}; };
......
...@@ -104,7 +104,7 @@ static void nf_ip_saveroute(const struct sk_buff *skb, ...@@ -104,7 +104,7 @@ static void nf_ip_saveroute(const struct sk_buff *skb,
} }
} }
static int nf_ip_reroute(struct sk_buff *skb, static int nf_ip_reroute(struct net *net, struct sk_buff *skb,
const struct nf_queue_entry *entry) const struct nf_queue_entry *entry)
{ {
const struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry); const struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry);
......
...@@ -93,7 +93,7 @@ static void nf_ip6_saveroute(const struct sk_buff *skb, ...@@ -93,7 +93,7 @@ static void nf_ip6_saveroute(const struct sk_buff *skb,
} }
} }
static int nf_ip6_reroute(struct sk_buff *skb, static int nf_ip6_reroute(struct net *net, struct sk_buff *skb,
const struct nf_queue_entry *entry) const struct nf_queue_entry *entry)
{ {
struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry); struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry);
......
...@@ -199,7 +199,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) ...@@ -199,7 +199,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
if (verdict == NF_ACCEPT) { if (verdict == NF_ACCEPT) {
afinfo = nf_get_afinfo(entry->state.pf); afinfo = nf_get_afinfo(entry->state.pf);
if (!afinfo || afinfo->reroute(skb, entry) < 0) if (!afinfo || afinfo->reroute(entry->state.net, skb, entry) < 0)
verdict = NF_DROP; verdict = NF_DROP;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment