netfilter: Pass net into okfn · tjh.dev/kernel@0c4b51f

tjh.dev / kernel

fork atom

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

fork atom

netfilter: Pass net into okfn

This is immediately motivated by the bridge code that chains functions that
call into netfilter. Without passing net into the okfns the bridge code would
need to guess about the best expression for the network namespace to process
packets in.

As net is frequently one of the first things computed in continuation functions
after netfilter has done it's job passing in the desired network namespace is in
many cases a code simplification.

To support this change the function dst_output_okfn is introduced to
simplify passing dst_output as an okfn. For the moment dst_output_okfn
just silently drops the struct net.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Eric W. Biederman and committed by

David S. Miller 10 years ago 0c4b51f0 9dff2c96

+95 -94

37 changed files

expand all collapse all

drivers

net

vrf.c

include

linux

netdevice.h

netfilter.h

netfilter_bridge.h

net

dn_neigh.h

dst.h

ipv6.h

netfilter

br_netfilter.h

net

bridge

br_forward.c

br_input.c

br_netfilter_hooks.c

br_netfilter_ipv6.c

br_private.h

br_stp_bpdu.c

core

dev.c

decnet

dn_neigh.c

dn_nsp_in.c

dn_route.c

ipv4

arp.c

ip_forward.c

ip_input.c

ip_output.c

ipmr.c

raw.c

xfrm4_input.c

xfrm4_output.c

ipv6

ip6_input.c

ip6_output.c

ip6mr.c

mcast.c

ndisc.c

output_core.c

raw.c

xfrm6_output.c

netfilter

ipvs

ip_vs_xmit.c

nf_queue.c

xfrm

xfrm_output.c

+1 -1

drivers/net/vrf.c

reviewed

··· 253 253 } 254 254 255 255 /* modelled after ip_finish_output2 */ 256 256 - static int vrf_finish_output(struct sock *sk, struct sk_buff *skb) 256 256 + static int vrf_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb) 257 257 { 258 258 struct dst_entry *dst = skb_dst(skb); 259 259 struct rtable *rt = (struct rtable *)dst;

+1 -1

include/linux/netdevice.h

reviewed

··· 2212 2212 int dev_close(struct net_device *dev); 2213 2213 int dev_close_many(struct list_head *head, bool unlink); 2214 2214 void dev_disable_lro(struct net_device *dev); 2215 2215 - int dev_loopback_xmit(struct sock *sk, struct sk_buff *newskb); 2215 2215 + int dev_loopback_xmit(struct net *net, struct sock *sk, struct sk_buff *newskb); 2216 2216 int dev_queue_xmit(struct sk_buff *skb); 2217 2217 int dev_queue_xmit_accel(struct sk_buff *skb, void *accel_priv); 2218 2218 int register_netdevice(struct net_device *dev);

+14 -12

include/linux/netfilter.h

reviewed

··· 56 56 struct sock *sk; 57 57 struct net *net; 58 58 struct list_head *hook_list; 59 59 - int (*okfn)(struct sock *, struct sk_buff *); 59 59 + int (*okfn)(struct net *, struct sock *, struct sk_buff *); 60 60 }; 61 61 62 62 static inline void nf_hook_state_init(struct nf_hook_state *p, ··· 67 67 struct net_device *outdev, 68 68 struct sock *sk, 69 69 struct net *net, 70 70 - int (*okfn)(struct sock *, struct sk_buff *)) 70 70 + int (*okfn)(struct net *, struct sock *, struct sk_buff *)) 71 71 { 72 72 p->hook = hook; 73 73 p->thresh = thresh; ··· 175 175 struct sk_buff *skb, 176 176 struct net_device *indev, 177 177 struct net_device *outdev, 178 178 - int (*okfn)(struct sock *, struct sk_buff *), 178 178 + int (*okfn)(struct net *, struct sock *, struct sk_buff *), 179 179 int thresh) 180 180 { 181 181 struct list_head *hook_list = &net->nf.hooks[pf][hook]; ··· 193 193 static inline int nf_hook(u_int8_t pf, unsigned int hook, struct net *net, 194 194 struct sock *sk, struct sk_buff *skb, 195 195 struct net_device *indev, struct net_device *outdev, 196 196 - int (*okfn)(struct sock *, struct sk_buff *)) 196 196 + int (*okfn)(struct net *, struct sock *, struct sk_buff *)) 197 197 { 198 198 return nf_hook_thresh(pf, hook, net, sk, skb, indev, outdev, okfn, INT_MIN); 199 199 } ··· 219 219 NF_HOOK_THRESH(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk, 220 220 struct sk_buff *skb, struct net_device *in, 221 221 struct net_device *out, 222 222 - int (*okfn)(struct sock *, struct sk_buff *), int thresh) 222 222 + int (*okfn)(struct net *, struct sock *, struct sk_buff *), 223 223 + int thresh) 223 224 { 224 225 int ret = nf_hook_thresh(pf, hook, net, sk, skb, in, out, okfn, thresh); 225 226 if (ret == 1) 226 226 - ret = okfn(sk, skb); 227 227 + ret = okfn(net, sk, skb); 227 228 return ret; 228 229 } 229 230 230 231 static inline int 231 232 NF_HOOK_COND(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk, 232 233 struct sk_buff *skb, struct net_device *in, struct net_device *out, 233 233 - int (*okfn)(struct sock *, struct sk_buff *), bool cond) 234 234 + int (*okfn)(struct net *, struct sock *, struct sk_buff *), 235 235 + bool cond) 234 236 { 235 237 int ret; 236 238 237 239 if (!cond || 238 240 ((ret = nf_hook_thresh(pf, hook, net, sk, skb, in, out, okfn, INT_MIN)) == 1)) 239 239 - ret = okfn(sk, skb); 241 241 + ret = okfn(net, sk, skb); 240 242 return ret; 241 243 } 242 244 243 245 static inline int 244 246 NF_HOOK(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk, struct sk_buff *skb, 245 247 struct net_device *in, struct net_device *out, 246 246 - int (*okfn)(struct sock *, struct sk_buff *)) 248 248 + int (*okfn)(struct net *, struct sock *, struct sk_buff *)) 247 249 { 248 250 return NF_HOOK_THRESH(pf, hook, net, sk, skb, in, out, okfn, INT_MIN); 249 251 } ··· 347 345 } 348 346 349 347 #else /* !CONFIG_NETFILTER */ 350 350 - #define NF_HOOK(pf, hook, net, sk, skb, indev, outdev, okfn) (okfn)(sk, skb) 351 351 - #define NF_HOOK_COND(pf, hook, net, sk, skb, indev, outdev, okfn, cond) (okfn)(sk, skb) 348 348 + #define NF_HOOK(pf, hook, net, sk, skb, indev, outdev, okfn) (okfn)(net, sk, skb) 349 349 + #define NF_HOOK_COND(pf, hook, net, sk, skb, indev, outdev, okfn, cond) (okfn)(net, sk, skb) 352 350 static inline int nf_hook(u_int8_t pf, unsigned int hook, struct net *net, 353 351 struct sock *sk, struct sk_buff *skb, 354 352 struct net_device *indev, struct net_device *outdev, 355 355 - int (*okfn)(struct sock *, struct sk_buff *)) 353 353 + int (*okfn)(struct net *, struct sock *, struct sk_buff *)) 356 354 { 357 355 return 1; 358 356 }

+1 -1

include/linux/netfilter_bridge.h

reviewed

··· 17 17 18 18 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) 19 19 20 20 - int br_handle_frame_finish(struct sock *sk, struct sk_buff *skb); 20 20 + int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb); 21 21 22 22 static inline void br_drop_fake_rtable(struct sk_buff *skb) 23 23 {

+3 -3

include/net/dn_neigh.h

reviewed

··· 18 18 19 19 void dn_neigh_init(void); 20 20 void dn_neigh_cleanup(void); 21 21 - int dn_neigh_router_hello(struct sock *sk, struct sk_buff *skb); 22 22 - int dn_neigh_endnode_hello(struct sock *sk, struct sk_buff *skb); 21 21 + int dn_neigh_router_hello(struct net *net, struct sock *sk, struct sk_buff *skb); 22 22 + int dn_neigh_endnode_hello(struct net *net, struct sock *sk, struct sk_buff *skb); 23 23 void dn_neigh_pointopoint_hello(struct sk_buff *skb); 24 24 int dn_neigh_elist(struct net_device *dev, unsigned char *ptr, int n); 25 25 - int dn_to_neigh_output(struct sock *sk, struct sk_buff *skb); 25 25 + int dn_to_neigh_output(struct net *net, struct sock *sk, struct sk_buff *skb); 26 26 27 27 extern struct neigh_table dn_neigh_table; 28 28

include/net/dst.h

reviewed

··· 458 458 { 459 459 return skb_dst(skb)->output(sk, skb); 460 460 } 461 461 + static inline int dst_output_okfn(struct net *net, struct sock *sk, struct sk_buff *skb) 462 462 + { 463 463 + return dst_output(sk, skb); 464 464 + } 461 465 462 466 /* Input packet from network to transport. */ 463 467 static inline int dst_input(struct sk_buff *skb)

+1 -1

include/net/ipv6.h

reviewed

··· 807 807 int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, 808 808 struct packet_type *pt, struct net_device *orig_dev); 809 809 810 810 - int ip6_rcv_finish(struct sock *sk, struct sk_buff *skb); 810 810 + int ip6_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb); 811 811 812 812 /* 813 813 * upper-layer output functions

+1 -1

include/net/netfilter/br_netfilter.h

reviewed

··· 31 31 skb->network_header -= len; 32 32 } 33 33 34 34 - int br_nf_pre_routing_finish_bridge(struct sock *sk, struct sk_buff *skb); 34 34 + int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_buff *skb); 35 35 36 36 static inline struct rtable *bridge_parent_rtable(const struct net_device *dev) 37 37 {

+2 -3

net/bridge/br_forward.c

reviewed

··· 35 35 p->state == BR_STATE_FORWARDING; 36 36 } 37 37 38 38 - int br_dev_queue_push_xmit(struct sock *sk, struct sk_buff *skb) 38 38 + int br_dev_queue_push_xmit(struct net *net, struct sock *sk, struct sk_buff *skb) 39 39 { 40 40 if (!is_skb_forwardable(skb->dev, skb)) 41 41 goto drop; ··· 65 65 } 66 66 EXPORT_SYMBOL_GPL(br_dev_queue_push_xmit); 67 67 68 68 - int br_forward_finish(struct sock *sk, struct sk_buff *skb) 68 68 + int br_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 69 69 { 70 70 - struct net *net = dev_net(skb->dev); 71 70 return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, 72 71 net, sk, skb, NULL, skb->dev, 73 72 br_dev_queue_push_xmit);

+4 -3

net/bridge/br_input.c

reviewed

··· 26 26 br_should_route_hook_t __rcu *br_should_route_hook __read_mostly; 27 27 EXPORT_SYMBOL(br_should_route_hook); 28 28 29 29 - static int br_netif_receive_skb(struct sock *sk, struct sk_buff *skb) 29 29 + static int 30 30 + br_netif_receive_skb(struct net *net, struct sock *sk, struct sk_buff *skb) 30 31 { 31 32 return netif_receive_skb(skb); 32 33 } ··· 126 125 } 127 126 128 127 /* note: already called with rcu_read_lock */ 129 129 - int br_handle_frame_finish(struct sock *sk, struct sk_buff *skb) 128 128 + int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 130 129 { 131 130 const unsigned char *dest = eth_hdr(skb)->h_dest; 132 131 struct net_bridge_port *p = br_port_get_rcu(skb->dev); ··· 214 213 EXPORT_SYMBOL_GPL(br_handle_frame_finish); 215 214 216 215 /* note: already called with rcu_read_lock */ 217 217 - static int br_handle_local_finish(struct sock *sk, struct sk_buff *skb) 216 216 + static int br_handle_local_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 218 217 { 219 218 struct net_bridge_port *p = br_port_get_rcu(skb->dev); 220 219 u16 vid = 0;

+9 -12

net/bridge/br_netfilter_hooks.c

reviewed

··· 256 256 * don't, we use the neighbour framework to find out. In both cases, we make 257 257 * sure that br_handle_frame_finish() is called afterwards. 258 258 */ 259 259 - int br_nf_pre_routing_finish_bridge(struct sock *sk, struct sk_buff *skb) 259 259 + int br_nf_pre_routing_finish_bridge(struct net *net, struct sock *sk, struct sk_buff *skb) 260 260 { 261 261 struct neighbour *neigh; 262 262 struct dst_entry *dst; ··· 273 273 if (neigh->hh.hh_len) { 274 274 neigh_hh_bridge(&neigh->hh, skb); 275 275 skb->dev = nf_bridge->physindev; 276 276 - ret = br_handle_frame_finish(sk, skb); 276 276 + ret = br_handle_frame_finish(net, sk, skb); 277 277 } else { 278 278 /* the neighbour function below overwrites the complete 279 279 * MAC header, so we save the Ethernet source address and ··· 342 342 * device, we proceed as if ip_route_input() succeeded. If it differs from the 343 343 * logical bridge port or if ip_route_output_key() fails we drop the packet. 344 344 */ 345 345 - static int br_nf_pre_routing_finish(struct sock *sk, struct sk_buff *skb) 345 345 + static int br_nf_pre_routing_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 346 346 { 347 347 struct net_device *dev = skb->dev; 348 348 struct iphdr *iph = ip_hdr(skb); 349 349 - struct net *net = dev_net(dev); 350 349 struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); 351 350 struct rtable *rt; 352 351 int err; ··· 535 536 } 536 537 537 538 /* PF_BRIDGE/FORWARD *************************************************/ 538 538 - static int br_nf_forward_finish(struct sock *sk, struct sk_buff *skb) 539 539 + static int br_nf_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 539 540 { 540 541 struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); 541 541 - struct net *net = dev_net(skb->dev); 542 542 struct net_device *in; 543 543 544 544 if (!IS_ARP(skb) && !IS_VLAN_ARP(skb)) { ··· 690 692 __skb_push(skb, data->encap_size); 691 693 692 694 nf_bridge_info_free(skb); 693 693 - return br_dev_queue_push_xmit(sk, skb); 695 695 + return br_dev_queue_push_xmit(net, sk, skb); 694 696 } 695 697 static int br_nf_push_frag_xmit_sk(struct sock *sk, struct sk_buff *skb) 696 698 { ··· 726 728 return 0; 727 729 } 728 730 729 729 - static int br_nf_dev_queue_xmit(struct sock *sk, struct sk_buff *skb) 731 731 + static int br_nf_dev_queue_xmit(struct net *net, struct sock *sk, struct sk_buff *skb) 730 732 { 731 733 struct nf_bridge_info *nf_bridge; 732 734 unsigned int mtu_reserved; 733 733 - struct net *net = dev_net(skb_dst(skb)->dev); 734 735 735 736 mtu_reserved = nf_bridge_mtu_reduction(skb); 736 737 737 738 if (skb_is_gso(skb) || skb->len + mtu_reserved <= skb->dev->mtu) { 738 739 nf_bridge_info_free(skb); 739 739 - return br_dev_queue_push_xmit(sk, skb); 740 740 + return br_dev_queue_push_xmit(net, sk, skb); 740 741 } 741 742 742 743 nf_bridge = nf_bridge_info_get(skb); ··· 794 797 } 795 798 #endif 796 799 nf_bridge_info_free(skb); 797 797 - return br_dev_queue_push_xmit(sk, skb); 800 800 + return br_dev_queue_push_xmit(net, sk, skb); 798 801 drop: 799 802 kfree_skb(skb); 800 803 return 0; ··· 884 887 skb->dev = nf_bridge->physindev; 885 888 886 889 nf_bridge->physoutdev = NULL; 887 887 - br_handle_frame_finish(NULL, skb); 890 890 + br_handle_frame_finish(dev_net(skb->dev), NULL, skb); 888 891 } 889 892 890 893 static int br_nf_dev_xmit(struct sk_buff *skb)

+1 -2

net/bridge/br_netfilter_ipv6.c

reviewed

··· 161 161 * for br_nf_pre_routing_finish(), same logic is used here but 162 162 * equivalent IPv6 function ip6_route_input() called indirectly. 163 163 */ 164 164 - static int br_nf_pre_routing_finish_ipv6(struct sock *sk, struct sk_buff *skb) 164 164 + static int br_nf_pre_routing_finish_ipv6(struct net *net, struct sock *sk, struct sk_buff *skb) 165 165 { 166 166 struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb); 167 167 struct rtable *rt; 168 168 struct net_device *dev = skb->dev; 169 169 - struct net *net = dev_net(dev); 170 169 const struct nf_ipv6_ops *v6ops = nf_get_ipv6_ops(); 171 170 172 171 nf_bridge->frag_max_size = IP6CB(skb)->frag_max_size;

+3 -3

net/bridge/br_private.h

reviewed

··· 413 413 414 414 /* br_forward.c */ 415 415 void br_deliver(const struct net_bridge_port *to, struct sk_buff *skb); 416 416 - int br_dev_queue_push_xmit(struct sock *sk, struct sk_buff *skb); 416 416 + int br_dev_queue_push_xmit(struct net *net, struct sock *sk, struct sk_buff *skb); 417 417 void br_forward(const struct net_bridge_port *to, 418 418 struct sk_buff *skb, struct sk_buff *skb0); 419 419 - int br_forward_finish(struct sock *sk, struct sk_buff *skb); 419 419 + int br_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb); 420 420 void br_flood_deliver(struct net_bridge *br, struct sk_buff *skb, bool unicast); 421 421 void br_flood_forward(struct net_bridge *br, struct sk_buff *skb, 422 422 struct sk_buff *skb2, bool unicast); ··· 434 434 void br_manage_promisc(struct net_bridge *br); 435 435 436 436 /* br_input.c */ 437 437 - int br_handle_frame_finish(struct sock *sk, struct sk_buff *skb); 437 437 + int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb); 438 438 rx_handler_result_t br_handle_frame(struct sk_buff **pskb); 439 439 440 440 static inline bool br_rx_handler_check_rcu(const struct net_device *dev)

+2 -1

net/bridge/br_stp_bpdu.c

reviewed

··· 30 30 31 31 #define LLC_RESERVE sizeof(struct llc_pdu_un) 32 32 33 33 - static int br_send_bpdu_finish(struct sock *sk, struct sk_buff *skb) 33 33 + static int br_send_bpdu_finish(struct net *net, struct sock *sk, 34 34 + struct sk_buff *skb) 34 35 { 35 36 return dev_queue_xmit(skb); 36 37 }

+3 -1

net/core/dev.c

reviewed

··· 2915 2915 2916 2916 /** 2917 2917 * dev_loopback_xmit - loop back @skb 2918 2918 + * @net: network namespace this loopback is happening in 2919 2919 + * @sk: sk needed to be a netfilter okfn 2918 2920 * @skb: buffer to transmit 2919 2921 */ 2920 2920 - int dev_loopback_xmit(struct sock *sk, struct sk_buff *skb) 2922 2922 + int dev_loopback_xmit(struct net *net, struct sock *sk, struct sk_buff *skb) 2921 2923 { 2922 2924 skb_reset_mac_header(skb); 2923 2925 __skb_pull(skb, skb_network_offset(skb));

+4 -4

net/decnet/dn_neigh.c

reviewed

··· 194 194 return err; 195 195 } 196 196 197 197 - static int dn_neigh_output_packet(struct sock *sk, struct sk_buff *skb) 197 197 + static int dn_neigh_output_packet(struct net *net, struct sock *sk, struct sk_buff *skb) 198 198 { 199 199 struct dst_entry *dst = skb_dst(skb); 200 200 struct dn_route *rt = (struct dn_route *)dst; ··· 334 334 dn_neigh_output_packet); 335 335 } 336 336 337 337 - int dn_to_neigh_output(struct sock *sk, struct sk_buff *skb) 337 337 + int dn_to_neigh_output(struct net *net, struct sock *sk, struct sk_buff *skb) 338 338 { 339 339 struct dst_entry *dst = skb_dst(skb); 340 340 struct dn_route *rt = (struct dn_route *) dst; ··· 378 378 /* 379 379 * Ethernet router hello message received 380 380 */ 381 381 - int dn_neigh_router_hello(struct sock *sk, struct sk_buff *skb) 381 381 + int dn_neigh_router_hello(struct net *net, struct sock *sk, struct sk_buff *skb) 382 382 { 383 383 struct rtnode_hello_message *msg = (struct rtnode_hello_message *)skb->data; 384 384 ··· 440 440 /* 441 441 * Endnode hello message received 442 442 */ 443 443 - int dn_neigh_endnode_hello(struct sock *sk, struct sk_buff *skb) 443 443 + int dn_neigh_endnode_hello(struct net *net, struct sock *sk, struct sk_buff *skb) 444 444 { 445 445 struct endnode_hello_message *msg = (struct endnode_hello_message *)skb->data; 446 446 struct neighbour *neigh;

+2 -1

net/decnet/dn_nsp_in.c

reviewed

··· 714 714 return ret; 715 715 } 716 716 717 717 - static int dn_nsp_rx_packet(struct sock *sk2, struct sk_buff *skb) 717 717 + static int dn_nsp_rx_packet(struct net *net, struct sock *sk2, 718 718 + struct sk_buff *skb) 718 719 { 719 720 struct dn_skb_cb *cb = DN_SKB_CB(skb); 720 721 struct sock *sk = NULL;

+3 -3

net/decnet/dn_route.c

reviewed

··· 512 512 * 513 513 * Returns: result of input function if route is found, error code otherwise 514 514 */ 515 515 - static int dn_route_rx_packet(struct sock *sk, struct sk_buff *skb) 515 515 + static int dn_route_rx_packet(struct net *net, struct sock *sk, struct sk_buff *skb) 516 516 { 517 517 struct dn_skb_cb *cb; 518 518 int err; ··· 610 610 return NET_RX_DROP; 611 611 } 612 612 613 613 - static int dn_route_discard(struct sock *sk, struct sk_buff *skb) 613 613 + static int dn_route_discard(struct net *net, struct sock *sk, struct sk_buff *skb) 614 614 { 615 615 /* 616 616 * I know we drop the packet here, but thats considered success in ··· 620 620 return NET_RX_SUCCESS; 621 621 } 622 622 623 623 - static int dn_route_ptp_hello(struct sock *sk, struct sk_buff *skb) 623 623 + static int dn_route_ptp_hello(struct net *net, struct sock *sk, struct sk_buff *skb) 624 624 { 625 625 dn_dev_hello(skb); 626 626 dn_neigh_pointopoint_hello(skb);

+3 -4

net/ipv4/arp.c

reviewed

··· 621 621 } 622 622 EXPORT_SYMBOL(arp_create); 623 623 624 624 - static int arp_xmit_finish(struct sock *sk, struct sk_buff *skb) 624 624 + static int arp_xmit_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 625 625 { 626 626 return dev_queue_xmit(skb); 627 627 } ··· 642 642 * Process an arp request. 643 643 */ 644 644 645 645 - static int arp_process(struct sock *sk, struct sk_buff *skb) 645 645 + static int arp_process(struct net *net, struct sock *sk, struct sk_buff *skb) 646 646 { 647 647 struct net_device *dev = skb->dev; 648 648 struct in_device *in_dev = __in_dev_get_rcu(dev); ··· 654 654 u16 dev_type = dev->type; 655 655 int addr_type; 656 656 struct neighbour *n; 657 657 - struct net *net = dev_net(dev); 658 657 bool is_garp = false; 659 658 660 659 /* arp_rcv below verifies the ARP header and verifies the device ··· 864 865 865 866 static void parp_redo(struct sk_buff *skb) 866 867 { 867 867 - arp_process(NULL, skb); 868 868 + arp_process(dev_net(skb->dev), NULL, skb); 868 869 } 869 870 870 871

+1 -2

net/ipv4/ip_forward.c

reviewed

··· 61 61 } 62 62 63 63 64 64 - static int ip_forward_finish(struct sock *sk, struct sk_buff *skb) 64 64 + static int ip_forward_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 65 65 { 66 66 - struct net *net = dev_net(skb_dst(skb)->dev); 67 66 struct ip_options *opt = &(IPCB(skb)->opt); 68 67 69 68 IP_INC_STATS_BH(net, IPSTATS_MIB_OUTFORWDATAGRAMS);

+2 -5

net/ipv4/ip_input.c

reviewed

··· 188 188 return false; 189 189 } 190 190 191 191 - static int ip_local_deliver_finish(struct sock *sk, struct sk_buff *skb) 191 191 + static int ip_local_deliver_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 192 192 { 193 193 - struct net *net = dev_net(skb->dev); 194 194 - 195 193 __skb_pull(skb, skb_network_header_len(skb)); 196 194 197 195 rcu_read_lock(); ··· 309 311 int sysctl_ip_early_demux __read_mostly = 1; 310 312 EXPORT_SYMBOL(sysctl_ip_early_demux); 311 313 312 312 - static int ip_rcv_finish(struct sock *sk, struct sk_buff *skb) 314 314 + static int ip_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 313 315 { 314 316 const struct iphdr *iph = ip_hdr(skb); 315 315 - struct net *net = dev_net(skb->dev); 316 317 struct rtable *rt; 317 318 318 319 if (sysctl_ip_early_demux && !skb_dst(skb) && !skb->sk) {

+2 -2

net/ipv4/ip_output.c

reviewed

··· 104 104 ip_send_check(iph); 105 105 return nf_hook(NFPROTO_IPV4, NF_INET_LOCAL_OUT, 106 106 net, sk, skb, NULL, skb_dst(skb)->dev, 107 107 - dst_output); 107 107 + dst_output_okfn); 108 108 } 109 109 110 110 int __ip_local_out(struct sk_buff *skb) ··· 266 266 return ret; 267 267 } 268 268 269 269 - static int ip_finish_output(struct sock *sk, struct sk_buff *skb) 269 269 + static int ip_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb) 270 270 { 271 271 unsigned int mtu; 272 272

+2 -2

net/ipv4/ipmr.c

reviewed

··· 1678 1678 nf_reset(skb); 1679 1679 } 1680 1680 1681 1681 - static inline int ipmr_forward_finish(struct sock *sk, struct sk_buff *skb) 1681 1681 + static inline int ipmr_forward_finish(struct net *net, struct sock *sk, 1682 1682 + struct sk_buff *skb) 1682 1683 { 1683 1684 struct ip_options *opt = &(IPCB(skb)->opt); 1684 1684 - struct net *net = dev_net(skb_dst(skb)->dev); 1685 1685 1686 1686 IP_INC_STATS_BH(net, IPSTATS_MIB_OUTFORWDATAGRAMS); 1687 1687 IP_ADD_STATS_BH(net, IPSTATS_MIB_OUTOCTETS, skb->len);

+1 -1

net/ipv4/raw.c

reviewed

··· 413 413 414 414 err = NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, 415 415 net, sk, skb, NULL, rt->dst.dev, 416 416 - dst_output); 416 416 + dst_output_okfn); 417 417 if (err > 0) 418 418 err = net_xmit_errno(err); 419 419 if (err)

+2 -1

net/ipv4/xfrm4_input.c

reviewed

··· 22 22 return xfrm4_extract_header(skb); 23 23 } 24 24 25 25 - static inline int xfrm4_rcv_encap_finish(struct sock *sk, struct sk_buff *skb) 25 25 + static inline int xfrm4_rcv_encap_finish(struct net *net, struct sock *sk, 26 26 + struct sk_buff *skb) 26 27 { 27 28 if (!skb_dst(skb)) { 28 29 const struct iphdr *iph = ip_hdr(skb);

+1 -1

net/ipv4/xfrm4_output.c

reviewed

··· 80 80 return xfrm_output(sk, skb); 81 81 } 82 82 83 83 - static int __xfrm4_output(struct sock *sk, struct sk_buff *skb) 83 83 + static int __xfrm4_output(struct net *net, struct sock *sk, struct sk_buff *skb) 84 84 { 85 85 struct xfrm_state *x = skb_dst(skb)->xfrm; 86 86

+2 -3

net/ipv6/ip6_input.c

reviewed

··· 47 47 #include <net/inet_ecn.h> 48 48 #include <net/dst_metadata.h> 49 49 50 50 - int ip6_rcv_finish(struct sock *sk, struct sk_buff *skb) 50 50 + int ip6_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 51 51 { 52 52 if (sysctl_ip_early_demux && !skb_dst(skb) && skb->sk == NULL) { 53 53 const struct inet6_protocol *ipprot; ··· 199 199 */ 200 200 201 201 202 202 - static int ip6_input_finish(struct sock *sk, struct sk_buff *skb) 202 202 + static int ip6_input_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 203 203 { 204 204 - struct net *net = dev_net(skb_dst(skb)->dev); 205 204 const struct inet6_protocol *ipprot; 206 205 struct inet6_dev *idev; 207 206 unsigned int nhoff;

+4 -3

net/ipv6/ip6_output.c

reviewed

··· 121 121 return -EINVAL; 122 122 } 123 123 124 124 - static int ip6_finish_output(struct sock *sk, struct sk_buff *skb) 124 124 + static int ip6_finish_output(struct net *net, struct sock *sk, struct sk_buff *skb) 125 125 { 126 126 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || 127 127 dst_allfrag(skb_dst(skb)) || ··· 225 225 IPSTATS_MIB_OUT, skb->len); 226 226 return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, 227 227 net, sk, skb, NULL, dst->dev, 228 228 - dst_output); 228 228 + dst_output_okfn); 229 229 } 230 230 231 231 skb->dev = dst->dev; ··· 317 317 return 0; 318 318 } 319 319 320 320 - static inline int ip6_forward_finish(struct sock *sk, struct sk_buff *skb) 320 320 + static inline int ip6_forward_finish(struct net *net, struct sock *sk, 321 321 + struct sk_buff *skb) 321 322 { 322 323 skb_sender_cpu_clear(skb); 323 324 return dst_output(sk, skb);

+1 -2

net/ipv6/ip6mr.c

reviewed

··· 1985 1985 } 1986 1986 #endif 1987 1987 1988 1988 - static inline int ip6mr_forward2_finish(struct sock *sk, struct sk_buff *skb) 1988 1988 + static inline int ip6mr_forward2_finish(struct net *net, struct sock *sk, struct sk_buff *skb) 1989 1989 { 1990 1990 - struct net *net = dev_net(skb_dst(skb)->dev); 1991 1990 IP6_INC_STATS_BH(net, ip6_dst_idev(skb_dst(skb)), 1992 1991 IPSTATS_MIB_OUTFORWDATAGRAMS); 1993 1992 IP6_ADD_STATS_BH(net, ip6_dst_idev(skb_dst(skb)),

+2 -2

net/ipv6/mcast.c

reviewed

··· 1646 1646 1647 1647 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, 1648 1648 net, net->ipv6.igmp_sk, skb, NULL, skb->dev, 1649 1649 - dst_output); 1649 1649 + dst_output_okfn); 1650 1650 out: 1651 1651 if (!err) { 1652 1652 ICMP6MSGOUT_INC_STATS(net, idev, ICMPV6_MLD2_REPORT); ··· 2010 2010 skb_dst_set(skb, dst); 2011 2011 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, 2012 2012 net, sk, skb, NULL, skb->dev, 2013 2013 - dst_output); 2013 2013 + dst_output_okfn); 2014 2014 out: 2015 2015 if (!err) { 2016 2016 ICMP6MSGOUT_INC_STATS(net, idev, type);

+1 -1

net/ipv6/ndisc.c

reviewed

··· 465 465 466 466 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, 467 467 net, sk, skb, NULL, dst->dev, 468 468 - dst_output); 468 468 + dst_output_okfn); 469 469 if (!err) { 470 470 ICMP6MSGOUT_INC_STATS(net, idev, type); 471 471 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);

+1 -1

net/ipv6/output_core.c

reviewed

··· 151 151 152 152 return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, 153 153 net, sk, skb, NULL, skb_dst(skb)->dev, 154 154 - dst_output); 154 154 + dst_output_okfn); 155 155 } 156 156 157 157 int __ip6_local_out(struct sk_buff *skb)

+1 -1

net/ipv6/raw.c

reviewed

··· 655 655 656 656 IP6_UPD_PO_STATS(net, rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len); 657 657 err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, net, sk, skb, 658 658 - NULL, rt->dst.dev, dst_output); 658 658 + NULL, rt->dst.dev, dst_output_okfn); 659 659 if (err > 0) 660 660 err = net_xmit_errno(err); 661 661 if (err)

+1 -1

net/ipv6/xfrm6_output.c

reviewed

··· 131 131 return xfrm_output(sk, skb); 132 132 } 133 133 134 134 - static int __xfrm6_output(struct sock *sk, struct sk_buff *skb) 134 134 + static int __xfrm6_output(struct net *net, struct sock *sk, struct sk_buff *skb) 135 135 { 136 136 struct dst_entry *dst = skb_dst(skb); 137 137 struct xfrm_state *x = dst->xfrm;

+2 -2

net/netfilter/ipvs/ip_vs_xmit.c

reviewed

··· 574 574 if (!skb->sk) 575 575 skb_sender_cpu_clear(skb); 576 576 NF_HOOK(pf, NF_INET_LOCAL_OUT, ip_vs_conn_net(cp), NULL, skb, 577 577 - NULL, skb_dst(skb)->dev, dst_output); 577 577 + NULL, skb_dst(skb)->dev, dst_output_okfn); 578 578 } else 579 579 ret = NF_ACCEPT; 580 580 ··· 596 596 if (!skb->sk) 597 597 skb_sender_cpu_clear(skb); 598 598 NF_HOOK(pf, NF_INET_LOCAL_OUT, ip_vs_conn_net(cp), NULL, skb, 599 599 - NULL, skb_dst(skb)->dev, dst_output); 599 599 + NULL, skb_dst(skb)->dev, dst_output_okfn); 600 600 } else 601 601 ret = NF_ACCEPT; 602 602 return ret;

+1 -1

net/netfilter/nf_queue.c

reviewed

··· 215 215 case NF_ACCEPT: 216 216 case NF_STOP: 217 217 local_bh_disable(); 218 218 - entry->state.okfn(entry->state.sk, skb); 218 218 + entry->state.okfn(entry->state.net, entry->state.sk, skb); 219 219 local_bh_enable(); 220 220 break; 221 221 case NF_QUEUE:

+6 -6

net/xfrm/xfrm_output.c

reviewed

··· 19 19 #include <net/dst.h> 20 20 #include <net/xfrm.h> 21 21 22 22 - static int xfrm_output2(struct sock *sk, struct sk_buff *skb); 22 22 + static int xfrm_output2(struct net *net, struct sock *sk, struct sk_buff *skb); 23 23 24 24 static int xfrm_skb_check_space(struct sk_buff *skb) 25 25 { ··· 157 157 } 158 158 EXPORT_SYMBOL_GPL(xfrm_output_resume); 159 159 160 160 - static int xfrm_output2(struct sock *sk, struct sk_buff *skb) 160 160 + static int xfrm_output2(struct net *net, struct sock *sk, struct sk_buff *skb) 161 161 { 162 162 return xfrm_output_resume(skb, 1); 163 163 } 164 164 165 165 - static int xfrm_output_gso(struct sock *sk, struct sk_buff *skb) 165 165 + static int xfrm_output_gso(struct net *net, struct sock *sk, struct sk_buff *skb) 166 166 { 167 167 struct sk_buff *segs; 168 168 ··· 178 178 int err; 179 179 180 180 segs->next = NULL; 181 181 - err = xfrm_output2(sk, segs); 181 181 + err = xfrm_output2(net, sk, segs); 182 182 183 183 if (unlikely(err)) { 184 184 kfree_skb_list(nskb); ··· 197 197 int err; 198 198 199 199 if (skb_is_gso(skb)) 200 200 - return xfrm_output_gso(sk, skb); 200 200 + return xfrm_output_gso(net, sk, skb); 201 201 202 202 if (skb->ip_summed == CHECKSUM_PARTIAL) { 203 203 err = skb_checksum_help(skb); ··· 208 208 } 209 209 } 210 210 211 211 - return xfrm_output2(sk, skb); 211 211 + return xfrm_output2(net, sk, skb); 212 212 } 213 213 EXPORT_SYMBOL_GPL(xfrm_output); 214 214