tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: nf_conntrack_h323: lookup route from proper net namespace

Signed-off-by: Vasily Averin <vvs@parallels.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Vasily Averin and committed by
Pablo Neira Ayuso 2c7b5d5d e59ea3df

+8 -6
+8 -6
net/netfilter/nf_conntrack_h323_main.c
··· 728 728 729 729 /* If the calling party is on the same side of the forward-to party, 730 730 * we don't need to track the second call */ 731 - static int callforward_do_filter(const union nf_inet_addr *src, 731 + static int callforward_do_filter(struct net *net, 732 + const union nf_inet_addr *src, 732 733 const union nf_inet_addr *dst, 733 734 u_int8_t family) 734 735 { ··· 751 750 752 751 memset(&fl2, 0, sizeof(fl2)); 753 752 fl2.daddr = dst->ip; 754 - if (!afinfo->route(&init_net, (struct dst_entry **)&rt1, 753 + if (!afinfo->route(net, (struct dst_entry **)&rt1, 755 754 flowi4_to_flowi(&fl1), false)) { 756 - if (!afinfo->route(&init_net, (struct dst_entry **)&rt2, 755 + if (!afinfo->route(net, (struct dst_entry **)&rt2, 757 756 flowi4_to_flowi(&fl2), false)) { 758 757 if (rt_nexthop(rt1, fl1.daddr) == 759 758 rt_nexthop(rt2, fl2.daddr) && ··· 775 774 776 775 memset(&fl2, 0, sizeof(fl2)); 777 776 fl2.daddr = dst->in6; 778 - if (!afinfo->route(&init_net, (struct dst_entry **)&rt1, 777 + if (!afinfo->route(net, (struct dst_entry **)&rt1, 779 778 flowi6_to_flowi(&fl1), false)) { 780 - if (!afinfo->route(&init_net, (struct dst_entry **)&rt2, 779 + if (!afinfo->route(net, (struct dst_entry **)&rt2, 781 780 flowi6_to_flowi(&fl2), false)) { 782 781 if (ipv6_addr_equal(rt6_nexthop(rt1), 783 782 rt6_nexthop(rt2)) && ··· 808 807 __be16 port; 809 808 union nf_inet_addr addr; 810 809 struct nf_conntrack_expect *exp; 810 + struct net *net = nf_ct_net(ct); 811 811 typeof(nat_callforwarding_hook) nat_callforwarding; 812 812 813 813 /* Read alternativeAddress */ ··· 818 816 /* If the calling party is on the same side of the forward-to party, 819 817 * we don't need to track the second call */ 820 818 if (callforward_filter && 821 - callforward_do_filter(&addr, &ct->tuplehash[!dir].tuple.src.u3, 819 + callforward_do_filter(net, &addr, &ct->tuplehash[!dir].tuple.src.u3, 822 820 nf_ct_l3num(ct))) { 823 821 pr_debug("nf_ct_q931: Call Forwarding not tracked\n"); 824 822 return 0;