tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netns xfrm: AH/ESP in netns!
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by
Alexey Dobriyan
and committed by
David S. Miller
4fb236ba
7013ec30
+10
-4
+3
-1
net/ipv4/ah4.c
+3
-1
net/ipv4/ah4.c
···
201
201
202
202
static void ah4_err(struct sk_buff *skb, u32 info)
203
203
{
204
+
struct net *net = dev_net(skb->dev);
204
205
struct iphdr *iph = (struct iphdr *)skb->data;
205
206
struct ip_auth_hdr *ah = (struct ip_auth_hdr *)(skb->data+(iph->ihl<<2));
206
207
struct xfrm_state *x;
···
210
209
icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
211
210
return;
212
211
213
-
x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET);
212
+
x = xfrm_state_lookup(net, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET);
214
213
if (!x)
215
214
return;
216
215
printk(KERN_DEBUG "pmtu discovery on SA AH/%08x/%08x\n",
···
315
314
.handler = xfrm4_rcv,
316
315
.err_handler = ah4_err,
317
316
.no_policy = 1,
317
+
.netns_ok = 1,
318
318
};
319
319
320
320
static int __init ah4_init(void)
+3
-1
net/ipv4/esp4.c
+3
-1
net/ipv4/esp4.c
···
413
413
414
414
static void esp4_err(struct sk_buff *skb, u32 info)
415
415
{
416
+
struct net *net = dev_net(skb->dev);
416
417
struct iphdr *iph = (struct iphdr *)skb->data;
417
418
struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data+(iph->ihl<<2));
418
419
struct xfrm_state *x;
···
422
421
icmp_hdr(skb)->code != ICMP_FRAG_NEEDED)
423
422
return;
424
423
425
-
x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET);
424
+
x = xfrm_state_lookup(net, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET);
426
425
if (!x)
427
426
return;
428
427
NETDEBUG(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%08x\n",
···
619
618
.handler = xfrm4_rcv,
620
619
.err_handler = esp4_err,
621
620
.no_policy = 1,
621
+
.netns_ok = 1,
622
622
};
623
623
624
624
static int __init esp4_init(void)
+2
-1
net/ipv6/ah6.c
+2
-1
net/ipv6/ah6.c
···
407
407
static void ah6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
408
408
int type, int code, int offset, __be32 info)
409
409
{
410
+
struct net *net = dev_net(skb->dev);
410
411
struct ipv6hdr *iph = (struct ipv6hdr*)skb->data;
411
412
struct ip_auth_hdr *ah = (struct ip_auth_hdr*)(skb->data+offset);
412
413
struct xfrm_state *x;
···
416
415
type != ICMPV6_PKT_TOOBIG)
417
416
return;
418
417
419
-
x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET6);
418
+
x = xfrm_state_lookup(net, (xfrm_address_t *)&iph->daddr, ah->spi, IPPROTO_AH, AF_INET6);
420
419
if (!x)
421
420
return;
422
421
+2
-1
net/ipv6/esp6.c
+2
-1
net/ipv6/esp6.c
···
356
356
static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
357
357
int type, int code, int offset, __be32 info)
358
358
{
359
+
struct net *net = dev_net(skb->dev);
359
360
struct ipv6hdr *iph = (struct ipv6hdr*)skb->data;
360
361
struct ip_esp_hdr *esph = (struct ip_esp_hdr *)(skb->data + offset);
361
362
struct xfrm_state *x;
···
365
364
type != ICMPV6_PKT_TOOBIG)
366
365
return;
367
366
368
-
x = xfrm_state_lookup(&init_net, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET6);
367
+
x = xfrm_state_lookup(net, (xfrm_address_t *)&iph->daddr, esph->spi, IPPROTO_ESP, AF_INET6);
369
368
if (!x)
370
369
return;
371
370
printk(KERN_DEBUG "pmtu discovery on SA ESP/%08x/%pI6\n",