+11 -3

include/linux/netdevice.h

reviewed

··· 2165 2165 int dev_close(struct net_device *dev); 2166 2166 int dev_close_many(struct list_head *head, bool unlink); 2167 2167 void dev_disable_lro(struct net_device *dev); 2168 2168 - int dev_loopback_xmit(struct sk_buff *newskb); 2169 2169 - int dev_queue_xmit(struct sk_buff *skb); 2168 2168 + int dev_loopback_xmit(struct sock *sk, struct sk_buff *newskb); 2169 2169 + int dev_queue_xmit_sk(struct sock *sk, struct sk_buff *skb); 2170 2170 + static inline int dev_queue_xmit(struct sk_buff *skb) 2171 2171 + { 2172 2172 + return dev_queue_xmit_sk(skb->sk, skb); 2173 2173 + } 2170 2174 int dev_queue_xmit_accel(struct sk_buff *skb, void *accel_priv); 2171 2175 int register_netdevice(struct net_device *dev); 2172 2176 void unregister_netdevice_queue(struct net_device *dev, struct list_head *head); ··· 2931 2927 2932 2928 int netif_rx(struct sk_buff *skb); 2933 2929 int netif_rx_ni(struct sk_buff *skb); 2934 2934 - int netif_receive_skb(struct sk_buff *skb); 2930 2930 + int netif_receive_skb_sk(struct sock *sk, struct sk_buff *skb); 2931 2931 + static inline int netif_receive_skb(struct sk_buff *skb) 2932 2932 + { 2933 2933 + return netif_receive_skb_sk(skb->sk, skb); 2934 2934 + } 2935 2935 gro_result_t napi_gro_receive(struct napi_struct *napi, struct sk_buff *skb); 2936 2936 void napi_gro_flush(struct napi_struct *napi, bool flush_old); 2937 2937 struct sk_buff *napi_get_frags(struct napi_struct *napi);

+34 -28

include/linux/netfilter.h

reviewed

··· 54 54 struct net_device *in; 55 55 struct net_device *out; 56 56 struct sock *sk; 57 57 - int (*okfn)(struct sk_buff *); 57 57 + int (*okfn)(struct sock *, struct sk_buff *); 58 58 }; 59 59 60 60 static inline void nf_hook_state_init(struct nf_hook_state *p, ··· 63 63 struct net_device *indev, 64 64 struct net_device *outdev, 65 65 struct sock *sk, 66 66 - int (*okfn)(struct sk_buff *)) 66 66 + int (*okfn)(struct sock *, struct sk_buff *)) 67 67 { 68 68 p->hook = hook; 69 69 p->thresh = thresh; ··· 156 156 * value indicates the packet has been consumed by the hook. 157 157 */ 158 158 static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook, 159 159 + struct sock *sk, 159 160 struct sk_buff *skb, 160 161 struct net_device *indev, 161 162 struct net_device *outdev, 162 162 - int (*okfn)(struct sk_buff *), int thresh) 163 163 + int (*okfn)(struct sock *, struct sk_buff *), 164 164 + int thresh) 163 165 { 164 166 if (nf_hooks_active(pf, hook)) { 165 167 struct nf_hook_state state; 166 168 167 169 nf_hook_state_init(&state, hook, thresh, pf, 168 168 - indev, outdev, NULL, okfn); 170 170 + indev, outdev, sk, okfn); 169 171 return nf_hook_slow(skb, &state); 170 172 } 171 173 return 1; 172 174 } 173 175 174 174 - static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sk_buff *skb, 175 175 - struct net_device *indev, struct net_device *outdev, 176 176 - int (*okfn)(struct sk_buff *)) 176 176 + static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sock *sk, 177 177 + struct sk_buff *skb, struct net_device *indev, 178 178 + struct net_device *outdev, 179 179 + int (*okfn)(struct sock *, struct sk_buff *)) 177 180 { 178 178 - return nf_hook_thresh(pf, hook, skb, indev, outdev, okfn, INT_MIN); 181 181 + return nf_hook_thresh(pf, hook, sk, skb, indev, outdev, okfn, INT_MIN); 179 182 } 180 183 181 184 /* Activate hook; either okfn or kfree_skb called, unless a hook ··· 199 196 */ 200 197 201 198 static inline int 202 202 - NF_HOOK_THRESH(uint8_t pf, unsigned int hook, struct sk_buff *skb, 203 203 - struct net_device *in, struct net_device *out, 204 204 - int (*okfn)(struct sk_buff *), int thresh) 199 199 + NF_HOOK_THRESH(uint8_t pf, unsigned int hook, struct sock *sk, 200 200 + struct sk_buff *skb, struct net_device *in, 201 201 + struct net_device *out, 202 202 + int (*okfn)(struct sock *, struct sk_buff *), int thresh) 205 203 { 206 206 - int ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, thresh); 204 204 + int ret = nf_hook_thresh(pf, hook, sk, skb, in, out, okfn, thresh); 207 205 if (ret == 1) 208 208 - ret = okfn(skb); 206 206 + ret = okfn(sk, skb); 209 207 return ret; 210 208 } 211 209 212 210 static inline int 213 213 - NF_HOOK_COND(uint8_t pf, unsigned int hook, struct sk_buff *skb, 214 214 - struct net_device *in, struct net_device *out, 215 215 - int (*okfn)(struct sk_buff *), bool cond) 211 211 + NF_HOOK_COND(uint8_t pf, unsigned int hook, struct sock *sk, 212 212 + struct sk_buff *skb, struct net_device *in, struct net_device *out, 213 213 + int (*okfn)(struct sock *, struct sk_buff *), bool cond) 216 214 { 217 215 int ret; 218 216 219 217 if (!cond || 220 220 - ((ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, INT_MIN)) == 1)) 221 221 - ret = okfn(skb); 218 218 + ((ret = nf_hook_thresh(pf, hook, sk, skb, in, out, okfn, INT_MIN)) == 1)) 219 219 + ret = okfn(sk, skb); 222 220 return ret; 223 221 } 224 222 225 223 static inline int 226 226 - NF_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb, 224 224 + NF_HOOK(uint8_t pf, unsigned int hook, struct sock *sk, struct sk_buff *skb, 227 225 struct net_device *in, struct net_device *out, 228 228 - int (*okfn)(struct sk_buff *)) 226 226 + int (*okfn)(struct sock *, struct sk_buff *)) 229 227 { 230 230 - return NF_HOOK_THRESH(pf, hook, skb, in, out, okfn, INT_MIN); 228 228 + return NF_HOOK_THRESH(pf, hook, sk, skb, in, out, okfn, INT_MIN); 231 229 } 232 230 233 231 /* Call setsockopt() */ ··· 328 324 } 329 325 330 326 #else /* !CONFIG_NETFILTER */ 331 331 - #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb) 332 332 - #define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) (okfn)(skb) 327 327 + #define NF_HOOK(pf, hook, sk, skb, indev, outdev, okfn) (okfn)(sk, skb) 328 328 + #define NF_HOOK_COND(pf, hook, sk, skb, indev, outdev, okfn, cond) (okfn)(sk, skb) 333 329 static inline int nf_hook_thresh(u_int8_t pf, unsigned int hook, 330 330 + struct sock *sk, 334 331 struct sk_buff *skb, 335 332 struct net_device *indev, 336 333 struct net_device *outdev, 337 337 - int (*okfn)(struct sk_buff *), int thresh) 334 334 + int (*okfn)(struct sock *sk, struct sk_buff *), int thresh) 338 335 { 339 339 - return okfn(skb); 336 336 + return okfn(sk, skb); 340 337 } 341 341 - static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sk_buff *skb, 342 342 - struct net_device *indev, struct net_device *outdev, 343 343 - int (*okfn)(struct sk_buff *)) 338 338 + static inline int nf_hook(u_int8_t pf, unsigned int hook, struct sock *sk, 339 339 + struct sk_buff *skb, struct net_device *indev, 340 340 + struct net_device *outdev, 341 341 + int (*okfn)(struct sock *, struct sk_buff *)) 344 342 { 345 343 return 1; 346 344 }

+1 -1

include/linux/netfilter_bridge.h

reviewed

··· 30 30 return 0; 31 31 } 32 32 33 33 - int br_handle_frame_finish(struct sk_buff *skb); 33 33 + int br_handle_frame_finish(struct sock *sk, struct sk_buff *skb); 34 34 35 35 static inline void br_drop_fake_rtable(struct sk_buff *skb) 36 36 {

+3 -3

include/net/dn_neigh.h

reviewed

··· 18 18 19 19 void dn_neigh_init(void); 20 20 void dn_neigh_cleanup(void); 21 21 - int dn_neigh_router_hello(struct sk_buff *skb); 22 22 - int dn_neigh_endnode_hello(struct sk_buff *skb); 21 21 + int dn_neigh_router_hello(struct sock *sk, struct sk_buff *skb); 22 22 + int dn_neigh_endnode_hello(struct sock *sk, struct sk_buff *skb); 23 23 void dn_neigh_pointopoint_hello(struct sk_buff *skb); 24 24 int dn_neigh_elist(struct net_device *dev, unsigned char *ptr, int n); 25 25 - int dn_to_neigh_output(struct sk_buff *skb); 25 25 + int dn_to_neigh_output(struct sock *sk, struct sk_buff *skb); 26 26 27 27 extern struct neigh_table dn_neigh_table; 28 28

+2 -1

include/net/ip.h

reviewed

··· 108 108 int ip_mr_input(struct sk_buff *skb); 109 109 int ip_output(struct sock *sk, struct sk_buff *skb); 110 110 int ip_mc_output(struct sock *sk, struct sk_buff *skb); 111 111 - int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); 111 111 + int ip_fragment(struct sock *sk, struct sk_buff *skb, 112 112 + int (*output)(struct sock *, struct sk_buff *)); 112 113 int ip_do_nat(struct sk_buff *skb); 113 114 void ip_send_check(struct iphdr *ip); 114 115 int __ip_local_out(struct sk_buff *skb);

+2 -1

include/net/ip6_route.h

reviewed

··· 170 170 return rt->rt6i_flags & RTF_ANYCAST; 171 171 } 172 172 173 173 - int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)); 173 173 + int ip6_fragment(struct sock *sk, struct sk_buff *skb, 174 174 + int (*output)(struct sock *, struct sk_buff *)); 174 175 175 176 static inline int ip6_skb_dst_mtu(struct sk_buff *skb) 176 177 {

+1 -1

include/net/ipv6.h

reviewed

··· 769 769 int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, 770 770 struct packet_type *pt, struct net_device *orig_dev); 771 771 772 772 - int ip6_rcv_finish(struct sk_buff *skb); 772 772 + int ip6_rcv_finish(struct sock *sk, struct sk_buff *skb); 773 773 774 774 /* 775 775 * upper-layer output functions

+4 -4

include/net/xfrm.h

reviewed

··· 332 332 int (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n); 333 333 int (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n); 334 334 int (*output)(struct sock *sk, struct sk_buff *skb); 335 335 - int (*output_finish)(struct sk_buff *skb); 335 335 + int (*output_finish)(struct sock *sk, struct sk_buff *skb); 336 336 int (*extract_input)(struct xfrm_state *x, 337 337 struct sk_buff *skb); 338 338 int (*extract_output)(struct xfrm_state *x, ··· 1503 1503 int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type); 1504 1504 int xfrm_input_resume(struct sk_buff *skb, int nexthdr); 1505 1505 int xfrm_output_resume(struct sk_buff *skb, int err); 1506 1506 - int xfrm_output(struct sk_buff *skb); 1506 1506 + int xfrm_output(struct sock *sk, struct sk_buff *skb); 1507 1507 int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb); 1508 1508 void xfrm_local_error(struct sk_buff *skb, int mtu); 1509 1509 int xfrm4_extract_header(struct sk_buff *skb); ··· 1524 1524 int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb); 1525 1525 int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb); 1526 1526 int xfrm4_output(struct sock *sk, struct sk_buff *skb); 1527 1527 - int xfrm4_output_finish(struct sk_buff *skb); 1527 1527 + int xfrm4_output_finish(struct sock *sk, struct sk_buff *skb); 1528 1528 int xfrm4_rcv_cb(struct sk_buff *skb, u8 protocol, int err); 1529 1529 int xfrm4_protocol_register(struct xfrm4_protocol *handler, unsigned char protocol); 1530 1530 int xfrm4_protocol_deregister(struct xfrm4_protocol *handler, unsigned char protocol); ··· 1549 1549 int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb); 1550 1550 int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb); 1551 1551 int xfrm6_output(struct sock *sk, struct sk_buff *skb); 1552 1552 - int xfrm6_output_finish(struct sk_buff *skb); 1552 1552 + int xfrm6_output_finish(struct sock *sk, struct sk_buff *skb); 1553 1553 int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb, 1554 1554 u8 **prevhdr); 1555 1555

+8 -5

net/bridge/br_forward.c

reviewed

··· 35 35 p->state == BR_STATE_FORWARDING; 36 36 } 37 37 38 38 - int br_dev_queue_push_xmit(struct sk_buff *skb) 38 38 + int br_dev_queue_push_xmit(struct sock *sk, struct sk_buff *skb) 39 39 { 40 40 if (!is_skb_forwardable(skb->dev, skb)) { 41 41 kfree_skb(skb); ··· 49 49 } 50 50 EXPORT_SYMBOL_GPL(br_dev_queue_push_xmit); 51 51 52 52 - int br_forward_finish(struct sk_buff *skb) 52 52 + int br_forward_finish(struct sock *sk, struct sk_buff *skb) 53 53 { 54 54 - return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, 54 54 + return NF_HOOK(NFPROTO_BRIDGE, NF_BR_POST_ROUTING, sk, skb, 55 55 + NULL, skb->dev, 55 56 br_dev_queue_push_xmit); 56 57 57 58 } ··· 76 75 return; 77 76 } 78 77 79 79 - NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 78 78 + NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, NULL, skb, 79 79 + NULL, skb->dev, 80 80 br_forward_finish); 81 81 } 82 82 ··· 98 96 skb->dev = to->dev; 99 97 skb_forward_csum(skb); 100 98 101 101 - NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, 99 99 + NF_HOOK(NFPROTO_BRIDGE, NF_BR_FORWARD, NULL, skb, 100 100 + indev, skb->dev, 102 101 br_forward_finish); 103 102 } 104 103

+9 -7

net/bridge/br_input.c

reviewed

··· 55 55 if (!skb) 56 56 return NET_RX_DROP; 57 57 58 58 - return NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, indev, NULL, 59 59 - netif_receive_skb); 58 58 + return NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, NULL, skb, 59 59 + indev, NULL, 60 60 + netif_receive_skb_sk); 60 61 } 61 62 62 63 static void br_do_proxy_arp(struct sk_buff *skb, struct net_bridge *br, ··· 120 119 } 121 120 122 121 /* note: already called with rcu_read_lock */ 123 123 - int br_handle_frame_finish(struct sk_buff *skb) 122 122 + int br_handle_frame_finish(struct sock *sk, struct sk_buff *skb) 124 123 { 125 124 const unsigned char *dest = eth_hdr(skb)->h_dest; 126 125 struct net_bridge_port *p = br_port_get_rcu(skb->dev); ··· 208 207 EXPORT_SYMBOL_GPL(br_handle_frame_finish); 209 208 210 209 /* note: already called with rcu_read_lock */ 211 211 - static int br_handle_local_finish(struct sk_buff *skb) 210 210 + static int br_handle_local_finish(struct sock *sk, struct sk_buff *skb) 212 211 { 213 212 struct net_bridge_port *p = br_port_get_rcu(skb->dev); 214 213 u16 vid = 0; ··· 278 277 } 279 278 280 279 /* Deliver packet to local host only */ 281 281 - if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev, 282 282 - NULL, br_handle_local_finish)) { 280 280 + if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, NULL, skb, 281 281 + skb->dev, NULL, br_handle_local_finish)) { 283 282 return RX_HANDLER_CONSUMED; /* consumed by filter */ 284 283 } else { 285 284 *pskb = skb; ··· 303 302 if (ether_addr_equal(p->br->dev->dev_addr, dest)) 304 303 skb->pkt_type = PACKET_HOST; 305 304 306 306 - NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, 305 305 + NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, NULL, skb, 306 306 + skb->dev, NULL, 307 307 br_handle_frame_finish); 308 308 break; 309 309 default:

+2 -1

net/bridge/br_multicast.c

reviewed

··· 814 814 815 815 if (port) { 816 816 skb->dev = port->dev; 817 817 - NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 817 817 + NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, NULL, skb, 818 818 + NULL, skb->dev, 818 819 br_dev_queue_push_xmit); 819 820 } else { 820 821 br_multicast_select_own_querier(br, ip, skb);

+31 -25

net/bridge/br_netfilter.c

reviewed

··· 261 261 /* PF_BRIDGE/PRE_ROUTING *********************************************/ 262 262 /* Undo the changes made for ip6tables PREROUTING and continue the 263 263 * bridge PRE_ROUTING hook. */ 264 264 - static int br_nf_pre_routing_finish_ipv6(struct sk_buff *skb) 264 264 + static int br_nf_pre_routing_finish_ipv6(struct sock *sk, struct sk_buff *skb) 265 265 { 266 266 struct nf_bridge_info *nf_bridge = skb->nf_bridge; 267 267 struct rtable *rt; ··· 282 282 skb->dev = nf_bridge->physindev; 283 283 nf_bridge_update_protocol(skb); 284 284 nf_bridge_push_encap_header(skb); 285 285 - NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, 285 285 + NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, sk, skb, 286 286 + skb->dev, NULL, 286 287 br_handle_frame_finish, 1); 287 288 288 289 return 0; ··· 294 293 * don't, we use the neighbour framework to find out. In both cases, we make 295 294 * sure that br_handle_frame_finish() is called afterwards. 296 295 */ 297 297 - static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb) 296 296 + static int br_nf_pre_routing_finish_bridge(struct sock *sk, struct sk_buff *skb) 298 297 { 299 298 struct nf_bridge_info *nf_bridge = skb->nf_bridge; 300 299 struct neighbour *neigh; ··· 311 310 if (neigh->hh.hh_len) { 312 311 neigh_hh_bridge(&neigh->hh, skb); 313 312 skb->dev = nf_bridge->physindev; 314 314 - ret = br_handle_frame_finish(skb); 313 313 + ret = br_handle_frame_finish(sk, skb); 315 314 } else { 316 315 /* the neighbour function below overwrites the complete 317 316 * MAC header, so we save the Ethernet source address and ··· 388 387 * device, we proceed as if ip_route_input() succeeded. If it differs from the 389 388 * logical bridge port or if ip_route_output_key() fails we drop the packet. 390 389 */ 391 391 - static int br_nf_pre_routing_finish(struct sk_buff *skb) 390 390 + static int br_nf_pre_routing_finish(struct sock *sk, struct sk_buff *skb) 392 391 { 393 392 struct net_device *dev = skb->dev; 394 393 struct iphdr *iph = ip_hdr(skb); ··· 441 440 nf_bridge_push_encap_header(skb); 442 441 NF_HOOK_THRESH(NFPROTO_BRIDGE, 443 442 NF_BR_PRE_ROUTING, 444 444 - skb, skb->dev, NULL, 443 443 + sk, skb, skb->dev, NULL, 445 444 br_nf_pre_routing_finish_bridge, 446 445 1); 447 446 return 0; ··· 461 460 skb->dev = nf_bridge->physindev; 462 461 nf_bridge_update_protocol(skb); 463 462 nf_bridge_push_encap_header(skb); 464 464 - NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, 463 463 + NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING, sk, skb, 464 464 + skb->dev, NULL, 465 465 br_handle_frame_finish, 1); 466 466 467 467 return 0; ··· 598 596 return NF_DROP; 599 597 600 598 skb->protocol = htons(ETH_P_IPV6); 601 601 - NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, 599 599 + NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, state->sk, skb, 600 600 + skb->dev, NULL, 602 601 br_nf_pre_routing_finish_ipv6); 603 602 604 603 return NF_STOLEN; ··· 654 651 655 652 skb->protocol = htons(ETH_P_IP); 656 653 657 657 - NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, 654 654 + NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, state->sk, skb, 655 655 + skb->dev, NULL, 658 656 br_nf_pre_routing_finish); 659 657 660 658 return NF_STOLEN; ··· 678 674 } 679 675 680 676 /* PF_BRIDGE/FORWARD *************************************************/ 681 681 - static int br_nf_forward_finish(struct sk_buff *skb) 677 677 + static int br_nf_forward_finish(struct sock *sk, struct sk_buff *skb) 682 678 { 683 679 struct nf_bridge_info *nf_bridge = skb->nf_bridge; 684 680 struct net_device *in; ··· 695 691 } 696 692 nf_bridge_push_encap_header(skb); 697 693 698 698 - NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_FORWARD, skb, in, 699 699 - skb->dev, br_forward_finish, 1); 694 694 + NF_HOOK_THRESH(NFPROTO_BRIDGE, NF_BR_FORWARD, sk, skb, 695 695 + in, skb->dev, br_forward_finish, 1); 700 696 return 0; 701 697 } 702 698 ··· 750 746 else 751 747 skb->protocol = htons(ETH_P_IPV6); 752 748 753 753 - NF_HOOK(pf, NF_INET_FORWARD, skb, brnf_get_logical_dev(skb, state->in), 749 749 + NF_HOOK(pf, NF_INET_FORWARD, NULL, skb, 750 750 + brnf_get_logical_dev(skb, state->in), 754 751 parent, br_nf_forward_finish); 755 752 756 753 return NF_STOLEN; ··· 785 780 return NF_ACCEPT; 786 781 } 787 782 *d = state->in; 788 788 - NF_HOOK(NFPROTO_ARP, NF_ARP_FORWARD, skb, state->in, 789 789 - state->out, br_nf_forward_finish); 783 783 + NF_HOOK(NFPROTO_ARP, NF_ARP_FORWARD, state->sk, skb, 784 784 + state->in, state->out, br_nf_forward_finish); 790 785 791 786 return NF_STOLEN; 792 787 } ··· 809 804 return true; 810 805 } 811 806 812 812 - static int br_nf_push_frag_xmit(struct sk_buff *skb) 807 807 + static int br_nf_push_frag_xmit(struct sock *sk, struct sk_buff *skb) 813 808 { 814 809 if (!nf_bridge_copy_header(skb)) { 815 810 kfree_skb(skb); 816 811 return 0; 817 812 } 818 813 819 819 - return br_dev_queue_push_xmit(skb); 814 814 + return br_dev_queue_push_xmit(sk, skb); 820 815 } 821 816 822 822 - static int br_nf_dev_queue_xmit(struct sk_buff *skb) 817 817 + static int br_nf_dev_queue_xmit(struct sock *sk, struct sk_buff *skb) 823 818 { 824 819 int ret; 825 820 int frag_max_size; 826 821 unsigned int mtu_reserved; 827 822 828 823 if (skb_is_gso(skb) || skb->protocol != htons(ETH_P_IP)) 829 829 - return br_dev_queue_push_xmit(skb); 824 824 + return br_dev_queue_push_xmit(sk, skb); 830 825 831 826 mtu_reserved = nf_bridge_mtu_reduction(skb); 832 827 /* This is wrong! We should preserve the original fragment ··· 838 833 /* Drop invalid packet */ 839 834 return NF_DROP; 840 835 IPCB(skb)->frag_max_size = frag_max_size; 841 841 - ret = ip_fragment(skb, br_nf_push_frag_xmit); 836 836 + ret = ip_fragment(sk, skb, br_nf_push_frag_xmit); 842 837 } else 843 843 - ret = br_dev_queue_push_xmit(skb); 838 838 + ret = br_dev_queue_push_xmit(sk, skb); 844 839 845 840 return ret; 846 841 } 847 842 #else 848 848 - static int br_nf_dev_queue_xmit(struct sk_buff *skb) 843 843 + static int br_nf_dev_queue_xmit(struct sock *sk, struct sk_buff *skb) 849 844 { 850 850 - return br_dev_queue_push_xmit(skb); 845 845 + return br_dev_queue_push_xmit(sk, skb); 851 846 } 852 847 #endif 853 848 ··· 892 887 else 893 888 skb->protocol = htons(ETH_P_IPV6); 894 889 895 895 - NF_HOOK(pf, NF_INET_POST_ROUTING, skb, NULL, realoutdev, 890 890 + NF_HOOK(pf, NF_INET_POST_ROUTING, state->sk, skb, 891 891 + NULL, realoutdev, 896 892 br_nf_dev_queue_xmit); 897 893 898 894 return NF_STOLEN; ··· 933 927 skb_copy_to_linear_data_offset(skb, -(ETH_HLEN-ETH_ALEN), 934 928 skb->nf_bridge->data, ETH_HLEN-ETH_ALEN); 935 929 skb->dev = nf_bridge->physindev; 936 936 - br_handle_frame_finish(skb); 930 930 + br_handle_frame_finish(NULL, skb); 937 931 } 938 932 939 933 static int br_nf_dev_xmit(struct sk_buff *skb)

+3 -3

net/bridge/br_private.h

reviewed

··· 410 410 411 411 /* br_forward.c */ 412 412 void br_deliver(const struct net_bridge_port *to, struct sk_buff *skb); 413 413 - int br_dev_queue_push_xmit(struct sk_buff *skb); 413 413 + int br_dev_queue_push_xmit(struct sock *sk, struct sk_buff *skb); 414 414 void br_forward(const struct net_bridge_port *to, 415 415 struct sk_buff *skb, struct sk_buff *skb0); 416 416 - int br_forward_finish(struct sk_buff *skb); 416 416 + int br_forward_finish(struct sock *sk, struct sk_buff *skb); 417 417 void br_flood_deliver(struct net_bridge *br, struct sk_buff *skb, bool unicast); 418 418 void br_flood_forward(struct net_bridge *br, struct sk_buff *skb, 419 419 struct sk_buff *skb2, bool unicast); ··· 431 431 void br_manage_promisc(struct net_bridge *br); 432 432 433 433 /* br_input.c */ 434 434 - int br_handle_frame_finish(struct sk_buff *skb); 434 434 + int br_handle_frame_finish(struct sock *sk, struct sk_buff *skb); 435 435 rx_handler_result_t br_handle_frame(struct sk_buff **pskb); 436 436 437 437 static inline bool br_rx_handler_check_rcu(const struct net_device *dev)

+3 -2

net/bridge/br_stp_bpdu.c

reviewed

··· 54 54 55 55 skb_reset_mac_header(skb); 56 56 57 57 - NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, 58 58 - dev_queue_xmit); 57 57 + NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_OUT, NULL, skb, 58 58 + NULL, skb->dev, 59 59 + dev_queue_xmit_sk); 59 60 } 60 61 61 62 static inline void br_set_ticks(unsigned char *dest, int j)

+5 -5

net/core/dev.c

reviewed

··· 2879 2879 * dev_loopback_xmit - loop back @skb 2880 2880 * @skb: buffer to transmit 2881 2881 */ 2882 2882 - int dev_loopback_xmit(struct sk_buff *skb) 2882 2882 + int dev_loopback_xmit(struct sock *sk, struct sk_buff *skb) 2883 2883 { 2884 2884 skb_reset_mac_header(skb); 2885 2885 __skb_pull(skb, skb_network_offset(skb)); ··· 3017 3017 return rc; 3018 3018 } 3019 3019 3020 3020 - int dev_queue_xmit(struct sk_buff *skb) 3020 3020 + int dev_queue_xmit_sk(struct sock *sk, struct sk_buff *skb) 3021 3021 { 3022 3022 return __dev_queue_xmit(skb, NULL); 3023 3023 } 3024 3024 - EXPORT_SYMBOL(dev_queue_xmit); 3024 3024 + EXPORT_SYMBOL(dev_queue_xmit_sk); 3025 3025 3026 3026 int dev_queue_xmit_accel(struct sk_buff *skb, void *accel_priv) 3027 3027 { ··· 3853 3853 * NET_RX_SUCCESS: no congestion 3854 3854 * NET_RX_DROP: packet was dropped 3855 3855 */ 3856 3856 - int netif_receive_skb(struct sk_buff *skb) 3856 3856 + int netif_receive_skb_sk(struct sock *sk, struct sk_buff *skb) 3857 3857 { 3858 3858 trace_netif_receive_skb_entry(skb); 3859 3859 3860 3860 return netif_receive_skb_internal(skb); 3861 3861 } 3862 3862 - EXPORT_SYMBOL(netif_receive_skb); 3862 3862 + EXPORT_SYMBOL(netif_receive_skb_sk); 3863 3863 3864 3864 /* Network device is going away, flush any packets still pending 3865 3865 * Called with irqs disabled.

+19 -16

net/decnet/dn_neigh.c

reviewed

··· 194 194 return err; 195 195 } 196 196 197 197 - static int dn_neigh_output_packet(struct sk_buff *skb) 197 197 + static int dn_neigh_output_packet(struct sock *sk, struct sk_buff *skb) 198 198 { 199 199 struct dst_entry *dst = skb_dst(skb); 200 200 struct dn_route *rt = (struct dn_route *)dst; ··· 206 206 /* 207 207 * For talking to broadcast devices: Ethernet & PPP 208 208 */ 209 209 - static int dn_long_output(struct neighbour *neigh, struct sk_buff *skb) 209 209 + static int dn_long_output(struct neighbour *neigh, struct sock *sk, 210 210 + struct sk_buff *skb) 210 211 { 211 212 struct net_device *dev = neigh->dev; 212 213 int headroom = dev->hard_header_len + sizeof(struct dn_long_packet) + 3; ··· 246 245 247 246 skb_reset_network_header(skb); 248 247 249 249 - return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING, skb, NULL, 250 250 - neigh->dev, dn_neigh_output_packet); 248 248 + return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING, sk, skb, 249 249 + NULL, neigh->dev, dn_neigh_output_packet); 251 250 } 252 251 253 252 /* 254 253 * For talking to pointopoint and multidrop devices: DDCMP and X.25 255 254 */ 256 256 - static int dn_short_output(struct neighbour *neigh, struct sk_buff *skb) 255 255 + static int dn_short_output(struct neighbour *neigh, struct sock *sk, 256 256 + struct sk_buff *skb) 257 257 { 258 258 struct net_device *dev = neigh->dev; 259 259 int headroom = dev->hard_header_len + sizeof(struct dn_short_packet) + 2; ··· 286 284 287 285 skb_reset_network_header(skb); 288 286 289 289 - return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING, skb, NULL, 290 290 - neigh->dev, dn_neigh_output_packet); 287 287 + return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING, sk, skb, 288 288 + NULL, neigh->dev, dn_neigh_output_packet); 291 289 } 292 290 293 291 /* ··· 295 293 * Phase 3 output is the same as short output, execpt that 296 294 * it clears the area bits before transmission. 297 295 */ 298 298 - static int dn_phase3_output(struct neighbour *neigh, struct sk_buff *skb) 296 296 + static int dn_phase3_output(struct neighbour *neigh, struct sock *sk, 297 297 + struct sk_buff *skb) 299 298 { 300 299 struct net_device *dev = neigh->dev; 301 300 int headroom = dev->hard_header_len + sizeof(struct dn_short_packet) + 2; ··· 327 324 328 325 skb_reset_network_header(skb); 329 326 330 330 - return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING, skb, NULL, 331 331 - neigh->dev, dn_neigh_output_packet); 327 327 + return NF_HOOK(NFPROTO_DECNET, NF_DN_POST_ROUTING, sk, skb, 328 328 + NULL, neigh->dev, dn_neigh_output_packet); 332 329 } 333 330 334 334 - int dn_to_neigh_output(struct sk_buff *skb) 331 331 + int dn_to_neigh_output(struct sock *sk, struct sk_buff *skb) 335 332 { 336 333 struct dst_entry *dst = skb_dst(skb); 337 334 struct dn_route *rt = (struct dn_route *) dst; ··· 350 347 rcu_read_unlock(); 351 348 352 349 if (dn->flags & DN_NDFLAG_P3) 353 353 - return dn_phase3_output(neigh, skb); 350 350 + return dn_phase3_output(neigh, sk, skb); 354 351 if (use_long) 355 355 - return dn_long_output(neigh, skb); 352 352 + return dn_long_output(neigh, sk, skb); 356 353 else 357 357 - return dn_short_output(neigh, skb); 354 354 + return dn_short_output(neigh, sk, skb); 358 355 } 359 356 360 357 /* ··· 375 372 /* 376 373 * Ethernet router hello message received 377 374 */ 378 378 - int dn_neigh_router_hello(struct sk_buff *skb) 375 375 + int dn_neigh_router_hello(struct sock *sk, struct sk_buff *skb) 379 376 { 380 377 struct rtnode_hello_message *msg = (struct rtnode_hello_message *)skb->data; 381 378 ··· 437 434 /* 438 435 * Endnode hello message received 439 436 */ 440 440 - int dn_neigh_endnode_hello(struct sk_buff *skb) 437 437 + int dn_neigh_endnode_hello(struct sock *sk, struct sk_buff *skb) 441 438 { 442 439 struct endnode_hello_message *msg = (struct endnode_hello_message *)skb->data; 443 440 struct neighbour *neigh;

+3 -2

net/decnet/dn_nsp_in.c

reviewed

··· 714 714 return ret; 715 715 } 716 716 717 717 - static int dn_nsp_rx_packet(struct sk_buff *skb) 717 717 + static int dn_nsp_rx_packet(struct sock *sk2, struct sk_buff *skb) 718 718 { 719 719 struct dn_skb_cb *cb = DN_SKB_CB(skb); 720 720 struct sock *sk = NULL; ··· 814 814 815 815 int dn_nsp_rx(struct sk_buff *skb) 816 816 { 817 817 - return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_IN, skb, skb->dev, NULL, 817 817 + return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_IN, NULL, skb, 818 818 + skb->dev, NULL, 818 819 dn_nsp_rx_packet); 819 820 } 820 821

+15 -11

net/decnet/dn_route.c

reviewed

··· 512 512 * 513 513 * Returns: result of input function if route is found, error code otherwise 514 514 */ 515 515 - static int dn_route_rx_packet(struct sk_buff *skb) 515 515 + static int dn_route_rx_packet(struct sock *sk, struct sk_buff *skb) 516 516 { 517 517 struct dn_skb_cb *cb; 518 518 int err; ··· 573 573 ptr++; 574 574 cb->hops = *ptr++; /* Visit Count */ 575 575 576 576 - return NF_HOOK(NFPROTO_DECNET, NF_DN_PRE_ROUTING, skb, skb->dev, NULL, 576 576 + return NF_HOOK(NFPROTO_DECNET, NF_DN_PRE_ROUTING, NULL, skb, 577 577 + skb->dev, NULL, 577 578 dn_route_rx_packet); 578 579 579 580 drop_it: ··· 601 600 ptr += 2; 602 601 cb->hops = *ptr & 0x3f; 603 602 604 604 - return NF_HOOK(NFPROTO_DECNET, NF_DN_PRE_ROUTING, skb, skb->dev, NULL, 603 603 + return NF_HOOK(NFPROTO_DECNET, NF_DN_PRE_ROUTING, NULL, skb, 604 604 + skb->dev, NULL, 605 605 dn_route_rx_packet); 606 606 607 607 drop_it: ··· 610 608 return NET_RX_DROP; 611 609 } 612 610 613 613 - static int dn_route_discard(struct sk_buff *skb) 611 611 + static int dn_route_discard(struct sock *sk, struct sk_buff *skb) 614 612 { 615 613 /* 616 614 * I know we drop the packet here, but thats considered success in ··· 620 618 return NET_RX_SUCCESS; 621 619 } 622 620 623 623 - static int dn_route_ptp_hello(struct sk_buff *skb) 621 621 + static int dn_route_ptp_hello(struct sock *sk, struct sk_buff *skb) 624 622 { 625 623 dn_dev_hello(skb); 626 624 dn_neigh_pointopoint_hello(skb); ··· 706 704 switch (flags & DN_RT_CNTL_MSK) { 707 705 case DN_RT_PKT_HELO: 708 706 return NF_HOOK(NFPROTO_DECNET, NF_DN_HELLO, 709 709 - skb, skb->dev, NULL, 707 707 + NULL, skb, skb->dev, NULL, 710 708 dn_route_ptp_hello); 711 709 712 710 case DN_RT_PKT_L1RT: 713 711 case DN_RT_PKT_L2RT: 714 712 return NF_HOOK(NFPROTO_DECNET, NF_DN_ROUTE, 715 715 - skb, skb->dev, NULL, 713 713 + NULL, skb, skb->dev, NULL, 716 714 dn_route_discard); 717 715 case DN_RT_PKT_ERTH: 718 716 return NF_HOOK(NFPROTO_DECNET, NF_DN_HELLO, 719 719 - skb, skb->dev, NULL, 717 717 + NULL, skb, skb->dev, NULL, 720 718 dn_neigh_router_hello); 721 719 722 720 case DN_RT_PKT_EEDH: 723 721 return NF_HOOK(NFPROTO_DECNET, NF_DN_HELLO, 724 724 - skb, skb->dev, NULL, 722 722 + NULL, skb, skb->dev, NULL, 725 723 dn_neigh_endnode_hello); 726 724 } 727 725 } else { ··· 770 768 cb->rt_flags |= DN_RT_F_IE; 771 769 cb->hops = 0; 772 770 773 773 - return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_OUT, skb, NULL, dev, 771 771 + return NF_HOOK(NFPROTO_DECNET, NF_DN_LOCAL_OUT, sk, skb, 772 772 + NULL, dev, 774 773 dn_to_neigh_output); 775 774 776 775 error: ··· 819 816 if (rt->rt_flags & RTCF_DOREDIRECT) 820 817 cb->rt_flags |= DN_RT_F_IE; 821 818 822 822 - return NF_HOOK(NFPROTO_DECNET, NF_DN_FORWARD, skb, dev, skb->dev, 819 819 + return NF_HOOK(NFPROTO_DECNET, NF_DN_FORWARD, NULL, skb, 820 820 + dev, skb->dev, 823 821 dn_to_neigh_output); 824 822 825 823 drop:

+6 -4

net/ipv4/arp.c

reviewed

··· 591 591 void arp_xmit(struct sk_buff *skb) 592 592 { 593 593 /* Send it off, maybe filter it using firewalling first. */ 594 594 - NF_HOOK(NFPROTO_ARP, NF_ARP_OUT, skb, NULL, skb->dev, dev_queue_xmit); 594 594 + NF_HOOK(NFPROTO_ARP, NF_ARP_OUT, NULL, skb, 595 595 + NULL, skb->dev, dev_queue_xmit_sk); 595 596 } 596 597 EXPORT_SYMBOL(arp_xmit); 597 598 ··· 626 625 * Process an arp request. 627 626 */ 628 627 629 629 - static int arp_process(struct sk_buff *skb) 628 628 + static int arp_process(struct sock *sk, struct sk_buff *skb) 630 629 { 631 630 struct net_device *dev = skb->dev; 632 631 struct in_device *in_dev = __in_dev_get_rcu(dev); ··· 847 846 848 847 static void parp_redo(struct sk_buff *skb) 849 848 { 850 850 - arp_process(skb); 849 849 + arp_process(NULL, skb); 851 850 } 852 851 853 852 ··· 880 879 881 880 memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); 882 881 883 883 - return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, skb, dev, NULL, arp_process); 882 882 + return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, NULL, skb, 883 883 + dev, NULL, arp_process); 884 884 885 885 consumeskb: 886 886 consume_skb(skb);

+4 -4

net/ipv4/ip_forward.c

reviewed

··· 57 57 } 58 58 59 59 60 60 - static int ip_forward_finish(struct sk_buff *skb) 60 60 + static int ip_forward_finish(struct sock *sk, struct sk_buff *skb) 61 61 { 62 62 struct ip_options *opt = &(IPCB(skb)->opt); 63 63 ··· 68 68 ip_forward_options(skb); 69 69 70 70 skb_sender_cpu_clear(skb); 71 71 - return dst_output(skb); 71 71 + return dst_output_sk(sk, skb); 72 72 } 73 73 74 74 int ip_forward(struct sk_buff *skb) ··· 136 136 137 137 skb->priority = rt_tos2priority(iph->tos); 138 138 139 139 - return NF_HOOK(NFPROTO_IPV4, NF_INET_FORWARD, skb, skb->dev, 140 140 - rt->dst.dev, ip_forward_finish); 139 139 + return NF_HOOK(NFPROTO_IPV4, NF_INET_FORWARD, NULL, skb, 140 140 + skb->dev, rt->dst.dev, ip_forward_finish); 141 141 142 142 sr_failed: 143 143 /*

+6 -4

net/ipv4/ip_input.c

reviewed

··· 187 187 return false; 188 188 } 189 189 190 190 - static int ip_local_deliver_finish(struct sk_buff *skb) 190 190 + static int ip_local_deliver_finish(struct sock *sk, struct sk_buff *skb) 191 191 { 192 192 struct net *net = dev_net(skb->dev); 193 193 ··· 253 253 return 0; 254 254 } 255 255 256 256 - return NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_IN, skb, skb->dev, NULL, 256 256 + return NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_IN, NULL, skb, 257 257 + skb->dev, NULL, 257 258 ip_local_deliver_finish); 258 259 } 259 260 ··· 310 309 int sysctl_ip_early_demux __read_mostly = 1; 311 310 EXPORT_SYMBOL(sysctl_ip_early_demux); 312 311 313 313 - static int ip_rcv_finish(struct sk_buff *skb) 312 312 + static int ip_rcv_finish(struct sock *sk, struct sk_buff *skb) 314 313 { 315 314 const struct iphdr *iph = ip_hdr(skb); 316 315 struct rtable *rt; ··· 452 451 /* Must drop socket now because of tproxy. */ 453 452 skb_orphan(skb); 454 453 455 455 - return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, dev, NULL, 454 454 + return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, NULL, skb, 455 455 + dev, NULL, 456 456 ip_rcv_finish); 457 457 458 458 csum_error:

+26 -19

net/ipv4/ip_output.c

reviewed

··· 91 91 } 92 92 EXPORT_SYMBOL(ip_send_check); 93 93 94 94 - int __ip_local_out(struct sk_buff *skb) 94 94 + int __ip_local_out_sk(struct sock *sk, struct sk_buff *skb) 95 95 { 96 96 struct iphdr *iph = ip_hdr(skb); 97 97 98 98 iph->tot_len = htons(skb->len); 99 99 ip_send_check(iph); 100 100 - return nf_hook(NFPROTO_IPV4, NF_INET_LOCAL_OUT, skb, NULL, 101 101 - skb_dst(skb)->dev, dst_output); 100 100 + return nf_hook(NFPROTO_IPV4, NF_INET_LOCAL_OUT, sk, skb, NULL, 101 101 + skb_dst(skb)->dev, dst_output_sk); 102 102 + } 103 103 + 104 104 + int __ip_local_out(struct sk_buff *skb) 105 105 + { 106 106 + return __ip_local_out_sk(skb->sk, skb); 102 107 } 103 108 104 109 int ip_local_out_sk(struct sock *sk, struct sk_buff *skb) ··· 168 163 } 169 164 EXPORT_SYMBOL_GPL(ip_build_and_send_pkt); 170 165 171 171 - static inline int ip_finish_output2(struct sk_buff *skb) 166 166 + static inline int ip_finish_output2(struct sock *sk, struct sk_buff *skb) 172 167 { 173 168 struct dst_entry *dst = skb_dst(skb); 174 169 struct rtable *rt = (struct rtable *)dst; ··· 216 211 return -EINVAL; 217 212 } 218 213 219 219 - static int ip_finish_output_gso(struct sk_buff *skb) 214 214 + static int ip_finish_output_gso(struct sock *sk, struct sk_buff *skb) 220 215 { 221 216 netdev_features_t features; 222 217 struct sk_buff *segs; ··· 225 220 /* common case: locally created skb or seglen is <= mtu */ 226 221 if (((IPCB(skb)->flags & IPSKB_FORWARDED) == 0) || 227 222 skb_gso_network_seglen(skb) <= ip_skb_dst_mtu(skb)) 228 228 - return ip_finish_output2(skb); 223 223 + return ip_finish_output2(sk, skb); 229 224 230 225 /* Slowpath - GSO segment length is exceeding the dst MTU. 231 226 * ··· 248 243 int err; 249 244 250 245 segs->next = NULL; 251 251 - err = ip_fragment(segs, ip_finish_output2); 246 246 + err = ip_fragment(sk, segs, ip_finish_output2); 252 247 253 248 if (err && ret == 0) 254 249 ret = err; ··· 258 253 return ret; 259 254 } 260 255 261 261 - static int ip_finish_output(struct sk_buff *skb) 256 256 + static int ip_finish_output(struct sock *sk, struct sk_buff *skb) 262 257 { 263 258 #if defined(CONFIG_NETFILTER) && defined(CONFIG_XFRM) 264 259 /* Policy lookup after SNAT yielded a new policy */ 265 260 if (skb_dst(skb)->xfrm) { 266 261 IPCB(skb)->flags |= IPSKB_REROUTED; 267 267 - return dst_output(skb); 262 262 + return dst_output_sk(sk, skb); 268 263 } 269 264 #endif 270 265 if (skb_is_gso(skb)) 271 271 - return ip_finish_output_gso(skb); 266 266 + return ip_finish_output_gso(sk, skb); 272 267 273 268 if (skb->len > ip_skb_dst_mtu(skb)) 274 274 - return ip_fragment(skb, ip_finish_output2); 269 269 + return ip_fragment(sk, skb, ip_finish_output2); 275 270 276 276 - return ip_finish_output2(skb); 271 271 + return ip_finish_output2(sk, skb); 277 272 } 278 273 279 274 int ip_mc_output(struct sock *sk, struct sk_buff *skb) ··· 312 307 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 313 308 if (newskb) 314 309 NF_HOOK(NFPROTO_IPV4, NF_INET_POST_ROUTING, 315 315 - newskb, NULL, newskb->dev, 310 310 + sk, newskb, NULL, newskb->dev, 316 311 dev_loopback_xmit); 317 312 } 318 313 ··· 327 322 if (rt->rt_flags&RTCF_BROADCAST) { 328 323 struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); 329 324 if (newskb) 330 330 - NF_HOOK(NFPROTO_IPV4, NF_INET_POST_ROUTING, newskb, 325 325 + NF_HOOK(NFPROTO_IPV4, NF_INET_POST_ROUTING, sk, newskb, 331 326 NULL, newskb->dev, dev_loopback_xmit); 332 327 } 333 328 334 334 - return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, skb, NULL, 329 329 + return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, sk, skb, NULL, 335 330 skb->dev, ip_finish_output, 336 331 !(IPCB(skb)->flags & IPSKB_REROUTED)); 337 332 } ··· 345 340 skb->dev = dev; 346 341 skb->protocol = htons(ETH_P_IP); 347 342 348 348 - return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, skb, NULL, dev, 343 343 + return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, sk, skb, 344 344 + NULL, dev, 349 345 ip_finish_output, 350 346 !(IPCB(skb)->flags & IPSKB_REROUTED)); 351 347 } ··· 486 480 * single device frame, and queue such a frame for sending. 487 481 */ 488 482 489 489 - int ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) 483 483 + int ip_fragment(struct sock *sk, struct sk_buff *skb, 484 484 + int (*output)(struct sock *, struct sk_buff *)) 490 485 { 491 486 struct iphdr *iph; 492 487 int ptr; ··· 600 593 ip_send_check(iph); 601 594 } 602 595 603 603 - err = output(skb); 596 596 + err = output(sk, skb); 604 597 605 598 if (!err) 606 599 IP_INC_STATS(dev_net(dev), IPSTATS_MIB_FRAGCREATES); ··· 737 730 738 731 ip_send_check(iph); 739 732 740 740 - err = output(skb2); 733 733 + err = output(sk, skb2); 741 734 if (err) 742 735 goto fail; 743 736

+4 -3

net/ipv4/ipmr.c

reviewed

··· 1679 1679 nf_reset(skb); 1680 1680 } 1681 1681 1682 1682 - static inline int ipmr_forward_finish(struct sk_buff *skb) 1682 1682 + static inline int ipmr_forward_finish(struct sock *sk, struct sk_buff *skb) 1683 1683 { 1684 1684 struct ip_options *opt = &(IPCB(skb)->opt); 1685 1685 ··· 1689 1689 if (unlikely(opt->optlen)) 1690 1690 ip_forward_options(skb); 1691 1691 1692 1692 - return dst_output(skb); 1692 1692 + return dst_output_sk(sk, skb); 1693 1693 } 1694 1694 1695 1695 /* ··· 1788 1788 * not mrouter) cannot join to more than one interface - it will 1789 1789 * result in receiving multiple packets. 1790 1790 */ 1791 1791 - NF_HOOK(NFPROTO_IPV4, NF_INET_FORWARD, skb, skb->dev, dev, 1791 1791 + NF_HOOK(NFPROTO_IPV4, NF_INET_FORWARD, NULL, skb, 1792 1792 + skb->dev, dev, 1792 1793 ipmr_forward_finish); 1793 1794 return; 1794 1795

+2 -2

net/ipv4/raw.c

reviewed

··· 412 412 icmp_out_count(net, ((struct icmphdr *) 413 413 skb_transport_header(skb))->type); 414 414 415 415 - err = NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, skb, NULL, 416 416 - rt->dst.dev, dst_output); 415 415 + err = NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, sk, skb, 416 416 + NULL, rt->dst.dev, dst_output_sk); 417 417 if (err > 0) 418 418 err = net_xmit_errno(err); 419 419 if (err)

+3 -2

net/ipv4/xfrm4_input.c

reviewed

··· 22 22 return xfrm4_extract_header(skb); 23 23 } 24 24 25 25 - static inline int xfrm4_rcv_encap_finish(struct sk_buff *skb) 25 25 + static inline int xfrm4_rcv_encap_finish(struct sock *sk, struct sk_buff *skb) 26 26 { 27 27 if (!skb_dst(skb)) { 28 28 const struct iphdr *iph = ip_hdr(skb); ··· 52 52 iph->tot_len = htons(skb->len); 53 53 ip_send_check(iph); 54 54 55 55 - NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, 55 55 + NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, NULL, skb, 56 56 + skb->dev, NULL, 56 57 xfrm4_rcv_encap_finish); 57 58 return 0; 58 59 }

+6 -6

net/ipv4/xfrm4_output.c

reviewed

··· 69 69 } 70 70 EXPORT_SYMBOL(xfrm4_prepare_output); 71 71 72 72 - int xfrm4_output_finish(struct sk_buff *skb) 72 72 + int xfrm4_output_finish(struct sock *sk, struct sk_buff *skb) 73 73 { 74 74 memset(IPCB(skb), 0, sizeof(*IPCB(skb))); 75 75 ··· 77 77 IPCB(skb)->flags |= IPSKB_XFRM_TRANSFORMED; 78 78 #endif 79 79 80 80 - return xfrm_output(skb); 80 80 + return xfrm_output(sk, skb); 81 81 } 82 82 83 83 - static int __xfrm4_output(struct sk_buff *skb) 83 83 + static int __xfrm4_output(struct sock *sk, struct sk_buff *skb) 84 84 { 85 85 struct xfrm_state *x = skb_dst(skb)->xfrm; 86 86 87 87 #ifdef CONFIG_NETFILTER 88 88 if (!x) { 89 89 IPCB(skb)->flags |= IPSKB_REROUTED; 90 90 - return dst_output(skb); 90 90 + return dst_output_sk(sk, skb); 91 91 } 92 92 #endif 93 93 94 94 - return x->outer_mode->afinfo->output_finish(skb); 94 94 + return x->outer_mode->afinfo->output_finish(sk, skb); 95 95 } 96 96 97 97 int xfrm4_output(struct sock *sk, struct sk_buff *skb) 98 98 { 99 99 - return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, skb, 99 99 + return NF_HOOK_COND(NFPROTO_IPV4, NF_INET_POST_ROUTING, sk, skb, 100 100 NULL, skb_dst(skb)->dev, __xfrm4_output, 101 101 !(IPCB(skb)->flags & IPSKB_REROUTED)); 102 102 }

+6 -5

net/ipv6/ip6_input.c

reviewed

··· 46 46 #include <net/xfrm.h> 47 47 #include <net/inet_ecn.h> 48 48 49 49 - 50 50 - int ip6_rcv_finish(struct sk_buff *skb) 49 49 + int ip6_rcv_finish(struct sock *sk, struct sk_buff *skb) 51 50 { 52 51 if (sysctl_ip_early_demux && !skb_dst(skb) && skb->sk == NULL) { 53 52 const struct inet6_protocol *ipprot; ··· 182 183 /* Must drop socket now because of tproxy. */ 183 184 skb_orphan(skb); 184 185 185 185 - return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, skb, dev, NULL, 186 186 + return NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, NULL, skb, 187 187 + dev, NULL, 186 188 ip6_rcv_finish); 187 189 err: 188 190 IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INHDRERRORS); ··· 198 198 */ 199 199 200 200 201 201 - static int ip6_input_finish(struct sk_buff *skb) 201 201 + static int ip6_input_finish(struct sock *sk, struct sk_buff *skb) 202 202 { 203 203 struct net *net = dev_net(skb_dst(skb)->dev); 204 204 const struct inet6_protocol *ipprot; ··· 277 277 278 278 int ip6_input(struct sk_buff *skb) 279 279 { 280 280 - return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_IN, skb, skb->dev, NULL, 280 280 + return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_IN, NULL, skb, 281 281 + skb->dev, NULL, 281 282 ip6_input_finish); 282 283 } 283 284

+18 -15

net/ipv6/ip6_output.c

reviewed

··· 56 56 #include <net/checksum.h> 57 57 #include <linux/mroute6.h> 58 58 59 59 - static int ip6_finish_output2(struct sk_buff *skb) 59 59 + static int ip6_finish_output2(struct sock *sk, struct sk_buff *skb) 60 60 { 61 61 struct dst_entry *dst = skb_dst(skb); 62 62 struct net_device *dev = dst->dev; ··· 70 70 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { 71 71 struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); 72 72 73 73 - if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(skb->sk) && 73 73 + if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) && 74 74 ((mroute6_socket(dev_net(dev), skb) && 75 75 !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) || 76 76 ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr, ··· 82 82 */ 83 83 if (newskb) 84 84 NF_HOOK(NFPROTO_IPV6, NF_INET_POST_ROUTING, 85 85 - newskb, NULL, newskb->dev, 85 85 + sk, newskb, NULL, newskb->dev, 86 86 dev_loopback_xmit); 87 87 88 88 if (ipv6_hdr(skb)->hop_limit == 0) { ··· 122 122 return -EINVAL; 123 123 } 124 124 125 125 - static int ip6_finish_output(struct sk_buff *skb) 125 125 + static int ip6_finish_output(struct sock *sk, struct sk_buff *skb) 126 126 { 127 127 if ((skb->len > ip6_skb_dst_mtu(skb) && !skb_is_gso(skb)) || 128 128 dst_allfrag(skb_dst(skb)) || 129 129 (IP6CB(skb)->frag_max_size && skb->len > IP6CB(skb)->frag_max_size)) 130 130 - return ip6_fragment(skb, ip6_finish_output2); 130 130 + return ip6_fragment(sk, skb, ip6_finish_output2); 131 131 else 132 132 - return ip6_finish_output2(skb); 132 132 + return ip6_finish_output2(sk, skb); 133 133 } 134 134 135 135 int ip6_output(struct sock *sk, struct sk_buff *skb) ··· 143 143 return 0; 144 144 } 145 145 146 146 - return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, NULL, dev, 146 146 + return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, sk, skb, 147 147 + NULL, dev, 147 148 ip6_finish_output, 148 149 !(IP6CB(skb)->flags & IP6SKB_REROUTED)); 149 150 } ··· 224 223 if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) { 225 224 IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)), 226 225 IPSTATS_MIB_OUT, skb->len); 227 227 - return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, 228 228 - dst->dev, dst_output); 226 226 + return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, sk, skb, 227 227 + NULL, dst->dev, dst_output_sk); 229 228 } 230 229 231 230 skb->dev = dst->dev; ··· 317 316 return 0; 318 317 } 319 318 320 320 - static inline int ip6_forward_finish(struct sk_buff *skb) 319 319 + static inline int ip6_forward_finish(struct sock *sk, struct sk_buff *skb) 321 320 { 322 321 skb_sender_cpu_clear(skb); 323 323 - return dst_output(skb); 322 322 + return dst_output_sk(sk, skb); 324 323 } 325 324 326 325 static unsigned int ip6_dst_mtu_forward(const struct dst_entry *dst) ··· 512 511 513 512 IP6_INC_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTFORWDATAGRAMS); 514 513 IP6_ADD_STATS_BH(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTOCTETS, skb->len); 515 515 - return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, skb, skb->dev, dst->dev, 514 514 + return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, NULL, skb, 515 515 + skb->dev, dst->dev, 516 516 ip6_forward_finish); 517 517 518 518 error: ··· 540 538 skb_copy_secmark(to, from); 541 539 } 542 540 543 543 - int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) 541 541 + int ip6_fragment(struct sock *sk, struct sk_buff *skb, 542 542 + int (*output)(struct sock *, struct sk_buff *)) 544 543 { 545 544 struct sk_buff *frag; 546 545 struct rt6_info *rt = (struct rt6_info *)skb_dst(skb); ··· 670 667 ip6_copy_metadata(frag, skb); 671 668 } 672 669 673 673 - err = output(skb); 670 670 + err = output(sk, skb); 674 671 if (!err) 675 672 IP6_INC_STATS(net, ip6_dst_idev(&rt->dst), 676 673 IPSTATS_MIB_FRAGCREATES); ··· 803 800 /* 804 801 * Put this fragment into the sending queue. 805 802 */ 806 806 - err = output(frag); 803 803 + err = output(sk, frag); 807 804 if (err) 808 805 goto fail; 809 806

+4 -3

net/ipv6/ip6mr.c

reviewed

··· 1986 1986 } 1987 1987 #endif 1988 1988 1989 1989 - static inline int ip6mr_forward2_finish(struct sk_buff *skb) 1989 1989 + static inline int ip6mr_forward2_finish(struct sock *sk, struct sk_buff *skb) 1990 1990 { 1991 1991 IP6_INC_STATS_BH(dev_net(skb_dst(skb)->dev), ip6_dst_idev(skb_dst(skb)), 1992 1992 IPSTATS_MIB_OUTFORWDATAGRAMS); 1993 1993 IP6_ADD_STATS_BH(dev_net(skb_dst(skb)->dev), ip6_dst_idev(skb_dst(skb)), 1994 1994 IPSTATS_MIB_OUTOCTETS, skb->len); 1995 1995 - return dst_output(skb); 1995 1995 + return dst_output_sk(sk, skb); 1996 1996 } 1997 1997 1998 1998 /* ··· 2064 2064 2065 2065 IP6CB(skb)->flags |= IP6SKB_FORWARDED; 2066 2066 2067 2067 - return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, skb, skb->dev, dev, 2067 2067 + return NF_HOOK(NFPROTO_IPV6, NF_INET_FORWARD, NULL, skb, 2068 2068 + skb->dev, dev, 2068 2069 ip6mr_forward2_finish); 2069 2070 2070 2071 out_free:

+5 -4

net/ipv6/mcast.c

reviewed

··· 1644 1644 1645 1645 payload_len = skb->len; 1646 1646 1647 1647 - err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev, 1648 1648 - dst_output); 1647 1647 + err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, 1648 1648 + net->ipv6.igmp_sk, skb, NULL, skb->dev, 1649 1649 + dst_output_sk); 1649 1650 out: 1650 1651 if (!err) { 1651 1652 ICMP6MSGOUT_INC_STATS(net, idev, ICMPV6_MLD2_REPORT); ··· 2008 2007 } 2009 2008 2010 2009 skb_dst_set(skb, dst); 2011 2011 - err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, skb->dev, 2012 2012 - dst_output); 2010 2010 + err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, sk, skb, 2011 2011 + NULL, skb->dev, dst_output_sk); 2013 2012 out: 2014 2013 if (!err) { 2015 2014 ICMP6MSGOUT_INC_STATS(net, idev, type);

+3 -2

net/ipv6/ndisc.c

reviewed

··· 463 463 idev = __in6_dev_get(dst->dev); 464 464 IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); 465 465 466 466 - err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, dst->dev, 467 467 - dst_output); 466 466 + err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, sk, skb, 467 467 + NULL, dst->dev, 468 468 + dst_output_sk); 468 469 if (!err) { 469 470 ICMP6MSGOUT_INC_STATS(net, idev, type); 470 471 ICMP6_INC_STATS(net, idev, ICMP6_MIB_OUTMSGS);

+1 -1

net/ipv6/netfilter/nf_defrag_ipv6_hooks.c

reviewed

··· 75 75 76 76 nf_ct_frag6_consume_orig(reasm); 77 77 78 78 - NF_HOOK_THRESH(NFPROTO_IPV6, ops->hooknum, reasm, 78 78 + NF_HOOK_THRESH(NFPROTO_IPV6, ops->hooknum, state->sk, reasm, 79 79 state->in, state->out, 80 80 state->okfn, NF_IP6_PRI_CONNTRACK_DEFRAG + 1); 81 81

+2 -2

net/ipv6/output_core.c

reviewed

··· 146 146 ipv6_hdr(skb)->payload_len = htons(len); 147 147 IP6CB(skb)->nhoff = offsetof(struct ipv6hdr, nexthdr); 148 148 149 149 - return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, 150 150 - skb_dst(skb)->dev, dst_output); 149 149 + return nf_hook(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb->sk, skb, 150 150 + NULL, skb_dst(skb)->dev, dst_output_sk); 151 151 } 152 152 EXPORT_SYMBOL_GPL(__ip6_local_out); 153 153

+2 -2

net/ipv6/raw.c

reviewed

··· 652 652 goto error_fault; 653 653 654 654 IP6_UPD_PO_STATS(sock_net(sk), rt->rt6i_idev, IPSTATS_MIB_OUT, skb->len); 655 655 - err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, skb, NULL, 656 656 - rt->dst.dev, dst_output); 655 655 + err = NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, sk, skb, 656 656 + NULL, rt->dst.dev, dst_output_sk); 657 657 if (err > 0) 658 658 err = net_xmit_errno(err); 659 659 if (err)

+2 -1

net/ipv6/xfrm6_input.c

reviewed

··· 42 42 ipv6_hdr(skb)->payload_len = htons(skb->len); 43 43 __skb_push(skb, skb->data - skb_network_header(skb)); 44 44 45 45 - NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, skb, skb->dev, NULL, 45 45 + NF_HOOK(NFPROTO_IPV6, NF_INET_PRE_ROUTING, NULL, skb, 46 46 + skb->dev, NULL, 46 47 ip6_rcv_finish); 47 48 return -1; 48 49 }

+8 -7

net/ipv6/xfrm6_output.c

reviewed

··· 120 120 } 121 121 EXPORT_SYMBOL(xfrm6_prepare_output); 122 122 123 123 - int xfrm6_output_finish(struct sk_buff *skb) 123 123 + int xfrm6_output_finish(struct sock *sk, struct sk_buff *skb) 124 124 { 125 125 memset(IP6CB(skb), 0, sizeof(*IP6CB(skb))); 126 126 ··· 128 128 IP6CB(skb)->flags |= IP6SKB_XFRM_TRANSFORMED; 129 129 #endif 130 130 131 131 - return xfrm_output(skb); 131 131 + return xfrm_output(sk, skb); 132 132 } 133 133 134 134 - static int __xfrm6_output(struct sk_buff *skb) 134 134 + static int __xfrm6_output(struct sock *sk, struct sk_buff *skb) 135 135 { 136 136 struct dst_entry *dst = skb_dst(skb); 137 137 struct xfrm_state *x = dst->xfrm; ··· 140 140 #ifdef CONFIG_NETFILTER 141 141 if (!x) { 142 142 IP6CB(skb)->flags |= IP6SKB_REROUTED; 143 143 - return dst_output(skb); 143 143 + return dst_output_sk(sk, skb); 144 144 } 145 145 #endif 146 146 ··· 160 160 if (x->props.mode == XFRM_MODE_TUNNEL && 161 161 ((skb->len > mtu && !skb_is_gso(skb)) || 162 162 dst_allfrag(skb_dst(skb)))) { 163 163 - return ip6_fragment(skb, x->outer_mode->afinfo->output_finish); 163 163 + return ip6_fragment(sk, skb, 164 164 + x->outer_mode->afinfo->output_finish); 164 165 } 165 165 - return x->outer_mode->afinfo->output_finish(skb); 166 166 + return x->outer_mode->afinfo->output_finish(sk, skb); 166 167 } 167 168 168 169 int xfrm6_output(struct sock *sk, struct sk_buff *skb) 169 170 { 170 170 - return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, skb, 171 171 + return NF_HOOK_COND(NFPROTO_IPV6, NF_INET_POST_ROUTING, sk, skb, 171 172 NULL, skb_dst(skb)->dev, __xfrm6_output, 172 173 !(IP6CB(skb)->flags & IP6SKB_REROUTED)); 173 174 }

+4 -4

net/netfilter/ipvs/ip_vs_xmit.c

reviewed

··· 536 536 ip_vs_update_conntrack(skb, cp, 1); 537 537 if (!local) { 538 538 skb_forward_csum(skb); 539 539 - NF_HOOK(pf, NF_INET_LOCAL_OUT, skb, NULL, skb_dst(skb)->dev, 540 540 - dst_output); 539 539 + NF_HOOK(pf, NF_INET_LOCAL_OUT, NULL, skb, 540 540 + NULL, skb_dst(skb)->dev, dst_output_sk); 541 541 } else 542 542 ret = NF_ACCEPT; 543 543 return ret; ··· 554 554 ip_vs_notrack(skb); 555 555 if (!local) { 556 556 skb_forward_csum(skb); 557 557 - NF_HOOK(pf, NF_INET_LOCAL_OUT, skb, NULL, skb_dst(skb)->dev, 558 558 - dst_output); 557 557 + NF_HOOK(pf, NF_INET_LOCAL_OUT, NULL, skb, 558 558 + NULL, skb_dst(skb)->dev, dst_output_sk); 559 559 } else 560 560 ret = NF_ACCEPT; 561 561 return ret;

+1 -1

net/netfilter/nf_queue.c

reviewed

··· 202 202 case NF_ACCEPT: 203 203 case NF_STOP: 204 204 local_bh_disable(); 205 205 - entry->state.okfn(skb); 205 205 + entry->state.okfn(entry->state.sk, skb); 206 206 local_bh_enable(); 207 207 break; 208 208 case NF_QUEUE:

+8 -8

net/xfrm/xfrm_output.c

reviewed

··· 19 19 #include <net/dst.h> 20 20 #include <net/xfrm.h> 21 21 22 22 - static int xfrm_output2(struct sk_buff *skb); 22 22 + static int xfrm_output2(struct sock *sk, struct sk_buff *skb); 23 23 24 24 static int xfrm_skb_check_space(struct sk_buff *skb) 25 25 { ··· 130 130 return dst_output(skb); 131 131 132 132 err = nf_hook(skb_dst(skb)->ops->family, 133 133 - NF_INET_POST_ROUTING, skb, 133 133 + NF_INET_POST_ROUTING, skb->sk, skb, 134 134 NULL, skb_dst(skb)->dev, xfrm_output2); 135 135 if (unlikely(err != 1)) 136 136 goto out; ··· 144 144 } 145 145 EXPORT_SYMBOL_GPL(xfrm_output_resume); 146 146 147 147 - static int xfrm_output2(struct sk_buff *skb) 147 147 + static int xfrm_output2(struct sock *sk, struct sk_buff *skb) 148 148 { 149 149 return xfrm_output_resume(skb, 1); 150 150 } 151 151 152 152 - static int xfrm_output_gso(struct sk_buff *skb) 152 152 + static int xfrm_output_gso(struct sock *sk, struct sk_buff *skb) 153 153 { 154 154 struct sk_buff *segs; 155 155 ··· 165 165 int err; 166 166 167 167 segs->next = NULL; 168 168 - err = xfrm_output2(segs); 168 168 + err = xfrm_output2(sk, segs); 169 169 170 170 if (unlikely(err)) { 171 171 kfree_skb_list(nskb); ··· 178 178 return 0; 179 179 } 180 180 181 181 - int xfrm_output(struct sk_buff *skb) 181 181 + int xfrm_output(struct sock *sk, struct sk_buff *skb) 182 182 { 183 183 struct net *net = dev_net(skb_dst(skb)->dev); 184 184 int err; 185 185 186 186 if (skb_is_gso(skb)) 187 187 - return xfrm_output_gso(skb); 187 187 + return xfrm_output_gso(sk, skb); 188 188 189 189 if (skb->ip_summed == CHECKSUM_PARTIAL) { 190 190 err = skb_checksum_help(skb); ··· 195 195 } 196 196 } 197 197 198 198 - return xfrm_output2(skb); 198 198 + return xfrm_output2(sk, skb); 199 199 } 200 200 EXPORT_SYMBOL_GPL(xfrm_output); 201 201