From 58dbc6f2604a2cbff9e6ec144d1bb9d000a1a1ec Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:01:41 -0500 Subject: ipvs: Store ipvs not net in struct ip_vs_conn In practice struct netns_ipvs is as meaningful as struct net and more useful as it holds the ipvs specific data. So store a pointer to struct netns_ipvs. Update the accesses of conn->net to access conn->ipvs->net instead. Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 31 +------------------------------ 1 file changed, 1 insertion(+), 30 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 1096a71ab6ed..3bf6da8fdaf1 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -572,9 +572,7 @@ struct ip_vs_conn { volatile __u32 flags; /* status flags */ __u16 protocol; /* Which protocol (TCP/UDP) */ __u16 daf; /* Address family of the dest */ -#ifdef CONFIG_NET_NS - struct net *net; /* Name space */ -#endif + struct netns_ipvs *ipvs; /* counter and timer */ atomic_t refcnt; /* reference count */ @@ -621,33 +619,6 @@ struct ip_vs_conn { struct rcu_head rcu_head; }; -/* To save some memory in conn table when name space is disabled. */ -static inline struct net *ip_vs_conn_net(const struct ip_vs_conn *cp) -{ -#ifdef CONFIG_NET_NS - return cp->net; -#else - return &init_net; -#endif -} - -static inline void ip_vs_conn_net_set(struct ip_vs_conn *cp, struct net *net) -{ -#ifdef CONFIG_NET_NS - cp->net = net; -#endif -} - -static inline int ip_vs_conn_net_eq(const struct ip_vs_conn *cp, - struct net *net) -{ -#ifdef CONFIG_NET_NS - return cp->net == net; -#else - return 1; -#endif -} - /* Extended internal versions of struct ip_vs_service_user and ip_vs_dest_user * for IPv6 support. * -- cgit v1.2.3 From e64e2b460cedadf93d05a23e9ad397cc0386568c Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:01:42 -0500 Subject: ipvs: Store ipvs not net in struct ip_vs_conn_param In practice struct netns_ipvs is as meaningful as struct net and more useful as it holds the ipvs specific data. So store a pointer to struct netns_ipvs. Update the accesses of param->net to access param->ipvs->net instead. When lookup up struct ip_vs_conn in a hash table replace comparisons of cp->net with comparisons of cp->ipvs which is possible now that ipvs is present in ip_vs_conn_param. Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 3bf6da8fdaf1..8cca99bbe15b 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -545,7 +545,7 @@ struct ip_vs_proto_data *ip_vs_proto_data_get(struct net *net, unsigned short proto); struct ip_vs_conn_param { - struct net *net; + struct netns_ipvs *ipvs; const union nf_inet_addr *caddr; const union nf_inet_addr *vaddr; __be16 cport; @@ -1208,7 +1208,7 @@ static inline void ip_vs_conn_fill_param(struct net *net, int af, int protocol, __be16 vport, struct ip_vs_conn_param *p) { - p->net = net; + p->ipvs = net_ipvs(net); p->af = af; p->protocol = protocol; p->caddr = caddr; -- cgit v1.2.3 From 19913dec1bc1d1aa5afe26db858507d4c3042665 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:01:43 -0500 Subject: ipvs: Pass ipvs not net to ip_vs_fill_conn ipvs is what is actually desired so change the parameter and the modify the callers to pass struct netns_ipvs. Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 8cca99bbe15b..83e2aea63db2 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1201,14 +1201,14 @@ enum { IP_VS_DIR_LAST, }; -static inline void ip_vs_conn_fill_param(struct net *net, int af, int protocol, +static inline void ip_vs_conn_fill_param(struct netns_ipvs *ipvs, int af, int protocol, const union nf_inet_addr *caddr, __be16 cport, const union nf_inet_addr *vaddr, __be16 vport, struct ip_vs_conn_param *p) { - p->ipvs = net_ipvs(net); + p->ipvs = ipvs; p->af = af; p->protocol = protocol; p->caddr = caddr; -- cgit v1.2.3 From 3109d2f2d1fe068f1cc3b1f74f5022ab4aef52a7 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:01:44 -0500 Subject: ipvs: Store ipvs not net in struct ip_vs_service In practice struct netns_ipvs is as meaningful as struct net and more useful as it holds the ipvs specific data. So store a pointer to struct netns_ipvs. Update the accesses of param->net to access param->ipvs->net instead. In functions where we are searching for an svc and filtering by net filter by ipvs instead. Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 83e2aea63db2..2c22380b9ad7 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -678,7 +678,7 @@ struct ip_vs_service { unsigned int flags; /* service status flags */ unsigned int timeout; /* persistent timeout in ticks */ __be32 netmask; /* grouping granularity, mask/plen */ - struct net *net; + struct netns_ipvs *ipvs; struct list_head destinations; /* real server d-linked list */ __u32 num_dests; /* number of servers */ -- cgit v1.2.3 From 0a4fd6ce92460ec325f7e56813645e4308da170e Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:01:49 -0500 Subject: ipvs: Pass ipvs not net to ip_vs_service_find Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 2c22380b9ad7..828b19b23e02 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1410,7 +1410,7 @@ extern struct ip_vs_stats ip_vs_stats; extern int sysctl_ip_vs_sync_ver; struct ip_vs_service * -ip_vs_service_find(struct net *net, int af, __u32 fwmark, __u16 protocol, +ip_vs_service_find(struct netns_ipvs *ipvs, int af, __u32 fwmark, __u16 protocol, const union nf_inet_addr *vaddr, __be16 vport); bool ip_vs_has_real_service(struct net *net, int af, __u16 protocol, -- cgit v1.2.3 From 48aed1b029597d5f33316b1e978392fe30814f8d Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:01:50 -0500 Subject: ipvs: Pass ipvs not net to ip_vs_has_real_service Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 828b19b23e02..b93ee28fb011 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1413,7 +1413,7 @@ struct ip_vs_service * ip_vs_service_find(struct netns_ipvs *ipvs, int af, __u32 fwmark, __u16 protocol, const union nf_inet_addr *vaddr, __be16 vport); -bool ip_vs_has_real_service(struct net *net, int af, __u16 protocol, +bool ip_vs_has_real_service(struct netns_ipvs *ipvs, int af, __u16 protocol, const union nf_inet_addr *daddr, __be16 dport); int ip_vs_use_count_inc(void); -- cgit v1.2.3 From dc2add6f2e35916afd6ffcd7819a06ce9b28063d Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:01:51 -0500 Subject: ipvs: Pass ipvs not net to ip_vs_find_dest Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index b93ee28fb011..b54a19eaa630 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1423,7 +1423,7 @@ void ip_vs_unregister_nl_ioctl(void); int ip_vs_control_init(void); void ip_vs_control_cleanup(void); struct ip_vs_dest * -ip_vs_find_dest(struct net *net, int svc_af, int dest_af, +ip_vs_find_dest(struct netns_ipvs *ipvs, int svc_af, int dest_af, const union nf_inet_addr *daddr, __be16 dport, const union nf_inet_addr *vaddr, __be16 vport, __u16 protocol, __u32 fwmark, __u32 flags); -- cgit v1.2.3 From 56d2169b7734f9b5cb2a4e66887ce6dc33d53632 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:01:58 -0500 Subject: ipvs: Pass ipvs not net to ip_vs_service_net_cleanup Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index b54a19eaa630..3c7040a313b5 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1335,7 +1335,7 @@ void ip_vs_protocol_net_cleanup(struct net *net); void ip_vs_control_net_cleanup(struct net *net); void ip_vs_estimator_net_cleanup(struct net *net); void ip_vs_sync_net_cleanup(struct net *net); -void ip_vs_service_net_cleanup(struct net *net); +void ip_vs_service_net_cleanup(struct netns_ipvs *ipvs); /* IPVS application functions * (from ip_vs_app.c) -- cgit v1.2.3 From 18d6ade63c8d796c272e2b4922d649cf108d7980 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:01 -0500 Subject: ipvs: Pass ipvs not net to ip_vs_proto_data_get Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 3c7040a313b5..3c077e8a038c 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -541,7 +541,7 @@ struct ip_vs_proto_data { }; struct ip_vs_protocol *ip_vs_proto_get(unsigned short proto); -struct ip_vs_proto_data *ip_vs_proto_data_get(struct net *net, +struct ip_vs_proto_data *ip_vs_proto_data_get(struct netns_ipvs *ipvs, unsigned short proto); struct ip_vs_conn_param { -- cgit v1.2.3 From 6ac121d710697cee894d6981b804583b0a66ed38 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:10 -0500 Subject: ipvs: Pass ipvs not net to start_sync_thread Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 3c077e8a038c..dd7cd3a48fd4 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1449,7 +1449,7 @@ static inline void ip_vs_dest_put_and_free(struct ip_vs_dest *dest) /* IPVS sync daemon data and function prototypes * (from ip_vs_sync.c) */ -int start_sync_thread(struct net *net, struct ipvs_sync_daemon_cfg *cfg, +int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg *cfg, int state); int stop_sync_thread(struct net *net, int state); void ip_vs_sync_conn(struct net *net, struct ip_vs_conn *cp, int pkts); -- cgit v1.2.3 From b3cf3cbfb57c273cf9f88230416fcc5b97287862 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:11 -0500 Subject: ipvs: Pass ipvs not net to stop_sync_thread Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index dd7cd3a48fd4..71f4d338c208 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1451,7 +1451,7 @@ static inline void ip_vs_dest_put_and_free(struct ip_vs_dest *dest) */ int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg *cfg, int state); -int stop_sync_thread(struct net *net, int state); +int stop_sync_thread(struct netns_ipvs *ipvs, int state); void ip_vs_sync_conn(struct net *net, struct ip_vs_conn *cp, int pkts); /* IPVS rate estimator prototypes (from ip_vs_est.c) */ -- cgit v1.2.3 From b61a8c1a40c2a9417eb6f710cce54353d195c9c7 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:17 -0500 Subject: ipvs: Pass ipvs not net to ip_vs_sync_conn Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 71f4d338c208..b10b337ce974 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1452,7 +1452,7 @@ static inline void ip_vs_dest_put_and_free(struct ip_vs_dest *dest) int start_sync_thread(struct netns_ipvs *ipvs, struct ipvs_sync_daemon_cfg *cfg, int state); int stop_sync_thread(struct netns_ipvs *ipvs, int state); -void ip_vs_sync_conn(struct net *net, struct ip_vs_conn *cp, int pkts); +void ip_vs_sync_conn(struct netns_ipvs *ipvs, struct ip_vs_conn *cp, int pkts); /* IPVS rate estimator prototypes (from ip_vs_est.c) */ void ip_vs_start_estimator(struct net *net, struct ip_vs_stats *stats); -- cgit v1.2.3 From 802cb43703d080bd6269578bf6747189b654cc24 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:20 -0500 Subject: ipvs: Pass ipvs not net to ip_vs_sync_net_init Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index b10b337ce974..47a4cddb7c33 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1328,7 +1328,7 @@ int ip_vs_control_net_init(struct net *net); int ip_vs_protocol_net_init(struct net *net); int ip_vs_app_net_init(struct net *net); int ip_vs_conn_net_init(struct net *net); -int ip_vs_sync_net_init(struct net *net); +int ip_vs_sync_net_init(struct netns_ipvs *ipvs); void ip_vs_conn_net_cleanup(struct net *net); void ip_vs_app_net_cleanup(struct net *net); void ip_vs_protocol_net_cleanup(struct net *net); -- cgit v1.2.3 From ebea1f7c0b8c0bb02045c87e4b548a31fc5612a6 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:21 -0500 Subject: ipvs: Pass ipvs not net to ip_vs_sync_net_cleanup Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 47a4cddb7c33..f3ddf7696d68 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1334,7 +1334,7 @@ void ip_vs_app_net_cleanup(struct net *net); void ip_vs_protocol_net_cleanup(struct net *net); void ip_vs_control_net_cleanup(struct net *net); void ip_vs_estimator_net_cleanup(struct net *net); -void ip_vs_sync_net_cleanup(struct net *net); +void ip_vs_sync_net_cleanup(struct netns_ipvs *ipvs); void ip_vs_service_net_cleanup(struct netns_ipvs *ipvs); /* IPVS application functions -- cgit v1.2.3 From 0f34d54bf48892f23e2abef2f9fd8d0237db4623 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:23 -0500 Subject: ipvs: Pass ipvs not net to ip_vs_start_estimator aned ip_vs_stop_estimator Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index f3ddf7696d68..2d49357b328c 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1455,8 +1455,8 @@ int stop_sync_thread(struct netns_ipvs *ipvs, int state); void ip_vs_sync_conn(struct netns_ipvs *ipvs, struct ip_vs_conn *cp, int pkts); /* IPVS rate estimator prototypes (from ip_vs_est.c) */ -void ip_vs_start_estimator(struct net *net, struct ip_vs_stats *stats); -void ip_vs_stop_estimator(struct net *net, struct ip_vs_stats *stats); +void ip_vs_start_estimator(struct netns_ipvs *ipvs, struct ip_vs_stats *stats); +void ip_vs_stop_estimator(struct netns_ipvs *ipvs, struct ip_vs_stats *stats); void ip_vs_zero_estimator(struct ip_vs_stats *stats); void ip_vs_read_estimator(struct ip_vs_kstats *dst, struct ip_vs_stats *stats); -- cgit v1.2.3 From 423b55954de222380a6b63c5b6ae7b6686e98e63 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:24 -0500 Subject: ipvs: Pass ipvs not net to ip_vs_random_drop_entry Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 2d49357b328c..c88a3bf85f98 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1258,7 +1258,7 @@ const char *ip_vs_state_name(__u16 proto, int state); void ip_vs_tcp_conn_listen(struct net *net, struct ip_vs_conn *cp); int ip_vs_check_template(struct ip_vs_conn *ct); -void ip_vs_random_dropentry(struct net *net); +void ip_vs_random_dropentry(struct netns_ipvs *ipvs); int ip_vs_conn_init(void); void ip_vs_conn_cleanup(void); -- cgit v1.2.3 From 3d99376689ee40d4e88c90d26588268a4fccb383 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:26 -0500 Subject: ipvs: Pass ipvs not net into ip_vs_control_net_(init|cleanup) Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index c88a3bf85f98..38c1fca0c1a7 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1324,7 +1324,7 @@ ip_vs_control_add(struct ip_vs_conn *cp, struct ip_vs_conn *ctl_cp) /* IPVS netns init & cleanup functions */ int ip_vs_estimator_net_init(struct net *net); -int ip_vs_control_net_init(struct net *net); +int ip_vs_control_net_init(struct netns_ipvs *ipvs); int ip_vs_protocol_net_init(struct net *net); int ip_vs_app_net_init(struct net *net); int ip_vs_conn_net_init(struct net *net); @@ -1332,7 +1332,7 @@ int ip_vs_sync_net_init(struct netns_ipvs *ipvs); void ip_vs_conn_net_cleanup(struct net *net); void ip_vs_app_net_cleanup(struct net *net); void ip_vs_protocol_net_cleanup(struct net *net); -void ip_vs_control_net_cleanup(struct net *net); +void ip_vs_control_net_cleanup(struct netns_ipvs *ipvs); void ip_vs_estimator_net_cleanup(struct net *net); void ip_vs_sync_net_cleanup(struct netns_ipvs *ipvs); void ip_vs_service_net_cleanup(struct netns_ipvs *ipvs); -- cgit v1.2.3 From a4dd0360c623e5beac011f3674ff7e13b35b5b05 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:28 -0500 Subject: ipvs: Pass ipvs not net to ip_vs_estimator_net_init and ip_vs_estimator_cleanup Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 38c1fca0c1a7..02734eaae679 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1323,7 +1323,7 @@ ip_vs_control_add(struct ip_vs_conn *cp, struct ip_vs_conn *ctl_cp) } /* IPVS netns init & cleanup functions */ -int ip_vs_estimator_net_init(struct net *net); +int ip_vs_estimator_net_init(struct netns_ipvs *ipvs); int ip_vs_control_net_init(struct netns_ipvs *ipvs); int ip_vs_protocol_net_init(struct net *net); int ip_vs_app_net_init(struct net *net); @@ -1333,7 +1333,7 @@ void ip_vs_conn_net_cleanup(struct net *net); void ip_vs_app_net_cleanup(struct net *net); void ip_vs_protocol_net_cleanup(struct net *net); void ip_vs_control_net_cleanup(struct netns_ipvs *ipvs); -void ip_vs_estimator_net_cleanup(struct net *net); +void ip_vs_estimator_net_cleanup(struct netns_ipvs *ipvs); void ip_vs_sync_net_cleanup(struct netns_ipvs *ipvs); void ip_vs_service_net_cleanup(struct netns_ipvs *ipvs); -- cgit v1.2.3 From 19648918fbf245ab2dda8c7842c9a83fd412ac35 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:29 -0500 Subject: ipvs: Pass ipvs not net into register_app and unregister_app Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 02734eaae679..a7275ae18b96 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -517,9 +517,9 @@ struct ip_vs_protocol { const struct sk_buff *skb, struct ip_vs_proto_data *pd); - int (*register_app)(struct net *net, struct ip_vs_app *inc); + int (*register_app)(struct netns_ipvs *ipvs, struct ip_vs_app *inc); - void (*unregister_app)(struct net *net, struct ip_vs_app *inc); + void (*unregister_app)(struct netns_ipvs *ipvs, struct ip_vs_app *inc); int (*app_conn_bind)(struct ip_vs_conn *cp); -- cgit v1.2.3 From 3250dc9c52045dd3f38297d1e189cc147a8db884 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:31 -0500 Subject: ipvs: Pass ipvs not net to register_ip_vs_app_inc Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index a7275ae18b96..c06bad39958d 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1345,7 +1345,7 @@ struct ip_vs_app *register_ip_vs_app(struct net *net, struct ip_vs_app *app); void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app); int ip_vs_bind_app(struct ip_vs_conn *cp, struct ip_vs_protocol *pp); void ip_vs_unbind_app(struct ip_vs_conn *cp); -int register_ip_vs_app_inc(struct net *net, struct ip_vs_app *app, __u16 proto, +int register_ip_vs_app_inc(struct netns_ipvs *ipvs, struct ip_vs_app *app, __u16 proto, __u16 port); int ip_vs_app_inc_get(struct ip_vs_app *inc); void ip_vs_app_inc_put(struct ip_vs_app *inc); -- cgit v1.2.3 From 9f8128a56ef241753ea038e92948fe13beacf59f Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:32 -0500 Subject: ipvs: Pass ipvs not net to register_ip_vs_app and unregister_ip_vs_app Also move the tests for net_ipvs being NULL into __ip_vs_ftp_init and __ip_vs_ftp_exit. The only places where they possibly make sense. Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index c06bad39958d..5caafed5af2e 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1341,8 +1341,8 @@ void ip_vs_service_net_cleanup(struct netns_ipvs *ipvs); * (from ip_vs_app.c) */ #define IP_VS_APP_MAX_PORTS 8 -struct ip_vs_app *register_ip_vs_app(struct net *net, struct ip_vs_app *app); -void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app); +struct ip_vs_app *register_ip_vs_app(struct netns_ipvs *ipvs, struct ip_vs_app *app); +void unregister_ip_vs_app(struct netns_ipvs *ipvs, struct ip_vs_app *app); int ip_vs_bind_app(struct ip_vs_conn *cp, struct ip_vs_protocol *pp); void ip_vs_unbind_app(struct ip_vs_conn *cp); int register_ip_vs_app_inc(struct netns_ipvs *ipvs, struct ip_vs_app *app, __u16 proto, -- cgit v1.2.3 From b5dd212cc147603372d39dbe52480d687c98da7d Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:34 -0500 Subject: ipvs: Pass ipvs not net into ip_vs_app_net_init and ip_vs_app_net_cleanup Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 5caafed5af2e..728a670d69fd 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1326,11 +1326,11 @@ ip_vs_control_add(struct ip_vs_conn *cp, struct ip_vs_conn *ctl_cp) int ip_vs_estimator_net_init(struct netns_ipvs *ipvs); int ip_vs_control_net_init(struct netns_ipvs *ipvs); int ip_vs_protocol_net_init(struct net *net); -int ip_vs_app_net_init(struct net *net); +int ip_vs_app_net_init(struct netns_ipvs *ipvs); int ip_vs_conn_net_init(struct net *net); int ip_vs_sync_net_init(struct netns_ipvs *ipvs); void ip_vs_conn_net_cleanup(struct net *net); -void ip_vs_app_net_cleanup(struct net *net); +void ip_vs_app_net_cleanup(struct netns_ipvs *ipvs); void ip_vs_protocol_net_cleanup(struct net *net); void ip_vs_control_net_cleanup(struct netns_ipvs *ipvs); void ip_vs_estimator_net_cleanup(struct netns_ipvs *ipvs); -- cgit v1.2.3 From 1281a9c2d181a932ae2f59f5711ae087a58f1c13 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:36 -0500 Subject: ipvs: Pass ipvs not net into init_netns and exit_netns Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 728a670d69fd..fe3373c9bb3b 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -483,9 +483,9 @@ struct ip_vs_protocol { void (*exit)(struct ip_vs_protocol *pp); - int (*init_netns)(struct net *net, struct ip_vs_proto_data *pd); + int (*init_netns)(struct netns_ipvs *ipvs, struct ip_vs_proto_data *pd); - void (*exit_netns)(struct net *net, struct ip_vs_proto_data *pd); + void (*exit_netns)(struct netns_ipvs *ipvs, struct ip_vs_proto_data *pd); int (*conn_schedule)(int af, struct sk_buff *skb, struct ip_vs_proto_data *pd, -- cgit v1.2.3 From ab161976421585812bcdab6592852b1b5b7dec1f Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:38 -0500 Subject: ipvs: Pass ipvs into .conn_in_get and ip_vs_conn_in_get_proto Stop relying on "net_ipvs(skb_net(skb))" to derive the ipvs as skb_net is a hack. Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index fe3373c9bb3b..5c26383542e3 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -493,7 +493,8 @@ struct ip_vs_protocol { struct ip_vs_iphdr *iph); struct ip_vs_conn * - (*conn_in_get)(int af, + (*conn_in_get)(struct netns_ipvs *ipvs, + int af, const struct sk_buff *skb, const struct ip_vs_iphdr *iph); @@ -1222,7 +1223,8 @@ static inline void ip_vs_conn_fill_param(struct netns_ipvs *ipvs, int af, int pr struct ip_vs_conn *ip_vs_conn_in_get(const struct ip_vs_conn_param *p); struct ip_vs_conn *ip_vs_ct_in_get(const struct ip_vs_conn_param *p); -struct ip_vs_conn * ip_vs_conn_in_get_proto(int af, const struct sk_buff *skb, +struct ip_vs_conn * ip_vs_conn_in_get_proto(struct netns_ipvs *ipvs, int af, + const struct sk_buff *skb, const struct ip_vs_iphdr *iph); struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p); -- cgit v1.2.3 From 0cf705c8c2e8333aff5b472cfff13f9542620500 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:39 -0500 Subject: ipvs: Pass ipvs into conn_out_get Move the hack of relying on "net_ipvs(skb_net(skb))" to derive the ipvs up a layer. Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 5c26383542e3..0ca436ef7dad 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -499,7 +499,8 @@ struct ip_vs_protocol { const struct ip_vs_iphdr *iph); struct ip_vs_conn * - (*conn_out_get)(int af, + (*conn_out_get)(struct netns_ipvs *ipvs, + int af, const struct sk_buff *skb, const struct ip_vs_iphdr *iph); @@ -1229,7 +1230,8 @@ struct ip_vs_conn * ip_vs_conn_in_get_proto(struct netns_ipvs *ipvs, int af, struct ip_vs_conn *ip_vs_conn_out_get(const struct ip_vs_conn_param *p); -struct ip_vs_conn * ip_vs_conn_out_get_proto(int af, const struct sk_buff *skb, +struct ip_vs_conn * ip_vs_conn_out_get_proto(struct netns_ipvs *ipvs, int af, + const struct sk_buff *skb, const struct ip_vs_iphdr *iph); /* Get reference to gain full access to conn. -- cgit v1.2.3 From 2f3edc6a5bb2a570f491e8e8a4a16526aff3675b Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:42 -0500 Subject: ipvs: Pass ipvs not net into ip_vs_conn_net_init and ip_vs_conn_net_cleanup Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 0ca436ef7dad..5ad04be64895 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1331,9 +1331,9 @@ int ip_vs_estimator_net_init(struct netns_ipvs *ipvs); int ip_vs_control_net_init(struct netns_ipvs *ipvs); int ip_vs_protocol_net_init(struct net *net); int ip_vs_app_net_init(struct netns_ipvs *ipvs); -int ip_vs_conn_net_init(struct net *net); +int ip_vs_conn_net_init(struct netns_ipvs *ipvs); int ip_vs_sync_net_init(struct netns_ipvs *ipvs); -void ip_vs_conn_net_cleanup(struct net *net); +void ip_vs_conn_net_cleanup(struct netns_ipvs *ipvs); void ip_vs_app_net_cleanup(struct netns_ipvs *ipvs); void ip_vs_protocol_net_cleanup(struct net *net); void ip_vs_control_net_cleanup(struct netns_ipvs *ipvs); -- cgit v1.2.3 From d8f44c335a1111d647f41e9fa6ae65b18db112e4 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:43 -0500 Subject: ipvs: Pass ipvs into .conn_schedule and ip_vs_try_to_schedule This moves the hack "net_ipvs(skb_net(skb))" up one level where it will be easier to remove. Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 5ad04be64895..c68c2c8ae48a 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -487,7 +487,8 @@ struct ip_vs_protocol { void (*exit_netns)(struct netns_ipvs *ipvs, struct ip_vs_proto_data *pd); - int (*conn_schedule)(int af, struct sk_buff *skb, + int (*conn_schedule)(struct netns_ipvs *ipvs, + int af, struct sk_buff *skb, struct ip_vs_proto_data *pd, int *verdict, struct ip_vs_conn **cpp, struct ip_vs_iphdr *iph); -- cgit v1.2.3 From 570329487437d4531eb806accdf98726923367ae Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:49 -0500 Subject: ipvs: Wrap sysctl_cache_bypass and remove ifdefs in ip_vs_leave With sysctl_cache_bypass now a compile time constant the compiler can figue out that it can elimiate all of the code that depends on sysctl_cache_bypass being true. Also remove the duplicate computation of net previously necessitated by #ifdef CONFIG_SYSCTL Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index c68c2c8ae48a..dacd873e8bb9 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1101,6 +1101,11 @@ static inline int sysctl_ignore_tunneled(struct netns_ipvs *ipvs) return ipvs->sysctl_ignore_tunneled; } +static inline int sysctl_cache_bypass(struct netns_ipvs *ipvs) +{ + return ipvs->sysctl_cache_bypass; +} + #else static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs) @@ -1183,6 +1188,11 @@ static inline int sysctl_ignore_tunneled(struct netns_ipvs *ipvs) return 0; } +static inline int sysctl_cache_bypass(struct netns_ipvs *ipvs) +{ + return 0; +} + #endif /* IPVS core functions -- cgit v1.2.3 From 69f390934b26154573fc7c360645ced8b0c7871a Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:57 -0500 Subject: ipvs: Remove net argument from ip_vs_tcp_conn_listen The argument is unnecessary and in practice confusing, and has caused the callers to do all manner of silly things. Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index dacd873e8bb9..f0a39ce3bf0e 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1271,7 +1271,7 @@ void ip_vs_conn_expire_now(struct ip_vs_conn *cp); const char *ip_vs_state_name(__u16 proto, int state); -void ip_vs_tcp_conn_listen(struct net *net, struct ip_vs_conn *cp); +void ip_vs_tcp_conn_listen(struct ip_vs_conn *cp); int ip_vs_check_template(struct ip_vs_conn *ct); void ip_vs_random_dropentry(struct netns_ipvs *ipvs); int ip_vs_conn_init(void); -- cgit v1.2.3 From 7d1f88eca0ae7228bdbd971f060603b3a1270693 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:58 -0500 Subject: ipvs: Pass ipvs not net to ip_vs_protocol_net_(init|cleanup) Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index f0a39ce3bf0e..00318d63a565 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -1340,13 +1340,13 @@ ip_vs_control_add(struct ip_vs_conn *cp, struct ip_vs_conn *ctl_cp) /* IPVS netns init & cleanup functions */ int ip_vs_estimator_net_init(struct netns_ipvs *ipvs); int ip_vs_control_net_init(struct netns_ipvs *ipvs); -int ip_vs_protocol_net_init(struct net *net); +int ip_vs_protocol_net_init(struct netns_ipvs *ipvs); int ip_vs_app_net_init(struct netns_ipvs *ipvs); int ip_vs_conn_net_init(struct netns_ipvs *ipvs); int ip_vs_sync_net_init(struct netns_ipvs *ipvs); void ip_vs_conn_net_cleanup(struct netns_ipvs *ipvs); void ip_vs_app_net_cleanup(struct netns_ipvs *ipvs); -void ip_vs_protocol_net_cleanup(struct net *net); +void ip_vs_protocol_net_cleanup(struct netns_ipvs *ipvs); void ip_vs_control_net_cleanup(struct netns_ipvs *ipvs); void ip_vs_estimator_net_cleanup(struct netns_ipvs *ipvs); void ip_vs_sync_net_cleanup(struct netns_ipvs *ipvs); -- cgit v1.2.3 From 7c6c21ee94452081a5219667851d2084a45c5009 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:02:59 -0500 Subject: ipvs: Remove skb_net This hack has no more users so remove it. Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 31 ------------------------------- 1 file changed, 31 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index 00318d63a565..d621330d423c 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -38,37 +38,6 @@ static inline struct netns_ipvs *net_ipvs(struct net* net) return net->ipvs; } -/* Get net ptr from skb in traffic cases - * use skb_sknet when call is from userland (ioctl or netlink) - */ -static inline struct net *skb_net(const struct sk_buff *skb) -{ -#ifdef CONFIG_NET_NS -#ifdef CONFIG_IP_VS_DEBUG - /* - * This is used for debug only. - * Start with the most likely hit - * End with BUG - */ - if (likely(skb->dev && dev_net(skb->dev))) - return dev_net(skb->dev); - if (skb_dst(skb) && skb_dst(skb)->dev) - return dev_net(skb_dst(skb)->dev); - WARN(skb->sk, "Maybe skb_sknet should be used in %s() at line:%d\n", - __func__, __LINE__); - if (likely(skb->sk && sock_net(skb->sk))) - return sock_net(skb->sk); - pr_err("There is no net ptr to find in the skb in %s() line:%d\n", - __func__, __LINE__); - BUG(); -#else - return dev_net(skb->dev ? : skb_dst(skb)->dev); -#endif -#else - return &init_net; -#endif -} - static inline struct net *skb_sknet(const struct sk_buff *skb) { #ifdef CONFIG_NET_NS -- cgit v1.2.3 From 9cfdd75b7c049895317aebb0e27f8112e7e31593 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Mon, 21 Sep 2015 13:03:00 -0500 Subject: ipvs: Remove skb_sknet This function adds no real value and it obscures what the code is doing. Signed-off-by: "Eric W. Biederman" Acked-by: Julian Anastasov Signed-off-by: Simon Horman --- include/net/ip_vs.h | 22 ---------------------- 1 file changed, 22 deletions(-) (limited to 'include') diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h index d621330d423c..0816c872b689 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -38,28 +38,6 @@ static inline struct netns_ipvs *net_ipvs(struct net* net) return net->ipvs; } -static inline struct net *skb_sknet(const struct sk_buff *skb) -{ -#ifdef CONFIG_NET_NS -#ifdef CONFIG_IP_VS_DEBUG - /* Start with the most likely hit */ - if (likely(skb->sk && sock_net(skb->sk))) - return sock_net(skb->sk); - WARN(skb->dev, "Maybe skb_net should be used instead in %s() line:%d\n", - __func__, __LINE__); - if (likely(skb->dev && dev_net(skb->dev))) - return dev_net(skb->dev); - pr_err("There is no net ptr to find in the skb in %s() line:%d\n", - __func__, __LINE__); - BUG(); -#else - return sock_net(skb->sk); -#endif -#else - return &init_net; -#endif -} - /* This one needed for single_open_net since net is stored directly in * private not as a struct i.e. seq_file_net can't be used. */ -- cgit v1.2.3 From 372892ec1151c895c7dec362f3246f089690cfc7 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Fri, 25 Sep 2015 15:07:27 -0500 Subject: ipv4: Push struct net down into nf_send_reset This is needed so struct net can be pushed down into ip_route_me_harder. Signed-off-by: "Eric W. Biederman" Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/ipv4/nf_reject.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/netfilter/ipv4/nf_reject.h b/include/net/netfilter/ipv4/nf_reject.h index 77862c3645f0..df7ecd806aba 100644 --- a/include/net/netfilter/ipv4/nf_reject.h +++ b/include/net/netfilter/ipv4/nf_reject.h @@ -6,7 +6,7 @@ #include void nf_send_unreach(struct sk_buff *skb_in, int code, int hook); -void nf_send_reset(struct sk_buff *oldskb, int hook); +void nf_send_reset(struct net *net, struct sk_buff *oldskb, int hook); const struct tcphdr *nf_reject_ip_tcphdr_get(struct sk_buff *oldskb, struct tcphdr *_oth, int hook); -- cgit v1.2.3 From d815d90bbbc08777c0e3a36f57b97fc4a4fb3150 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Fri, 25 Sep 2015 15:07:28 -0500 Subject: netfilter: Push struct net down into nf_afinfo.reroute The network namespace is needed when routing a packet. Stop making nf_afinfo.reroute guess which network namespace is the proper namespace to route the packet in. Signed-off-by: "Eric W. Biederman" Signed-off-by: Pablo Neira Ayuso --- include/linux/netfilter.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index 987c74cd523c..165ab2d14734 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -283,7 +283,7 @@ struct nf_afinfo { struct flowi *fl, bool strict); void (*saveroute)(const struct sk_buff *skb, struct nf_queue_entry *entry); - int (*reroute)(struct sk_buff *skb, + int (*reroute)(struct net *net, struct sk_buff *skb, const struct nf_queue_entry *entry); int route_key_size; }; -- cgit v1.2.3 From e45f50660ee5fd38a540afabb7c0f65d063db631 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Fri, 25 Sep 2015 15:07:30 -0500 Subject: ipv4: Pass struct net into ip_route_me_harder Don't make ip_route_me_harder guess which network namespace it is routing in, pass the network namespace in. Signed-off-by: "Eric W. Biederman" Signed-off-by: Pablo Neira Ayuso --- include/linux/netfilter_ipv4.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/linux/netfilter_ipv4.h b/include/linux/netfilter_ipv4.h index 6e4591bb54d4..98c03b2462b5 100644 --- a/include/linux/netfilter_ipv4.h +++ b/include/linux/netfilter_ipv4.h @@ -6,7 +6,7 @@ #include -int ip_route_me_harder(struct sk_buff *skb, unsigned addr_type); +int ip_route_me_harder(struct net *net, struct sk_buff *skb, unsigned addr_type); __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff, u_int8_t protocol); #endif /*__LINUX_IP_NETFILTER_H*/ -- cgit v1.2.3 From 5f5d74d723146c5b97c7318b5851af15b30e3304 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Fri, 25 Sep 2015 15:07:31 -0500 Subject: ipv6: Pass struct net into ip6_route_me_harder Don't make ip6_route_me_harder guess which network namespace it is routing in, pass the network namespace in. Signed-off-by: Eric W. Biederman Signed-off-by: Pablo Neira Ayuso --- include/linux/netfilter_ipv6.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h index 771574677e83..2ac8369fa96c 100644 --- a/include/linux/netfilter_ipv6.h +++ b/include/linux/netfilter_ipv6.h @@ -22,7 +22,7 @@ struct nf_ipv6_ops { }; #ifdef CONFIG_NETFILTER -int ip6_route_me_harder(struct sk_buff *skb); +int ip6_route_me_harder(struct net *net, struct sk_buff *skb); __sum16 nf_ip6_checksum(struct sk_buff *skb, unsigned int hook, unsigned int dataoff, u_int8_t protocol); -- cgit v1.2.3 From c1444c6357217cea405415b4c96491d4057b0746 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Fri, 25 Sep 2015 16:52:51 -0500 Subject: bridge: Pass net into br_validate_ipv4 and br_validate_ipv6 The network namespace is easiliy available in state->net so use it. Signed-off-by: "Eric W. Biederman" Signed-off-by: Pablo Neira Ayuso --- include/net/netfilter/br_netfilter.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/net/netfilter/br_netfilter.h b/include/net/netfilter/br_netfilter.h index c93c75fa41ad..e8d1448425a7 100644 --- a/include/net/netfilter/br_netfilter.h +++ b/include/net/netfilter/br_netfilter.h @@ -45,12 +45,12 @@ struct net_device *setup_pre_routing(struct sk_buff *skb); void br_netfilter_enable(void); #if IS_ENABLED(CONFIG_IPV6) -int br_validate_ipv6(struct sk_buff *skb); +int br_validate_ipv6(struct net *net, struct sk_buff *skb); unsigned int br_nf_pre_routing_ipv6(void *priv, struct sk_buff *skb, const struct nf_hook_state *state); #else -static inline int br_validate_ipv6(struct sk_buff *skb) +static inline int br_validate_ipv6(struct net *net, struct sk_buff *skb) { return -1; } -- cgit v1.2.3