[PATCH 11/25] netns ct: get netns from device for ICMP/ICMP6

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 11/25] netns ct: get netns from device for ICMP/ICMP6
@ 2008-06-22  1:10 Alexey Dobriyan
  2008-06-23 10:42 ` Patrick McHardy
  0 siblings, 1 reply; 2+ messages in thread
From: Alexey Dobriyan @ 2008-06-22  1:10 UTC (permalink / raw)
  To: kaber
  Cc: netdev, netfilter-devel, den, xemul, ebiederm, benjamin.thery,
	dlezcano

Grab it either from skb->dev in input, or skb->dst->dev in output.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
---

 net/ipv4/netfilter/nf_conntrack_proto_icmp.c   |    6 +++++-
 net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c |    6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -127,6 +127,7 @@ icmp_error_message(struct sk_buff *skb,
 		 enum ip_conntrack_info *ctinfo,
 		 unsigned int hooknum)
 {
+	struct net_device *dev;
 	struct nf_conntrack_tuple innertuple, origtuple;
 	const struct nf_conntrack_l4proto *innerproto;
 	const struct nf_conntrack_tuple_hash *h;
@@ -155,7 +156,10 @@ icmp_error_message(struct sk_buff *skb,
 
 	*ctinfo = IP_CT_RELATED;
 
-	h = nf_conntrack_find_get(&init_net, &innertuple);
+	dev = skb->dev;
+	if (!dev)
+		dev = skb->dst->dev;
+	h = nf_conntrack_find_get(dev_net(dev), &innertuple);
 	if (!h) {
 		pr_debug("icmp_error_message: no match\n");
 		return -NF_ACCEPT;
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -127,6 +127,7 @@ icmpv6_error_message(struct sk_buff *skb,
 		     enum ip_conntrack_info *ctinfo,
 		     unsigned int hooknum)
 {
+	struct net_device *dev;
 	struct nf_conntrack_tuple intuple, origtuple;
 	const struct nf_conntrack_tuple_hash *h;
 	const struct nf_conntrack_l4proto *inproto;
@@ -156,7 +157,10 @@ icmpv6_error_message(struct sk_buff *skb,
 
 	*ctinfo = IP_CT_RELATED;
 
-	h = nf_conntrack_find_get(&init_net, &intuple);
+	dev = skb->dev;
+	if (!dev)
+		dev = skb->dst->dev;
+	h = nf_conntrack_find_get(dev_net(dev), &intuple);
 	if (!h) {
 		pr_debug("icmpv6_error: no match\n");
 		return -NF_ACCEPT;
-- 
1.5.4.5



^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH 11/25] netns ct: get netns from device for ICMP/ICMP6
  2008-06-22  1:10 [PATCH 11/25] netns ct: get netns from device for ICMP/ICMP6 Alexey Dobriyan
@ 2008-06-23 10:42 ` Patrick McHardy
  0 siblings, 0 replies; 2+ messages in thread
From: Patrick McHardy @ 2008-06-23 10:42 UTC (permalink / raw)
  To: Alexey Dobriyan
  Cc: netdev, netfilter-devel, den, xemul, ebiederm, benjamin.thery,
	dlezcano

Alexey Dobriyan wrote:
> Grab it either from skb->dev in input, or skb->dst->dev in output.

Similar to resolve_normal_ct(), maybe its more obvious if you
pass the namespace down from the hooks.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2008-06-23 10:42 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-06-22  1:10 [PATCH 11/25] netns ct: get netns from device for ICMP/ICMP6 Alexey Dobriyan
2008-06-23 10:42 ` Patrick McHardy

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).