adulau/aha
1
0
Fork 0
mirror of https://github.com/adulau/aha.git synced 2024-12-28 19:56:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

netns xfrm: xfrm_policy_check in netns

Browse source 
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Alexey Dobriyan 2008-11-25 17:35:44 -08:00 committed by David S. Miller
parent 52479b623d
commit f6e1e25d70
2 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
include/net/xfrm.h
View file

@ -992,12 +992,13 @@ static inline int __xfrm_policy_check2(struct sock *sk, int dir,
struct sk_buff *skb, struct sk_buff *skb,
unsigned int family, int reverse) unsigned int family, int reverse)
{ {
struct net *net = dev_net(skb->dev);
int ndir = dir | (reverse ? XFRM_POLICY_MASK + 1 : 0); int ndir = dir | (reverse ? XFRM_POLICY_MASK + 1 : 0);
if (sk && sk->sk_policy[XFRM_POLICY_IN]) if (sk && sk->sk_policy[XFRM_POLICY_IN])
return __xfrm_policy_check(sk, ndir, skb, family); return __xfrm_policy_check(sk, ndir, skb, family);
return (!init_net.xfrm.policy_count[dir] && !skb->sp) || return (!net->xfrm.policy_count[dir] && !skb->sp) ||
(skb->dst->flags & DST_NOPOLICY) || (skb->dst->flags & DST_NOPOLICY) ||
__xfrm_policy_check(sk, ndir, skb, family); __xfrm_policy_check(sk, ndir, skb, family);
} }

5
net/xfrm/xfrm_policy.c
View file

@ -1894,6 +1894,7 @@ static inline int secpath_has_nontransport(struct sec_path *sp, int k, int *idxp
int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
unsigned short family) unsigned short family)
{ {
struct net *net = dev_net(skb->dev);
struct xfrm_policy *pol; struct xfrm_policy *pol;
struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX]; struct xfrm_policy *pols[XFRM_POLICY_TYPE_MAX];
int npols = 0; int npols = 0;
@ -1938,7 +1939,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
} }
if (!pol) if (!pol)
pol = flow_cache_lookup(&init_net, &fl, family, fl_dir, pol = flow_cache_lookup(net, &fl, family, fl_dir,
xfrm_policy_lookup); xfrm_policy_lookup);
if (IS_ERR(pol)) { if (IS_ERR(pol)) {
@ -1961,7 +1962,7 @@ int __xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb,
npols ++; npols ++;
#ifdef CONFIG_XFRM_SUB_POLICY #ifdef CONFIG_XFRM_SUB_POLICY
if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) { if (pols[0]->type != XFRM_POLICY_TYPE_MAIN) {
pols[1] = xfrm_policy_lookup_bytype(&init_net, XFRM_POLICY_TYPE_MAIN, pols[1] = xfrm_policy_lookup_bytype(net, XFRM_POLICY_TYPE_MAIN,
&fl, family, &fl, family,
XFRM_POLICY_IN); XFRM_POLICY_IN);
if (pols[1]) { if (pols[1]) {