From patchwork Fri Sep 25 20:07:28 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Eric W. Biederman" <ebiederm@xmission.com>
X-Patchwork-Id: 522974
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 2D883140784
	for <patchwork-incoming@ozlabs.org>;
	Sat, 26 Sep 2015 06:15:33 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S933223AbbIYUPU (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Fri, 25 Sep 2015 16:15:20 -0400
Received: from out02.mta.xmission.com ([166.70.13.232]:38711 "EHLO
	out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S932976AbbIYUPP (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 25 Sep 2015 16:15:15 -0400
Received: from in02.mta.xmission.com ([166.70.13.52])
	by out02.mta.xmission.com with esmtps
	(TLS1.2:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.82)
	(envelope-from <ebiederm@xmission.com>)
	id 1ZfZOl-00030V-3F; Fri, 25 Sep 2015 14:15:15 -0600
Received: from 67-3-201-231.omah.qwest.net ([67.3.201.231]
	helo=x220.int.ebiederm.org) by in02.mta.xmission.com with esmtpsa
	(TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.82)
	(envelope-from <ebiederm@xmission.com>)
	id 1ZfZOj-0001O0-27; Fri, 25 Sep 2015 14:15:14 -0600
From: "Eric W. Biederman" <ebiederm@xmission.com>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: David Miller <davem@davemloft.net>,
	netfilter-devel@vger.kernel.org, <netdev@vger.kernel.org>,
	Nicolas Dichtel <nicolas.dichtel@6wind.com>
Date: Fri, 25 Sep 2015 15:07:28 -0500
Message-Id: <1443211651-22154-2-git-send-email-ebiederm@xmission.com>
X-Mailer: git-send-email 2.2.1
In-Reply-To: <87si62gteh.fsf_-_@x220.int.ebiederm.org>
References: <87si62gteh.fsf_-_@x220.int.ebiederm.org>
X-XM-AID: U2FsdGVkX1+ak6ZGHwTClT4eN8efZGxMtuLM+eJth74=
X-SA-Exim-Connect-IP: 67.3.201.231
X-SA-Exim-Mail-From: ebiederm@xmission.com
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on sa01.xmission.com
X-Spam-Level: 
X-Spam-Status: No, score=0.5 required=8.0 tests=ALL_TRUSTED,BAYES_50,
	DCC_CHECK_NEGATIVE, TVD_RCVD_IP, T_TooManySym_01, T_TooManySym_02,
	XMSubLong autolearn=disabled version=3.4.0
X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
	*  0.7 XMSubLong Long Subject
	*  0.0 TVD_RCVD_IP Message was received from an IP address
	*  0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
	*      [score: 0.5000]
	* -0.0 DCC_CHECK_NEGATIVE Not listed in DCC
	*      [sa01 1397; Body=1 Fuz1=1 Fuz2=1]
	*  0.0 T_TooManySym_02 5+ unique symbols in subject
	*  0.0 T_TooManySym_01 4+ unique symbols in subject
X-Spam-DCC: XMission; sa01 1397; Body=1 Fuz1=1 Fuz2=1 
X-Spam-Combo: ;Pablo Neira Ayuso <pablo@netfilter.org>
X-Spam-Relay-Country: 
X-Spam-Timing: total 1458 ms - load_scoreonly_sql: 0.06 (0.0%),
	signal_user_changed: 3.7 (0.3%), b_tie_ro: 2.6 (0.2%),
	parse: 1.19 (0.1%),
	extract_message_metadata: 74 (5.1%), get_uri_detail_list: 2.8 (0.2%),
	tests_pri_-1000: 26 (1.8%), tests_pri_-950: 2.00 (0.1%),
	tests_pri_-900: 14
	(0.9%), tests_pri_-400: 94 (6.4%), check_bayes: 92 (6.3%),
	b_tokenize: 24
	(1.7%), b_tok_get_all: 15 (1.1%), b_comp_prob: 3.0 (0.2%),
	b_tok_touch_all:
	37 (2.6%), b_finish: 0.90 (0.1%), tests_pri_0: 1218 (83.6%),
	tests_pri_500: 20 (1.4%), rewrite_mail: 0.00 (0.0%)
Subject: [PATCH next 2/5] netfilter: Push struct net down into
	nf_afinfo.reroute
X-Spam-Flag: No
X-SA-Exim-Version: 4.2.1 (built Wed, 24 Sep 2014 11:00:52 -0600)
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

The network namespace is needed when routing a packet.
Stop making nf_afinfo.reroute guess which network namespace
is the proper namespace to route the packet in.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
---
 include/linux/netfilter.h | 2 +-
 net/ipv4/netfilter.c      | 2 +-
 net/ipv6/netfilter.c      | 2 +-
 net/netfilter/nf_queue.c  | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 987c74cd523c..165ab2d14734 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -283,7 +283,7 @@ struct nf_afinfo {
 				 struct flowi *fl, bool strict);
 	void		(*saveroute)(const struct sk_buff *skb,
 				     struct nf_queue_entry *entry);
-	int		(*reroute)(struct sk_buff *skb,
+	int		(*reroute)(struct net *net, struct sk_buff *skb,
 				   const struct nf_queue_entry *entry);
 	int		route_key_size;
 };
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index 61eafc9b4545..9e07e6f23398 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -104,7 +104,7 @@ static void nf_ip_saveroute(const struct sk_buff *skb,
 	}
 }
 
-static int nf_ip_reroute(struct sk_buff *skb,
+static int nf_ip_reroute(struct net *net, struct sk_buff *skb,
 			 const struct nf_queue_entry *entry)
 {
 	const struct ip_rt_info *rt_info = nf_queue_entry_reroute(entry);
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index b4de08a83e0b..26911b93dc7a 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -93,7 +93,7 @@ static void nf_ip6_saveroute(const struct sk_buff *skb,
 	}
 }
 
-static int nf_ip6_reroute(struct sk_buff *skb,
+static int nf_ip6_reroute(struct net *net, struct sk_buff *skb,
 			  const struct nf_queue_entry *entry)
 {
 	struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry);
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index 9f3c3c25fa73..34f628e16a4c 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -199,7 +199,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
 
 	if (verdict == NF_ACCEPT) {
 		afinfo = nf_get_afinfo(entry->state.pf);
-		if (!afinfo || afinfo->reroute(skb, entry) < 0)
+		if (!afinfo || afinfo->reroute(entry->state.net, skb, entry) < 0)
 			verdict = NF_DROP;
 	}