Commit 6f2bcea9917d85ff78b3a497e4a96b77b7bc2dd0
Committed by
Simon Horman
Simon Horman
1 parent
6e385bb3ef
ipvs: Pass ipvs into ip_vs_in_icmp and ip_vs_in_icmp_v6
With ipvs passed into ip_vs_in_icmp and ip_vs_in_icmp_v6 they no longer need to call the hack that is skb_net. Additionally ipvs_in_icmp no longer needs to call dev_net(skb->dev) and can use the ipvs->net instead. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au>
Showing 1 changed file with 14 additions and 22 deletions Side-by-side Diff
net/netfilter/ipvs/ip_vs_core.c
| ... | ... | @@ -1388,10 +1388,9 @@ |
| 1388 | 1388 | * Currently handles error types - unreachable, quench, ttl exceeded. |
| 1389 | 1389 | */ |
| 1390 | 1390 | static int |
| 1391 | -ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum) | |
| 1391 | +ip_vs_in_icmp(struct netns_ipvs *ipvs, struct sk_buff *skb, int *related, | |
| 1392 | + unsigned int hooknum) | |
| 1392 | 1393 | { |
| 1393 | - struct net *net = NULL; | |
| 1394 | - struct netns_ipvs *ipvs; | |
| 1395 | 1394 | struct iphdr *iph; |
| 1396 | 1395 | struct icmphdr _icmph, *ic; |
| 1397 | 1396 | struct iphdr _ciph, *cih; /* The ip header contained within the ICMP */ |
| ... | ... | @@ -1440,9 +1439,6 @@ |
| 1440 | 1439 | if (cih == NULL) |
| 1441 | 1440 | return NF_ACCEPT; /* The packet looks wrong, ignore */ |
| 1442 | 1441 | |
| 1443 | - net = skb_net(skb); | |
| 1444 | - ipvs = net_ipvs(net); | |
| 1445 | - | |
| 1446 | 1442 | /* Special case for errors for IPIP packets */ |
| 1447 | 1443 | ipip = false; |
| 1448 | 1444 | if (cih->protocol == IPPROTO_IPIP) { |
| ... | ... | @@ -1520,7 +1516,7 @@ |
| 1520 | 1516 | skb_reset_network_header(skb); |
| 1521 | 1517 | IP_VS_DBG(12, "ICMP for IPIP %pI4->%pI4: mtu=%u\n", |
| 1522 | 1518 | &ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr, mtu); |
| 1523 | - ipv4_update_pmtu(skb, dev_net(skb->dev), | |
| 1519 | + ipv4_update_pmtu(skb, ipvs->net, | |
| 1524 | 1520 | mtu, 0, 0, 0, 0); |
| 1525 | 1521 | /* Client uses PMTUD? */ |
| 1526 | 1522 | if (!(frag_off & htons(IP_DF))) |
| 1527 | 1523 | |
| ... | ... | @@ -1575,11 +1571,10 @@ |
| 1575 | 1571 | } |
| 1576 | 1572 | |
| 1577 | 1573 | #ifdef CONFIG_IP_VS_IPV6 |
| 1578 | -static int ip_vs_in_icmp_v6(struct sk_buff *skb, int *related, | |
| 1579 | - unsigned int hooknum, struct ip_vs_iphdr *iph) | |
| 1574 | +static int ip_vs_in_icmp_v6(struct netns_ipvs *ipvs, struct sk_buff *skb, | |
| 1575 | + int *related, unsigned int hooknum, | |
| 1576 | + struct ip_vs_iphdr *iph) | |
| 1580 | 1577 | { |
| 1581 | - struct net *net = NULL; | |
| 1582 | - struct netns_ipvs *ipvs; | |
| 1583 | 1578 | struct icmp6hdr _icmph, *ic; |
| 1584 | 1579 | struct ip_vs_iphdr ciph = {.flags = 0, .fragoffs = 0};/*Contained IP */ |
| 1585 | 1580 | struct ip_vs_conn *cp; |
| ... | ... | @@ -1619,8 +1614,6 @@ |
| 1619 | 1614 | if (!ip_vs_fill_iph_skb_icmp(AF_INET6, skb, offset, true, &ciph)) |
| 1620 | 1615 | return NF_ACCEPT; |
| 1621 | 1616 | |
| 1622 | - net = skb_net(skb); | |
| 1623 | - ipvs = net_ipvs(net); | |
| 1624 | 1617 | pd = ip_vs_proto_data_get(ipvs, ciph.protocol); |
| 1625 | 1618 | if (!pd) |
| 1626 | 1619 | return NF_ACCEPT; |
| ... | ... | @@ -1732,8 +1725,8 @@ |
| 1732 | 1725 | if (af == AF_INET6) { |
| 1733 | 1726 | if (unlikely(iph.protocol == IPPROTO_ICMPV6)) { |
| 1734 | 1727 | int related; |
| 1735 | - int verdict = ip_vs_in_icmp_v6(skb, &related, hooknum, | |
| 1736 | - &iph); | |
| 1728 | + int verdict = ip_vs_in_icmp_v6(ipvs, skb, &related, | |
| 1729 | + hooknum, &iph); | |
| 1737 | 1730 | |
| 1738 | 1731 | if (related) |
| 1739 | 1732 | return verdict; |
| ... | ... | @@ -1742,7 +1735,8 @@ |
| 1742 | 1735 | #endif |
| 1743 | 1736 | if (unlikely(iph.protocol == IPPROTO_ICMP)) { |
| 1744 | 1737 | int related; |
| 1745 | - int verdict = ip_vs_in_icmp(skb, &related, hooknum); | |
| 1738 | + int verdict = ip_vs_in_icmp(ipvs, skb, &related, | |
| 1739 | + hooknum); | |
| 1746 | 1740 | |
| 1747 | 1741 | if (related) |
| 1748 | 1742 | return verdict; |
| 1749 | 1743 | |
| 1750 | 1744 | |
| ... | ... | @@ -1895,17 +1889,16 @@ |
| 1895 | 1889 | const struct nf_hook_state *state) |
| 1896 | 1890 | { |
| 1897 | 1891 | int r; |
| 1898 | - struct netns_ipvs *ipvs; | |
| 1892 | + struct netns_ipvs *ipvs = net_ipvs(state->net); | |
| 1899 | 1893 | |
| 1900 | 1894 | if (ip_hdr(skb)->protocol != IPPROTO_ICMP) |
| 1901 | 1895 | return NF_ACCEPT; |
| 1902 | 1896 | |
| 1903 | 1897 | /* ipvs enabled in this netns ? */ |
| 1904 | - ipvs = net_ipvs(state->net); | |
| 1905 | 1898 | if (unlikely(sysctl_backup_only(ipvs) || !ipvs->enable)) |
| 1906 | 1899 | return NF_ACCEPT; |
| 1907 | 1900 | |
| 1908 | - return ip_vs_in_icmp(skb, &r, state->hook); | |
| 1901 | + return ip_vs_in_icmp(ipvs, skb, &r, state->hook); | |
| 1909 | 1902 | } |
| 1910 | 1903 | |
| 1911 | 1904 | #ifdef CONFIG_IP_VS_IPV6 |
| ... | ... | @@ -1914,7 +1907,7 @@ |
| 1914 | 1907 | const struct nf_hook_state *state) |
| 1915 | 1908 | { |
| 1916 | 1909 | int r; |
| 1917 | - struct netns_ipvs *ipvs; | |
| 1910 | + struct netns_ipvs *ipvs = net_ipvs(state->net); | |
| 1918 | 1911 | struct ip_vs_iphdr iphdr; |
| 1919 | 1912 | |
| 1920 | 1913 | ip_vs_fill_iph_skb(AF_INET6, skb, false, &iphdr); |
| 1921 | 1914 | |
| ... | ... | @@ -1922,11 +1915,10 @@ |
| 1922 | 1915 | return NF_ACCEPT; |
| 1923 | 1916 | |
| 1924 | 1917 | /* ipvs enabled in this netns ? */ |
| 1925 | - ipvs = net_ipvs(state->net); | |
| 1926 | 1918 | if (unlikely(sysctl_backup_only(ipvs) || !ipvs->enable)) |
| 1927 | 1919 | return NF_ACCEPT; |
| 1928 | 1920 | |
| 1929 | - return ip_vs_in_icmp_v6(skb, &r, state->hook, &iphdr); | |
| 1921 | + return ip_vs_in_icmp_v6(ipvs, skb, &r, state->hook, &iphdr); | |
| 1930 | 1922 | } |
| 1931 | 1923 | #endif |
| 1932 | 1924 |