netns xfrm: xfrm_route_forward() in netns

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 158848f55640022ede5e368cedd5be8c7203629e..36c8cffdf4e22162f2fbe39495764525dc7ce476 100644 (file)
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -1050,7 +1050,9 @@ extern int __xfrm_route_forward(struct sk_buff *skb, unsigned short family);
 
 static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family)
 {
-       return  !init_net.xfrm.policy_count[XFRM_POLICY_OUT] ||
+       struct net *net = dev_net(skb->dev);
+
+       return  !net->xfrm.policy_count[XFRM_POLICY_OUT] ||
                (skb->dst->flags & DST_NOXFRM) ||
                __xfrm_route_forward(skb, family);
 }

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 8097c9958cfcf9f2d2a56ec096b0d378b48dab4d..54b50a20804fe37fce3f1345e2ef1a11e31c868c 100644 (file)
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2044,6 +2044,7 @@ EXPORT_SYMBOL(__xfrm_policy_check);
 
 int __xfrm_route_forward(struct sk_buff *skb, unsigned short family)
 {
+       struct net *net = dev_net(skb->dev);
        struct flowi fl;
 
        if (xfrm_decode_session(skb, &fl, family) < 0) {
@@ -2052,7 +2053,7 @@ int __xfrm_route_forward(struct sk_buff *skb, unsigned short family)
                return 0;
        }
 
-       return xfrm_lookup(&init_net, &skb->dst, &fl, NULL, 0) == 0;
+       return xfrm_lookup(net, &skb->dst, &fl, NULL, 0) == 0;
 }
 EXPORT_SYMBOL(__xfrm_route_forward);