diff options
author | Amit Pundir <amit.pundir@linaro.org> | 2016-02-18 00:20:12 +0530 |
---|---|---|
committer | Amit Pundir <amit.pundir@linaro.org> | 2016-02-18 00:20:12 +0530 |
commit | 02bbd06e489a9f56910973535152d3ec47f3fdcc (patch) | |
tree | 93a9a4d687da4d423c92cc4a82001f3792c0b259 /net/netfilter/xt_socket.c | |
parent | 34f6d2c9d12a97271d55c7b204443b2da9e6c29e (diff) | |
parent | 3d0f8b944b0ab4ec79d8d0b93d8038971095337a (diff) |
Merge branch 'android-4.4' of https://android.googlesource.com/kernel/commonlsk-v4.4-16.02-android
* android-4.4: (475 commits)
android: base-cfg: Add CONFIG_IP_MULTICAST
android: recommended.cfg: enable taskstats
ANDROID: android: base-cfg: disable CONFIG_SYSVIPC
android: configs: base: enable configfs gadget functions
android: add CONFIG_DEBUG_RODATA to recommended config
android: configs: remove CONFIG_BATTERY_ANDROID=y
android: configs: base: enable IPV6
android: configs: Enable SELinux and its dependencies.
android: base-cfg: disable ALARM_DEV
android: base-cfg: turn off /dev/mem and /dev/kmem
android: base-cfg: enable ARMV8_DEPRECATED and subfeatures
android: base-cfg: enforce the needed XFRM_MODE_TUNNEL (for VPN)
android: base-cfg: disable LOGGER
android: base-cfg: enable DM_VERITY (used for secureboot)
android: configs: add systrace support to recommended configs
android: configs: update 3.10 options
android: configs: Add CONFIG_NETFILTER_XT_TARGET_IDLETIMER
android: configs: add IPV6 ROUTE INFO
android: configs: add TIMER_STATS back, helps with sysrq t.
android: configs: Add HIDRAW to recommended set
...
Diffstat (limited to 'net/netfilter/xt_socket.c')
-rw-r--r-- | net/netfilter/xt_socket.c | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c index 2ec08f04b816..8a2a489b2cd3 100644 --- a/net/netfilter/xt_socket.c +++ b/net/netfilter/xt_socket.c @@ -143,11 +143,12 @@ static bool xt_socket_sk_is_transparent(struct sock *sk) } } -static struct sock *xt_socket_lookup_slow_v4(struct net *net, +struct sock *xt_socket_lookup_slow_v4(struct net *net, const struct sk_buff *skb, const struct net_device *indev) { const struct iphdr *iph = ip_hdr(skb); + struct sock *sk = skb->sk; __be32 uninitialized_var(daddr), uninitialized_var(saddr); __be16 uninitialized_var(dport), uninitialized_var(sport); u8 uninitialized_var(protocol); @@ -198,9 +199,16 @@ static struct sock *xt_socket_lookup_slow_v4(struct net *net, } #endif - return xt_socket_get_sock_v4(net, protocol, saddr, daddr, - sport, dport, indev); + if (sk) + atomic_inc(&sk->sk_refcnt); + else + sk = xt_socket_get_sock_v4(dev_net(skb->dev), protocol, + saddr, daddr, sport, dport, + indev); + + return sk; } +EXPORT_SYMBOL(xt_socket_lookup_slow_v4); static bool socket_match(const struct sk_buff *skb, struct xt_action_param *par, @@ -232,8 +240,7 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par, transparent) pskb->mark = sk->sk_mark; - if (sk != skb->sk) - sock_gen_put(sk); + sock_gen_put(sk); if (wildcard || !transparent) sk = NULL; @@ -336,10 +343,11 @@ xt_socket_get_sock_v6(struct net *net, const u8 protocol, return NULL; } -static struct sock *xt_socket_lookup_slow_v6(struct net *net, +struct sock *xt_socket_lookup_slow_v6(struct net *net, const struct sk_buff *skb, const struct net_device *indev) { + struct sock *sk = skb->sk; __be16 uninitialized_var(dport), uninitialized_var(sport); const struct in6_addr *daddr = NULL, *saddr = NULL; struct ipv6hdr *iph = ipv6_hdr(skb); @@ -373,9 +381,16 @@ static struct sock *xt_socket_lookup_slow_v6(struct net *net, return NULL; } - return xt_socket_get_sock_v6(net, tproto, saddr, daddr, - sport, dport, indev); + if (sk) + atomic_inc(&sk->sk_refcnt); + else + sk = xt_socket_get_sock_v6(dev_net(skb->dev), tproto, + saddr, daddr, sport, dport, + indev); + + return sk; } +EXPORT_SYMBOL(xt_socket_lookup_slow_v6); static bool socket_mt6_v1_v2_v3(const struct sk_buff *skb, struct xt_action_param *par) |