netfilter: check if the socket netns is correct.

Netfilter assumes that if the socket is present in the skb, then it can be used because that reference is cleaned up while the skb is crossing netns. We want to change that to preserve the socket reference in a future patch, so this is a preparation updating netfilter to check if the socket netns matches before use it. Signed-off-by: Flavio Leitner <fbl@redhat.com> Acked-by: Florian Westphal <fw@strlen.de> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Flavio Leitner <fbl@redhat.com> 2018-06-27 10:34:25 -0300
committer: David S. Miller <davem@davemloft.net> 2018-06-28 22:21:32 +0900
commit: f564650106a6e85702660fefd59fdff0877ab46a (patch)
tree: 5bc5ca2ef701a097f0447a7073c2ee0be9b79e01 /include/net/netfilter
parent: 003504a23a765620815622cb57b962b4aebdc5af (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/include/net/netfilter/nf_log.h b/include/net/netfilter/nf_log.h
index e811ac07ea94..0d3920896d50 100644
--- a/include/net/netfilter/nf_log.h
+++ b/include/net/netfilter/nf_log.h
@@ -106,7 +106,8 @@ int nf_log_dump_udp_header(struct nf_log_buf *m, const struct sk_buff *skb,
 int nf_log_dump_tcp_header(struct nf_log_buf *m, const struct sk_buff *skb,
 			   u8 proto, int fragment, unsigned int offset,
 			   unsigned int logflags);
-void nf_log_dump_sk_uid_gid(struct nf_log_buf *m, struct sock *sk);
+void nf_log_dump_sk_uid_gid(struct net *net, struct nf_log_buf *m,
+			    struct sock *sk);
 void nf_log_dump_packet_common(struct nf_log_buf *m, u_int8_t pf,
 			       unsigned int hooknum, const struct sk_buff *skb,
 			       const struct net_device *in,
author	Flavio Leitner <fbl@redhat.com>	2018-06-27 10:34:25 -0300
committer	David S. Miller <davem@davemloft.net>	2018-06-28 22:21:32 +0900
commit	f564650106a6e85702660fefd59fdff0877ab46a (patch)
tree	5bc5ca2ef701a097f0447a7073c2ee0be9b79e01 /include/net/netfilter
parent	003504a23a765620815622cb57b962b4aebdc5af (diff)