netfilter: xt_connlimit: netns support
Alexey Dobriyan [Mon, 18 Jan 2010 07:07:50 +0000 (08:07 +0100)]
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

net/netfilter/xt_connlimit.c

index 8103bef..0d9d18e 100644 (file)
@@ -90,7 +90,8 @@ same_source_net(const union nf_inet_addr *addr,
        }
 }
 
-static int count_them(struct xt_connlimit_data *data,
+static int count_them(struct net *net,
+                     struct xt_connlimit_data *data,
                      const struct nf_conntrack_tuple *tuple,
                      const union nf_inet_addr *addr,
                      const union nf_inet_addr *mask,
@@ -113,7 +114,7 @@ static int count_them(struct xt_connlimit_data *data,
 
        /* check the saved connections */
        list_for_each_entry_safe(conn, tmp, hash, list) {
-               found    = nf_conntrack_find_get(&init_net, &conn->tuple);
+               found    = nf_conntrack_find_get(net, &conn->tuple);
                found_ct = NULL;
 
                if (found != NULL)
@@ -171,6 +172,7 @@ static int count_them(struct xt_connlimit_data *data,
 static bool
 connlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
 {
+       struct net *net = dev_net(par->in ? par->in : par->out);
        const struct xt_connlimit_info *info = par->matchinfo;
        union nf_inet_addr addr;
        struct nf_conntrack_tuple tuple;
@@ -195,7 +197,7 @@ connlimit_mt(const struct sk_buff *skb, const struct xt_match_param *par)
        }
 
        spin_lock_bh(&info->data->lock);
-       connections = count_them(info->data, tuple_ptr, &addr,
+       connections = count_them(net, info->data, tuple_ptr, &addr,
                                 &info->mask, par->family);
        spin_unlock_bh(&info->data->lock);