netfilter: Use nf_ct_net instead of dev_net(out) in nf_nat_masquerade_ipv6

Use nf_ct_net(ct) instead of guessing that the netdevice out can reliably report the network namespace the conntrack operation is happening in. Signed-off-by: N "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: Use nf_ct_net instead of dev_net(out) in nf_nat_masquerade_ipv6
Use nf_ct_net(ct) instead of guessing that the netdevice out can reliably report the network namespace the conntrack operation is happening in. Signed-off-by: N "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>
0a031ac5 · Eric W. Biederman · Pablo Neira Ayuso · c7af6483 · 0a031ac5
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

net/ipv6/netfilter/nf_nat_masquerade_ipv6.c net/ipv6/netfilter/nf_nat_masquerade_ipv6.c +1 -1

未找到文件。
--- a/net/ipv6/netfilter/nf_nat_masquerade_ipv6.c
+++ b/net/ipv6/netfilter/nf_nat_masquerade_ipv6.c
@@ -34,7 +34,7 @@ nf_nat_masquerade_ipv6(struct sk_buff *skb, const struct nf_nat_range *range,
 	NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
 			    ctinfo == IP_CT_RELATED_REPLY));

-	if (ipv6_dev_get_saddr(dev_net(out), out,
+	if (ipv6_dev_get_saddr(nf_ct_net(ct), out,
 			       &ipv6_hdr(skb)->daddr, 0, &src) < 0)
 		return NF_DROP;