netfilter: netns nf_conntrack: pass netns pointer to nf_conntrack_in()

/* This header is used to share core functionality between the

   standalone connection tracking module, and the compatibility layer's use

   of connection tracking. */

extern unsigned int nf_conntrack_in(u_int8_t pf,

extern unsigned int nf_conntrack_in(struct net *net,

				    u_int8_t pf,

				    unsigned int hooknum,

				    struct sk_buff *skb);

				      const struct net_device *out,

				      int (*okfn)(struct sk_buff *))

{

	return nf_conntrack_in(PF_INET, hooknum, skb);

	return nf_conntrack_in(dev_net(in), PF_INET, hooknum, skb);

}

static unsigned int ipv4_conntrack_local(unsigned int hooknum,

			printk("ipt_hook: happy cracking.\n");

		return NF_ACCEPT;

	}

	return nf_conntrack_in(PF_INET, hooknum, skb);

	return nf_conntrack_in(dev_net(out), PF_INET, hooknum, skb);

}

/* Connection tracking may drop packets, but never alters them, so

	return NF_STOLEN;

}

static unsigned int ipv6_conntrack_in(unsigned int hooknum,

static unsigned int __ipv6_conntrack_in(struct net *net,

					unsigned int hooknum,

					struct sk_buff *skb,

				      const struct net_device *in,

				      const struct net_device *out,

					int (*okfn)(struct sk_buff *))

{

	struct sk_buff *reasm = skb->nfct_reasm;

		if (!reasm->nfct) {

			unsigned int ret;

			ret = nf_conntrack_in(PF_INET6, hooknum, reasm);

			ret = nf_conntrack_in(net, PF_INET6, hooknum, reasm);

			if (ret != NF_ACCEPT)

				return ret;

		}

		return NF_ACCEPT;

	}

	return nf_conntrack_in(PF_INET6, hooknum, skb);

	return nf_conntrack_in(net, PF_INET6, hooknum, skb);

}

static unsigned int ipv6_conntrack_in(unsigned int hooknum,

				      struct sk_buff *skb,

				      const struct net_device *in,

				      const struct net_device *out,

				      int (*okfn)(struct sk_buff *))

{

	return __ipv6_conntrack_in(dev_net(in), hooknum, skb, okfn);

}

static unsigned int ipv6_conntrack_local(unsigned int hooknum,

			printk("ipv6_conntrack_local: packet too short\n");

		return NF_ACCEPT;

	}

	return ipv6_conntrack_in(hooknum, skb, in, out, okfn);

	return __ipv6_conntrack_in(dev_net(out), hooknum, skb, okfn);

}

static struct nf_hook_ops ipv6_conntrack_ops[] __read_mostly = {

/* On success, returns conntrack ptr, sets skb->nfct and ctinfo */

static inline struct nf_conn *

resolve_normal_ct(struct sk_buff *skb,

resolve_normal_ct(struct net *net,

		  struct sk_buff *skb,

		  unsigned int dataoff,

		  u_int16_t l3num,

		  u_int8_t protonum,

	}

	/* look for tuple match */

	h = nf_conntrack_find_get(&init_net, &tuple);

	h = nf_conntrack_find_get(net, &tuple);

	if (!h) {

		h = init_conntrack(&init_net, &tuple, l3proto, l4proto, skb,

				   dataoff);

		h = init_conntrack(net, &tuple, l3proto, l4proto, skb, dataoff);

		if (!h)

			return NULL;

		if (IS_ERR(h))

}

unsigned int

nf_conntrack_in(u_int8_t pf, unsigned int hooknum, struct sk_buff *skb)

nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum,

		struct sk_buff *skb)

{

	struct nf_conn *ct;

	enum ip_conntrack_info ctinfo;

		return -ret;

	}

	ct = resolve_normal_ct(skb, dataoff, pf, protonum, l3proto, l4proto,

			       &set_reply, &ctinfo);

	ct = resolve_normal_ct(net, skb, dataoff, pf, protonum,

			       l3proto, l4proto, &set_reply, &ctinfo);

	if (!ct) {

		/* Not valid part of a connection */

		NF_CT_STAT_INC_ATOMIC(invalid);