bridge: Pass net into br_validate_ipv4 and br_validate_ipv6

void br_netfilter_enable(void);

#if IS_ENABLED(CONFIG_IPV6)

int br_validate_ipv6(struct sk_buff *skb);

int br_validate_ipv6(struct net *net, struct sk_buff *skb);

unsigned int br_nf_pre_routing_ipv6(void *priv,

				    struct sk_buff *skb,

				    const struct nf_hook_state *state);

#else

static inline int br_validate_ipv6(struct sk_buff *skb)

static inline int br_validate_ipv6(struct net *net, struct sk_buff *skb)

{

	return -1;

}

 * expected format

 */

static int br_validate_ipv4(struct sk_buff *skb)

static int br_validate_ipv4(struct net *net, struct sk_buff *skb)

{

	const struct iphdr *iph;

	struct net_device *dev = skb->dev;

	u32 len;

	if (!pskb_may_pull(skb, sizeof(struct iphdr)))

	len = ntohs(iph->tot_len);

	if (skb->len < len) {

		IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INTRUNCATEDPKTS);

		IP_INC_STATS_BH(net, IPSTATS_MIB_INTRUNCATEDPKTS);

		goto drop;

	} else if (len < (iph->ihl*4))

		goto inhdr_error;

	if (pskb_trim_rcsum(skb, len)) {

		IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INDISCARDS);

		IP_INC_STATS_BH(net, IPSTATS_MIB_INDISCARDS);

		goto drop;

	}

	return 0;

inhdr_error:

	IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_INHDRERRORS);

	IP_INC_STATS_BH(net, IPSTATS_MIB_INHDRERRORS);

drop:

	return -1;

}

	nf_bridge_pull_encap_header_rcsum(skb);

	if (br_validate_ipv4(skb))

	if (br_validate_ipv4(state->net, skb))

		return NF_DROP;

	nf_bridge_put(skb->nf_bridge);

	}

	if (pf == NFPROTO_IPV4) {

		if (br_validate_ipv4(skb))

		if (br_validate_ipv4(state->net, skb))

			return NF_DROP;

		IPCB(skb)->frag_max_size = nf_bridge->frag_max_size;

	}

	if (pf == NFPROTO_IPV6) {

		if (br_validate_ipv6(skb))

		if (br_validate_ipv6(state->net, skb))

			return NF_DROP;

		IP6CB(skb)->frag_max_size = nf_bridge->frag_max_size;

	}

	if (skb->protocol == htons(ETH_P_IP)) {

		struct brnf_frag_data *data;

		if (br_validate_ipv4(skb))

		if (br_validate_ipv4(net, skb))

			goto drop;

		IPCB(skb)->frag_max_size = nf_bridge->frag_max_size;

		const struct nf_ipv6_ops *v6ops = nf_get_ipv6_ops();

		struct brnf_frag_data *data;

		if (br_validate_ipv6(skb))

		if (br_validate_ipv6(net, skb))

			goto drop;

		IP6CB(skb)->frag_max_size = nf_bridge->frag_max_size;

	return -1;

}

int br_validate_ipv6(struct sk_buff *skb)

int br_validate_ipv6(struct net *net, struct sk_buff *skb)

{

	const struct ipv6hdr *hdr;

	struct net_device *dev = skb->dev;

	struct inet6_dev *idev = __in6_dev_get(skb->dev);

	u32 pkt_len;

	u8 ip6h_len = sizeof(struct ipv6hdr);

	if (pkt_len || hdr->nexthdr != NEXTHDR_HOP) {

		if (pkt_len + ip6h_len > skb->len) {

			IP6_INC_STATS_BH(dev_net(dev), idev,

			IP6_INC_STATS_BH(net, idev,

					 IPSTATS_MIB_INTRUNCATEDPKTS);

			goto drop;

		}

		if (pskb_trim_rcsum(skb, pkt_len + ip6h_len)) {

			IP6_INC_STATS_BH(dev_net(dev), idev,

			IP6_INC_STATS_BH(net, idev,

					 IPSTATS_MIB_INDISCARDS);

			goto drop;

		}

	return 0;

inhdr_error:

	IP6_INC_STATS_BH(dev_net(dev), idev, IPSTATS_MIB_INHDRERRORS);

	IP6_INC_STATS_BH(net, idev, IPSTATS_MIB_INHDRERRORS);

drop:

	return -1;

}

{

	struct nf_bridge_info *nf_bridge;

	if (br_validate_ipv6(skb))

	if (br_validate_ipv6(state->net, skb))

		return NF_DROP;

	nf_bridge_put(skb->nf_bridge);