Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0a031ac5 authored by Eric W. Biederman's avatar Eric W. Biederman Committed by Pablo Neira Ayuso
Browse files

netfilter: Use nf_ct_net instead of dev_net(out) in nf_nat_masquerade_ipv6 



Use nf_ct_net(ct) instead of guessing that the netdevice out can
reliably report the network namespace the conntrack operation is
happening in.

Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent c7af6483

net/ipv6/netfilter/nf_nat_masquerade_ipv6.c

+1 −1
Original line number Diff line number Diff line
@@ -34,7 +34,7 @@ nf_nat_masquerade_ipv6(struct sk_buff *skb, const struct nf_nat_range *range, 
	NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||

			    ctinfo == IP_CT_RELATED_REPLY));



	if (ipv6_dev_get_saddr(dev_net(out), out,

	if (ipv6_dev_get_saddr(nf_ct_net(ct), out,

			       &ipv6_hdr(skb)->daddr, 0, &src) < 0)

		return NF_DROP;