netfilter: Use nf_ct_net instead of dev_net(out) in nf_nat_masquerade_ipv6
authorEric W. Biederman <ebiederm@xmission.com>
Fri, 18 Sep 2015 19:33:08 +0000 (14:33 -0500)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 18 Sep 2015 20:00:28 +0000 (22:00 +0200)
Use nf_ct_net(ct) instead of guessing that the netdevice out can
reliably report the network namespace the conntrack operation is
happening in.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv6/netfilter/nf_nat_masquerade_ipv6.c

index 7745609665cd3418ba0b61e68a9a83caf9c3c6c8..31ba7ca19757083a1a83f8388b87be5695b1ba98 100644 (file)
@@ -34,7 +34,7 @@ nf_nat_masquerade_ipv6(struct sk_buff *skb, const struct nf_nat_range *range,
        NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
                            ctinfo == IP_CT_RELATED_REPLY));
 
-       if (ipv6_dev_get_saddr(dev_net(out), out,
+       if (ipv6_dev_get_saddr(nf_ct_net(ct), out,
                               &ipv6_hdr(skb)->daddr, 0, &src) < 0)
                return NF_DROP;