diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/drivers/net/loopback.c linux-2.6.16-vs2.1.x-lo0.02/drivers/net/loopback.c --- linux-2.6.16-vs2.1.1-rc16/drivers/net/loopback.c 2006-01-31 07:25:07 +0100 +++ linux-2.6.16-vs2.1.x-lo0.02/drivers/net/loopback.c 2006-04-16 02:48:17 +0200 @@ -57,6 +57,7 @@ #include #include #include +#include static DEFINE_PER_CPU(struct net_device_stats, loopback_stats); @@ -149,6 +150,9 @@ static int loopback_xmit(struct sk_buff #endif dev->last_rx = jiffies; + vxdprintk(VXD_CBIT(nid, 6), + "loopback_xmit(%p[#%u])", skb, skb->nid); + lb_stats = &per_cpu(loopback_stats, get_cpu()); lb_stats->rx_bytes += skb->len; lb_stats->tx_bytes = lb_stats->rx_bytes; diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/fs/namei.c linux-2.6.16-vs2.1.x-lo0.02/fs/namei.c --- linux-2.6.16-vs2.1.1-rc16/fs/namei.c 2006-04-14 04:22:46 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/fs/namei.c 2006-04-16 04:52:31 +0200 @@ -231,7 +231,7 @@ int generic_permission(struct inode *ino static inline int dx_permission(struct inode *inode, int mask, struct nameidata *nd) { - if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN)) { + if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN|VX_WATCH)) { vxwprintk(1, "xid=%d did hit the barrier.", vx_current_xid()); return -EACCES; diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/include/linux/skbuff.h linux-2.6.16-vs2.1.x-lo0.02/include/linux/skbuff.h --- linux-2.6.16-vs2.1.1-rc16/include/linux/skbuff.h 2006-04-09 13:49:57 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/include/linux/skbuff.h 2006-04-16 02:17:49 +0200 @@ -285,7 +285,7 @@ struct sk_buff { __u16 tc_verd; /* traffic control verdict */ #endif #endif - + nid_t nid; /* These elements must be at the end, see alloc_skb() for details. */ unsigned int truesize; diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/include/linux/vs_network.h linux-2.6.16-vs2.1.x-lo0.02/include/linux/vs_network.h --- linux-2.6.16-vs2.1.1-rc16/include/linux/vs_network.h 2006-04-14 04:22:46 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/include/linux/vs_network.h 2006-04-17 04:22:24 +0200 @@ -4,7 +4,6 @@ #include "vserver/network.h" #include "vserver/debug.h" - #define get_nx_info(i) __get_nx_info(i,__FILE__,__LINE__) static inline struct nx_info *__get_nx_info(struct nx_info *nxi, @@ -214,6 +213,9 @@ static inline int __nx_check(nid_t cid, #define nx_ncaps(c) nx_info_ncaps(current->nx_info,(c)) +#include + +#define IPI_LOOPBACK htonl(INADDR_LOOPBACK) static inline int addr_in_nx_info(struct nx_info *nxi, uint32_t addr) { @@ -222,6 +224,8 @@ static inline int addr_in_nx_info(struct if (!nxi) return 1; + if (addr == IPI_LOOPBACK) + return 1; n = nxi->nbipv4; if (n && (nxi->ipv4[0] == 0)) return 1; diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/include/linux/vs_skb.h linux-2.6.16-vs2.1.x-lo0.02/include/linux/vs_skb.h --- linux-2.6.16-vs2.1.1-rc16/include/linux/vs_skb.h 1970-01-01 01:00:00 +0100 +++ linux-2.6.16-vs2.1.x-lo0.02/include/linux/vs_skb.h 2006-04-16 05:47:19 +0200 @@ -0,0 +1,24 @@ +#ifndef _NX_VS_SKB_H +#define _NX_VS_SKB_H + +#include +#include + +#define nx_tag_sock_skb(sk, skb) \ + __nx_tag_sock_skb(sk, skb, __FILE__, __LINE__) + +static inline +void __nx_tag_sock_skb(struct sock *sk, struct sk_buff *skb, + const char *_file, int _line) +{ + vxlprintk(VXD_CBIT(nid, 7), "nx_tag_sock_skb(%p[#%u],%p[#%u])", + sk, sk ? sk->sk_nid : 0, skb, skb->nid, _file, _line); + skb->nid = sk ? sk->sk_nid : current->nid; +} + +#define nx_sk_match(sk, nid) \ + __nx_check((sk)->sk_nid, nid, NX_IDENT|NX_HOSTID|NX_ADMIN) + +#else +#warning duplicate inclusion +#endif diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/include/net/inet_hashtables.h linux-2.6.16-vs2.1.x-lo0.02/include/net/inet_hashtables.h --- linux-2.6.16-vs2.1.1-rc16/include/net/inet_hashtables.h 2006-04-14 04:22:46 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/include/net/inet_hashtables.h 2006-04-16 04:02:47 +0200 @@ -24,6 +24,7 @@ #include #include #include +#include #include #include @@ -294,13 +295,14 @@ static inline int inet_addr_match ( extern struct sock *__inet_lookup_listener(const struct hlist_head *head, const u32 daddr, const unsigned short hnum, - const int dif); + const int dif, nid_t nid); /* Optimize the common listener case. */ static inline struct sock * inet_lookup_listener(struct inet_hashinfo *hashinfo, const u32 daddr, - const unsigned short hnum, const int dif) + const unsigned short hnum, + const int dif, nid_t nid) { struct sock *sk = NULL; const struct hlist_head *head; @@ -311,11 +313,12 @@ static inline struct sock * const struct inet_sock *inet = inet_sk((sk = __sk_head(head))); if (inet->num == hnum && !sk->sk_node.next && + nx_sk_match(sk, nid) && inet_addr_match(sk->sk_nx_info, daddr, inet->rcv_saddr) && (sk->sk_family == PF_INET || !ipv6_only_sock(sk)) && !sk->sk_bound_dev_if) goto sherry_cache; - sk = __inet_lookup_listener(head, daddr, hnum, dif); + sk = __inet_lookup_listener(head, daddr, hnum, dif, nid); } if (sk) { sherry_cache: @@ -378,7 +381,7 @@ static inline struct sock * __inet_lookup_established(struct inet_hashinfo *hashinfo, const u32 saddr, const u16 sport, const u32 daddr, const u16 hnum, - const int dif) + const int dif, nid_t nid) { INET_ADDR_COOKIE(acookie, saddr, daddr) const __u32 ports = INET_COMBINED_PORTS(sport, hnum); @@ -387,18 +390,23 @@ static inline struct sock * /* Optimize here for direct hit, only listening connections can * have wildcards anyways. */ + /* FIXME: extend by ^nid */ unsigned int hash = inet_ehashfn(daddr, hnum, saddr, sport); struct inet_ehash_bucket *head = inet_ehash_bucket(hashinfo, hash); prefetch(head->chain.first); read_lock(&head->lock); sk_for_each(sk, node, &head->chain) { + if (!nx_sk_match(sk, nid)) + continue; if (INET_MATCH(sk, hash, acookie, saddr, daddr, ports, dif)) goto hit; /* You sunk my battleship! */ } /* Must check for a TIME_WAIT'er before going to listener hash. */ sk_for_each(sk, node, &(head + hashinfo->ehash_size)->chain) { + if (!nx_sk_match(sk, nid)) + continue; if (INET_TW_MATCH(sk, hash, acookie, saddr, daddr, ports, dif)) goto hit; } @@ -414,22 +422,22 @@ hit: static inline struct sock *__inet_lookup(struct inet_hashinfo *hashinfo, const u32 saddr, const u16 sport, const u32 daddr, const u16 hnum, - const int dif) + const int dif, nid_t nid) { struct sock *sk = __inet_lookup_established(hashinfo, saddr, sport, daddr, - hnum, dif); - return sk ? : inet_lookup_listener(hashinfo, daddr, hnum, dif); + hnum, dif, nid); + return sk ? : inet_lookup_listener(hashinfo, daddr, hnum, dif, nid); } static inline struct sock *inet_lookup(struct inet_hashinfo *hashinfo, const u32 saddr, const u16 sport, const u32 daddr, const u16 dport, - const int dif) + const int dif, nid_t nid) { struct sock *sk; local_bh_disable(); - sk = __inet_lookup(hashinfo, saddr, sport, daddr, ntohs(dport), dif); + sk = __inet_lookup(hashinfo, saddr, sport, daddr, ntohs(dport), dif, nid); local_bh_enable(); return sk; diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/include/net/raw.h linux-2.6.16-vs2.1.x-lo0.02/include/net/raw.h --- linux-2.6.16-vs2.1.1-rc16/include/net/raw.h 2006-04-09 13:49:58 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/include/net/raw.h 2006-04-16 04:25:19 +0200 @@ -37,7 +37,7 @@ extern rwlock_t raw_v4_lock; extern struct sock *__raw_v4_lookup(struct sock *sk, unsigned short num, unsigned long raddr, unsigned long laddr, - int dif); + int dif, nid_t nid); extern int raw_v4_input(struct sk_buff *skb, struct iphdr *iph, int hash); diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/include/net/route.h linux-2.6.16-vs2.1.x-lo0.02/include/net/route.h --- linux-2.6.16-vs2.1.1-rc16/include/net/route.h 2006-04-14 04:22:46 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/include/net/route.h 2006-04-17 04:20:38 +0200 @@ -147,8 +147,6 @@ static inline char rt_tos2priority(u8 to return ip_tos2prio[IPTOS_TOS(tos)>>1]; } -#define IPI_LOOPBACK htonl(INADDR_LOOPBACK) - static inline int ip_find_src(struct nx_info *nxi, struct rtable **rp, struct flowi *fl) { int err; @@ -173,6 +171,10 @@ static inline int ip_find_src(struct nx_ foundsrc = (*rp)->rt_src; ip_rt_put(*rp); + if (foundsrc == IPI_LOOPBACK) { + fl->fl4_src = foundsrc; + return 0; + } for (i=0; imask[i]; u32 ipv4 = nxi->ipv4[i]; @@ -186,9 +188,6 @@ static inline int ip_find_src(struct nx_ fl->fl4_src = ipv4; } } - if (fl->fl4_src == 0) - fl->fl4_src = (fl->fl4_dst == IPI_LOOPBACK) - ? IPI_LOOPBACK : ipv4root; } else { for (i=0; iipv4[i] == fl->fl4_src) @@ -227,8 +226,6 @@ static inline int ip_route_connect(struc err = ip_find_src(nx_info, rp, &fl); if (err) return err; - if (fl.fl4_dst == IPI_LOOPBACK && !vx_check(0, VX_ADMIN)) - fl.fl4_dst = nx_info->ipv4[0]; } if (!fl.fl4_dst || !fl.fl4_src) { err = __ip_route_output_key(rp, &fl); diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/kernel/vserver/network.c linux-2.6.16-vs2.1.x-lo0.02/kernel/vserver/network.c --- linux-2.6.16-vs2.1.1-rc16/kernel/vserver/network.c 2006-04-14 04:22:46 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/kernel/vserver/network.c 2006-04-16 15:09:56 +0200 @@ -493,6 +493,8 @@ int nx_addr_conflict(struct nx_info *nxi /* check against nx_info */ int i, n = nxi->nbipv4; + if (__addr_in_socket(sk, IPI_LOOPBACK)) + return 1; for (i=0; iipv4[i])) return 1; diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/net/core/dev.c linux-2.6.16-vs2.1.x-lo0.02/net/core/dev.c --- linux-2.6.16-vs2.1.1-rc16/net/core/dev.c 2006-04-14 04:22:46 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/net/core/dev.c 2006-04-16 05:15:30 +0200 @@ -1506,6 +1506,9 @@ static __inline__ int deliver_skb(struct struct net_device *orig_dev) { atomic_inc(&skb->users); + vxdprintk(VXD_CBIT(nid, 8), + "deliver_skb(%p[#%u],%p[%p])", + skb, skb->nid, pt_prev, pt_prev->func); return pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/net/core/skbuff.c linux-2.6.16-vs2.1.x-lo0.02/net/core/skbuff.c --- linux-2.6.16-vs2.1.1-rc16/net/core/skbuff.c 2006-04-09 13:49:59 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/net/core/skbuff.c 2006-04-16 03:08:48 +0200 @@ -425,6 +425,7 @@ struct sk_buff *skb_clone(struct sk_buff C(nfct_reasm); nf_conntrack_get_reasm(skb->nfct_reasm); #endif + C(nid); #ifdef CONFIG_BRIDGE_NETFILTER C(nf_bridge); nf_bridge_get(skb->nf_bridge); diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/net/ipv4/af_inet.c linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/af_inet.c --- linux-2.6.16-vs2.1.1-rc16/net/ipv4/af_inet.c 2006-04-14 04:22:46 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/af_inet.c 2006-04-16 15:11:38 +0200 @@ -437,10 +437,6 @@ int inet_bind(struct socket *sock, struc s_addr = ipv4root; s_addr1 = (nbipv4 > 1) ? 0 : s_addr; s_addr2 = v4_bcast; - } else if (s_addr == IPI_LOOPBACK) { - /* rewrite localhost to ipv4root */ - s_addr = ipv4root; - s_addr1 = ipv4root; } else if (s_addr != v4_bcast) { /* normal address bind */ if (!addr_in_nx_info(nxi, s_addr)) diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/net/ipv4/devinet.c linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/devinet.c --- linux-2.6.16-vs2.1.1-rc16/net/ipv4/devinet.c 2006-04-14 04:22:46 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/devinet.c 2006-04-15 19:15:17 +0200 @@ -634,6 +634,9 @@ int devinet_ioctl(unsigned int cmd, void *colon = ':'; if ((in_dev = __in_dev_get_rtnl(dev)) != NULL) { + struct nx_info *nxi = current->nx_info; + int hide_netif = vx_flags(VXF_HIDE_NETIF, 0); + if (tryaddrmatch) { /* Matthias Andree */ /* compare label and address (4.4BSD style) */ @@ -642,6 +645,8 @@ int devinet_ioctl(unsigned int cmd, void This is checked above. */ for (ifap = &in_dev->ifa_list; (ifa = *ifap) != NULL; ifap = &ifa->ifa_next) { + if (hide_netif && !ifa_in_nx_info(ifa, nxi)) + continue; if (!strcmp(ifr.ifr_name, ifa->ifa_label) && sin_orig.sin_addr.s_addr == ifa->ifa_address) { @@ -654,18 +659,18 @@ int devinet_ioctl(unsigned int cmd, void comparing just the label */ if (!ifa) { for (ifap = &in_dev->ifa_list; (ifa = *ifap) != NULL; - ifap = &ifa->ifa_next) + ifap = &ifa->ifa_next) { + if (hide_netif && !ifa_in_nx_info(ifa, nxi)) + continue; if (!strcmp(ifr.ifr_name, ifa->ifa_label)) break; + } } } ret = -EADDRNOTAVAIL; if (!ifa && cmd != SIOCSIFADDR && cmd != SIOCSIFFLAGS) goto done; - if (vx_flags(VXF_HIDE_NETIF, 0) && - !ifa_in_nx_info(ifa, current->nx_info)) - goto done; switch(cmd) { case SIOCGIFADDR: /* Get interface address */ diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/net/ipv4/icmp.c linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/icmp.c --- linux-2.6.16-vs2.1.1-rc16/net/ipv4/icmp.c 2006-04-09 13:49:59 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/icmp.c 2006-04-16 04:22:59 +0200 @@ -384,6 +384,9 @@ static void icmp_reply(struct icmp_bxm * struct rtable *rt = (struct rtable *)skb->dst; u32 daddr; + /* reverse tag icmp socket */ + sk->sk_nid = skb->nid; + if (ip_options_echo(&icmp_param->replyopts, skb)) return; @@ -701,7 +704,8 @@ static void icmp_unreach(struct sk_buff if ((raw_sk = sk_head(&raw_v4_htable[hash])) != NULL) { while ((raw_sk = __raw_v4_lookup(raw_sk, protocol, iph->daddr, iph->saddr, - skb->dev->ifindex)) != NULL) { + skb->dev->ifindex, + skb->nid)) != NULL) { raw_err(raw_sk, skb, info); raw_sk = sk_next(raw_sk); iph = (struct iphdr *)skb->data; diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/net/ipv4/inet_diag.c linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/inet_diag.c --- linux-2.6.16-vs2.1.1-rc16/net/ipv4/inet_diag.c 2006-04-14 04:22:46 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/inet_diag.c 2006-04-16 03:50:40 +0200 @@ -241,7 +241,8 @@ static int inet_diag_get_exact(struct sk if (req->idiag_family == AF_INET) { sk = inet_lookup(hashinfo, req->id.idiag_dst[0], req->id.idiag_dport, req->id.idiag_src[0], - req->id.idiag_sport, req->id.idiag_if); + req->id.idiag_sport, req->id.idiag_if, + in_skb->nid); } #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE) else if (req->idiag_family == AF_INET6) { diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/net/ipv4/inet_hashtables.c linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/inet_hashtables.c --- linux-2.6.16-vs2.1.1-rc16/net/ipv4/inet_hashtables.c 2006-04-14 04:22:46 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/inet_hashtables.c 2006-04-16 03:35:58 +0200 @@ -130,7 +130,8 @@ EXPORT_SYMBOL(inet_listen_wlock); * wildcarded during the search since they can never be otherwise. */ struct sock *__inet_lookup_listener(const struct hlist_head *head, const u32 daddr, - const unsigned short hnum, const int dif) + const unsigned short hnum, + const int dif, nid_t nid) { struct sock *result = NULL, *sk; const struct hlist_node *node; @@ -139,6 +140,8 @@ struct sock *__inet_lookup_listener(cons sk_for_each(sk, node, head) { const struct inet_sock *inet = inet_sk(sk); + if (!nx_sk_match(sk, nid)) + continue; if (inet->num == hnum && !ipv6_only_sock(sk)) { const __u32 rcv_saddr = inet->rcv_saddr; int score = sk->sk_family == PF_INET ? 1 : 0; diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/net/ipv4/ip_output.c linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/ip_output.c --- linux-2.6.16-vs2.1.1-rc16/net/ipv4/ip_output.c 2006-04-09 13:49:59 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/ip_output.c 2006-04-16 02:57:57 +0200 @@ -83,6 +83,7 @@ #include #include #include +#include int sysctl_ip_default_ttl = IPDEFTTL; @@ -155,6 +156,7 @@ int ip_build_and_send_pkt(struct sk_buff ip_send_check(iph); skb->priority = sk->sk_priority; + nx_tag_sock_skb(sk, skb); /* Send it out. */ return NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev, @@ -370,6 +372,7 @@ packet_routed: ip_send_check(iph); skb->priority = sk->sk_priority; + nx_tag_sock_skb(sk, skb); return NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev, dst_output); @@ -1262,6 +1265,7 @@ int ip_push_pending_frames(struct sock * skb->priority = sk->sk_priority; skb->dst = dst_clone(&rt->u.dst); + nx_tag_sock_skb(sk, skb); /* Netfilter gets whole the not fragmented skb. */ err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/net/ipv4/raw.c linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/raw.c --- linux-2.6.16-vs2.1.1-rc16/net/ipv4/raw.c 2006-04-14 04:22:46 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/raw.c 2006-04-16 04:50:58 +0200 @@ -79,6 +79,7 @@ #include #include #include +#include struct hlist_head raw_v4_htable[RAWV4_HTABLE_SIZE]; DEFINE_RWLOCK(raw_v4_lock); @@ -125,13 +126,15 @@ static inline int raw_addr_match ( struct sock *__raw_v4_lookup(struct sock *sk, unsigned short num, unsigned long raddr, unsigned long laddr, - int dif) + int dif, nid_t nid) { struct hlist_node *node; sk_for_each_from(sk, node) { struct inet_sock *inet = inet_sk(sk); + if (!nx_sk_match(sk, nid)) + continue; if (inet->num == num && !(inet->daddr && inet->daddr != raddr) && raw_addr_match(sk->sk_nx_info, laddr, @@ -141,6 +144,9 @@ struct sock *__raw_v4_lookup(struct sock } sk = NULL; found: + vxdprintk(VXD_CBIT(nid, 8), + "__raw_v4_lookup(#%u) = %p[#%u]", + nid, sk, sk ? sk->sk_nid : 0); return sk; } @@ -184,7 +189,7 @@ int raw_v4_input(struct sk_buff *skb, st goto out; sk = __raw_v4_lookup(__sk_head(head), iph->protocol, iph->saddr, iph->daddr, - skb->dev->ifindex); + skb->dev->ifindex, skb->nid); while (sk) { delivered = 1; @@ -197,7 +202,7 @@ int raw_v4_input(struct sk_buff *skb, st } sk = __raw_v4_lookup(sk_next(sk), iph->protocol, iph->saddr, iph->daddr, - skb->dev->ifindex); + skb->dev->ifindex, skb->nid); } out: read_unlock(&raw_v4_lock); @@ -260,8 +265,11 @@ void raw_err (struct sock *sk, struct sk static int raw_rcv_skb(struct sock * sk, struct sk_buff * skb) { + vxdprintk(VXD_CBIT(nid, 8), + "raw_rcv_skb(%p[#%u],%p[#%u])", + sk, sk->sk_nid, skb, skb->nid); + /* Charge it to the socket. */ - if (sock_queue_rcv_skb(sk, skb) < 0) { /* FIXME: increment a raw drops counter here */ kfree_skb(skb); @@ -313,6 +320,7 @@ static int raw_send_hdrinc(struct sock * skb->priority = sk->sk_priority; skb->dst = dst_clone(&rt->u.dst); + nx_tag_sock_skb(sk, skb); skb->nh.iph = iph = (struct iphdr *)skb_put(skb, length); diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/net/ipv4/tcp_ipv4.c linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/tcp_ipv4.c --- linux-2.6.16-vs2.1.1-rc16/net/ipv4/tcp_ipv4.c 2006-04-14 04:22:46 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/tcp_ipv4.c 2006-04-16 03:43:42 +0200 @@ -349,7 +349,7 @@ void tcp_v4_err(struct sk_buff *skb, u32 } sk = inet_lookup(&tcp_hashinfo, iph->daddr, th->dest, iph->saddr, - th->source, inet_iif(skb)); + th->source, inet_iif(skb), skb->nid); if (!sk) { ICMP_INC_STATS_BH(ICMP_MIB_INERRORS); return; @@ -932,7 +932,8 @@ static struct sock *tcp_v4_hnd_req(struc nsk = __inet_lookup_established(&tcp_hashinfo, skb->nh.iph->saddr, th->source, skb->nh.iph->daddr, - ntohs(th->dest), inet_iif(skb)); + ntohs(th->dest), inet_iif(skb), + skb->nid); if (nsk) { if (nsk->sk_state != TCP_TIME_WAIT) { @@ -1070,7 +1071,7 @@ int tcp_v4_rcv(struct sk_buff *skb) sk = __inet_lookup(&tcp_hashinfo, skb->nh.iph->saddr, th->source, skb->nh.iph->daddr, ntohs(th->dest), - inet_iif(skb)); + inet_iif(skb), skb->nid); if (!sk) goto no_tcp_socket; @@ -1138,7 +1139,8 @@ do_time_wait: struct sock *sk2 = inet_lookup_listener(&tcp_hashinfo, skb->nh.iph->daddr, ntohs(th->dest), - inet_iif(skb)); + inet_iif(skb), + skb->nid); if (sk2) { inet_twsk_deschedule((struct inet_timewait_sock *)sk, &tcp_death_row); diff -NurpP --minimal linux-2.6.16-vs2.1.1-rc16/net/ipv4/udp.c linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/udp.c --- linux-2.6.16-vs2.1.1-rc16/net/ipv4/udp.c 2006-04-14 04:22:46 +0200 +++ linux-2.6.16-vs2.1.x-lo0.02/net/ipv4/udp.c 2006-04-16 15:11:52 +0200 @@ -216,16 +216,6 @@ static void udp_v4_unhash(struct sock *s write_unlock_bh(&udp_hash_lock); } -static inline int udp_in_list(struct nx_info *nx_info, u32 addr) -{ - int n = nx_info->nbipv4; - int i; - - for (i=0; iipv4[i] == addr) - return 1; - return 0; -} /* UDP is nearly always wildcards out the wazoo, it makes no sense to try * harder than this. -DaveM @@ -248,7 +238,7 @@ static struct sock *udp_v4_lookup_longwa continue; score+=2; } else if (sk->sk_nx_info) { - if (udp_in_list(sk->sk_nx_info, daddr)) + if (addr_in_nx_info(sk->sk_nx_info, daddr)) score+=2; else continue; @@ -625,8 +615,6 @@ int udp_sendmsg(struct kiocb *iocb, stru err = ip_find_src(nxi, &rt, &fl); if (err) goto out; - if (daddr == IPI_LOOPBACK && !vx_check(0, VX_ADMIN)) - daddr = fl.fl4_dst = nxi->ipv4[0]; } err = ip_route_output_flow(&rt, &fl, sk, !(msg->msg_flags&MSG_DONTWAIT)); if (err)