aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@gmail.com>2008-11-04 08:22:55 -0500
committerPatrick McHardy <kaber@trash.net>2008-11-04 08:22:55 -0500
commit511061e2dd1b84bb21bb97c9216a19606c29ac02 (patch)
tree8979b8d7708fb29520afca9ae76feec92d5b6c6d
parent19223f26d97077da8cf25251458afe00cae20cbb (diff)
netfilter: netns ebtables: part 1
* propagate netns from userspace, register table in passed netns * remporarily register every ebt_table in init_net P. S.: one needs to add ".netns_ok = 1" to igmp_protocol to test with ebtables(8) in netns. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
-rw-r--r--include/linux/netfilter_bridge/ebtables.h2
-rw-r--r--net/bridge/netfilter/ebtable_broute.c2
-rw-r--r--net/bridge/netfilter/ebtable_filter.c2
-rw-r--r--net/bridge/netfilter/ebtable_nat.c2
-rw-r--r--net/bridge/netfilter/ebtables.c27
5 files changed, 18 insertions, 17 deletions
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index d45e29cd1cf..624e7883068 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -300,7 +300,7 @@ struct ebt_table
300 300
301#define EBT_ALIGN(s) (((s) + (__alignof__(struct ebt_replace)-1)) & \ 301#define EBT_ALIGN(s) (((s) + (__alignof__(struct ebt_replace)-1)) & \
302 ~(__alignof__(struct ebt_replace)-1)) 302 ~(__alignof__(struct ebt_replace)-1))
303extern int ebt_register_table(struct ebt_table *table); 303extern int ebt_register_table(struct net *net, struct ebt_table *table);
304extern void ebt_unregister_table(struct ebt_table *table); 304extern void ebt_unregister_table(struct ebt_table *table);
305extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb, 305extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
306 const struct net_device *in, const struct net_device *out, 306 const struct net_device *in, const struct net_device *out,
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c
index 246626bb0c8..1731ce8f747 100644
--- a/net/bridge/netfilter/ebtable_broute.c
+++ b/net/bridge/netfilter/ebtable_broute.c
@@ -66,7 +66,7 @@ static int __init ebtable_broute_init(void)
66{ 66{
67 int ret; 67 int ret;
68 68
69 ret = ebt_register_table(&broute_table); 69 ret = ebt_register_table(&init_net, &broute_table);
70 if (ret < 0) 70 if (ret < 0)
71 return ret; 71 return ret;
72 /* see br_input.c */ 72 /* see br_input.c */
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c
index 1a58af51a2e..af8953c9a57 100644
--- a/net/bridge/netfilter/ebtable_filter.c
+++ b/net/bridge/netfilter/ebtable_filter.c
@@ -95,7 +95,7 @@ static int __init ebtable_filter_init(void)
95{ 95{
96 int ret; 96 int ret;
97 97
98 ret = ebt_register_table(&frame_filter); 98 ret = ebt_register_table(&init_net, &frame_filter);
99 if (ret < 0) 99 if (ret < 0)
100 return ret; 100 return ret;
101 ret = nf_register_hooks(ebt_ops_filter, ARRAY_SIZE(ebt_ops_filter)); 101 ret = nf_register_hooks(ebt_ops_filter, ARRAY_SIZE(ebt_ops_filter));
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c
index f60c1e78e57..bafe16029bd 100644
--- a/net/bridge/netfilter/ebtable_nat.c
+++ b/net/bridge/netfilter/ebtable_nat.c
@@ -102,7 +102,7 @@ static int __init ebtable_nat_init(void)
102{ 102{
103 int ret; 103 int ret;
104 104
105 ret = ebt_register_table(&frame_nat); 105 ret = ebt_register_table(&init_net, &frame_nat);
106 if (ret < 0) 106 if (ret < 0)
107 return ret; 107 return ret;
108 ret = nf_register_hooks(ebt_ops_nat, ARRAY_SIZE(ebt_ops_nat)); 108 ret = nf_register_hooks(ebt_ops_nat, ARRAY_SIZE(ebt_ops_nat));
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 0fa208e8640..c1a82b2826e 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -55,7 +55,6 @@
55 55
56 56
57static DEFINE_MUTEX(ebt_mutex); 57static DEFINE_MUTEX(ebt_mutex);
58static LIST_HEAD(ebt_tables);
59 58
60static struct xt_target ebt_standard_target = { 59static struct xt_target ebt_standard_target = {
61 .name = "standard", 60 .name = "standard",
@@ -315,9 +314,11 @@ find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
315} 314}
316 315
317static inline struct ebt_table * 316static inline struct ebt_table *
318find_table_lock(const char *name, int *error, struct mutex *mutex) 317find_table_lock(struct net *net, const char *name, int *error,
318 struct mutex *mutex)
319{ 319{
320 return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex); 320 return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name,
321 "ebtable_", error, mutex);
321} 322}
322 323
323static inline int 324static inline int
@@ -944,7 +945,7 @@ static void get_counters(struct ebt_counter *oldcounters,
944} 945}
945 946
946/* replace the table */ 947/* replace the table */
947static int do_replace(void __user *user, unsigned int len) 948static int do_replace(struct net *net, void __user *user, unsigned int len)
948{ 949{
949 int ret, i, countersize; 950 int ret, i, countersize;
950 struct ebt_table_info *newinfo; 951 struct ebt_table_info *newinfo;
@@ -1016,7 +1017,7 @@ static int do_replace(void __user *user, unsigned int len)
1016 if (ret != 0) 1017 if (ret != 0)
1017 goto free_counterstmp; 1018 goto free_counterstmp;
1018 1019
1019 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 1020 t = find_table_lock(net, tmp.name, &ret, &ebt_mutex);
1020 if (!t) { 1021 if (!t) {
1021 ret = -ENOENT; 1022 ret = -ENOENT;
1022 goto free_iterate; 1023 goto free_iterate;
@@ -1097,7 +1098,7 @@ free_newinfo:
1097 return ret; 1098 return ret;
1098} 1099}
1099 1100
1100int ebt_register_table(struct ebt_table *table) 1101int ebt_register_table(struct net *net, struct ebt_table *table)
1101{ 1102{
1102 struct ebt_table_info *newinfo; 1103 struct ebt_table_info *newinfo;
1103 struct ebt_table *t; 1104 struct ebt_table *t;
@@ -1157,7 +1158,7 @@ int ebt_register_table(struct ebt_table *table)
1157 if (ret != 0) 1158 if (ret != 0)
1158 goto free_chainstack; 1159 goto free_chainstack;
1159 1160
1160 list_for_each_entry(t, &ebt_tables, list) { 1161 list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
1161 if (strcmp(t->name, table->name) == 0) { 1162 if (strcmp(t->name, table->name) == 0) {
1162 ret = -EEXIST; 1163 ret = -EEXIST;
1163 BUGPRINT("Table name already exists\n"); 1164 BUGPRINT("Table name already exists\n");
@@ -1170,7 +1171,7 @@ int ebt_register_table(struct ebt_table *table)
1170 ret = -ENOENT; 1171 ret = -ENOENT;
1171 goto free_unlock; 1172 goto free_unlock;
1172 } 1173 }
1173 list_add(&table->list, &ebt_tables); 1174 list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]);
1174 mutex_unlock(&ebt_mutex); 1175 mutex_unlock(&ebt_mutex);
1175 return 0; 1176 return 0;
1176free_unlock: 1177free_unlock:
@@ -1208,7 +1209,7 @@ void ebt_unregister_table(struct ebt_table *table)
1208} 1209}
1209 1210
1210/* userspace just supplied us with counters */ 1211/* userspace just supplied us with counters */
1211static int update_counters(void __user *user, unsigned int len) 1212static int update_counters(struct net *net, void __user *user, unsigned int len)
1212{ 1213{
1213 int i, ret; 1214 int i, ret;
1214 struct ebt_counter *tmp; 1215 struct ebt_counter *tmp;
@@ -1228,7 +1229,7 @@ static int update_counters(void __user *user, unsigned int len)
1228 return -ENOMEM; 1229 return -ENOMEM;
1229 } 1230 }
1230 1231
1231 t = find_table_lock(hlp.name, &ret, &ebt_mutex); 1232 t = find_table_lock(net, hlp.name, &ret, &ebt_mutex);
1232 if (!t) 1233 if (!t)
1233 goto free_tmp; 1234 goto free_tmp;
1234 1235
@@ -1386,10 +1387,10 @@ static int do_ebt_set_ctl(struct sock *sk,
1386 1387
1387 switch(cmd) { 1388 switch(cmd) {
1388 case EBT_SO_SET_ENTRIES: 1389 case EBT_SO_SET_ENTRIES:
1389 ret = do_replace(user, len); 1390 ret = do_replace(sock_net(sk), user, len);
1390 break; 1391 break;
1391 case EBT_SO_SET_COUNTERS: 1392 case EBT_SO_SET_COUNTERS:
1392 ret = update_counters(user, len); 1393 ret = update_counters(sock_net(sk), user, len);
1393 break; 1394 break;
1394 default: 1395 default:
1395 ret = -EINVAL; 1396 ret = -EINVAL;
@@ -1406,7 +1407,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
1406 if (copy_from_user(&tmp, user, sizeof(tmp))) 1407 if (copy_from_user(&tmp, user, sizeof(tmp)))
1407 return -EFAULT; 1408 return -EFAULT;
1408 1409
1409 t = find_table_lock(tmp.name, &ret, &ebt_mutex); 1410 t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex);
1410 if (!t) 1411 if (!t)
1411 return ret; 1412 return ret;
1412 1413