[NETFILTER]: arp_tables: per-netns arp_tables FILTER

Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Alexey Dobriyan <adobriyan@sw.ru> 2008-01-31 07:05:09 -0500
committer: David S. Miller <davem@davemloft.net> 2008-01-31 22:27:41 -0500
commit: 9ea0cb2601c4747dff758a9a7a5a4a433ad527f3 (patch)
tree: 3a8c85473b3f96abf54aefde3d90fd4a3878e609 /net/ipv4
parent: 79df341ab6c0b1eab77921265ddd1b17ec4db13a (diff)
1 files changed, 28 insertions, 10 deletions
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c
index 1a688607fe8..4e9c496a30c 100644
--- a/net/ipv4/netfilter/arptable_filter.c
+++ b/net/ipv4/netfilter/arptable_filter.c
@@ -20,7 +20,7 @@ static struct
        struct arpt_replace repl;
        struct arpt_standard entries[3];
        struct arpt_error term;
-} initial_table __initdata = {
+} initial_table __net_initdata = {
        .repl = {
                .name = "filter",
                .valid_hooks = FILTER_VALID_HOOKS,
@@ -45,7 +45,7 @@ static struct
        .term = ARPT_ERROR_INIT,
 };
-static struct arpt_table __packet_filter = {
+static struct arpt_table packet_filter = {
        .name           = "filter",
        .valid_hooks    = FILTER_VALID_HOOKS,
        .lock           = RW_LOCK_UNLOCKED,
@@ -53,7 +53,6 @@ static struct arpt_table __packet_filter = {
        .me             = THIS_MODULE,
        .af             = NF_ARP,
 };
-static struct arpt_table *packet_filter;
 /* The work comes in here from netfilter.c */
 static unsigned int arpt_hook(unsigned int hook,
@@ -62,7 +61,7 @@ static unsigned int arpt_hook(unsigned int hook,
                              const struct net_device *out,
                              int (*okfn)(struct sk_buff *))
 {
-        return arpt_do_table(skb, hook, in, out, packet_filter);
+        return arpt_do_table(skb, hook, in, out, init_net.ipv4.arptable_filter);
 }
 static struct nf_hook_ops arpt_ops[] __read_mostly = {
@@ -86,14 +85,33 @@ static struct nf_hook_ops arpt_ops[] __read_mostly = {
        },
 };
+static int __net_init arptable_filter_net_init(struct net *net)
+{
+        /* Register table */
+        net->ipv4.arptable_filter =
+                arpt_register_table(net, &packet_filter, &initial_table.repl);
+        if (IS_ERR(net->ipv4.arptable_filter))
+                return PTR_ERR(net->ipv4.arptable_filter);
+        return 0;
+}
+static void __net_exit arptable_filter_net_exit(struct net *net)
+{
+        arpt_unregister_table(net->ipv4.arptable_filter);
+}
+static struct pernet_operations arptable_filter_net_ops = {
+        .init = arptable_filter_net_init,
+        .exit = arptable_filter_net_exit,
+};
 static int __init arptable_filter_init(void)
 {
        int ret;
-        /* Register table */
+        ret = register_pernet_subsys(&arptable_filter_net_ops);
-        packet_filter = arpt_register_table(&init_net, &__packet_filter, &initial_table.repl);
+        if (ret < 0)
-        if (IS_ERR(packet_filter))
+                return ret;
-                return PTR_ERR(packet_filter);
        ret = nf_register_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));
        if (ret < 0)
@@ -101,14 +119,14 @@ static int __init arptable_filter_init(void)
        return ret;
 cleanup_table:
-        arpt_unregister_table(packet_filter);
+        unregister_pernet_subsys(&arptable_filter_net_ops);
        return ret;
 }
 static void __exit arptable_filter_fini(void)
 {
        nf_unregister_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));
-        arpt_unregister_table(packet_filter);
+        unregister_pernet_subsys(&arptable_filter_net_ops);
 }
 module_init(arptable_filter_init);
author	Alexey Dobriyan <adobriyan@sw.ru>	2008-01-31 07:05:09 -0500
committer	David S. Miller <davem@davemloft.net>	2008-01-31 22:27:41 -0500
commit	9ea0cb2601c4747dff758a9a7a5a4a433ad527f3 (patch)
tree	3a8c85473b3f96abf54aefde3d90fd4a3878e609 /net/ipv4
parent	79df341ab6c0b1eab77921265ddd1b17ec4db13a (diff)