diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2010-01-18 02:21:13 -0500 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-01-18 02:21:13 -0500 |
| commit | a83d8e8d099fc373a5ca7112ad08c553bb2c180f (patch) | |
| tree | 19b7bbeb34ae718f5bac20d1ab42d6280bb20665 /net/ipv4 | |
| parent | a1004d8e3d463012f231bab104325ecb15637f78 (diff) | |
netfilter: xtables: add struct xt_mtchk_param::net
Some complex match modules (like xt_hashlimit/xt_recent) want netns
information at constructor and destructor time. We propably can play
games at match destruction time, because netns can be passed in object,
but I think it's cleaner to explicitly pass netns.
Add ->net, make sure it's set from ebtables/iptables/ip6tables code.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 572330a552e..a069d72d948 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -661,8 +661,8 @@ static int check_target(struct ipt_entry *e, const char *name) | |||
| 661 | } | 661 | } |
| 662 | 662 | ||
| 663 | static int | 663 | static int |
| 664 | find_check_entry(struct ipt_entry *e, const char *name, unsigned int size, | 664 | find_check_entry(struct ipt_entry *e, struct net *net, const char *name, |
| 665 | unsigned int *i) | 665 | unsigned int size, unsigned int *i) |
| 666 | { | 666 | { |
| 667 | struct ipt_entry_target *t; | 667 | struct ipt_entry_target *t; |
| 668 | struct xt_target *target; | 668 | struct xt_target *target; |
| @@ -675,6 +675,7 @@ find_check_entry(struct ipt_entry *e, const char *name, unsigned int size, | |||
| 675 | return ret; | 675 | return ret; |
| 676 | 676 | ||
| 677 | j = 0; | 677 | j = 0; |
| 678 | mtpar.net = net; | ||
| 678 | mtpar.table = name; | 679 | mtpar.table = name; |
| 679 | mtpar.entryinfo = &e->ip; | 680 | mtpar.entryinfo = &e->ip; |
| 680 | mtpar.hook_mask = e->comefrom; | 681 | mtpar.hook_mask = e->comefrom; |
| @@ -798,7 +799,8 @@ cleanup_entry(struct ipt_entry *e, unsigned int *i) | |||
| 798 | /* Checks and translates the user-supplied table segment (held in | 799 | /* Checks and translates the user-supplied table segment (held in |
| 799 | newinfo) */ | 800 | newinfo) */ |
| 800 | static int | 801 | static int |
| 801 | translate_table(const char *name, | 802 | translate_table(struct net *net, |
| 803 | const char *name, | ||
| 802 | unsigned int valid_hooks, | 804 | unsigned int valid_hooks, |
| 803 | struct xt_table_info *newinfo, | 805 | struct xt_table_info *newinfo, |
| 804 | void *entry0, | 806 | void *entry0, |
| @@ -860,7 +862,7 @@ translate_table(const char *name, | |||
| 860 | /* Finally, each sanity check must pass */ | 862 | /* Finally, each sanity check must pass */ |
| 861 | i = 0; | 863 | i = 0; |
| 862 | ret = IPT_ENTRY_ITERATE(entry0, newinfo->size, | 864 | ret = IPT_ENTRY_ITERATE(entry0, newinfo->size, |
| 863 | find_check_entry, name, size, &i); | 865 | find_check_entry, net, name, size, &i); |
| 864 | 866 | ||
| 865 | if (ret != 0) { | 867 | if (ret != 0) { |
| 866 | IPT_ENTRY_ITERATE(entry0, newinfo->size, | 868 | IPT_ENTRY_ITERATE(entry0, newinfo->size, |
| @@ -1303,7 +1305,7 @@ do_replace(struct net *net, void __user *user, unsigned int len) | |||
| 1303 | goto free_newinfo; | 1305 | goto free_newinfo; |
| 1304 | } | 1306 | } |
| 1305 | 1307 | ||
| 1306 | ret = translate_table(tmp.name, tmp.valid_hooks, | 1308 | ret = translate_table(net, tmp.name, tmp.valid_hooks, |
| 1307 | newinfo, loc_cpu_entry, tmp.size, tmp.num_entries, | 1309 | newinfo, loc_cpu_entry, tmp.size, tmp.num_entries, |
| 1308 | tmp.hook_entry, tmp.underflow); | 1310 | tmp.hook_entry, tmp.underflow); |
| 1309 | if (ret != 0) | 1311 | if (ret != 0) |
| @@ -1655,7 +1657,7 @@ compat_copy_entry_from_user(struct compat_ipt_entry *e, void **dstptr, | |||
| 1655 | } | 1657 | } |
| 1656 | 1658 | ||
| 1657 | static int | 1659 | static int |
| 1658 | compat_check_entry(struct ipt_entry *e, const char *name, | 1660 | compat_check_entry(struct ipt_entry *e, struct net *net, const char *name, |
| 1659 | unsigned int *i) | 1661 | unsigned int *i) |
| 1660 | { | 1662 | { |
| 1661 | struct xt_mtchk_param mtpar; | 1663 | struct xt_mtchk_param mtpar; |
| @@ -1663,6 +1665,7 @@ compat_check_entry(struct ipt_entry *e, const char *name, | |||
| 1663 | int ret; | 1665 | int ret; |
| 1664 | 1666 | ||
| 1665 | j = 0; | 1667 | j = 0; |
| 1668 | mtpar.net = net; | ||
| 1666 | mtpar.table = name; | 1669 | mtpar.table = name; |
| 1667 | mtpar.entryinfo = &e->ip; | 1670 | mtpar.entryinfo = &e->ip; |
| 1668 | mtpar.hook_mask = e->comefrom; | 1671 | mtpar.hook_mask = e->comefrom; |
| @@ -1684,7 +1687,8 @@ compat_check_entry(struct ipt_entry *e, const char *name, | |||
| 1684 | } | 1687 | } |
| 1685 | 1688 | ||
| 1686 | static int | 1689 | static int |
| 1687 | translate_compat_table(const char *name, | 1690 | translate_compat_table(struct net *net, |
| 1691 | const char *name, | ||
| 1688 | unsigned int valid_hooks, | 1692 | unsigned int valid_hooks, |
| 1689 | struct xt_table_info **pinfo, | 1693 | struct xt_table_info **pinfo, |
| 1690 | void **pentry0, | 1694 | void **pentry0, |
| @@ -1773,7 +1777,7 @@ translate_compat_table(const char *name, | |||
| 1773 | 1777 | ||
| 1774 | i = 0; | 1778 | i = 0; |
| 1775 | ret = IPT_ENTRY_ITERATE(entry1, newinfo->size, compat_check_entry, | 1779 | ret = IPT_ENTRY_ITERATE(entry1, newinfo->size, compat_check_entry, |
| 1776 | name, &i); | 1780 | net, name, &i); |
| 1777 | if (ret) { | 1781 | if (ret) { |
| 1778 | j -= i; | 1782 | j -= i; |
| 1779 | COMPAT_IPT_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i, | 1783 | COMPAT_IPT_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i, |
| @@ -1833,7 +1837,7 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len) | |||
| 1833 | goto free_newinfo; | 1837 | goto free_newinfo; |
| 1834 | } | 1838 | } |
| 1835 | 1839 | ||
| 1836 | ret = translate_compat_table(tmp.name, tmp.valid_hooks, | 1840 | ret = translate_compat_table(net, tmp.name, tmp.valid_hooks, |
| 1837 | &newinfo, &loc_cpu_entry, tmp.size, | 1841 | &newinfo, &loc_cpu_entry, tmp.size, |
| 1838 | tmp.num_entries, tmp.hook_entry, | 1842 | tmp.num_entries, tmp.hook_entry, |
| 1839 | tmp.underflow); | 1843 | tmp.underflow); |
| @@ -2086,7 +2090,7 @@ struct xt_table *ipt_register_table(struct net *net, | |||
| 2086 | loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; | 2090 | loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; |
| 2087 | memcpy(loc_cpu_entry, repl->entries, repl->size); | 2091 | memcpy(loc_cpu_entry, repl->entries, repl->size); |
| 2088 | 2092 | ||
| 2089 | ret = translate_table(table->name, table->valid_hooks, | 2093 | ret = translate_table(net, table->name, table->valid_hooks, |
| 2090 | newinfo, loc_cpu_entry, repl->size, | 2094 | newinfo, loc_cpu_entry, repl->size, |
| 2091 | repl->num_entries, | 2095 | repl->num_entries, |
| 2092 | repl->hook_entry, | 2096 | repl->hook_entry, |