1 files changed, 29 insertions, 12 deletions
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index 292f2ed4416..c55a210853a 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -33,7 +33,7 @@ static struct
        struct ipt_replace repl;
        struct ipt_standard entries[5];
        struct ipt_error term;
-} initial_table __initdata = {
+} initial_table __net_initdata = {
        .repl = {
                .name = "mangle",
                .valid_hooks = MANGLE_VALID_HOOKS,
@@ -64,14 +64,13 @@ static struct
        .term = IPT_ERROR_INIT,                 /* ERROR */
 };
-static struct xt_table __packet_mangler = {
+static struct xt_table packet_mangler = {
        .name           = "mangle",
        .valid_hooks    = MANGLE_VALID_HOOKS,
        .lock           = RW_LOCK_UNLOCKED,
        .me             = THIS_MODULE,
        .af             = AF_INET,
 };
-static struct xt_table *packet_mangler;
 /* The work comes in here from netfilter.c. */
 static unsigned int
@@ -81,7 +80,7 @@ ipt_route_hook(unsigned int hook,
         const struct net_device *out,
         int (*okfn)(struct sk_buff *))
 {
-        return ipt_do_table(skb, hook, in, out, packet_mangler);
+        return ipt_do_table(skb, hook, in, out, init_net.ipv4.iptable_mangle);
 }
 static unsigned int
@@ -113,7 +112,7 @@ ipt_local_hook(unsigned int hook,
        daddr = iph->daddr;
        tos = iph->tos;
-        ret = ipt_do_table(skb, hook, in, out, packet_mangler);
+        ret = ipt_do_table(skb, hook, in, out, init_net.ipv4.iptable_mangle);
        /* Reroute for ANY change. */
        if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) {
                iph = ip_hdr(skb);
@@ -167,15 +166,33 @@ static struct nf_hook_ops ipt_ops[] __read_mostly = {
        },
 };
+static int __net_init iptable_mangle_net_init(struct net *net)
+{
+        /* Register table */
+        net->ipv4.iptable_mangle =
+                ipt_register_table(net, &packet_mangler, &initial_table.repl);
+        if (IS_ERR(net->ipv4.iptable_mangle))
+                return PTR_ERR(net->ipv4.iptable_mangle);
+        return 0;
+}
+static void __net_exit iptable_mangle_net_exit(struct net *net)
+{
+        ipt_unregister_table(net->ipv4.iptable_mangle);
+}
+static struct pernet_operations iptable_mangle_net_ops = {
+        .init = iptable_mangle_net_init,
+        .exit = iptable_mangle_net_exit,
+};
 static int __init iptable_mangle_init(void)
 {
        int ret;
-        /* Register table */
+        ret = register_pernet_subsys(&iptable_mangle_net_ops);
-        packet_mangler = ipt_register_table(&init_net, &__packet_mangler,
+        if (ret < 0)
-                                            &initial_table.repl);
+                return ret;
-        if (IS_ERR(packet_mangler))
-                return PTR_ERR(packet_mangler);
        /* Register hooks */
        ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
@@ -185,14 +202,14 @@ static int __init iptable_mangle_init(void)
        return ret;
 cleanup_table:
-        ipt_unregister_table(packet_mangler);
+        unregister_pernet_subsys(&iptable_mangle_net_ops);
        return ret;
 }
 static void __exit iptable_mangle_fini(void)
 {
        nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
-        ipt_unregister_table(packet_mangler);
+        unregister_pernet_subsys(&iptable_mangle_net_ops);
 }
 module_init(iptable_mangle_init);