diff options
| author | Alexey Dobriyan <adobriyan@sw.ru> | 2008-01-31 07:49:35 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-01-31 22:28:06 -0500 |
| commit | 3cb609d57c20027a8b39fc60b79b930a89da82d4 (patch) | |
| tree | f88a4d355b6612665a0ea89ac91a746c06e2c3cc | |
| parent | 715cf35ac9291f31a4fea7d022695a64cac0af80 (diff) | |
[NETFILTER]: x_tables: create per-netns /proc/net/*_tables_*
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/linux/netfilter/x_tables.h | 4 | ||||
| -rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 21 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 21 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 22 | ||||
| -rw-r--r-- | net/netfilter/x_tables.c | 20 |
5 files changed, 67 insertions, 21 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 11eea39bbf7d..b2c62cc618f5 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h | |||
| @@ -357,8 +357,8 @@ extern struct xt_table *xt_find_table_lock(struct net *net, int af, | |||
| 357 | const char *name); | 357 | const char *name); |
| 358 | extern void xt_table_unlock(struct xt_table *t); | 358 | extern void xt_table_unlock(struct xt_table *t); |
| 359 | 359 | ||
| 360 | extern int xt_proto_init(int af); | 360 | extern int xt_proto_init(struct net *net, int af); |
| 361 | extern void xt_proto_fini(int af); | 361 | extern void xt_proto_fini(struct net *net, int af); |
| 362 | 362 | ||
| 363 | extern struct xt_table_info *xt_alloc_table_info(unsigned int size); | 363 | extern struct xt_table_info *xt_alloc_table_info(unsigned int size); |
| 364 | extern void xt_free_table_info(struct xt_table_info *info); | 364 | extern void xt_free_table_info(struct xt_table_info *info); |
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 3608675ab08c..a7591ce344d2 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
| @@ -1822,11 +1822,26 @@ static struct nf_sockopt_ops arpt_sockopts = { | |||
| 1822 | .owner = THIS_MODULE, | 1822 | .owner = THIS_MODULE, |
| 1823 | }; | 1823 | }; |
| 1824 | 1824 | ||
| 1825 | static int __net_init arp_tables_net_init(struct net *net) | ||
| 1826 | { | ||
| 1827 | return xt_proto_init(net, NF_ARP); | ||
| 1828 | } | ||
| 1829 | |||
| 1830 | static void __net_exit arp_tables_net_exit(struct net *net) | ||
| 1831 | { | ||
| 1832 | xt_proto_fini(net, NF_ARP); | ||
| 1833 | } | ||
| 1834 | |||
| 1835 | static struct pernet_operations arp_tables_net_ops = { | ||
| 1836 | .init = arp_tables_net_init, | ||
| 1837 | .exit = arp_tables_net_exit, | ||
| 1838 | }; | ||
| 1839 | |||
| 1825 | static int __init arp_tables_init(void) | 1840 | static int __init arp_tables_init(void) |
| 1826 | { | 1841 | { |
| 1827 | int ret; | 1842 | int ret; |
| 1828 | 1843 | ||
| 1829 | ret = xt_proto_init(NF_ARP); | 1844 | ret = register_pernet_subsys(&arp_tables_net_ops); |
| 1830 | if (ret < 0) | 1845 | if (ret < 0) |
| 1831 | goto err1; | 1846 | goto err1; |
| 1832 | 1847 | ||
| @@ -1851,7 +1866,7 @@ err4: | |||
| 1851 | err3: | 1866 | err3: |
| 1852 | xt_unregister_target(&arpt_standard_target); | 1867 | xt_unregister_target(&arpt_standard_target); |
| 1853 | err2: | 1868 | err2: |
| 1854 | xt_proto_fini(NF_ARP); | 1869 | unregister_pernet_subsys(&arp_tables_net_ops); |
| 1855 | err1: | 1870 | err1: |
| 1856 | return ret; | 1871 | return ret; |
| 1857 | } | 1872 | } |
| @@ -1861,7 +1876,7 @@ static void __exit arp_tables_fini(void) | |||
| 1861 | nf_unregister_sockopt(&arpt_sockopts); | 1876 | nf_unregister_sockopt(&arpt_sockopts); |
| 1862 | xt_unregister_target(&arpt_error_target); | 1877 | xt_unregister_target(&arpt_error_target); |
| 1863 | xt_unregister_target(&arpt_standard_target); | 1878 | xt_unregister_target(&arpt_standard_target); |
| 1864 | xt_proto_fini(NF_ARP); | 1879 | unregister_pernet_subsys(&arp_tables_net_ops); |
| 1865 | } | 1880 | } |
| 1866 | 1881 | ||
| 1867 | EXPORT_SYMBOL(arpt_register_table); | 1882 | EXPORT_SYMBOL(arpt_register_table); |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index a73afa1ba8b8..600737f122d2 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -2213,11 +2213,26 @@ static struct xt_match icmp_matchstruct __read_mostly = { | |||
| 2213 | .family = AF_INET, | 2213 | .family = AF_INET, |
| 2214 | }; | 2214 | }; |
| 2215 | 2215 | ||
| 2216 | static int __net_init ip_tables_net_init(struct net *net) | ||
| 2217 | { | ||
| 2218 | return xt_proto_init(net, AF_INET); | ||
| 2219 | } | ||
| 2220 | |||
| 2221 | static void __net_exit ip_tables_net_exit(struct net *net) | ||
| 2222 | { | ||
| 2223 | xt_proto_fini(net, AF_INET); | ||
| 2224 | } | ||
| 2225 | |||
| 2226 | static struct pernet_operations ip_tables_net_ops = { | ||
| 2227 | .init = ip_tables_net_init, | ||
| 2228 | .exit = ip_tables_net_exit, | ||
| 2229 | }; | ||
| 2230 | |||
| 2216 | static int __init ip_tables_init(void) | 2231 | static int __init ip_tables_init(void) |
| 2217 | { | 2232 | { |
| 2218 | int ret; | 2233 | int ret; |
| 2219 | 2234 | ||
| 2220 | ret = xt_proto_init(AF_INET); | 2235 | ret = register_pernet_subsys(&ip_tables_net_ops); |
| 2221 | if (ret < 0) | 2236 | if (ret < 0) |
| 2222 | goto err1; | 2237 | goto err1; |
| 2223 | 2238 | ||
| @@ -2247,7 +2262,7 @@ err4: | |||
| 2247 | err3: | 2262 | err3: |
| 2248 | xt_unregister_target(&ipt_standard_target); | 2263 | xt_unregister_target(&ipt_standard_target); |
| 2249 | err2: | 2264 | err2: |
| 2250 | xt_proto_fini(AF_INET); | 2265 | unregister_pernet_subsys(&ip_tables_net_ops); |
| 2251 | err1: | 2266 | err1: |
| 2252 | return ret; | 2267 | return ret; |
| 2253 | } | 2268 | } |
| @@ -2260,7 +2275,7 @@ static void __exit ip_tables_fini(void) | |||
| 2260 | xt_unregister_target(&ipt_error_target); | 2275 | xt_unregister_target(&ipt_error_target); |
| 2261 | xt_unregister_target(&ipt_standard_target); | 2276 | xt_unregister_target(&ipt_standard_target); |
| 2262 | 2277 | ||
| 2263 | xt_proto_fini(AF_INET); | 2278 | unregister_pernet_subsys(&ip_tables_net_ops); |
| 2264 | } | 2279 | } |
| 2265 | 2280 | ||
| 2266 | EXPORT_SYMBOL(ipt_register_table); | 2281 | EXPORT_SYMBOL(ipt_register_table); |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index b91738ab9f4e..bf9bb6e55bb5 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -2238,11 +2238,26 @@ static struct xt_match icmp6_matchstruct __read_mostly = { | |||
| 2238 | .family = AF_INET6, | 2238 | .family = AF_INET6, |
| 2239 | }; | 2239 | }; |
| 2240 | 2240 | ||
| 2241 | static int __net_init ip6_tables_net_init(struct net *net) | ||
| 2242 | { | ||
| 2243 | return xt_proto_init(net, AF_INET6); | ||
| 2244 | } | ||
| 2245 | |||
| 2246 | static void __net_exit ip6_tables_net_exit(struct net *net) | ||
| 2247 | { | ||
| 2248 | xt_proto_fini(net, AF_INET6); | ||
| 2249 | } | ||
| 2250 | |||
| 2251 | static struct pernet_operations ip6_tables_net_ops = { | ||
| 2252 | .init = ip6_tables_net_init, | ||
| 2253 | .exit = ip6_tables_net_exit, | ||
| 2254 | }; | ||
| 2255 | |||
| 2241 | static int __init ip6_tables_init(void) | 2256 | static int __init ip6_tables_init(void) |
| 2242 | { | 2257 | { |
| 2243 | int ret; | 2258 | int ret; |
| 2244 | 2259 | ||
| 2245 | ret = xt_proto_init(AF_INET6); | 2260 | ret = register_pernet_subsys(&ip6_tables_net_ops); |
| 2246 | if (ret < 0) | 2261 | if (ret < 0) |
| 2247 | goto err1; | 2262 | goto err1; |
| 2248 | 2263 | ||
| @@ -2272,7 +2287,7 @@ err4: | |||
| 2272 | err3: | 2287 | err3: |
| 2273 | xt_unregister_target(&ip6t_standard_target); | 2288 | xt_unregister_target(&ip6t_standard_target); |
| 2274 | err2: | 2289 | err2: |
| 2275 | xt_proto_fini(AF_INET6); | 2290 | unregister_pernet_subsys(&ip6_tables_net_ops); |
| 2276 | err1: | 2291 | err1: |
| 2277 | return ret; | 2292 | return ret; |
| 2278 | } | 2293 | } |
| @@ -2284,7 +2299,8 @@ static void __exit ip6_tables_fini(void) | |||
| 2284 | xt_unregister_match(&icmp6_matchstruct); | 2299 | xt_unregister_match(&icmp6_matchstruct); |
| 2285 | xt_unregister_target(&ip6t_error_target); | 2300 | xt_unregister_target(&ip6t_error_target); |
| 2286 | xt_unregister_target(&ip6t_standard_target); | 2301 | xt_unregister_target(&ip6t_standard_target); |
| 2287 | xt_proto_fini(AF_INET6); | 2302 | |
| 2303 | unregister_pernet_subsys(&ip6_tables_net_ops); | ||
| 2288 | } | 2304 | } |
| 2289 | 2305 | ||
| 2290 | /* | 2306 | /* |
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 12ed64c0bc9a..a6792089fcf9 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c | |||
| @@ -922,7 +922,7 @@ static const struct file_operations xt_target_ops = { | |||
| 922 | 922 | ||
| 923 | #endif /* CONFIG_PROC_FS */ | 923 | #endif /* CONFIG_PROC_FS */ |
| 924 | 924 | ||
| 925 | int xt_proto_init(int af) | 925 | int xt_proto_init(struct net *net, int af) |
| 926 | { | 926 | { |
| 927 | #ifdef CONFIG_PROC_FS | 927 | #ifdef CONFIG_PROC_FS |
| 928 | char buf[XT_FUNCTION_MAXNAMELEN]; | 928 | char buf[XT_FUNCTION_MAXNAMELEN]; |
| @@ -936,7 +936,7 @@ int xt_proto_init(int af) | |||
| 936 | #ifdef CONFIG_PROC_FS | 936 | #ifdef CONFIG_PROC_FS |
| 937 | strlcpy(buf, xt_prefix[af], sizeof(buf)); | 937 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 938 | strlcat(buf, FORMAT_TABLES, sizeof(buf)); | 938 | strlcat(buf, FORMAT_TABLES, sizeof(buf)); |
| 939 | proc = proc_net_fops_create(&init_net, buf, 0440, &xt_table_ops); | 939 | proc = proc_net_fops_create(net, buf, 0440, &xt_table_ops); |
| 940 | if (!proc) | 940 | if (!proc) |
| 941 | goto out; | 941 | goto out; |
| 942 | proc->data = (void *)(unsigned long)af; | 942 | proc->data = (void *)(unsigned long)af; |
| @@ -944,14 +944,14 @@ int xt_proto_init(int af) | |||
| 944 | 944 | ||
| 945 | strlcpy(buf, xt_prefix[af], sizeof(buf)); | 945 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 946 | strlcat(buf, FORMAT_MATCHES, sizeof(buf)); | 946 | strlcat(buf, FORMAT_MATCHES, sizeof(buf)); |
| 947 | proc = proc_net_fops_create(&init_net, buf, 0440, &xt_match_ops); | 947 | proc = proc_net_fops_create(net, buf, 0440, &xt_match_ops); |
| 948 | if (!proc) | 948 | if (!proc) |
| 949 | goto out_remove_tables; | 949 | goto out_remove_tables; |
| 950 | proc->data = (void *)(unsigned long)af; | 950 | proc->data = (void *)(unsigned long)af; |
| 951 | 951 | ||
| 952 | strlcpy(buf, xt_prefix[af], sizeof(buf)); | 952 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 953 | strlcat(buf, FORMAT_TARGETS, sizeof(buf)); | 953 | strlcat(buf, FORMAT_TARGETS, sizeof(buf)); |
| 954 | proc = proc_net_fops_create(&init_net, buf, 0440, &xt_target_ops); | 954 | proc = proc_net_fops_create(net, buf, 0440, &xt_target_ops); |
| 955 | if (!proc) | 955 | if (!proc) |
| 956 | goto out_remove_matches; | 956 | goto out_remove_matches; |
| 957 | proc->data = (void *)(unsigned long)af; | 957 | proc->data = (void *)(unsigned long)af; |
| @@ -963,34 +963,34 @@ int xt_proto_init(int af) | |||
| 963 | out_remove_matches: | 963 | out_remove_matches: |
| 964 | strlcpy(buf, xt_prefix[af], sizeof(buf)); | 964 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 965 | strlcat(buf, FORMAT_MATCHES, sizeof(buf)); | 965 | strlcat(buf, FORMAT_MATCHES, sizeof(buf)); |
| 966 | proc_net_remove(&init_net, buf); | 966 | proc_net_remove(net, buf); |
| 967 | 967 | ||
| 968 | out_remove_tables: | 968 | out_remove_tables: |
| 969 | strlcpy(buf, xt_prefix[af], sizeof(buf)); | 969 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 970 | strlcat(buf, FORMAT_TABLES, sizeof(buf)); | 970 | strlcat(buf, FORMAT_TABLES, sizeof(buf)); |
| 971 | proc_net_remove(&init_net, buf); | 971 | proc_net_remove(net, buf); |
| 972 | out: | 972 | out: |
| 973 | return -1; | 973 | return -1; |
| 974 | #endif | 974 | #endif |
| 975 | } | 975 | } |
| 976 | EXPORT_SYMBOL_GPL(xt_proto_init); | 976 | EXPORT_SYMBOL_GPL(xt_proto_init); |
| 977 | 977 | ||
| 978 | void xt_proto_fini(int af) | 978 | void xt_proto_fini(struct net *net, int af) |
| 979 | { | 979 | { |
| 980 | #ifdef CONFIG_PROC_FS | 980 | #ifdef CONFIG_PROC_FS |
| 981 | char buf[XT_FUNCTION_MAXNAMELEN]; | 981 | char buf[XT_FUNCTION_MAXNAMELEN]; |
| 982 | 982 | ||
| 983 | strlcpy(buf, xt_prefix[af], sizeof(buf)); | 983 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 984 | strlcat(buf, FORMAT_TABLES, sizeof(buf)); | 984 | strlcat(buf, FORMAT_TABLES, sizeof(buf)); |
| 985 | proc_net_remove(&init_net, buf); | 985 | proc_net_remove(net, buf); |
| 986 | 986 | ||
| 987 | strlcpy(buf, xt_prefix[af], sizeof(buf)); | 987 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 988 | strlcat(buf, FORMAT_TARGETS, sizeof(buf)); | 988 | strlcat(buf, FORMAT_TARGETS, sizeof(buf)); |
| 989 | proc_net_remove(&init_net, buf); | 989 | proc_net_remove(net, buf); |
| 990 | 990 | ||
| 991 | strlcpy(buf, xt_prefix[af], sizeof(buf)); | 991 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 992 | strlcat(buf, FORMAT_MATCHES, sizeof(buf)); | 992 | strlcat(buf, FORMAT_MATCHES, sizeof(buf)); |
| 993 | proc_net_remove(&init_net, buf); | 993 | proc_net_remove(net, buf); |
| 994 | #endif /*CONFIG_PROC_FS*/ | 994 | #endif /*CONFIG_PROC_FS*/ |
| 995 | } | 995 | } |
| 996 | EXPORT_SYMBOL_GPL(xt_proto_fini); | 996 | EXPORT_SYMBOL_GPL(xt_proto_fini); |