aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@sw.ru>2008-01-31 07:04:32 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-31 22:27:40 -0500
commit79df341ab6c0b1eab77921265ddd1b17ec4db13a (patch)
tree8a9607a237767a768e33b9113a93b589fb2e1ee4 /net/ipv4
parent8280aa6182f03c4e27dc235ce0440bc94927dc28 (diff)
[NETFILTER]: arp_tables: netns preparation
* Propagate netns from userspace. * arpt_register_table() registers table in supplied netns. Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/netfilter/arp_tables.c55
-rw-r--r--net/ipv4/netfilter/arptable_filter.c2
2 files changed, 32 insertions, 25 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 3a5afb84e69f..ec64b679641d 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -22,6 +22,7 @@
22#include <linux/mutex.h> 22#include <linux/mutex.h>
23#include <linux/err.h> 23#include <linux/err.h>
24#include <net/compat.h> 24#include <net/compat.h>
25#include <net/sock.h>
25#include <asm/uaccess.h> 26#include <asm/uaccess.h>
26 27
27#include <linux/netfilter/x_tables.h> 28#include <linux/netfilter/x_tables.h>
@@ -850,7 +851,7 @@ static int compat_table_info(const struct xt_table_info *info,
850} 851}
851#endif 852#endif
852 853
853static int get_info(void __user *user, int *len, int compat) 854static int get_info(struct net *net, void __user *user, int *len, int compat)
854{ 855{
855 char name[ARPT_TABLE_MAXNAMELEN]; 856 char name[ARPT_TABLE_MAXNAMELEN];
856 struct arpt_table *t; 857 struct arpt_table *t;
@@ -870,7 +871,7 @@ static int get_info(void __user *user, int *len, int compat)
870 if (compat) 871 if (compat)
871 xt_compat_lock(NF_ARP); 872 xt_compat_lock(NF_ARP);
872#endif 873#endif
873 t = try_then_request_module(xt_find_table_lock(&init_net, NF_ARP, name), 874 t = try_then_request_module(xt_find_table_lock(net, NF_ARP, name),
874 "arptable_%s", name); 875 "arptable_%s", name);
875 if (t && !IS_ERR(t)) { 876 if (t && !IS_ERR(t)) {
876 struct arpt_getinfo info; 877 struct arpt_getinfo info;
@@ -908,7 +909,8 @@ static int get_info(void __user *user, int *len, int compat)
908 return ret; 909 return ret;
909} 910}
910 911
911static int get_entries(struct arpt_get_entries __user *uptr, int *len) 912static int get_entries(struct net *net, struct arpt_get_entries __user *uptr,
913 int *len)
912{ 914{
913 int ret; 915 int ret;
914 struct arpt_get_entries get; 916 struct arpt_get_entries get;
@@ -926,7 +928,7 @@ static int get_entries(struct arpt_get_entries __user *uptr, int *len)
926 return -EINVAL; 928 return -EINVAL;
927 } 929 }
928 930
929 t = xt_find_table_lock(&init_net, NF_ARP, get.name); 931 t = xt_find_table_lock(net, NF_ARP, get.name);
930 if (t && !IS_ERR(t)) { 932 if (t && !IS_ERR(t)) {
931 struct xt_table_info *private = t->private; 933 struct xt_table_info *private = t->private;
932 duprintf("t->private->number = %u\n", 934 duprintf("t->private->number = %u\n",
@@ -947,7 +949,8 @@ static int get_entries(struct arpt_get_entries __user *uptr, int *len)
947 return ret; 949 return ret;
948} 950}
949 951
950static int __do_replace(const char *name, unsigned int valid_hooks, 952static int __do_replace(struct net *net, const char *name,
953 unsigned int valid_hooks,
951 struct xt_table_info *newinfo, 954 struct xt_table_info *newinfo,
952 unsigned int num_counters, 955 unsigned int num_counters,
953 void __user *counters_ptr) 956 void __user *counters_ptr)
@@ -966,7 +969,7 @@ static int __do_replace(const char *name, unsigned int valid_hooks,
966 goto out; 969 goto out;
967 } 970 }
968 971
969 t = try_then_request_module(xt_find_table_lock(&init_net, NF_ARP, name), 972 t = try_then_request_module(xt_find_table_lock(net, NF_ARP, name),
970 "arptable_%s", name); 973 "arptable_%s", name);
971 if (!t || IS_ERR(t)) { 974 if (!t || IS_ERR(t)) {
972 ret = t ? PTR_ERR(t) : -ENOENT; 975 ret = t ? PTR_ERR(t) : -ENOENT;
@@ -1019,7 +1022,7 @@ static int __do_replace(const char *name, unsigned int valid_hooks,
1019 return ret; 1022 return ret;
1020} 1023}
1021 1024
1022static int do_replace(void __user *user, unsigned int len) 1025static int do_replace(struct net *net, void __user *user, unsigned int len)
1023{ 1026{
1024 int ret; 1027 int ret;
1025 struct arpt_replace tmp; 1028 struct arpt_replace tmp;
@@ -1053,7 +1056,7 @@ static int do_replace(void __user *user, unsigned int len)
1053 1056
1054 duprintf("arp_tables: Translated table\n"); 1057 duprintf("arp_tables: Translated table\n");
1055 1058
1056 ret = __do_replace(tmp.name, tmp.valid_hooks, newinfo, 1059 ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo,
1057 tmp.num_counters, tmp.counters); 1060 tmp.num_counters, tmp.counters);
1058 if (ret) 1061 if (ret)
1059 goto free_newinfo_untrans; 1062 goto free_newinfo_untrans;
@@ -1080,7 +1083,8 @@ static inline int add_counter_to_entry(struct arpt_entry *e,
1080 return 0; 1083 return 0;
1081} 1084}
1082 1085
1083static int do_add_counters(void __user *user, unsigned int len, int compat) 1086static int do_add_counters(struct net *net, void __user *user, unsigned int len,
1087 int compat)
1084{ 1088{
1085 unsigned int i; 1089 unsigned int i;
1086 struct xt_counters_info tmp; 1090 struct xt_counters_info tmp;
@@ -1132,7 +1136,7 @@ static int do_add_counters(void __user *user, unsigned int len, int compat)
1132 goto free; 1136 goto free;
1133 } 1137 }
1134 1138
1135 t = xt_find_table_lock(&init_net, NF_ARP, name); 1139 t = xt_find_table_lock(net, NF_ARP, name);
1136 if (!t || IS_ERR(t)) { 1140 if (!t || IS_ERR(t)) {
1137 ret = t ? PTR_ERR(t) : -ENOENT; 1141 ret = t ? PTR_ERR(t) : -ENOENT;
1138 goto free; 1142 goto free;
@@ -1435,7 +1439,8 @@ struct compat_arpt_replace {
1435 struct compat_arpt_entry entries[0]; 1439 struct compat_arpt_entry entries[0];
1436}; 1440};
1437 1441
1438static int compat_do_replace(void __user *user, unsigned int len) 1442static int compat_do_replace(struct net *net, void __user *user,
1443 unsigned int len)
1439{ 1444{
1440 int ret; 1445 int ret;
1441 struct compat_arpt_replace tmp; 1446 struct compat_arpt_replace tmp;
@@ -1471,7 +1476,7 @@ static int compat_do_replace(void __user *user, unsigned int len)
1471 1476
1472 duprintf("compat_do_replace: Translated table\n"); 1477 duprintf("compat_do_replace: Translated table\n");
1473 1478
1474 ret = __do_replace(tmp.name, tmp.valid_hooks, newinfo, 1479 ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo,
1475 tmp.num_counters, compat_ptr(tmp.counters)); 1480 tmp.num_counters, compat_ptr(tmp.counters));
1476 if (ret) 1481 if (ret)
1477 goto free_newinfo_untrans; 1482 goto free_newinfo_untrans;
@@ -1494,11 +1499,11 @@ static int compat_do_arpt_set_ctl(struct sock *sk, int cmd, void __user *user,
1494 1499
1495 switch (cmd) { 1500 switch (cmd) {
1496 case ARPT_SO_SET_REPLACE: 1501 case ARPT_SO_SET_REPLACE:
1497 ret = compat_do_replace(user, len); 1502 ret = compat_do_replace(sk->sk_net, user, len);
1498 break; 1503 break;
1499 1504
1500 case ARPT_SO_SET_ADD_COUNTERS: 1505 case ARPT_SO_SET_ADD_COUNTERS:
1501 ret = do_add_counters(user, len, 1); 1506 ret = do_add_counters(sk->sk_net, user, len, 1);
1502 break; 1507 break;
1503 1508
1504 default: 1509 default:
@@ -1584,7 +1589,8 @@ struct compat_arpt_get_entries {
1584 struct compat_arpt_entry entrytable[0]; 1589 struct compat_arpt_entry entrytable[0];
1585}; 1590};
1586 1591
1587static int compat_get_entries(struct compat_arpt_get_entries __user *uptr, 1592static int compat_get_entries(struct net *net,
1593 struct compat_arpt_get_entries __user *uptr,
1588 int *len) 1594 int *len)
1589{ 1595{
1590 int ret; 1596 int ret;
@@ -1604,7 +1610,7 @@ static int compat_get_entries(struct compat_arpt_get_entries __user *uptr,
1604 } 1610 }
1605 1611
1606 xt_compat_lock(NF_ARP); 1612 xt_compat_lock(NF_ARP);
1607 t = xt_find_table_lock(&init_net, NF_ARP, get.name); 1613 t = xt_find_table_lock(net, NF_ARP, get.name);
1608 if (t && !IS_ERR(t)) { 1614 if (t && !IS_ERR(t)) {
1609 struct xt_table_info *private = t->private; 1615 struct xt_table_info *private = t->private;
1610 struct xt_table_info info; 1616 struct xt_table_info info;
@@ -1641,10 +1647,10 @@ static int compat_do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user,
1641 1647
1642 switch (cmd) { 1648 switch (cmd) {
1643 case ARPT_SO_GET_INFO: 1649 case ARPT_SO_GET_INFO:
1644 ret = get_info(user, len, 1); 1650 ret = get_info(sk->sk_net, user, len, 1);
1645 break; 1651 break;
1646 case ARPT_SO_GET_ENTRIES: 1652 case ARPT_SO_GET_ENTRIES:
1647 ret = compat_get_entries(user, len); 1653 ret = compat_get_entries(sk->sk_net, user, len);
1648 break; 1654 break;
1649 default: 1655 default:
1650 ret = do_arpt_get_ctl(sk, cmd, user, len); 1656 ret = do_arpt_get_ctl(sk, cmd, user, len);
@@ -1662,11 +1668,11 @@ static int do_arpt_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned
1662 1668
1663 switch (cmd) { 1669 switch (cmd) {
1664 case ARPT_SO_SET_REPLACE: 1670 case ARPT_SO_SET_REPLACE:
1665 ret = do_replace(user, len); 1671 ret = do_replace(sk->sk_net, user, len);
1666 break; 1672 break;
1667 1673
1668 case ARPT_SO_SET_ADD_COUNTERS: 1674 case ARPT_SO_SET_ADD_COUNTERS:
1669 ret = do_add_counters(user, len, 0); 1675 ret = do_add_counters(sk->sk_net, user, len, 0);
1670 break; 1676 break;
1671 1677
1672 default: 1678 default:
@@ -1686,11 +1692,11 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
1686 1692
1687 switch (cmd) { 1693 switch (cmd) {
1688 case ARPT_SO_GET_INFO: 1694 case ARPT_SO_GET_INFO:
1689 ret = get_info(user, len, 0); 1695 ret = get_info(sk->sk_net, user, len, 0);
1690 break; 1696 break;
1691 1697
1692 case ARPT_SO_GET_ENTRIES: 1698 case ARPT_SO_GET_ENTRIES:
1693 ret = get_entries(user, len); 1699 ret = get_entries(sk->sk_net, user, len);
1694 break; 1700 break;
1695 1701
1696 case ARPT_SO_GET_REVISION_TARGET: { 1702 case ARPT_SO_GET_REVISION_TARGET: {
@@ -1719,7 +1725,8 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
1719 return ret; 1725 return ret;
1720} 1726}
1721 1727
1722struct arpt_table *arpt_register_table(struct arpt_table *table, 1728struct arpt_table *arpt_register_table(struct net *net,
1729 struct arpt_table *table,
1723 const struct arpt_replace *repl) 1730 const struct arpt_replace *repl)
1724{ 1731{
1725 int ret; 1732 int ret;
@@ -1749,7 +1756,7 @@ struct arpt_table *arpt_register_table(struct arpt_table *table,
1749 if (ret != 0) 1756 if (ret != 0)
1750 goto out_free; 1757 goto out_free;
1751 1758
1752 new_table = xt_register_table(&init_net, table, &bootstrap, newinfo); 1759 new_table = xt_register_table(net, table, &bootstrap, newinfo);
1753 if (IS_ERR(new_table)) { 1760 if (IS_ERR(new_table)) {
1754 ret = PTR_ERR(new_table); 1761 ret = PTR_ERR(new_table);
1755 goto out_free; 1762 goto out_free;
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c
index b00321506a92..1a688607fe83 100644
--- a/net/ipv4/netfilter/arptable_filter.c
+++ b/net/ipv4/netfilter/arptable_filter.c
@@ -91,7 +91,7 @@ static int __init arptable_filter_init(void)
91 int ret; 91 int ret;
92 92
93 /* Register table */ 93 /* Register table */
94 packet_filter = arpt_register_table(&__packet_filter, &initial_table.repl); 94 packet_filter = arpt_register_table(&init_net, &__packet_filter, &initial_table.repl);
95 if (IS_ERR(packet_filter)) 95 if (IS_ERR(packet_filter))
96 return PTR_ERR(packet_filter); 96 return PTR_ERR(packet_filter);
97 97