diff options
author | Alexey Dobriyan <adobriyan@sw.ru> | 2008-01-31 07:04:32 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-31 22:27:40 -0500 |
commit | 79df341ab6c0b1eab77921265ddd1b17ec4db13a (patch) | |
tree | 8a9607a237767a768e33b9113a93b589fb2e1ee4 /net/ipv4 | |
parent | 8280aa6182f03c4e27dc235ce0440bc94927dc28 (diff) |
[NETFILTER]: arp_tables: netns preparation
* Propagate netns from userspace.
* arpt_register_table() registers table in supplied netns.
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 55 | ||||
-rw-r--r-- | net/ipv4/netfilter/arptable_filter.c | 2 |
2 files changed, 32 insertions, 25 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 3a5afb84e69f..ec64b679641d 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -22,6 +22,7 @@ | |||
22 | #include <linux/mutex.h> | 22 | #include <linux/mutex.h> |
23 | #include <linux/err.h> | 23 | #include <linux/err.h> |
24 | #include <net/compat.h> | 24 | #include <net/compat.h> |
25 | #include <net/sock.h> | ||
25 | #include <asm/uaccess.h> | 26 | #include <asm/uaccess.h> |
26 | 27 | ||
27 | #include <linux/netfilter/x_tables.h> | 28 | #include <linux/netfilter/x_tables.h> |
@@ -850,7 +851,7 @@ static int compat_table_info(const struct xt_table_info *info, | |||
850 | } | 851 | } |
851 | #endif | 852 | #endif |
852 | 853 | ||
853 | static int get_info(void __user *user, int *len, int compat) | 854 | static int get_info(struct net *net, void __user *user, int *len, int compat) |
854 | { | 855 | { |
855 | char name[ARPT_TABLE_MAXNAMELEN]; | 856 | char name[ARPT_TABLE_MAXNAMELEN]; |
856 | struct arpt_table *t; | 857 | struct arpt_table *t; |
@@ -870,7 +871,7 @@ static int get_info(void __user *user, int *len, int compat) | |||
870 | if (compat) | 871 | if (compat) |
871 | xt_compat_lock(NF_ARP); | 872 | xt_compat_lock(NF_ARP); |
872 | #endif | 873 | #endif |
873 | t = try_then_request_module(xt_find_table_lock(&init_net, NF_ARP, name), | 874 | t = try_then_request_module(xt_find_table_lock(net, NF_ARP, name), |
874 | "arptable_%s", name); | 875 | "arptable_%s", name); |
875 | if (t && !IS_ERR(t)) { | 876 | if (t && !IS_ERR(t)) { |
876 | struct arpt_getinfo info; | 877 | struct arpt_getinfo info; |
@@ -908,7 +909,8 @@ static int get_info(void __user *user, int *len, int compat) | |||
908 | return ret; | 909 | return ret; |
909 | } | 910 | } |
910 | 911 | ||
911 | static int get_entries(struct arpt_get_entries __user *uptr, int *len) | 912 | static int get_entries(struct net *net, struct arpt_get_entries __user *uptr, |
913 | int *len) | ||
912 | { | 914 | { |
913 | int ret; | 915 | int ret; |
914 | struct arpt_get_entries get; | 916 | struct arpt_get_entries get; |
@@ -926,7 +928,7 @@ static int get_entries(struct arpt_get_entries __user *uptr, int *len) | |||
926 | return -EINVAL; | 928 | return -EINVAL; |
927 | } | 929 | } |
928 | 930 | ||
929 | t = xt_find_table_lock(&init_net, NF_ARP, get.name); | 931 | t = xt_find_table_lock(net, NF_ARP, get.name); |
930 | if (t && !IS_ERR(t)) { | 932 | if (t && !IS_ERR(t)) { |
931 | struct xt_table_info *private = t->private; | 933 | struct xt_table_info *private = t->private; |
932 | duprintf("t->private->number = %u\n", | 934 | duprintf("t->private->number = %u\n", |
@@ -947,7 +949,8 @@ static int get_entries(struct arpt_get_entries __user *uptr, int *len) | |||
947 | return ret; | 949 | return ret; |
948 | } | 950 | } |
949 | 951 | ||
950 | static int __do_replace(const char *name, unsigned int valid_hooks, | 952 | static int __do_replace(struct net *net, const char *name, |
953 | unsigned int valid_hooks, | ||
951 | struct xt_table_info *newinfo, | 954 | struct xt_table_info *newinfo, |
952 | unsigned int num_counters, | 955 | unsigned int num_counters, |
953 | void __user *counters_ptr) | 956 | void __user *counters_ptr) |
@@ -966,7 +969,7 @@ static int __do_replace(const char *name, unsigned int valid_hooks, | |||
966 | goto out; | 969 | goto out; |
967 | } | 970 | } |
968 | 971 | ||
969 | t = try_then_request_module(xt_find_table_lock(&init_net, NF_ARP, name), | 972 | t = try_then_request_module(xt_find_table_lock(net, NF_ARP, name), |
970 | "arptable_%s", name); | 973 | "arptable_%s", name); |
971 | if (!t || IS_ERR(t)) { | 974 | if (!t || IS_ERR(t)) { |
972 | ret = t ? PTR_ERR(t) : -ENOENT; | 975 | ret = t ? PTR_ERR(t) : -ENOENT; |
@@ -1019,7 +1022,7 @@ static int __do_replace(const char *name, unsigned int valid_hooks, | |||
1019 | return ret; | 1022 | return ret; |
1020 | } | 1023 | } |
1021 | 1024 | ||
1022 | static int do_replace(void __user *user, unsigned int len) | 1025 | static int do_replace(struct net *net, void __user *user, unsigned int len) |
1023 | { | 1026 | { |
1024 | int ret; | 1027 | int ret; |
1025 | struct arpt_replace tmp; | 1028 | struct arpt_replace tmp; |
@@ -1053,7 +1056,7 @@ static int do_replace(void __user *user, unsigned int len) | |||
1053 | 1056 | ||
1054 | duprintf("arp_tables: Translated table\n"); | 1057 | duprintf("arp_tables: Translated table\n"); |
1055 | 1058 | ||
1056 | ret = __do_replace(tmp.name, tmp.valid_hooks, newinfo, | 1059 | ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo, |
1057 | tmp.num_counters, tmp.counters); | 1060 | tmp.num_counters, tmp.counters); |
1058 | if (ret) | 1061 | if (ret) |
1059 | goto free_newinfo_untrans; | 1062 | goto free_newinfo_untrans; |
@@ -1080,7 +1083,8 @@ static inline int add_counter_to_entry(struct arpt_entry *e, | |||
1080 | return 0; | 1083 | return 0; |
1081 | } | 1084 | } |
1082 | 1085 | ||
1083 | static int do_add_counters(void __user *user, unsigned int len, int compat) | 1086 | static int do_add_counters(struct net *net, void __user *user, unsigned int len, |
1087 | int compat) | ||
1084 | { | 1088 | { |
1085 | unsigned int i; | 1089 | unsigned int i; |
1086 | struct xt_counters_info tmp; | 1090 | struct xt_counters_info tmp; |
@@ -1132,7 +1136,7 @@ static int do_add_counters(void __user *user, unsigned int len, int compat) | |||
1132 | goto free; | 1136 | goto free; |
1133 | } | 1137 | } |
1134 | 1138 | ||
1135 | t = xt_find_table_lock(&init_net, NF_ARP, name); | 1139 | t = xt_find_table_lock(net, NF_ARP, name); |
1136 | if (!t || IS_ERR(t)) { | 1140 | if (!t || IS_ERR(t)) { |
1137 | ret = t ? PTR_ERR(t) : -ENOENT; | 1141 | ret = t ? PTR_ERR(t) : -ENOENT; |
1138 | goto free; | 1142 | goto free; |
@@ -1435,7 +1439,8 @@ struct compat_arpt_replace { | |||
1435 | struct compat_arpt_entry entries[0]; | 1439 | struct compat_arpt_entry entries[0]; |
1436 | }; | 1440 | }; |
1437 | 1441 | ||
1438 | static int compat_do_replace(void __user *user, unsigned int len) | 1442 | static int compat_do_replace(struct net *net, void __user *user, |
1443 | unsigned int len) | ||
1439 | { | 1444 | { |
1440 | int ret; | 1445 | int ret; |
1441 | struct compat_arpt_replace tmp; | 1446 | struct compat_arpt_replace tmp; |
@@ -1471,7 +1476,7 @@ static int compat_do_replace(void __user *user, unsigned int len) | |||
1471 | 1476 | ||
1472 | duprintf("compat_do_replace: Translated table\n"); | 1477 | duprintf("compat_do_replace: Translated table\n"); |
1473 | 1478 | ||
1474 | ret = __do_replace(tmp.name, tmp.valid_hooks, newinfo, | 1479 | ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo, |
1475 | tmp.num_counters, compat_ptr(tmp.counters)); | 1480 | tmp.num_counters, compat_ptr(tmp.counters)); |
1476 | if (ret) | 1481 | if (ret) |
1477 | goto free_newinfo_untrans; | 1482 | goto free_newinfo_untrans; |
@@ -1494,11 +1499,11 @@ static int compat_do_arpt_set_ctl(struct sock *sk, int cmd, void __user *user, | |||
1494 | 1499 | ||
1495 | switch (cmd) { | 1500 | switch (cmd) { |
1496 | case ARPT_SO_SET_REPLACE: | 1501 | case ARPT_SO_SET_REPLACE: |
1497 | ret = compat_do_replace(user, len); | 1502 | ret = compat_do_replace(sk->sk_net, user, len); |
1498 | break; | 1503 | break; |
1499 | 1504 | ||
1500 | case ARPT_SO_SET_ADD_COUNTERS: | 1505 | case ARPT_SO_SET_ADD_COUNTERS: |
1501 | ret = do_add_counters(user, len, 1); | 1506 | ret = do_add_counters(sk->sk_net, user, len, 1); |
1502 | break; | 1507 | break; |
1503 | 1508 | ||
1504 | default: | 1509 | default: |
@@ -1584,7 +1589,8 @@ struct compat_arpt_get_entries { | |||
1584 | struct compat_arpt_entry entrytable[0]; | 1589 | struct compat_arpt_entry entrytable[0]; |
1585 | }; | 1590 | }; |
1586 | 1591 | ||
1587 | static int compat_get_entries(struct compat_arpt_get_entries __user *uptr, | 1592 | static int compat_get_entries(struct net *net, |
1593 | struct compat_arpt_get_entries __user *uptr, | ||
1588 | int *len) | 1594 | int *len) |
1589 | { | 1595 | { |
1590 | int ret; | 1596 | int ret; |
@@ -1604,7 +1610,7 @@ static int compat_get_entries(struct compat_arpt_get_entries __user *uptr, | |||
1604 | } | 1610 | } |
1605 | 1611 | ||
1606 | xt_compat_lock(NF_ARP); | 1612 | xt_compat_lock(NF_ARP); |
1607 | t = xt_find_table_lock(&init_net, NF_ARP, get.name); | 1613 | t = xt_find_table_lock(net, NF_ARP, get.name); |
1608 | if (t && !IS_ERR(t)) { | 1614 | if (t && !IS_ERR(t)) { |
1609 | struct xt_table_info *private = t->private; | 1615 | struct xt_table_info *private = t->private; |
1610 | struct xt_table_info info; | 1616 | struct xt_table_info info; |
@@ -1641,10 +1647,10 @@ static int compat_do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, | |||
1641 | 1647 | ||
1642 | switch (cmd) { | 1648 | switch (cmd) { |
1643 | case ARPT_SO_GET_INFO: | 1649 | case ARPT_SO_GET_INFO: |
1644 | ret = get_info(user, len, 1); | 1650 | ret = get_info(sk->sk_net, user, len, 1); |
1645 | break; | 1651 | break; |
1646 | case ARPT_SO_GET_ENTRIES: | 1652 | case ARPT_SO_GET_ENTRIES: |
1647 | ret = compat_get_entries(user, len); | 1653 | ret = compat_get_entries(sk->sk_net, user, len); |
1648 | break; | 1654 | break; |
1649 | default: | 1655 | default: |
1650 | ret = do_arpt_get_ctl(sk, cmd, user, len); | 1656 | ret = do_arpt_get_ctl(sk, cmd, user, len); |
@@ -1662,11 +1668,11 @@ static int do_arpt_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned | |||
1662 | 1668 | ||
1663 | switch (cmd) { | 1669 | switch (cmd) { |
1664 | case ARPT_SO_SET_REPLACE: | 1670 | case ARPT_SO_SET_REPLACE: |
1665 | ret = do_replace(user, len); | 1671 | ret = do_replace(sk->sk_net, user, len); |
1666 | break; | 1672 | break; |
1667 | 1673 | ||
1668 | case ARPT_SO_SET_ADD_COUNTERS: | 1674 | case ARPT_SO_SET_ADD_COUNTERS: |
1669 | ret = do_add_counters(user, len, 0); | 1675 | ret = do_add_counters(sk->sk_net, user, len, 0); |
1670 | break; | 1676 | break; |
1671 | 1677 | ||
1672 | default: | 1678 | default: |
@@ -1686,11 +1692,11 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len | |||
1686 | 1692 | ||
1687 | switch (cmd) { | 1693 | switch (cmd) { |
1688 | case ARPT_SO_GET_INFO: | 1694 | case ARPT_SO_GET_INFO: |
1689 | ret = get_info(user, len, 0); | 1695 | ret = get_info(sk->sk_net, user, len, 0); |
1690 | break; | 1696 | break; |
1691 | 1697 | ||
1692 | case ARPT_SO_GET_ENTRIES: | 1698 | case ARPT_SO_GET_ENTRIES: |
1693 | ret = get_entries(user, len); | 1699 | ret = get_entries(sk->sk_net, user, len); |
1694 | break; | 1700 | break; |
1695 | 1701 | ||
1696 | case ARPT_SO_GET_REVISION_TARGET: { | 1702 | case ARPT_SO_GET_REVISION_TARGET: { |
@@ -1719,7 +1725,8 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len | |||
1719 | return ret; | 1725 | return ret; |
1720 | } | 1726 | } |
1721 | 1727 | ||
1722 | struct arpt_table *arpt_register_table(struct arpt_table *table, | 1728 | struct arpt_table *arpt_register_table(struct net *net, |
1729 | struct arpt_table *table, | ||
1723 | const struct arpt_replace *repl) | 1730 | const struct arpt_replace *repl) |
1724 | { | 1731 | { |
1725 | int ret; | 1732 | int ret; |
@@ -1749,7 +1756,7 @@ struct arpt_table *arpt_register_table(struct arpt_table *table, | |||
1749 | if (ret != 0) | 1756 | if (ret != 0) |
1750 | goto out_free; | 1757 | goto out_free; |
1751 | 1758 | ||
1752 | new_table = xt_register_table(&init_net, table, &bootstrap, newinfo); | 1759 | new_table = xt_register_table(net, table, &bootstrap, newinfo); |
1753 | if (IS_ERR(new_table)) { | 1760 | if (IS_ERR(new_table)) { |
1754 | ret = PTR_ERR(new_table); | 1761 | ret = PTR_ERR(new_table); |
1755 | goto out_free; | 1762 | goto out_free; |
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c index b00321506a92..1a688607fe83 100644 --- a/net/ipv4/netfilter/arptable_filter.c +++ b/net/ipv4/netfilter/arptable_filter.c | |||
@@ -91,7 +91,7 @@ static int __init arptable_filter_init(void) | |||
91 | int ret; | 91 | int ret; |
92 | 92 | ||
93 | /* Register table */ | 93 | /* Register table */ |
94 | packet_filter = arpt_register_table(&__packet_filter, &initial_table.repl); | 94 | packet_filter = arpt_register_table(&init_net, &__packet_filter, &initial_table.repl); |
95 | if (IS_ERR(packet_filter)) | 95 | if (IS_ERR(packet_filter)) |
96 | return PTR_ERR(packet_filter); | 96 | return PTR_ERR(packet_filter); |
97 | 97 | ||