diff options
| author | Alexey Dobriyan <adobriyan@sw.ru> | 2008-01-31 07:02:13 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-01-31 22:27:35 -0500 |
| commit | 8d870052079d255917ec4f8431f5ec102707b7af (patch) | |
| tree | 77ab4f07ef4980d179c4e47d3a6e034c055f9bdf /net/ipv4 | |
| parent | a98da11d88dbec1d5cebe2c6dbe9939ed8d13f69 (diff) | |
[NETFILTER]: x_tables: per-netns xt_tables
In fact all we want is per-netns set of rules, however doing that will
unnecessary complicate routines such as ipt_hook()/ipt_do_table, so
make full xt_table array per-netns.
Every user stubbed with init_net for a while.
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 12 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 12 |
2 files changed, 12 insertions, 12 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 060de950e6ac..0da50a4a6578 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
| @@ -870,7 +870,7 @@ static int get_info(void __user *user, int *len, int compat) | |||
| 870 | if (compat) | 870 | if (compat) |
| 871 | xt_compat_lock(NF_ARP); | 871 | xt_compat_lock(NF_ARP); |
| 872 | #endif | 872 | #endif |
| 873 | t = try_then_request_module(xt_find_table_lock(NF_ARP, name), | 873 | t = try_then_request_module(xt_find_table_lock(&init_net, NF_ARP, name), |
| 874 | "arptable_%s", name); | 874 | "arptable_%s", name); |
| 875 | if (t && !IS_ERR(t)) { | 875 | if (t && !IS_ERR(t)) { |
| 876 | struct arpt_getinfo info; | 876 | struct arpt_getinfo info; |
| @@ -926,7 +926,7 @@ static int get_entries(struct arpt_get_entries __user *uptr, int *len) | |||
| 926 | return -EINVAL; | 926 | return -EINVAL; |
| 927 | } | 927 | } |
| 928 | 928 | ||
| 929 | t = xt_find_table_lock(NF_ARP, get.name); | 929 | t = xt_find_table_lock(&init_net, NF_ARP, get.name); |
| 930 | if (t && !IS_ERR(t)) { | 930 | if (t && !IS_ERR(t)) { |
| 931 | struct xt_table_info *private = t->private; | 931 | struct xt_table_info *private = t->private; |
| 932 | duprintf("t->private->number = %u\n", | 932 | duprintf("t->private->number = %u\n", |
| @@ -966,7 +966,7 @@ static int __do_replace(const char *name, unsigned int valid_hooks, | |||
| 966 | goto out; | 966 | goto out; |
| 967 | } | 967 | } |
| 968 | 968 | ||
| 969 | t = try_then_request_module(xt_find_table_lock(NF_ARP, name), | 969 | t = try_then_request_module(xt_find_table_lock(&init_net, NF_ARP, name), |
| 970 | "arptable_%s", name); | 970 | "arptable_%s", name); |
| 971 | if (!t || IS_ERR(t)) { | 971 | if (!t || IS_ERR(t)) { |
| 972 | ret = t ? PTR_ERR(t) : -ENOENT; | 972 | ret = t ? PTR_ERR(t) : -ENOENT; |
| @@ -1132,7 +1132,7 @@ static int do_add_counters(void __user *user, unsigned int len, int compat) | |||
| 1132 | goto free; | 1132 | goto free; |
| 1133 | } | 1133 | } |
| 1134 | 1134 | ||
| 1135 | t = xt_find_table_lock(NF_ARP, name); | 1135 | t = xt_find_table_lock(&init_net, NF_ARP, name); |
| 1136 | if (!t || IS_ERR(t)) { | 1136 | if (!t || IS_ERR(t)) { |
| 1137 | ret = t ? PTR_ERR(t) : -ENOENT; | 1137 | ret = t ? PTR_ERR(t) : -ENOENT; |
| 1138 | goto free; | 1138 | goto free; |
| @@ -1604,7 +1604,7 @@ static int compat_get_entries(struct compat_arpt_get_entries __user *uptr, | |||
| 1604 | } | 1604 | } |
| 1605 | 1605 | ||
| 1606 | xt_compat_lock(NF_ARP); | 1606 | xt_compat_lock(NF_ARP); |
| 1607 | t = xt_find_table_lock(NF_ARP, get.name); | 1607 | t = xt_find_table_lock(&init_net, NF_ARP, get.name); |
| 1608 | if (t && !IS_ERR(t)) { | 1608 | if (t && !IS_ERR(t)) { |
| 1609 | struct xt_table_info *private = t->private; | 1609 | struct xt_table_info *private = t->private; |
| 1610 | struct xt_table_info info; | 1610 | struct xt_table_info info; |
| @@ -1751,7 +1751,7 @@ int arpt_register_table(struct arpt_table *table, | |||
| 1751 | return ret; | 1751 | return ret; |
| 1752 | } | 1752 | } |
| 1753 | 1753 | ||
| 1754 | new_table = xt_register_table(table, &bootstrap, newinfo); | 1754 | new_table = xt_register_table(&init_net, table, &bootstrap, newinfo); |
| 1755 | if (IS_ERR(new_table)) { | 1755 | if (IS_ERR(new_table)) { |
| 1756 | xt_free_table_info(newinfo); | 1756 | xt_free_table_info(newinfo); |
| 1757 | return PTR_ERR(new_table); | 1757 | return PTR_ERR(new_table); |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 1b7c09e4a007..bc22ea421a94 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -1112,7 +1112,7 @@ static int get_info(void __user *user, int *len, int compat) | |||
| 1112 | if (compat) | 1112 | if (compat) |
| 1113 | xt_compat_lock(AF_INET); | 1113 | xt_compat_lock(AF_INET); |
| 1114 | #endif | 1114 | #endif |
| 1115 | t = try_then_request_module(xt_find_table_lock(AF_INET, name), | 1115 | t = try_then_request_module(xt_find_table_lock(&init_net, AF_INET, name), |
| 1116 | "iptable_%s", name); | 1116 | "iptable_%s", name); |
| 1117 | if (t && !IS_ERR(t)) { | 1117 | if (t && !IS_ERR(t)) { |
| 1118 | struct ipt_getinfo info; | 1118 | struct ipt_getinfo info; |
| @@ -1170,7 +1170,7 @@ get_entries(struct ipt_get_entries __user *uptr, int *len) | |||
| 1170 | return -EINVAL; | 1170 | return -EINVAL; |
| 1171 | } | 1171 | } |
| 1172 | 1172 | ||
| 1173 | t = xt_find_table_lock(AF_INET, get.name); | 1173 | t = xt_find_table_lock(&init_net, AF_INET, get.name); |
| 1174 | if (t && !IS_ERR(t)) { | 1174 | if (t && !IS_ERR(t)) { |
| 1175 | struct xt_table_info *private = t->private; | 1175 | struct xt_table_info *private = t->private; |
| 1176 | duprintf("t->private->number = %u\n", private->number); | 1176 | duprintf("t->private->number = %u\n", private->number); |
| @@ -1208,7 +1208,7 @@ __do_replace(const char *name, unsigned int valid_hooks, | |||
| 1208 | goto out; | 1208 | goto out; |
| 1209 | } | 1209 | } |
| 1210 | 1210 | ||
| 1211 | t = try_then_request_module(xt_find_table_lock(AF_INET, name), | 1211 | t = try_then_request_module(xt_find_table_lock(&init_net, AF_INET, name), |
| 1212 | "iptable_%s", name); | 1212 | "iptable_%s", name); |
| 1213 | if (!t || IS_ERR(t)) { | 1213 | if (!t || IS_ERR(t)) { |
| 1214 | ret = t ? PTR_ERR(t) : -ENOENT; | 1214 | ret = t ? PTR_ERR(t) : -ENOENT; |
| @@ -1383,7 +1383,7 @@ do_add_counters(void __user *user, unsigned int len, int compat) | |||
| 1383 | goto free; | 1383 | goto free; |
| 1384 | } | 1384 | } |
| 1385 | 1385 | ||
| 1386 | t = xt_find_table_lock(AF_INET, name); | 1386 | t = xt_find_table_lock(&init_net, AF_INET, name); |
| 1387 | if (!t || IS_ERR(t)) { | 1387 | if (!t || IS_ERR(t)) { |
| 1388 | ret = t ? PTR_ERR(t) : -ENOENT; | 1388 | ret = t ? PTR_ERR(t) : -ENOENT; |
| 1389 | goto free; | 1389 | goto free; |
| @@ -1924,7 +1924,7 @@ compat_get_entries(struct compat_ipt_get_entries __user *uptr, int *len) | |||
| 1924 | } | 1924 | } |
| 1925 | 1925 | ||
| 1926 | xt_compat_lock(AF_INET); | 1926 | xt_compat_lock(AF_INET); |
| 1927 | t = xt_find_table_lock(AF_INET, get.name); | 1927 | t = xt_find_table_lock(&init_net, AF_INET, get.name); |
| 1928 | if (t && !IS_ERR(t)) { | 1928 | if (t && !IS_ERR(t)) { |
| 1929 | struct xt_table_info *private = t->private; | 1929 | struct xt_table_info *private = t->private; |
| 1930 | struct xt_table_info info; | 1930 | struct xt_table_info info; |
| @@ -2075,7 +2075,7 @@ int ipt_register_table(struct xt_table *table, const struct ipt_replace *repl) | |||
| 2075 | return ret; | 2075 | return ret; |
| 2076 | } | 2076 | } |
| 2077 | 2077 | ||
| 2078 | new_table = xt_register_table(table, &bootstrap, newinfo); | 2078 | new_table = xt_register_table(&init_net, table, &bootstrap, newinfo); |
| 2079 | if (IS_ERR(new_table)) { | 2079 | if (IS_ERR(new_table)) { |
| 2080 | xt_free_table_info(newinfo); | 2080 | xt_free_table_info(newinfo); |
| 2081 | return PTR_ERR(new_table); | 2081 | return PTR_ERR(new_table); |