diff options
| author | Alexey Dobriyan <adobriyan@sw.ru> | 2008-01-31 07:03:03 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-01-31 22:27:37 -0500 |
| commit | 34bd137ba744c2e3a320ff50ac64ae51556cdfae (patch) | |
| tree | cc92338f2119884df939acb8366a942c99220705 /net/ipv4 | |
| parent | 44d34e721e2c81ccdfb13cf34996309247ae2981 (diff) | |
[NETFILTER]: ip_tables: propagate netns from userspace
.. all the way down to table searching functions.
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 45 |
1 files changed, 23 insertions, 22 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 99dd62d93f4b..c1b80f4cb7cc 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -1092,7 +1092,7 @@ static int compat_table_info(const struct xt_table_info *info, | |||
| 1092 | } | 1092 | } |
| 1093 | #endif | 1093 | #endif |
| 1094 | 1094 | ||
| 1095 | static int get_info(void __user *user, int *len, int compat) | 1095 | static int get_info(struct net *net, void __user *user, int *len, int compat) |
| 1096 | { | 1096 | { |
| 1097 | char name[IPT_TABLE_MAXNAMELEN]; | 1097 | char name[IPT_TABLE_MAXNAMELEN]; |
| 1098 | struct xt_table *t; | 1098 | struct xt_table *t; |
| @@ -1112,7 +1112,7 @@ static int get_info(void __user *user, int *len, int compat) | |||
| 1112 | if (compat) | 1112 | if (compat) |
| 1113 | xt_compat_lock(AF_INET); | 1113 | xt_compat_lock(AF_INET); |
| 1114 | #endif | 1114 | #endif |
| 1115 | t = try_then_request_module(xt_find_table_lock(&init_net, AF_INET, name), | 1115 | t = try_then_request_module(xt_find_table_lock(net, AF_INET, name), |
| 1116 | "iptable_%s", name); | 1116 | "iptable_%s", name); |
| 1117 | if (t && !IS_ERR(t)) { | 1117 | if (t && !IS_ERR(t)) { |
| 1118 | struct ipt_getinfo info; | 1118 | struct ipt_getinfo info; |
| @@ -1152,7 +1152,7 @@ static int get_info(void __user *user, int *len, int compat) | |||
| 1152 | } | 1152 | } |
| 1153 | 1153 | ||
| 1154 | static int | 1154 | static int |
| 1155 | get_entries(struct ipt_get_entries __user *uptr, int *len) | 1155 | get_entries(struct net *net, struct ipt_get_entries __user *uptr, int *len) |
| 1156 | { | 1156 | { |
| 1157 | int ret; | 1157 | int ret; |
| 1158 | struct ipt_get_entries get; | 1158 | struct ipt_get_entries get; |
| @@ -1170,7 +1170,7 @@ get_entries(struct ipt_get_entries __user *uptr, int *len) | |||
| 1170 | return -EINVAL; | 1170 | return -EINVAL; |
| 1171 | } | 1171 | } |
| 1172 | 1172 | ||
| 1173 | t = xt_find_table_lock(&init_net, AF_INET, get.name); | 1173 | t = xt_find_table_lock(net, AF_INET, get.name); |
| 1174 | if (t && !IS_ERR(t)) { | 1174 | if (t && !IS_ERR(t)) { |
| 1175 | struct xt_table_info *private = t->private; | 1175 | struct xt_table_info *private = t->private; |
| 1176 | duprintf("t->private->number = %u\n", private->number); | 1176 | duprintf("t->private->number = %u\n", private->number); |
| @@ -1191,7 +1191,7 @@ get_entries(struct ipt_get_entries __user *uptr, int *len) | |||
| 1191 | } | 1191 | } |
| 1192 | 1192 | ||
| 1193 | static int | 1193 | static int |
| 1194 | __do_replace(const char *name, unsigned int valid_hooks, | 1194 | __do_replace(struct net *net, const char *name, unsigned int valid_hooks, |
| 1195 | struct xt_table_info *newinfo, unsigned int num_counters, | 1195 | struct xt_table_info *newinfo, unsigned int num_counters, |
| 1196 | void __user *counters_ptr) | 1196 | void __user *counters_ptr) |
| 1197 | { | 1197 | { |
| @@ -1208,7 +1208,7 @@ __do_replace(const char *name, unsigned int valid_hooks, | |||
| 1208 | goto out; | 1208 | goto out; |
| 1209 | } | 1209 | } |
| 1210 | 1210 | ||
| 1211 | t = try_then_request_module(xt_find_table_lock(&init_net, AF_INET, name), | 1211 | t = try_then_request_module(xt_find_table_lock(net, AF_INET, name), |
| 1212 | "iptable_%s", name); | 1212 | "iptable_%s", name); |
| 1213 | if (!t || IS_ERR(t)) { | 1213 | if (!t || IS_ERR(t)) { |
| 1214 | ret = t ? PTR_ERR(t) : -ENOENT; | 1214 | ret = t ? PTR_ERR(t) : -ENOENT; |
| @@ -1261,7 +1261,7 @@ __do_replace(const char *name, unsigned int valid_hooks, | |||
| 1261 | } | 1261 | } |
| 1262 | 1262 | ||
| 1263 | static int | 1263 | static int |
| 1264 | do_replace(void __user *user, unsigned int len) | 1264 | do_replace(struct net *net, void __user *user, unsigned int len) |
| 1265 | { | 1265 | { |
| 1266 | int ret; | 1266 | int ret; |
| 1267 | struct ipt_replace tmp; | 1267 | struct ipt_replace tmp; |
| @@ -1295,7 +1295,7 @@ do_replace(void __user *user, unsigned int len) | |||
| 1295 | 1295 | ||
| 1296 | duprintf("ip_tables: Translated table\n"); | 1296 | duprintf("ip_tables: Translated table\n"); |
| 1297 | 1297 | ||
| 1298 | ret = __do_replace(tmp.name, tmp.valid_hooks, newinfo, | 1298 | ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo, |
| 1299 | tmp.num_counters, tmp.counters); | 1299 | tmp.num_counters, tmp.counters); |
| 1300 | if (ret) | 1300 | if (ret) |
| 1301 | goto free_newinfo_untrans; | 1301 | goto free_newinfo_untrans; |
| @@ -1331,7 +1331,7 @@ add_counter_to_entry(struct ipt_entry *e, | |||
| 1331 | } | 1331 | } |
| 1332 | 1332 | ||
| 1333 | static int | 1333 | static int |
| 1334 | do_add_counters(void __user *user, unsigned int len, int compat) | 1334 | do_add_counters(struct net *net, void __user *user, unsigned int len, int compat) |
| 1335 | { | 1335 | { |
| 1336 | unsigned int i; | 1336 | unsigned int i; |
| 1337 | struct xt_counters_info tmp; | 1337 | struct xt_counters_info tmp; |
| @@ -1383,7 +1383,7 @@ do_add_counters(void __user *user, unsigned int len, int compat) | |||
| 1383 | goto free; | 1383 | goto free; |
| 1384 | } | 1384 | } |
| 1385 | 1385 | ||
| 1386 | t = xt_find_table_lock(&init_net, AF_INET, name); | 1386 | t = xt_find_table_lock(net, AF_INET, name); |
| 1387 | if (!t || IS_ERR(t)) { | 1387 | if (!t || IS_ERR(t)) { |
| 1388 | ret = t ? PTR_ERR(t) : -ENOENT; | 1388 | ret = t ? PTR_ERR(t) : -ENOENT; |
| 1389 | goto free; | 1389 | goto free; |
| @@ -1789,7 +1789,7 @@ out_unlock: | |||
| 1789 | } | 1789 | } |
| 1790 | 1790 | ||
| 1791 | static int | 1791 | static int |
| 1792 | compat_do_replace(void __user *user, unsigned int len) | 1792 | compat_do_replace(struct net *net, void __user *user, unsigned int len) |
| 1793 | { | 1793 | { |
| 1794 | int ret; | 1794 | int ret; |
| 1795 | struct compat_ipt_replace tmp; | 1795 | struct compat_ipt_replace tmp; |
| @@ -1826,7 +1826,7 @@ compat_do_replace(void __user *user, unsigned int len) | |||
| 1826 | 1826 | ||
| 1827 | duprintf("compat_do_replace: Translated table\n"); | 1827 | duprintf("compat_do_replace: Translated table\n"); |
| 1828 | 1828 | ||
| 1829 | ret = __do_replace(tmp.name, tmp.valid_hooks, newinfo, | 1829 | ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo, |
| 1830 | tmp.num_counters, compat_ptr(tmp.counters)); | 1830 | tmp.num_counters, compat_ptr(tmp.counters)); |
| 1831 | if (ret) | 1831 | if (ret) |
| 1832 | goto free_newinfo_untrans; | 1832 | goto free_newinfo_untrans; |
| @@ -1850,11 +1850,11 @@ compat_do_ipt_set_ctl(struct sock *sk, int cmd, void __user *user, | |||
| 1850 | 1850 | ||
| 1851 | switch (cmd) { | 1851 | switch (cmd) { |
| 1852 | case IPT_SO_SET_REPLACE: | 1852 | case IPT_SO_SET_REPLACE: |
| 1853 | ret = compat_do_replace(user, len); | 1853 | ret = compat_do_replace(sk->sk_net, user, len); |
| 1854 | break; | 1854 | break; |
| 1855 | 1855 | ||
| 1856 | case IPT_SO_SET_ADD_COUNTERS: | 1856 | case IPT_SO_SET_ADD_COUNTERS: |
| 1857 | ret = do_add_counters(user, len, 1); | 1857 | ret = do_add_counters(sk->sk_net, user, len, 1); |
| 1858 | break; | 1858 | break; |
| 1859 | 1859 | ||
| 1860 | default: | 1860 | default: |
| @@ -1903,7 +1903,8 @@ compat_copy_entries_to_user(unsigned int total_size, struct xt_table *table, | |||
| 1903 | } | 1903 | } |
| 1904 | 1904 | ||
| 1905 | static int | 1905 | static int |
| 1906 | compat_get_entries(struct compat_ipt_get_entries __user *uptr, int *len) | 1906 | compat_get_entries(struct net *net, struct compat_ipt_get_entries __user *uptr, |
| 1907 | int *len) | ||
| 1907 | { | 1908 | { |
| 1908 | int ret; | 1909 | int ret; |
| 1909 | struct compat_ipt_get_entries get; | 1910 | struct compat_ipt_get_entries get; |
| @@ -1924,7 +1925,7 @@ compat_get_entries(struct compat_ipt_get_entries __user *uptr, int *len) | |||
| 1924 | } | 1925 | } |
| 1925 | 1926 | ||
| 1926 | xt_compat_lock(AF_INET); | 1927 | xt_compat_lock(AF_INET); |
| 1927 | t = xt_find_table_lock(&init_net, AF_INET, get.name); | 1928 | t = xt_find_table_lock(net, AF_INET, get.name); |
| 1928 | if (t && !IS_ERR(t)) { | 1929 | if (t && !IS_ERR(t)) { |
| 1929 | struct xt_table_info *private = t->private; | 1930 | struct xt_table_info *private = t->private; |
| 1930 | struct xt_table_info info; | 1931 | struct xt_table_info info; |
| @@ -1960,10 +1961,10 @@ compat_do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) | |||
| 1960 | 1961 | ||
| 1961 | switch (cmd) { | 1962 | switch (cmd) { |
| 1962 | case IPT_SO_GET_INFO: | 1963 | case IPT_SO_GET_INFO: |
| 1963 | ret = get_info(user, len, 1); | 1964 | ret = get_info(sk->sk_net, user, len, 1); |
| 1964 | break; | 1965 | break; |
| 1965 | case IPT_SO_GET_ENTRIES: | 1966 | case IPT_SO_GET_ENTRIES: |
| 1966 | ret = compat_get_entries(user, len); | 1967 | ret = compat_get_entries(sk->sk_net, user, len); |
| 1967 | break; | 1968 | break; |
| 1968 | default: | 1969 | default: |
| 1969 | ret = do_ipt_get_ctl(sk, cmd, user, len); | 1970 | ret = do_ipt_get_ctl(sk, cmd, user, len); |
| @@ -1982,11 +1983,11 @@ do_ipt_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len) | |||
| 1982 | 1983 | ||
| 1983 | switch (cmd) { | 1984 | switch (cmd) { |
| 1984 | case IPT_SO_SET_REPLACE: | 1985 | case IPT_SO_SET_REPLACE: |
| 1985 | ret = do_replace(user, len); | 1986 | ret = do_replace(sk->sk_net, user, len); |
| 1986 | break; | 1987 | break; |
| 1987 | 1988 | ||
| 1988 | case IPT_SO_SET_ADD_COUNTERS: | 1989 | case IPT_SO_SET_ADD_COUNTERS: |
| 1989 | ret = do_add_counters(user, len, 0); | 1990 | ret = do_add_counters(sk->sk_net, user, len, 0); |
| 1990 | break; | 1991 | break; |
| 1991 | 1992 | ||
| 1992 | default: | 1993 | default: |
| @@ -2007,11 +2008,11 @@ do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) | |||
| 2007 | 2008 | ||
| 2008 | switch (cmd) { | 2009 | switch (cmd) { |
| 2009 | case IPT_SO_GET_INFO: | 2010 | case IPT_SO_GET_INFO: |
| 2010 | ret = get_info(user, len, 0); | 2011 | ret = get_info(sk->sk_net, user, len, 0); |
| 2011 | break; | 2012 | break; |
| 2012 | 2013 | ||
| 2013 | case IPT_SO_GET_ENTRIES: | 2014 | case IPT_SO_GET_ENTRIES: |
| 2014 | ret = get_entries(user, len); | 2015 | ret = get_entries(sk->sk_net, user, len); |
| 2015 | break; | 2016 | break; |
| 2016 | 2017 | ||
| 2017 | case IPT_SO_GET_REVISION_MATCH: | 2018 | case IPT_SO_GET_REVISION_MATCH: |