diff options
| author | Gao feng <gaofeng@cn.fujitsu.com> | 2013-09-25 03:38:45 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-10-17 04:47:58 -0400 |
| commit | 26a89e435462bfdde586ad062bf190cdbfe53a49 (patch) | |
| tree | 8523b04b9963b9b03102304a86da5961031ccfc1 /net/ipv4 | |
| parent | ce4ff76c15a877a62097807a35518fc808c1853c (diff) | |
netfilter: ipt_CLUSTERIP: make clusterip_list per net namespace
clusterip_configs should be per net namespace, so operate
cluster in one net namespace won't affect other net
namespace. right now, only allow to operate the clusterip_configs
of init net namespace.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/ipt_CLUSTERIP.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c index e66b91b92843..8ef3e6f38635 100644 --- a/net/ipv4/netfilter/ipt_CLUSTERIP.c +++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c | |||
| @@ -58,8 +58,6 @@ struct clusterip_config { | |||
| 58 | struct rcu_head rcu; | 58 | struct rcu_head rcu; |
| 59 | }; | 59 | }; |
| 60 | 60 | ||
| 61 | static LIST_HEAD(clusterip_configs); | ||
| 62 | |||
| 63 | /* clusterip_lock protects the clusterip_configs list */ | 61 | /* clusterip_lock protects the clusterip_configs list */ |
| 64 | static DEFINE_SPINLOCK(clusterip_lock); | 62 | static DEFINE_SPINLOCK(clusterip_lock); |
| 65 | 63 | ||
| @@ -70,6 +68,7 @@ static const struct file_operations clusterip_proc_fops; | |||
| 70 | static int clusterip_net_id __read_mostly; | 68 | static int clusterip_net_id __read_mostly; |
| 71 | 69 | ||
| 72 | struct clusterip_net { | 70 | struct clusterip_net { |
| 71 | struct list_head configs; | ||
| 73 | #ifdef CONFIG_PROC_FS | 72 | #ifdef CONFIG_PROC_FS |
| 74 | struct proc_dir_entry *procdir; | 73 | struct proc_dir_entry *procdir; |
| 75 | #endif | 74 | #endif |
| @@ -124,8 +123,9 @@ static struct clusterip_config * | |||
| 124 | __clusterip_config_find(__be32 clusterip) | 123 | __clusterip_config_find(__be32 clusterip) |
| 125 | { | 124 | { |
| 126 | struct clusterip_config *c; | 125 | struct clusterip_config *c; |
| 126 | struct clusterip_net *cn = net_generic(&init_net, clusterip_net_id); | ||
| 127 | 127 | ||
| 128 | list_for_each_entry_rcu(c, &clusterip_configs, list) { | 128 | list_for_each_entry_rcu(c, &cn->configs, list) { |
| 129 | if (c->clusterip == clusterip) | 129 | if (c->clusterip == clusterip) |
| 130 | return c; | 130 | return c; |
| 131 | } | 131 | } |
| @@ -199,7 +199,7 @@ clusterip_config_init(const struct ipt_clusterip_tgt_info *i, __be32 ip, | |||
| 199 | #endif | 199 | #endif |
| 200 | 200 | ||
| 201 | spin_lock_bh(&clusterip_lock); | 201 | spin_lock_bh(&clusterip_lock); |
| 202 | list_add_rcu(&c->list, &clusterip_configs); | 202 | list_add_rcu(&c->list, &cn->configs); |
| 203 | spin_unlock_bh(&clusterip_lock); | 203 | spin_unlock_bh(&clusterip_lock); |
| 204 | 204 | ||
| 205 | return c; | 205 | return c; |
| @@ -709,9 +709,11 @@ static const struct file_operations clusterip_proc_fops = { | |||
| 709 | 709 | ||
| 710 | static int clusterip_net_init(struct net *net) | 710 | static int clusterip_net_init(struct net *net) |
| 711 | { | 711 | { |
| 712 | #ifdef CONFIG_PROC_FS | ||
| 713 | struct clusterip_net *cn = net_generic(net, clusterip_net_id); | 712 | struct clusterip_net *cn = net_generic(net, clusterip_net_id); |
| 714 | 713 | ||
| 714 | INIT_LIST_HEAD(&cn->configs); | ||
| 715 | |||
| 716 | #ifdef CONFIG_PROC_FS | ||
| 715 | cn->procdir = proc_mkdir("ipt_CLUSTERIP", net->proc_net); | 717 | cn->procdir = proc_mkdir("ipt_CLUSTERIP", net->proc_net); |
| 716 | if (!cn->procdir) { | 718 | if (!cn->procdir) { |
| 717 | pr_err("Unable to proc dir entry\n"); | 719 | pr_err("Unable to proc dir entry\n"); |