diff options
author | Alexey Dobriyan <adobriyan@sw.ru> | 2008-01-31 07:02:13 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-31 22:27:35 -0500 |
commit | 8d870052079d255917ec4f8431f5ec102707b7af (patch) | |
tree | 77ab4f07ef4980d179c4e47d3a6e034c055f9bdf /net/ipv6 | |
parent | a98da11d88dbec1d5cebe2c6dbe9939ed8d13f69 (diff) |
[NETFILTER]: x_tables: per-netns xt_tables
In fact all we want is per-netns set of rules, however doing that will
unnecessary complicate routines such as ipt_hook()/ipt_do_table, so
make full xt_table array per-netns.
Every user stubbed with init_net for a while.
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index f7a62398d7b7..1aac3ef39414 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -1138,7 +1138,7 @@ static int get_info(void __user *user, int *len, int compat) | |||
1138 | if (compat) | 1138 | if (compat) |
1139 | xt_compat_lock(AF_INET6); | 1139 | xt_compat_lock(AF_INET6); |
1140 | #endif | 1140 | #endif |
1141 | t = try_then_request_module(xt_find_table_lock(AF_INET6, name), | 1141 | t = try_then_request_module(xt_find_table_lock(&init_net, AF_INET6, name), |
1142 | "ip6table_%s", name); | 1142 | "ip6table_%s", name); |
1143 | if (t && !IS_ERR(t)) { | 1143 | if (t && !IS_ERR(t)) { |
1144 | struct ip6t_getinfo info; | 1144 | struct ip6t_getinfo info; |
@@ -1196,7 +1196,7 @@ get_entries(struct ip6t_get_entries __user *uptr, int *len) | |||
1196 | return -EINVAL; | 1196 | return -EINVAL; |
1197 | } | 1197 | } |
1198 | 1198 | ||
1199 | t = xt_find_table_lock(AF_INET6, get.name); | 1199 | t = xt_find_table_lock(&init_net, AF_INET6, get.name); |
1200 | if (t && !IS_ERR(t)) { | 1200 | if (t && !IS_ERR(t)) { |
1201 | struct xt_table_info *private = t->private; | 1201 | struct xt_table_info *private = t->private; |
1202 | duprintf("t->private->number = %u\n", private->number); | 1202 | duprintf("t->private->number = %u\n", private->number); |
@@ -1235,7 +1235,7 @@ __do_replace(const char *name, unsigned int valid_hooks, | |||
1235 | goto out; | 1235 | goto out; |
1236 | } | 1236 | } |
1237 | 1237 | ||
1238 | t = try_then_request_module(xt_find_table_lock(AF_INET6, name), | 1238 | t = try_then_request_module(xt_find_table_lock(&init_net, AF_INET6, name), |
1239 | "ip6table_%s", name); | 1239 | "ip6table_%s", name); |
1240 | if (!t || IS_ERR(t)) { | 1240 | if (!t || IS_ERR(t)) { |
1241 | ret = t ? PTR_ERR(t) : -ENOENT; | 1241 | ret = t ? PTR_ERR(t) : -ENOENT; |
@@ -1410,7 +1410,7 @@ do_add_counters(void __user *user, unsigned int len, int compat) | |||
1410 | goto free; | 1410 | goto free; |
1411 | } | 1411 | } |
1412 | 1412 | ||
1413 | t = xt_find_table_lock(AF_INET6, name); | 1413 | t = xt_find_table_lock(&init_net, AF_INET6, name); |
1414 | if (!t || IS_ERR(t)) { | 1414 | if (!t || IS_ERR(t)) { |
1415 | ret = t ? PTR_ERR(t) : -ENOENT; | 1415 | ret = t ? PTR_ERR(t) : -ENOENT; |
1416 | goto free; | 1416 | goto free; |
@@ -1950,7 +1950,7 @@ compat_get_entries(struct compat_ip6t_get_entries __user *uptr, int *len) | |||
1950 | } | 1950 | } |
1951 | 1951 | ||
1952 | xt_compat_lock(AF_INET6); | 1952 | xt_compat_lock(AF_INET6); |
1953 | t = xt_find_table_lock(AF_INET6, get.name); | 1953 | t = xt_find_table_lock(&init_net, AF_INET6, get.name); |
1954 | if (t && !IS_ERR(t)) { | 1954 | if (t && !IS_ERR(t)) { |
1955 | struct xt_table_info *private = t->private; | 1955 | struct xt_table_info *private = t->private; |
1956 | struct xt_table_info info; | 1956 | struct xt_table_info info; |
@@ -2101,7 +2101,7 @@ int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl) | |||
2101 | return ret; | 2101 | return ret; |
2102 | } | 2102 | } |
2103 | 2103 | ||
2104 | new_table = xt_register_table(table, &bootstrap, newinfo); | 2104 | new_table = xt_register_table(&init_net, table, &bootstrap, newinfo); |
2105 | if (IS_ERR(new_table)) { | 2105 | if (IS_ERR(new_table)) { |
2106 | xt_free_table_info(newinfo); | 2106 | xt_free_table_info(newinfo); |
2107 | return PTR_ERR(new_table); | 2107 | return PTR_ERR(new_table); |