aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv6
diff options
context:
space:
mode:
authorAlexey Dobriyan <adobriyan@sw.ru>2008-01-31 07:02:13 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-31 22:27:35 -0500
commit8d870052079d255917ec4f8431f5ec102707b7af (patch)
tree77ab4f07ef4980d179c4e47d3a6e034c055f9bdf /net/ipv6
parenta98da11d88dbec1d5cebe2c6dbe9939ed8d13f69 (diff)
[NETFILTER]: x_tables: per-netns xt_tables
In fact all we want is per-netns set of rules, however doing that will unnecessary complicate routines such as ipt_hook()/ipt_do_table, so make full xt_table array per-netns. Every user stubbed with init_net for a while. Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6')
-rw-r--r--net/ipv6/netfilter/ip6_tables.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index f7a62398d7b7..1aac3ef39414 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1138,7 +1138,7 @@ static int get_info(void __user *user, int *len, int compat)
1138 if (compat) 1138 if (compat)
1139 xt_compat_lock(AF_INET6); 1139 xt_compat_lock(AF_INET6);
1140#endif 1140#endif
1141 t = try_then_request_module(xt_find_table_lock(AF_INET6, name), 1141 t = try_then_request_module(xt_find_table_lock(&init_net, AF_INET6, name),
1142 "ip6table_%s", name); 1142 "ip6table_%s", name);
1143 if (t && !IS_ERR(t)) { 1143 if (t && !IS_ERR(t)) {
1144 struct ip6t_getinfo info; 1144 struct ip6t_getinfo info;
@@ -1196,7 +1196,7 @@ get_entries(struct ip6t_get_entries __user *uptr, int *len)
1196 return -EINVAL; 1196 return -EINVAL;
1197 } 1197 }
1198 1198
1199 t = xt_find_table_lock(AF_INET6, get.name); 1199 t = xt_find_table_lock(&init_net, AF_INET6, get.name);
1200 if (t && !IS_ERR(t)) { 1200 if (t && !IS_ERR(t)) {
1201 struct xt_table_info *private = t->private; 1201 struct xt_table_info *private = t->private;
1202 duprintf("t->private->number = %u\n", private->number); 1202 duprintf("t->private->number = %u\n", private->number);
@@ -1235,7 +1235,7 @@ __do_replace(const char *name, unsigned int valid_hooks,
1235 goto out; 1235 goto out;
1236 } 1236 }
1237 1237
1238 t = try_then_request_module(xt_find_table_lock(AF_INET6, name), 1238 t = try_then_request_module(xt_find_table_lock(&init_net, AF_INET6, name),
1239 "ip6table_%s", name); 1239 "ip6table_%s", name);
1240 if (!t || IS_ERR(t)) { 1240 if (!t || IS_ERR(t)) {
1241 ret = t ? PTR_ERR(t) : -ENOENT; 1241 ret = t ? PTR_ERR(t) : -ENOENT;
@@ -1410,7 +1410,7 @@ do_add_counters(void __user *user, unsigned int len, int compat)
1410 goto free; 1410 goto free;
1411 } 1411 }
1412 1412
1413 t = xt_find_table_lock(AF_INET6, name); 1413 t = xt_find_table_lock(&init_net, AF_INET6, name);
1414 if (!t || IS_ERR(t)) { 1414 if (!t || IS_ERR(t)) {
1415 ret = t ? PTR_ERR(t) : -ENOENT; 1415 ret = t ? PTR_ERR(t) : -ENOENT;
1416 goto free; 1416 goto free;
@@ -1950,7 +1950,7 @@ compat_get_entries(struct compat_ip6t_get_entries __user *uptr, int *len)
1950 } 1950 }
1951 1951
1952 xt_compat_lock(AF_INET6); 1952 xt_compat_lock(AF_INET6);
1953 t = xt_find_table_lock(AF_INET6, get.name); 1953 t = xt_find_table_lock(&init_net, AF_INET6, get.name);
1954 if (t && !IS_ERR(t)) { 1954 if (t && !IS_ERR(t)) {
1955 struct xt_table_info *private = t->private; 1955 struct xt_table_info *private = t->private;
1956 struct xt_table_info info; 1956 struct xt_table_info info;
@@ -2101,7 +2101,7 @@ int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl)
2101 return ret; 2101 return ret;
2102 } 2102 }
2103 2103
2104 new_table = xt_register_table(table, &bootstrap, newinfo); 2104 new_table = xt_register_table(&init_net, table, &bootstrap, newinfo);
2105 if (IS_ERR(new_table)) { 2105 if (IS_ERR(new_table)) {
2106 xt_free_table_info(newinfo); 2106 xt_free_table_info(newinfo);
2107 return PTR_ERR(new_table); 2107 return PTR_ERR(new_table);