diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-10-08 05:35:02 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:02 -0400 |
| commit | 7dd1b8dad84c9561fe8949ed5db4de15aee877eb (patch) | |
| tree | f2df68e053e13f26c88e38f82c1159d618b8b33b /net/ipv6 | |
| parent | 1339dd91719f3e841b113ddaccd30fd87b9d2332 (diff) | |
netfilter: netns: ip6table_mangle in netns for real
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/ip6table_mangle.c | 31 |
1 files changed, 22 insertions, 9 deletions
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index f405cea21a8b..d0b31b259d4d 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
| @@ -67,17 +67,29 @@ static struct xt_table packet_mangler = { | |||
| 67 | 67 | ||
| 68 | /* The work comes in here from netfilter.c. */ | 68 | /* The work comes in here from netfilter.c. */ |
| 69 | static unsigned int | 69 | static unsigned int |
| 70 | ip6t_route_hook(unsigned int hook, | 70 | ip6t_in_hook(unsigned int hook, |
| 71 | struct sk_buff *skb, | 71 | struct sk_buff *skb, |
| 72 | const struct net_device *in, | 72 | const struct net_device *in, |
| 73 | const struct net_device *out, | 73 | const struct net_device *out, |
| 74 | int (*okfn)(struct sk_buff *)) | 74 | int (*okfn)(struct sk_buff *)) |
| 75 | { | 75 | { |
| 76 | return ip6t_do_table(skb, hook, in, out, init_net.ipv6.ip6table_mangle); | 76 | return ip6t_do_table(skb, hook, in, out, |
| 77 | dev_net(in)->ipv6.ip6table_mangle); | ||
| 77 | } | 78 | } |
| 78 | 79 | ||
| 79 | static unsigned int | 80 | static unsigned int |
| 80 | ip6t_local_hook(unsigned int hook, | 81 | ip6t_post_routing_hook(unsigned int hook, |
| 82 | struct sk_buff *skb, | ||
| 83 | const struct net_device *in, | ||
| 84 | const struct net_device *out, | ||
| 85 | int (*okfn)(struct sk_buff *)) | ||
| 86 | { | ||
| 87 | return ip6t_do_table(skb, hook, in, out, | ||
| 88 | dev_net(out)->ipv6.ip6table_mangle); | ||
| 89 | } | ||
| 90 | |||
| 91 | static unsigned int | ||
| 92 | ip6t_local_out_hook(unsigned int hook, | ||
| 81 | struct sk_buff *skb, | 93 | struct sk_buff *skb, |
| 82 | const struct net_device *in, | 94 | const struct net_device *in, |
| 83 | const struct net_device *out, | 95 | const struct net_device *out, |
| @@ -108,7 +120,8 @@ ip6t_local_hook(unsigned int hook, | |||
| 108 | /* flowlabel and prio (includes version, which shouldn't change either */ | 120 | /* flowlabel and prio (includes version, which shouldn't change either */ |
| 109 | flowlabel = *((u_int32_t *)ipv6_hdr(skb)); | 121 | flowlabel = *((u_int32_t *)ipv6_hdr(skb)); |
| 110 | 122 | ||
| 111 | ret = ip6t_do_table(skb, hook, in, out, init_net.ipv6.ip6table_mangle); | 123 | ret = ip6t_do_table(skb, hook, in, out, |
| 124 | dev_net(out)->ipv6.ip6table_mangle); | ||
| 112 | 125 | ||
| 113 | if (ret != NF_DROP && ret != NF_STOLEN | 126 | if (ret != NF_DROP && ret != NF_STOLEN |
| 114 | && (memcmp(&ipv6_hdr(skb)->saddr, &saddr, sizeof(saddr)) | 127 | && (memcmp(&ipv6_hdr(skb)->saddr, &saddr, sizeof(saddr)) |
| @@ -122,35 +135,35 @@ ip6t_local_hook(unsigned int hook, | |||
| 122 | 135 | ||
| 123 | static struct nf_hook_ops ip6t_ops[] __read_mostly = { | 136 | static struct nf_hook_ops ip6t_ops[] __read_mostly = { |
| 124 | { | 137 | { |
| 125 | .hook = ip6t_route_hook, | 138 | .hook = ip6t_in_hook, |
| 126 | .owner = THIS_MODULE, | 139 | .owner = THIS_MODULE, |
| 127 | .pf = PF_INET6, | 140 | .pf = PF_INET6, |
| 128 | .hooknum = NF_INET_PRE_ROUTING, | 141 | .hooknum = NF_INET_PRE_ROUTING, |
| 129 | .priority = NF_IP6_PRI_MANGLE, | 142 | .priority = NF_IP6_PRI_MANGLE, |
| 130 | }, | 143 | }, |
| 131 | { | 144 | { |
| 132 | .hook = ip6t_route_hook, | 145 | .hook = ip6t_in_hook, |
| 133 | .owner = THIS_MODULE, | 146 | .owner = THIS_MODULE, |
| 134 | .pf = PF_INET6, | 147 | .pf = PF_INET6, |
| 135 | .hooknum = NF_INET_LOCAL_IN, | 148 | .hooknum = NF_INET_LOCAL_IN, |
| 136 | .priority = NF_IP6_PRI_MANGLE, | 149 | .priority = NF_IP6_PRI_MANGLE, |
| 137 | }, | 150 | }, |
| 138 | { | 151 | { |
| 139 | .hook = ip6t_route_hook, | 152 | .hook = ip6t_in_hook, |
| 140 | .owner = THIS_MODULE, | 153 | .owner = THIS_MODULE, |
| 141 | .pf = PF_INET6, | 154 | .pf = PF_INET6, |
| 142 | .hooknum = NF_INET_FORWARD, | 155 | .hooknum = NF_INET_FORWARD, |
| 143 | .priority = NF_IP6_PRI_MANGLE, | 156 | .priority = NF_IP6_PRI_MANGLE, |
| 144 | }, | 157 | }, |
| 145 | { | 158 | { |
| 146 | .hook = ip6t_local_hook, | 159 | .hook = ip6t_local_out_hook, |
| 147 | .owner = THIS_MODULE, | 160 | .owner = THIS_MODULE, |
| 148 | .pf = PF_INET6, | 161 | .pf = PF_INET6, |
| 149 | .hooknum = NF_INET_LOCAL_OUT, | 162 | .hooknum = NF_INET_LOCAL_OUT, |
| 150 | .priority = NF_IP6_PRI_MANGLE, | 163 | .priority = NF_IP6_PRI_MANGLE, |
| 151 | }, | 164 | }, |
| 152 | { | 165 | { |
| 153 | .hook = ip6t_route_hook, | 166 | .hook = ip6t_post_routing_hook, |
| 154 | .owner = THIS_MODULE, | 167 | .owner = THIS_MODULE, |
| 155 | .pf = PF_INET6, | 168 | .pf = PF_INET6, |
| 156 | .hooknum = NF_INET_POST_ROUTING, | 169 | .hooknum = NF_INET_POST_ROUTING, |