diff options
-rw-r--r-- | include/net/netns/ipv4.h | 1 | ||||
-rw-r--r-- | net/ipv4/netfilter/arptable_filter.c | 38 |
2 files changed, 29 insertions, 10 deletions
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h index aeb0c3b8df11..a9b4f6086294 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h | |||
@@ -31,6 +31,7 @@ struct netns_ipv4 { | |||
31 | struct xt_table *iptable_filter; | 31 | struct xt_table *iptable_filter; |
32 | struct xt_table *iptable_mangle; | 32 | struct xt_table *iptable_mangle; |
33 | struct xt_table *iptable_raw; | 33 | struct xt_table *iptable_raw; |
34 | struct xt_table *arptable_filter; | ||
34 | #endif | 35 | #endif |
35 | }; | 36 | }; |
36 | #endif | 37 | #endif |
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c index 1a688607fe83..4e9c496a30c2 100644 --- a/net/ipv4/netfilter/arptable_filter.c +++ b/net/ipv4/netfilter/arptable_filter.c | |||
@@ -20,7 +20,7 @@ static struct | |||
20 | struct arpt_replace repl; | 20 | struct arpt_replace repl; |
21 | struct arpt_standard entries[3]; | 21 | struct arpt_standard entries[3]; |
22 | struct arpt_error term; | 22 | struct arpt_error term; |
23 | } initial_table __initdata = { | 23 | } initial_table __net_initdata = { |
24 | .repl = { | 24 | .repl = { |
25 | .name = "filter", | 25 | .name = "filter", |
26 | .valid_hooks = FILTER_VALID_HOOKS, | 26 | .valid_hooks = FILTER_VALID_HOOKS, |
@@ -45,7 +45,7 @@ static struct | |||
45 | .term = ARPT_ERROR_INIT, | 45 | .term = ARPT_ERROR_INIT, |
46 | }; | 46 | }; |
47 | 47 | ||
48 | static struct arpt_table __packet_filter = { | 48 | static struct arpt_table packet_filter = { |
49 | .name = "filter", | 49 | .name = "filter", |
50 | .valid_hooks = FILTER_VALID_HOOKS, | 50 | .valid_hooks = FILTER_VALID_HOOKS, |
51 | .lock = RW_LOCK_UNLOCKED, | 51 | .lock = RW_LOCK_UNLOCKED, |
@@ -53,7 +53,6 @@ static struct arpt_table __packet_filter = { | |||
53 | .me = THIS_MODULE, | 53 | .me = THIS_MODULE, |
54 | .af = NF_ARP, | 54 | .af = NF_ARP, |
55 | }; | 55 | }; |
56 | static struct arpt_table *packet_filter; | ||
57 | 56 | ||
58 | /* The work comes in here from netfilter.c */ | 57 | /* The work comes in here from netfilter.c */ |
59 | static unsigned int arpt_hook(unsigned int hook, | 58 | static unsigned int arpt_hook(unsigned int hook, |
@@ -62,7 +61,7 @@ static unsigned int arpt_hook(unsigned int hook, | |||
62 | const struct net_device *out, | 61 | const struct net_device *out, |
63 | int (*okfn)(struct sk_buff *)) | 62 | int (*okfn)(struct sk_buff *)) |
64 | { | 63 | { |
65 | return arpt_do_table(skb, hook, in, out, packet_filter); | 64 | return arpt_do_table(skb, hook, in, out, init_net.ipv4.arptable_filter); |
66 | } | 65 | } |
67 | 66 | ||
68 | static struct nf_hook_ops arpt_ops[] __read_mostly = { | 67 | static struct nf_hook_ops arpt_ops[] __read_mostly = { |
@@ -86,14 +85,33 @@ static struct nf_hook_ops arpt_ops[] __read_mostly = { | |||
86 | }, | 85 | }, |
87 | }; | 86 | }; |
88 | 87 | ||
88 | static int __net_init arptable_filter_net_init(struct net *net) | ||
89 | { | ||
90 | /* Register table */ | ||
91 | net->ipv4.arptable_filter = | ||
92 | arpt_register_table(net, &packet_filter, &initial_table.repl); | ||
93 | if (IS_ERR(net->ipv4.arptable_filter)) | ||
94 | return PTR_ERR(net->ipv4.arptable_filter); | ||
95 | return 0; | ||
96 | } | ||
97 | |||
98 | static void __net_exit arptable_filter_net_exit(struct net *net) | ||
99 | { | ||
100 | arpt_unregister_table(net->ipv4.arptable_filter); | ||
101 | } | ||
102 | |||
103 | static struct pernet_operations arptable_filter_net_ops = { | ||
104 | .init = arptable_filter_net_init, | ||
105 | .exit = arptable_filter_net_exit, | ||
106 | }; | ||
107 | |||
89 | static int __init arptable_filter_init(void) | 108 | static int __init arptable_filter_init(void) |
90 | { | 109 | { |
91 | int ret; | 110 | int ret; |
92 | 111 | ||
93 | /* Register table */ | 112 | ret = register_pernet_subsys(&arptable_filter_net_ops); |
94 | packet_filter = arpt_register_table(&init_net, &__packet_filter, &initial_table.repl); | 113 | if (ret < 0) |
95 | if (IS_ERR(packet_filter)) | 114 | return ret; |
96 | return PTR_ERR(packet_filter); | ||
97 | 115 | ||
98 | ret = nf_register_hooks(arpt_ops, ARRAY_SIZE(arpt_ops)); | 116 | ret = nf_register_hooks(arpt_ops, ARRAY_SIZE(arpt_ops)); |
99 | if (ret < 0) | 117 | if (ret < 0) |
@@ -101,14 +119,14 @@ static int __init arptable_filter_init(void) | |||
101 | return ret; | 119 | return ret; |
102 | 120 | ||
103 | cleanup_table: | 121 | cleanup_table: |
104 | arpt_unregister_table(packet_filter); | 122 | unregister_pernet_subsys(&arptable_filter_net_ops); |
105 | return ret; | 123 | return ret; |
106 | } | 124 | } |
107 | 125 | ||
108 | static void __exit arptable_filter_fini(void) | 126 | static void __exit arptable_filter_fini(void) |
109 | { | 127 | { |
110 | nf_unregister_hooks(arpt_ops, ARRAY_SIZE(arpt_ops)); | 128 | nf_unregister_hooks(arpt_ops, ARRAY_SIZE(arpt_ops)); |
111 | arpt_unregister_table(packet_filter); | 129 | unregister_pernet_subsys(&arptable_filter_net_ops); |
112 | } | 130 | } |
113 | 131 | ||
114 | module_init(arptable_filter_init); | 132 | module_init(arptable_filter_init); |