From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: Patrick McHardy <kaber@trash.net>, netfilter-devel@vger.kernel.org
Subject: [NETFILTER 19/69]: arp_tables: netns preparation
Date: Wed, 30 Jan 2008 21:17:22 +0100 (MET) [thread overview]
Message-ID: <20080130201719.29874.66747.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20080130201650.29874.7456.sendpatchset@localhost.localdomain>
[NETFILTER]: arp_tables: netns preparation
* Propagate netns from userspace.
* arpt_register_table() registers table in supplied netns.
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 5f826e6f0ca7a6d45279d1c4ed6860a4bf7bbf26
tree a679f8f22cd3df21b5a13648dfa59ed6c8ec78e5
parent 084d68b97043319020232289b1f63c8c7afa2e97
author Alexey Dobriyan <adobriyan@sw.ru> Tue, 29 Jan 2008 16:22:01 +0100
committer Patrick McHardy <kaber@trash.net> Wed, 30 Jan 2008 15:04:17 +0100
include/linux/netfilter_arp/arp_tables.h | 3 +-
net/ipv4/netfilter/arp_tables.c | 55 +++++++++++++++++-------------
net/ipv4/netfilter/arptable_filter.c | 2 +
3 files changed, 34 insertions(+), 26 deletions(-)
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index f35486b..db223ca 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -271,7 +271,8 @@ struct arpt_error
xt_register_target(tgt); })
#define arpt_unregister_target(tgt) xt_unregister_target(tgt)
-extern struct arpt_table *arpt_register_table(struct arpt_table *table,
+extern struct arpt_table *arpt_register_table(struct net *net,
+ struct arpt_table *table,
const struct arpt_replace *repl);
extern void arpt_unregister_table(struct arpt_table *table);
extern unsigned int arpt_do_table(struct sk_buff *skb,
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 3a5afb8..ec64b67 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -22,6 +22,7 @@
#include <linux/mutex.h>
#include <linux/err.h>
#include <net/compat.h>
+#include <net/sock.h>
#include <asm/uaccess.h>
#include <linux/netfilter/x_tables.h>
@@ -850,7 +851,7 @@ static int compat_table_info(const struct xt_table_info *info,
}
#endif
-static int get_info(void __user *user, int *len, int compat)
+static int get_info(struct net *net, void __user *user, int *len, int compat)
{
char name[ARPT_TABLE_MAXNAMELEN];
struct arpt_table *t;
@@ -870,7 +871,7 @@ static int get_info(void __user *user, int *len, int compat)
if (compat)
xt_compat_lock(NF_ARP);
#endif
- t = try_then_request_module(xt_find_table_lock(&init_net, NF_ARP, name),
+ t = try_then_request_module(xt_find_table_lock(net, NF_ARP, name),
"arptable_%s", name);
if (t && !IS_ERR(t)) {
struct arpt_getinfo info;
@@ -908,7 +909,8 @@ static int get_info(void __user *user, int *len, int compat)
return ret;
}
-static int get_entries(struct arpt_get_entries __user *uptr, int *len)
+static int get_entries(struct net *net, struct arpt_get_entries __user *uptr,
+ int *len)
{
int ret;
struct arpt_get_entries get;
@@ -926,7 +928,7 @@ static int get_entries(struct arpt_get_entries __user *uptr, int *len)
return -EINVAL;
}
- t = xt_find_table_lock(&init_net, NF_ARP, get.name);
+ t = xt_find_table_lock(net, NF_ARP, get.name);
if (t && !IS_ERR(t)) {
struct xt_table_info *private = t->private;
duprintf("t->private->number = %u\n",
@@ -947,7 +949,8 @@ static int get_entries(struct arpt_get_entries __user *uptr, int *len)
return ret;
}
-static int __do_replace(const char *name, unsigned int valid_hooks,
+static int __do_replace(struct net *net, const char *name,
+ unsigned int valid_hooks,
struct xt_table_info *newinfo,
unsigned int num_counters,
void __user *counters_ptr)
@@ -966,7 +969,7 @@ static int __do_replace(const char *name, unsigned int valid_hooks,
goto out;
}
- t = try_then_request_module(xt_find_table_lock(&init_net, NF_ARP, name),
+ t = try_then_request_module(xt_find_table_lock(net, NF_ARP, name),
"arptable_%s", name);
if (!t || IS_ERR(t)) {
ret = t ? PTR_ERR(t) : -ENOENT;
@@ -1019,7 +1022,7 @@ static int __do_replace(const char *name, unsigned int valid_hooks,
return ret;
}
-static int do_replace(void __user *user, unsigned int len)
+static int do_replace(struct net *net, void __user *user, unsigned int len)
{
int ret;
struct arpt_replace tmp;
@@ -1053,7 +1056,7 @@ static int do_replace(void __user *user, unsigned int len)
duprintf("arp_tables: Translated table\n");
- ret = __do_replace(tmp.name, tmp.valid_hooks, newinfo,
+ ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo,
tmp.num_counters, tmp.counters);
if (ret)
goto free_newinfo_untrans;
@@ -1080,7 +1083,8 @@ static inline int add_counter_to_entry(struct arpt_entry *e,
return 0;
}
-static int do_add_counters(void __user *user, unsigned int len, int compat)
+static int do_add_counters(struct net *net, void __user *user, unsigned int len,
+ int compat)
{
unsigned int i;
struct xt_counters_info tmp;
@@ -1132,7 +1136,7 @@ static int do_add_counters(void __user *user, unsigned int len, int compat)
goto free;
}
- t = xt_find_table_lock(&init_net, NF_ARP, name);
+ t = xt_find_table_lock(net, NF_ARP, name);
if (!t || IS_ERR(t)) {
ret = t ? PTR_ERR(t) : -ENOENT;
goto free;
@@ -1435,7 +1439,8 @@ struct compat_arpt_replace {
struct compat_arpt_entry entries[0];
};
-static int compat_do_replace(void __user *user, unsigned int len)
+static int compat_do_replace(struct net *net, void __user *user,
+ unsigned int len)
{
int ret;
struct compat_arpt_replace tmp;
@@ -1471,7 +1476,7 @@ static int compat_do_replace(void __user *user, unsigned int len)
duprintf("compat_do_replace: Translated table\n");
- ret = __do_replace(tmp.name, tmp.valid_hooks, newinfo,
+ ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo,
tmp.num_counters, compat_ptr(tmp.counters));
if (ret)
goto free_newinfo_untrans;
@@ -1494,11 +1499,11 @@ static int compat_do_arpt_set_ctl(struct sock *sk, int cmd, void __user *user,
switch (cmd) {
case ARPT_SO_SET_REPLACE:
- ret = compat_do_replace(user, len);
+ ret = compat_do_replace(sk->sk_net, user, len);
break;
case ARPT_SO_SET_ADD_COUNTERS:
- ret = do_add_counters(user, len, 1);
+ ret = do_add_counters(sk->sk_net, user, len, 1);
break;
default:
@@ -1584,7 +1589,8 @@ struct compat_arpt_get_entries {
struct compat_arpt_entry entrytable[0];
};
-static int compat_get_entries(struct compat_arpt_get_entries __user *uptr,
+static int compat_get_entries(struct net *net,
+ struct compat_arpt_get_entries __user *uptr,
int *len)
{
int ret;
@@ -1604,7 +1610,7 @@ static int compat_get_entries(struct compat_arpt_get_entries __user *uptr,
}
xt_compat_lock(NF_ARP);
- t = xt_find_table_lock(&init_net, NF_ARP, get.name);
+ t = xt_find_table_lock(net, NF_ARP, get.name);
if (t && !IS_ERR(t)) {
struct xt_table_info *private = t->private;
struct xt_table_info info;
@@ -1641,10 +1647,10 @@ static int compat_do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user,
switch (cmd) {
case ARPT_SO_GET_INFO:
- ret = get_info(user, len, 1);
+ ret = get_info(sk->sk_net, user, len, 1);
break;
case ARPT_SO_GET_ENTRIES:
- ret = compat_get_entries(user, len);
+ ret = compat_get_entries(sk->sk_net, user, len);
break;
default:
ret = do_arpt_get_ctl(sk, cmd, user, len);
@@ -1662,11 +1668,11 @@ static int do_arpt_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned
switch (cmd) {
case ARPT_SO_SET_REPLACE:
- ret = do_replace(user, len);
+ ret = do_replace(sk->sk_net, user, len);
break;
case ARPT_SO_SET_ADD_COUNTERS:
- ret = do_add_counters(user, len, 0);
+ ret = do_add_counters(sk->sk_net, user, len, 0);
break;
default:
@@ -1686,11 +1692,11 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
switch (cmd) {
case ARPT_SO_GET_INFO:
- ret = get_info(user, len, 0);
+ ret = get_info(sk->sk_net, user, len, 0);
break;
case ARPT_SO_GET_ENTRIES:
- ret = get_entries(user, len);
+ ret = get_entries(sk->sk_net, user, len);
break;
case ARPT_SO_GET_REVISION_TARGET: {
@@ -1719,7 +1725,8 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
return ret;
}
-struct arpt_table *arpt_register_table(struct arpt_table *table,
+struct arpt_table *arpt_register_table(struct net *net,
+ struct arpt_table *table,
const struct arpt_replace *repl)
{
int ret;
@@ -1749,7 +1756,7 @@ struct arpt_table *arpt_register_table(struct arpt_table *table,
if (ret != 0)
goto out_free;
- new_table = xt_register_table(&init_net, table, &bootstrap, newinfo);
+ new_table = xt_register_table(net, table, &bootstrap, newinfo);
if (IS_ERR(new_table)) {
ret = PTR_ERR(new_table);
goto out_free;
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c
index b003215..1a68860 100644
--- a/net/ipv4/netfilter/arptable_filter.c
+++ b/net/ipv4/netfilter/arptable_filter.c
@@ -91,7 +91,7 @@ static int __init arptable_filter_init(void)
int ret;
/* Register table */
- packet_filter = arpt_register_table(&__packet_filter, &initial_table.repl);
+ packet_filter = arpt_register_table(&init_net, &__packet_filter, &initial_table.repl);
if (IS_ERR(packet_filter))
return PTR_ERR(packet_filter);
next prev parent reply other threads:[~2008-01-30 20:17 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-30 20:16 [NETFILTER 00/69]: Netfilter Update Patrick McHardy
2008-01-30 20:16 ` [NETFILTER 01/69]: Supress some sparse warnings Patrick McHardy
2008-01-30 20:16 ` [NETFILTER 02/69]: Use const in struct xt_match, xt_target, xt_table Patrick McHardy
2008-01-30 20:16 ` linux/types.h: Use __u64 for aligned_u64 Patrick McHardy
2008-01-30 20:16 ` [NETFILTER 04/69]: nf_nat: remove double bysource hash initialization Patrick McHardy
2008-01-30 20:16 ` [NETFILTER 05/69]: bridge netfilter: remove nf_bridge_info read-only netoutdev member Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 06/69]: nfnetlink_log: fix typo Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 07/69]: xt_conntrack: add port and direction matching Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 08/69]: nf_log: add netfilter gcc printf format checking Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 09/69]: ebtables: remove casts, use consts Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 10/69]: ebtables: Update modules' descriptions Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 11/69]: ebtables: mark matches, targets and watchers __read_mostly Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 12/69]: x_tables: change xt_table_register() return value convention Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 13/69]: x_tables: per-netns xt_tables Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 14/69]: x_tables: return new table from {arp,ip,ip6}t_register_table() Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 15/69]: ip_tables: propagate netns from userspace Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 16/69]: ip_tables: per-netns FILTER, MANGLE, RAW Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 17/69]: ip6_tables: netns preparation Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 18/69]: ip6_tables: per-netns IPv6 FILTER, MANGLE, RAW Patrick McHardy
2008-01-30 20:17 ` Patrick McHardy [this message]
2008-01-30 20:17 ` [NETFILTER 20/69]: arp_tables: per-netns arp_tables FILTER Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 21/69]: netns: put table module on netns stop Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 22/69]: xt_TCPMSS: consider reverse route's MTU in clamp-to-pmtu Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 23/69]: xt_owner: allow matching UID/GID ranges Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 24/69]: nf_nat_snmp: sparse warning Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 25/69]: nf_conntrack: sparse warnings Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 26/69]: nfnetlink_log: sparse warning fixes Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 27/69]: conntrack: get rid of sparse warnings Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 28/69]: more sparse fixes Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 29/69]: nf_conntrack_h3223: " Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 30/69]: ipt_recent: fix sparse warnings Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 31/69]: {ip,arp,ip6}_tables: fix sparse warnings in compat code Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 32/69]: nf_conntrack_ipv6: fix sparse warnings Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 33/69]: nf_conntrack_netlink: fix unbalanced locking Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 34/69]: nf_conntrack: fix accounting with fixed timeouts Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 35/69]: nf_conntrack: use RCU for conntrack helpers Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 36/69]: nf_conntrack_core: avoid taking nf_conntrack_lock in nf_conntrack_alter_reply Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 37/69]: nf_conntrack_expect: use RCU for expectation hash Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 38/69]: nf_conntrack: use RCU for conntrack hash Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 39/69]: nf_conntrack: switch rwlock to spinlock Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 40/69]: nf_conntrack: optimize __nf_conntrack_find() Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 41/69]: nf_conntrack: avoid duplicate protocol comparison in nf_ct_tuple_equal() Patrick McHardy
2008-01-30 20:17 ` [NETFILTER 42/69]: nf_conntrack: optimize hash_conntrack() Patrick McHardy
2008-04-28 8:24 ` Philip Craig
2008-04-28 13:59 ` Patrick McHardy
2008-04-29 4:48 ` Philip Craig
2008-04-29 5:44 ` David Miller
2008-04-29 6:00 ` Philip Craig
2008-04-29 6:14 ` David Miller
2008-04-29 6:50 ` Philip Craig
2008-04-29 6:56 ` David Miller
2008-04-29 7:00 ` Philip Craig
2008-04-29 5:44 ` Philip Craig
2008-04-29 5:54 ` Patrick McHardy
2008-04-29 8:40 ` Philip Craig
2008-04-29 10:20 ` David Miller
2008-04-29 10:22 ` Patrick McHardy
2008-04-29 10:35 ` David Miller
2008-01-30 20:18 ` [NETFILTER 43/69]: nf_conntrack: reorder struct nf_conntrack_l4proto Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 44/69]: nf_conntrack: don't inline early_drop() Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 45/69]: nf_conntrack: naming unification Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 46/69]: nf_nat: use RCU for bysource hash Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 47/69]: nf_nat: switch rwlock to spinlock Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 48/69]: nf_conntrack_h323: clean up code a bit Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 49/69]: nf_conntrack_netlink: transmit mark during all events Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 50/69]: ipt_CLUSTERIP: kill clusterip_config_entry_get Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 51/69]: nf_conntrack: kill unused static inline (do_iter) Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 52/69]: xt_hashlimit match, revision 1 Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 53/69]: x_tables: semi-rewrite of /proc/net/foo_tables_* Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 54/69]: x_tables: netns propagation for /proc/net/*_tables_names Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 55/69]: x_tables: create per-netns /proc/net/*_tables_* Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 56/69]: nf_conntrack_h323: constify and annotate H.323 helper Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 57/69]: nf_{conntrack,nat}_sip: annotate SIP helper with const Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 58/69]: nf_{conntrack,nat}_tftp: annotate TFTP " Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 59/69]: nf_{conntrack,nat}_pptp: annotate PPtP " Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 60/69]: nf_conntrack_sane: annotate SANE " Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 61/69]: nf_{conntrack,nat}_proto_tcp: constify and annotate TCP modules Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 62/69]: nf_{conntrack,nat}_proto_udp{,lite}: annotate with const Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 63/69]: nf_{conntrack,nat}_proto_gre: " Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 64/69]: nf_{conntrack,nat}_icmp: constify and annotate Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 65/69]: nf_conntrack: annotate l3protos with const Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 66/69]: {ip,ip6}_queue: fix build error Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 67/69]: nf_conntrack: fix sparse warning Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 68/69]: nf_nat: " Patrick McHardy
2008-01-30 20:18 ` [NETFILTER 69/69]: xt_iprange: fix sparse warnings Patrick McHardy
2008-01-30 20:20 ` [NETFILTER 00/69]: Netfilter Update Jan Engelhardt
2008-01-30 20:22 ` Patrick McHardy
2008-01-30 20:26 ` Jan Engelhardt
2008-01-30 20:55 ` Jan Engelhardt
2008-01-30 21:27 ` Patrick McHardy
2008-01-30 21:30 ` Jan Engelhardt
2008-01-30 21:31 ` Patrick McHardy
2008-01-30 21:34 ` Patrick McHardy
2008-01-31 0:54 ` David Miller
2008-01-31 12:56 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080130201719.29874.66747.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.