From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: Patrick McHardy <kaber@trash.net>, netfilter-devel@vger.kernel.org
Subject: netfilter 04/13: ip6table_filter in netns for real
Date: Mon, 7 Jul 2008 14:05:20 +0200 (MEST) [thread overview]
Message-ID: <20080707120519.4975.63516.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20080707120514.4975.88670.sendpatchset@localhost.localdomain>
netfilter: ip6table_filter in netns for real
One still needs to remove checks in nf_hook_slow() and nf_sockopt_find()
to test this, though.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 92b669eedbfbca32d05723764afb243b6d8faeed
tree 9061315f95bb9a3d3a36bb14ec491ddd7d41f29c
parent fb5471afe6b8e29f1319ca85ecc830f6b8b54143
author Alexey Dobriyan <adobriyan@gmail.com> Mon, 07 Jul 2008 13:00:16 +0200
committer Patrick McHardy <kaber@trash.net> Mon, 07 Jul 2008 13:00:16 +0200
net/ipv6/netfilter/ip6table_filter.c | 31 ++++++++++++++++++++++---------
1 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
index f979e48..55a2c29 100644
--- a/net/ipv6/netfilter/ip6table_filter.c
+++ b/net/ipv6/netfilter/ip6table_filter.c
@@ -61,13 +61,25 @@ static struct xt_table packet_filter = {
/* The work comes in here from netfilter.c. */
static unsigned int
-ip6t_hook(unsigned int hook,
- struct sk_buff *skb,
- const struct net_device *in,
- const struct net_device *out,
- int (*okfn)(struct sk_buff *))
+ip6t_local_in_hook(unsigned int hook,
+ struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
+{
+ return ip6t_do_table(skb, hook, in, out,
+ nf_local_in_net(in, out)->ipv6.ip6table_filter);
+}
+
+static unsigned int
+ip6t_forward_hook(unsigned int hook,
+ struct sk_buff *skb,
+ const struct net_device *in,
+ const struct net_device *out,
+ int (*okfn)(struct sk_buff *))
{
- return ip6t_do_table(skb, hook, in, out, init_net.ipv6.ip6table_filter);
+ return ip6t_do_table(skb, hook, in, out,
+ nf_forward_net(in, out)->ipv6.ip6table_filter);
}
static unsigned int
@@ -87,19 +99,20 @@ ip6t_local_out_hook(unsigned int hook,
}
#endif
- return ip6t_do_table(skb, hook, in, out, init_net.ipv6.ip6table_filter);
+ return ip6t_do_table(skb, hook, in, out,
+ nf_local_out_net(in, out)->ipv6.ip6table_filter);
}
static struct nf_hook_ops ip6t_ops[] __read_mostly = {
{
- .hook = ip6t_hook,
+ .hook = ip6t_local_in_hook,
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP6_PRI_FILTER,
},
{
- .hook = ip6t_hook,
+ .hook = ip6t_forward_hook,
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_INET_FORWARD,
next prev parent reply other threads:[~2008-07-07 12:05 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-07 12:05 netfilter 00/13: netfilter update Patrick McHardy
2008-07-07 12:05 ` netfilter 01/13: use correct namespace in ip6table_security Patrick McHardy
2008-07-07 12:05 ` Get rid of refrences to no longer existant Fast NAT Patrick McHardy
2008-07-07 12:10 ` David Miller
2008-07-07 12:12 ` Patrick McHardy
2008-07-07 12:05 ` netfilter 03/13: nf_conntrack: add allocation flag to nf_conntrack_alloc Patrick McHardy
2008-07-07 12:05 ` Patrick McHardy [this message]
2008-07-07 12:05 ` netfilter 05/13: cleanup netfilter_ipv6.h userspace header Patrick McHardy
2008-07-07 12:05 ` netfilter 06/13: ebt_nflog: fix Kconfig typo Patrick McHardy
2008-07-07 12:05 ` textsearch 07/13: support for case insensitive searching Patrick McHardy
2008-07-07 12:05 ` textsearch 08/13: fix Boyer-Moore text search bug Patrick McHardy
2008-07-07 12:44 ` Patrick McHardy
2008-07-07 12:05 ` textsearch 09/13: ts_bm: support case insensitive searching in Boyer-Moore algorithm Patrick McHardy
2008-07-07 12:05 ` textsearch 10/13: ts_kmp: support case insensitive searching in Knuth-Morris-Pratt algorithm Patrick McHardy
2008-07-07 12:05 ` textsearch 11/13: ts_fsm: return error on request for case insensitive search Patrick McHardy
2008-07-07 12:05 ` textsearch 12/13: convert kmalloc + memset to kzalloc Patrick McHardy
2008-07-07 12:05 ` netfilter 13/13: fix string extension for case insensitive pattern matching Patrick McHardy
2008-07-08 10:00 ` netfilter 00/13: netfilter update David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080707120519.4975.63516.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.