netfilter 04/06: arptables in netns for real

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: Patrick McHardy <kaber@trash.net>, netfilter-devel@vger.kernel.org
Subject: netfilter 04/06: arptables in netns for real
Date: Sun, 27 Jul 2008 01:37:12 +0200 (MEST)	[thread overview]
Message-ID: <20080726233711.15283.14873.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20080726233705.15283.38364.sendpatchset@localhost.localdomain>

netfilter: arptables in netns for real

IN, FORWARD -- grab netns from in device, OUT -- from out device.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

---
commit ea52606851cacfc5bcd6437ac0d97a22494279ac
tree 7929d1eb7468fd9f875bc1d248c0610a9197fe88
parent 3e7770f4574672e7e6122b0dee21faf325d7b6a3
author Alexey Dobriyan <adobriyan@gmail.com> Sun, 27 Jul 2008 00:40:13 +0200
committer Patrick McHardy <kaber@trash.net> Sun, 27 Jul 2008 00:40:13 +0200

 net/ipv4/netfilter/arptable_filter.c |   39 ++++++++++++++++++++++++++--------
 1 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c
index 3be4d07..082f5dd 100644
--- a/net/ipv4/netfilter/arptable_filter.c
+++ b/net/ipv4/netfilter/arptable_filter.c
@@ -55,32 +55,53 @@ static struct xt_table packet_filter = {
 };
 
 /* The work comes in here from netfilter.c */
-static unsigned int arpt_hook(unsigned int hook,
-			      struct sk_buff *skb,
-			      const struct net_device *in,
-			      const struct net_device *out,
-			      int (*okfn)(struct sk_buff *))
+static unsigned int arpt_in_hook(unsigned int hook,
+				 struct sk_buff *skb,
+				 const struct net_device *in,
+				 const struct net_device *out,
+				 int (*okfn)(struct sk_buff *))
 {
-	return arpt_do_table(skb, hook, in, out, init_net.ipv4.arptable_filter);
+	return arpt_do_table(skb, hook, in, out,
+			     dev_net(in)->ipv4.arptable_filter);
+}
+
+static unsigned int arpt_out_hook(unsigned int hook,
+				  struct sk_buff *skb,
+				  const struct net_device *in,
+				  const struct net_device *out,
+				  int (*okfn)(struct sk_buff *))
+{
+	return arpt_do_table(skb, hook, in, out,
+			     dev_net(out)->ipv4.arptable_filter);
+}
+
+static unsigned int arpt_forward_hook(unsigned int hook,
+				      struct sk_buff *skb,
+				      const struct net_device *in,
+				      const struct net_device *out,
+				      int (*okfn)(struct sk_buff *))
+{
+	return arpt_do_table(skb, hook, in, out,
+			     dev_net(in)->ipv4.arptable_filter);
 }
 
 static struct nf_hook_ops arpt_ops[] __read_mostly = {
 	{
-		.hook		= arpt_hook,
+		.hook		= arpt_in_hook,
 		.owner		= THIS_MODULE,
 		.pf		= NF_ARP,
 		.hooknum	= NF_ARP_IN,
 		.priority	= NF_IP_PRI_FILTER,
 	},
 	{
-		.hook		= arpt_hook,
+		.hook		= arpt_out_hook,
 		.owner		= THIS_MODULE,
 		.pf		= NF_ARP,
 		.hooknum	= NF_ARP_OUT,
 		.priority	= NF_IP_PRI_FILTER,
 	},
 	{
-		.hook		= arpt_hook,
+		.hook		= arpt_forward_hook,
 		.owner		= THIS_MODULE,
 		.pf		= NF_ARP,
 		.hooknum	= NF_ARP_FORWARD,

next prev parent reply	other threads:[~2008-07-26 23:37 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-07-26 23:37 netfilter 00/06: netfilter update Patrick McHardy
2008-07-26 23:37 ` netfilter 01/06: ebtables: use nf_register_hooks() Patrick McHardy
2008-07-27  0:48   ` David Miller
2008-07-26 23:37 ` selinux 02/06: " Patrick McHardy
2008-07-27  0:48   ` David Miller
2008-07-26 23:37 ` netfilter 03/06: ip{,6}tables_security: fix future section mismatch Patrick McHardy
2008-07-27  0:48   ` David Miller
2008-07-26 23:37 ` Patrick McHardy [this message]
2008-07-27  0:49   ` netfilter 04/06: arptables in netns for real David Miller
2008-07-26 23:37 ` netfilter 05/06: fix double-free and use-after free Patrick McHardy
2008-07-27  0:49   ` David Miller
2008-07-26 23:37 ` netfilter 06/06: nf_conntrack_extend: avoid unnecessary "ct->ext" dereferences Patrick McHardy
2008-07-27  0:50   ` David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:3be4d07 dfblob:082f5dd )
 OR (
bs:"netfilter 04/06: arptables in netns for real" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080726233711.15283.14873.sendpatchset@localhost.localdomain \
    --to=kaber@trash.net \
    --cc=davem@davemloft.net \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.