From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, Patrick McHardy <kaber@trash.net>,
netfilter-devel@vger.kernel.org
Subject: netfilter 04/29: netns ebtables: part 1
Date: Thu, 27 Nov 2008 17:15:08 +0100 (MET) [thread overview]
Message-ID: <20081127161508.13891.87491.sendpatchset@x2.localnet> (raw)
In-Reply-To: <20081127161503.13891.62766.sendpatchset@x2.localnet>
commit 511061e2dd1b84bb21bb97c9216a19606c29ac02
Author: Alexey Dobriyan <adobriyan@gmail.com>
Date: Tue Nov 4 14:22:55 2008 +0100
netfilter: netns ebtables: part 1
* propagate netns from userspace, register table in passed netns
* remporarily register every ebt_table in init_net
P. S.: one needs to add ".netns_ok = 1" to igmp_protocol to test with
ebtables(8) in netns.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index d45e29c..624e788 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -300,7 +300,7 @@ struct ebt_table
#define EBT_ALIGN(s) (((s) + (__alignof__(struct ebt_replace)-1)) & \
~(__alignof__(struct ebt_replace)-1))
-extern int ebt_register_table(struct ebt_table *table);
+extern int ebt_register_table(struct net *net, struct ebt_table *table);
extern void ebt_unregister_table(struct ebt_table *table);
extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
const struct net_device *in, const struct net_device *out,
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c
index 246626b..1731ce8 100644
--- a/net/bridge/netfilter/ebtable_broute.c
+++ b/net/bridge/netfilter/ebtable_broute.c
@@ -66,7 +66,7 @@ static int __init ebtable_broute_init(void)
{
int ret;
- ret = ebt_register_table(&broute_table);
+ ret = ebt_register_table(&init_net, &broute_table);
if (ret < 0)
return ret;
/* see br_input.c */
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c
index 1a58af5..af8953c 100644
--- a/net/bridge/netfilter/ebtable_filter.c
+++ b/net/bridge/netfilter/ebtable_filter.c
@@ -95,7 +95,7 @@ static int __init ebtable_filter_init(void)
{
int ret;
- ret = ebt_register_table(&frame_filter);
+ ret = ebt_register_table(&init_net, &frame_filter);
if (ret < 0)
return ret;
ret = nf_register_hooks(ebt_ops_filter, ARRAY_SIZE(ebt_ops_filter));
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c
index f60c1e7..bafe160 100644
--- a/net/bridge/netfilter/ebtable_nat.c
+++ b/net/bridge/netfilter/ebtable_nat.c
@@ -102,7 +102,7 @@ static int __init ebtable_nat_init(void)
{
int ret;
- ret = ebt_register_table(&frame_nat);
+ ret = ebt_register_table(&init_net, &frame_nat);
if (ret < 0)
return ret;
ret = nf_register_hooks(ebt_ops_nat, ARRAY_SIZE(ebt_ops_nat));
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 0fa208e..c1a82b2 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -55,7 +55,6 @@
static DEFINE_MUTEX(ebt_mutex);
-static LIST_HEAD(ebt_tables);
static struct xt_target ebt_standard_target = {
.name = "standard",
@@ -315,9 +314,11 @@ find_inlist_lock(struct list_head *head, const char *name, const char *prefix,
}
static inline struct ebt_table *
-find_table_lock(const char *name, int *error, struct mutex *mutex)
+find_table_lock(struct net *net, const char *name, int *error,
+ struct mutex *mutex)
{
- return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex);
+ return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name,
+ "ebtable_", error, mutex);
}
static inline int
@@ -944,7 +945,7 @@ static void get_counters(struct ebt_counter *oldcounters,
}
/* replace the table */
-static int do_replace(void __user *user, unsigned int len)
+static int do_replace(struct net *net, void __user *user, unsigned int len)
{
int ret, i, countersize;
struct ebt_table_info *newinfo;
@@ -1016,7 +1017,7 @@ static int do_replace(void __user *user, unsigned int len)
if (ret != 0)
goto free_counterstmp;
- t = find_table_lock(tmp.name, &ret, &ebt_mutex);
+ t = find_table_lock(net, tmp.name, &ret, &ebt_mutex);
if (!t) {
ret = -ENOENT;
goto free_iterate;
@@ -1097,7 +1098,7 @@ free_newinfo:
return ret;
}
-int ebt_register_table(struct ebt_table *table)
+int ebt_register_table(struct net *net, struct ebt_table *table)
{
struct ebt_table_info *newinfo;
struct ebt_table *t;
@@ -1157,7 +1158,7 @@ int ebt_register_table(struct ebt_table *table)
if (ret != 0)
goto free_chainstack;
- list_for_each_entry(t, &ebt_tables, list) {
+ list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
if (strcmp(t->name, table->name) == 0) {
ret = -EEXIST;
BUGPRINT("Table name already exists\n");
@@ -1170,7 +1171,7 @@ int ebt_register_table(struct ebt_table *table)
ret = -ENOENT;
goto free_unlock;
}
- list_add(&table->list, &ebt_tables);
+ list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]);
mutex_unlock(&ebt_mutex);
return 0;
free_unlock:
@@ -1208,7 +1209,7 @@ void ebt_unregister_table(struct ebt_table *table)
}
/* userspace just supplied us with counters */
-static int update_counters(void __user *user, unsigned int len)
+static int update_counters(struct net *net, void __user *user, unsigned int len)
{
int i, ret;
struct ebt_counter *tmp;
@@ -1228,7 +1229,7 @@ static int update_counters(void __user *user, unsigned int len)
return -ENOMEM;
}
- t = find_table_lock(hlp.name, &ret, &ebt_mutex);
+ t = find_table_lock(net, hlp.name, &ret, &ebt_mutex);
if (!t)
goto free_tmp;
@@ -1386,10 +1387,10 @@ static int do_ebt_set_ctl(struct sock *sk,
switch(cmd) {
case EBT_SO_SET_ENTRIES:
- ret = do_replace(user, len);
+ ret = do_replace(sock_net(sk), user, len);
break;
case EBT_SO_SET_COUNTERS:
- ret = update_counters(user, len);
+ ret = update_counters(sock_net(sk), user, len);
break;
default:
ret = -EINVAL;
@@ -1406,7 +1407,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
if (copy_from_user(&tmp, user, sizeof(tmp)))
return -EFAULT;
- t = find_table_lock(tmp.name, &ret, &ebt_mutex);
+ t = find_table_lock(sock_net(sk), tmp.name, &ret, &ebt_mutex);
if (!t)
return ret;
next prev parent reply other threads:[~2008-11-27 16:15 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-27 16:15 netfilter 00/29: Netfilter Update Patrick McHardy
2008-11-27 16:15 ` netfilter 01/29: xt_NFLOG: don't call nf_log_packet in NFLOG module Patrick McHardy
2008-11-27 16:15 ` netfilter 02/29: netns-aware ipt_addrtype Patrick McHardy
2008-11-27 16:15 ` netfilter 03/29: arptable_filter: merge forward hook Patrick McHardy
2008-11-27 16:15 ` Patrick McHardy [this message]
2008-11-27 16:15 ` netfilter 05/29: netns ebtables: part 2 Patrick McHardy
2008-11-27 16:15 ` netfilter 06/29: netns ebtables: more cleanup during ebt_unregister_table() Patrick McHardy
2008-11-27 16:15 ` netfilter 07/29: netns ebtables: ebtable_broute in netns Patrick McHardy
2008-11-27 18:25 ` Jan Engelhardt
2008-11-27 18:28 ` Patrick McHardy
2008-11-28 8:02 ` Alexey Dobriyan
2008-11-27 16:15 ` netfilter 08/29: netns ebtables: ebtable_filter " Patrick McHardy
2008-11-27 16:15 ` netfilter 09/29: netns ebtables: ebtable_nat " Patrick McHardy
2008-11-27 16:15 ` netfilter 10/29: netns ebtables: br_nf_pre_routing_finish() fixup Patrick McHardy
2008-11-27 16:15 ` netfilter 11/29: nf_nat: remove warn_if_extra_mangle Patrick McHardy
2008-11-27 18:28 ` Jan Engelhardt
2008-11-27 16:15 ` netfilter 12/29: ctnetlink: use nf_conntrack_get instead of atomic_inc Patrick McHardy
2008-11-27 16:15 ` netfilter 13/29: ctnetlink: use EOPNOTSUPP instead of EINVAL if the conntrack has no helper Patrick McHardy
2008-11-27 16:15 ` netfilter 14/29: ctnetlink: get rid of module refcounting in ctnetlink Patrick McHardy
2008-11-27 16:15 ` netfilter 15/29: nf_conntrack: connection tracking helper name persistent aliases Patrick McHardy
2008-11-27 18:31 ` Jan Engelhardt
2008-11-27 18:33 ` Patrick McHardy
2008-11-27 18:34 ` Jan Engelhardt
2008-11-27 21:52 ` Pablo Neira Ayuso
2008-11-27 22:14 ` Jan Engelhardt
2008-11-28 7:15 ` Patrick McHardy
2008-11-28 11:39 ` Jan Engelhardt
2008-11-27 16:15 ` netfilter 16/29: ctnetlink: helper modules load-on-demand support Patrick McHardy
2008-11-27 16:15 ` netfilter 17/29: ctnetlink: deliver events for conntracks changed from userspace Patrick McHardy
2008-11-27 16:15 ` netfilter 18/29: nfnetlink_log: fix warning and prototype mismatch Patrick McHardy
2008-11-27 16:15 ` netfilter 19/29: nf_conntrack: " Patrick McHardy
2008-11-27 16:15 ` netfilter 20/29: xt_recent: don't save proc dirs Patrick McHardy
2008-11-27 16:15 ` netfilter 21/29: ip6table_filter: merge LOCAL_IN and FORWARD hooks Patrick McHardy
2008-11-27 16:15 ` netfilter 22/29: nf_conntrack_proto_gre: spread __exit Patrick McHardy
2008-11-27 16:15 ` netfilter 23/29: ip{,6}t_policy.h should include xp_policy.h Patrick McHardy
2008-11-27 18:33 ` Jan Engelhardt
2008-11-27 23:06 ` David Miller
2008-11-28 8:58 ` Andy Whitcroft
2008-11-27 16:15 ` netfilter 24/29: nf_conntrack_proto_sctp: avoid bogus warning Patrick McHardy
2008-11-27 16:15 ` netfilter 25/29: nf_conntrack_ftp: change "partial ..." message to pr_debug() Patrick McHardy
2008-11-27 16:15 ` netfilter 26/29: nfmark routing in OUTPUT, mangle, NFQUEUE Patrick McHardy
2008-11-27 16:15 ` netfilter 27/29: nfmark IPV6 " Patrick McHardy
2008-11-27 16:15 ` netfilter 28/29: fix warning in net/netfilter/nf_conntrack_proto_tcp.c Patrick McHardy
2008-11-27 16:15 ` netfilter 29/29: fix warning in net/netfilter/nf_conntrack_ftp.c Patrick McHardy
2008-11-27 16:16 ` netfilter 00/29: Netfilter Update Patrick McHardy
2008-11-28 11:03 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081127161508.13891.87491.sendpatchset@x2.localnet \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.