[PATCH 12/15] br_netfilter: switch sysctls nf_call_iptables and nf_call_ip6tables to per-netns processing

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Vasily Averin <vvs@parallels.com>
To: Bart De Schuymer <bdschuym@pandora.be>
Cc: Florian Westphal <fw@strlen.de>,
	netfilter-devel@vger.kernel.org,
	Stephen Hemminger <stephen@networkplumber.org>,
	Patrick McHardy <kaber@trash.net>,
	Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH 12/15] br_netfilter: switch sysctls nf_call_iptables and nf_call_ip6tables to per-netns processing
Date: Sat, 10 May 2014 01:28:40 +0400	[thread overview]
Message-ID: <536D4888.8040400@parallels.com> (raw)
In-Reply-To: <cover.1399660706.git.vvs@openvz.org>


Signed-off-by: Vasily Averin <vvs@openvz.org>
---
 net/bridge/br_netfilter.c |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index dbf73cb..5043b1e 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -681,6 +681,7 @@ static unsigned int br_nf_pre_routing(const struct nf_hook_ops *ops,
 {
 	struct net_bridge_port *p;
 	struct net_bridge *br;
+	struct brnf_net *bn;
 	__u32 len = nf_bridge_encap_header_len(skb);
 
 	if (unlikely(!pskb_may_pull(skb, len)))
@@ -691,15 +692,16 @@ static unsigned int br_nf_pre_routing(const struct nf_hook_ops *ops,
 		return NF_DROP;
 	br = p->br;
 
+	bn = brnf_net(dev_net(skb->dev));
 	if (IS_IPV6(skb) || IS_VLAN_IPV6(skb) || IS_PPPOE_IPV6(skb)) {
-		if (!init_brnf_net.nf_call_ip6tables && !br->nf_call_ip6tables)
+		if (!bn->nf_call_ip6tables && !br->nf_call_ip6tables)
 			return NF_ACCEPT;
 
 		nf_bridge_pull_encap_header_rcsum(skb);
 		return br_nf_pre_routing_ipv6(ops, skb, in, out, okfn);
 	}
 
-	if (!init_brnf_net.nf_call_iptables && !br->nf_call_iptables)
+	if (!bn->nf_call_iptables && !br->nf_call_iptables)
 		return NF_ACCEPT;
 
 	if (!IS_IP(skb) && !IS_VLAN_IP(skb) && !IS_PPPOE_IP(skb))
@@ -1075,7 +1077,7 @@ static int brnf_sysctl_net_register(struct brnf_net *bn)
 		if (!table)
 			goto err_alloc;
 	}
-	for (i = 0; i < 1; i++)
+	for (i = 0; i < 3; i++)
 		table[i].data += (char *)bn - (char *)&init_brnf_net;
 
 	hdr = register_net_sysctl(bn->net, "net/bridge", table);
-- 
1.7.5.4

next prev parent reply	other threads:[~2014-05-09 21:30 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <536A8054.90201@pandora.de>
2014-05-09 21:26 ` [PATCH 00/15 RFC] per-netns sysctl for br_netfilter Vasily Averin
     [not found] ` <cover.1399660706.git.vvs@openvz.org>
2014-05-09 21:26   ` [PATCH 01/15] br_netfilter: brnf_net structure Vasily Averin
2014-05-11 19:26     ` Bart De Schuymer
2014-05-09 21:27   ` [PATCH 02/15] br_netfilter: default settings in init_brnf_net Vasily Averin
2014-05-09 21:27   ` [PATCH 03/15] br_netfilter: switch sysctl nf_call_arptables to init_brnf_net Vasily Averin
2014-05-09 21:27   ` [PATCH 04/15] br_netfilter: switch sysctl nf_call_iptables " Vasily Averin
2014-05-11 19:35     ` Bart De Schuymer
2014-05-09 21:27   ` [PATCH 05/15] br_netfilter: switch sysctl nf_call_ip6tables " Vasily Averin
2014-05-09 21:27   ` [PATCH 06/15] br_netfilter: switch sysctl filter_vlan_tagged " Vasily Averin
2014-05-09 21:27   ` [PATCH 07/15] br_netfilter: switch sysctl filter_pppoe_tagged " Vasily Averin
2014-05-09 21:28   ` [PATCH 08/15] br_netfilter: switch sysctl pass_vlan_indev " Vasily Averin
2014-05-09 21:28   ` [PATCH 09/15] br_netfilter: pernet_operations brnf_net_ops without per-netns sysctl registration Vasily Averin
2014-05-11 19:26     ` Bart De Schuymer
2014-05-09 21:28   ` [PATCH 10/15] br_netfilter: added " Vasily Averin
2014-05-09 21:28   ` [PATCH 11/15] br_netfilter: switch sysctl nf_call_arptables to per-netns processing Vasily Averin
2014-05-09 21:28   ` Vasily Averin [this message]
2014-05-09 21:28   ` [PATCH 13/15] br_netfilter: switch sysctl filter_vlan_tagged " Vasily Averin
2014-05-09 21:28   ` [PATCH 14/15] br_netfilter: switch sysctl filter_pppoe_tagged " Vasily Averin
2014-05-09 21:29   ` [PATCH 15/15] br_netfilter: switch sysctl pass_vlan_indev " Vasily Averin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:dbf73cb dfblob:5043b1e )
 OR (
bs:"[PATCH 12/15] br_netfilter: switch sysctls nf_call_iptables and nf_call_ip6tables to per-netns processing" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=536D4888.8040400@parallels.com \
    --to=vvs@parallels.com \
    --cc=bdschuym@pandora.be \
    --cc=fw@strlen.de \
    --cc=kaber@trash.net \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    --cc=stephen@networkplumber.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.