* [ofa-general] [PATCH 3/3] RDMA/cxgb3: Mark qp as privileged based on user capabilities.
From: Steve Wise @ 2008-01-21 20:39 UTC (permalink / raw)
To: rdreier; +Cc: netdev, linux-kernel, general
In-Reply-To: <20080121203829.3143.26181.stgit@dell3.ogc.int>
RDMA/cxgb3: Mark qp as privileged based on user capabilities.
This is needed for zero-stag support.
Signed-off-by: Steve Wise <swise@opengridcomputing.com>
---
drivers/infiniband/hw/cxgb3/cxio_wr.h | 3 ++-
drivers/infiniband/hw/cxgb3/iwch_qp.c | 1 +
2 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/drivers/infiniband/hw/cxgb3/cxio_wr.h b/drivers/infiniband/hw/cxgb3/cxio_wr.h
index c84d4ac..d72b584 100644
--- a/drivers/infiniband/hw/cxgb3/cxio_wr.h
+++ b/drivers/infiniband/hw/cxgb3/cxio_wr.h
@@ -324,7 +324,8 @@ struct t3_genbit {
};
enum rdma_init_wr_flags {
- RECVS_POSTED = 1,
+ RECVS_POSTED = (1<<0),
+ PRIV_QP = (1<<1),
};
union t3_wr {
diff --git a/drivers/infiniband/hw/cxgb3/iwch_qp.c b/drivers/infiniband/hw/cxgb3/iwch_qp.c
index 7681fdc..ea2cdd7 100644
--- a/drivers/infiniband/hw/cxgb3/iwch_qp.c
+++ b/drivers/infiniband/hw/cxgb3/iwch_qp.c
@@ -717,6 +717,7 @@ static int rdma_init(struct iwch_dev *rhp, struct iwch_qp *qhp,
init_attr.qp_dma_addr = qhp->wq.dma_addr;
init_attr.qp_dma_size = (1UL << qhp->wq.size_log2);
init_attr.flags = rqes_posted(qhp) ? RECVS_POSTED : 0;
+ init_attr.flags |= capable(CAP_NET_BIND_SERVICE) ? PRIV_QP : 0;
init_attr.irs = qhp->ep->rcv_seq;
PDBG("%s init_attr.rq_addr 0x%x init_attr.rq_size = %d "
"flags 0x%x qpcaps 0x%x\n", __FUNCTION__,
^ permalink raw reply related
* [ofa-general] [PATCH 2/3] RDMA/cxgb3: fix page shift calculation in build_phys_page_list()
From: Steve Wise @ 2008-01-21 20:39 UTC (permalink / raw)
To: rdreier; +Cc: netdev, linux-kernel, general
In-Reply-To: <20080121203829.3143.26181.stgit@dell3.ogc.int>
RDMA/cxgb3: fix page shift calculation in build_phys_page_list()
The existing logic incorrectly maps this buffer list:
0: addr 0x10001000, size 0x1000
1: addr 0x10002000, size 0x1000
To this bogus page list:
0: 0x10000000
1: 0x10002000
The shift calculation must also take into account the address of the first
entry masked by the page_mask as well as the last address+size rounded
up to the next page size.
Signed-off-by: Steve Wise <swise@opengridcomputing.com>
---
drivers/infiniband/hw/cxgb3/iwch_mem.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/drivers/infiniband/hw/cxgb3/iwch_mem.c b/drivers/infiniband/hw/cxgb3/iwch_mem.c
index a6c2c4b..73bfd16 100644
--- a/drivers/infiniband/hw/cxgb3/iwch_mem.c
+++ b/drivers/infiniband/hw/cxgb3/iwch_mem.c
@@ -122,6 +122,13 @@ int build_phys_page_list(struct ib_phys_buf *buffer_list,
*total_size += buffer_list[i].size;
if (i > 0)
mask |= buffer_list[i].addr;
+ else
+ mask |= buffer_list[i].addr & PAGE_MASK;
+ if (i != num_phys_buf - 1)
+ mask |= buffer_list[i].addr + buffer_list[i].size;
+ else
+ mask |= (buffer_list[i].addr + buffer_list[i].size +
+ PAGE_SIZE - 1) & PAGE_MASK;
}
if (*total_size > 0xFFFFFFFFULL)
^ permalink raw reply related
* [ofa-general] [PATCH 1/3] RDMA/cxgb3: Flush the RQ when closing.
From: Steve Wise @ 2008-01-21 20:39 UTC (permalink / raw)
To: rdreier; +Cc: netdev, linux-kernel, general
In-Reply-To: <20080121203829.3143.26181.stgit@dell3.ogc.int>
RDMA/cxgb3: Flush the RQ when closing.
- for kernel mode cqs, call event notification handler when flushing
- flush qp when moving from RTS -> CLOSING
- fixed logic to identify a kernel mode qp
Signed-off-by: Steve Wise <swise@opengridcomputing.com>
---
drivers/infiniband/hw/cxgb3/iwch_qp.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/hw/cxgb3/iwch_qp.c b/drivers/infiniband/hw/cxgb3/iwch_qp.c
index 9bb8112..7681fdc 100644
--- a/drivers/infiniband/hw/cxgb3/iwch_qp.c
+++ b/drivers/infiniband/hw/cxgb3/iwch_qp.c
@@ -642,6 +642,7 @@ static void __flush_qp(struct iwch_qp *qhp, unsigned long *flag)
cxio_flush_rq(&qhp->wq, &rchp->cq, count);
spin_unlock(&qhp->lock);
spin_unlock_irqrestore(&rchp->lock, *flag);
+ (*rchp->ibcq.comp_handler)(&rchp->ibcq, rchp->ibcq.cq_context);
/* locking heirarchy: cq lock first, then qp lock. */
spin_lock_irqsave(&schp->lock, *flag);
@@ -651,6 +652,7 @@ static void __flush_qp(struct iwch_qp *qhp, unsigned long *flag)
cxio_flush_sq(&qhp->wq, &schp->cq, count);
spin_unlock(&qhp->lock);
spin_unlock_irqrestore(&schp->lock, *flag);
+ (*schp->ibcq.comp_handler)(&schp->ibcq, schp->ibcq.cq_context);
/* deref */
if (atomic_dec_and_test(&qhp->refcnt))
@@ -661,7 +663,7 @@ static void __flush_qp(struct iwch_qp *qhp, unsigned long *flag)
static void flush_qp(struct iwch_qp *qhp, unsigned long *flag)
{
- if (t3b_device(qhp->rhp))
+ if (qhp->ibqp.uobject)
cxio_set_wq_in_error(&qhp->wq);
else
__flush_qp(qhp, flag);
@@ -830,10 +832,11 @@ int iwch_modify_qp(struct iwch_dev *rhp, struct iwch_qp *qhp,
disconnect = 1;
ep = qhp->ep;
}
+ flush_qp(qhp, &flag);
break;
case IWCH_QP_STATE_TERMINATE:
qhp->attr.state = IWCH_QP_STATE_TERMINATE;
- if (t3b_device(qhp->rhp))
+ if (qhp->ibqp.uobject)
cxio_set_wq_in_error(&qhp->wq);
if (!internal)
terminate = 1;
^ permalink raw reply related
* Please pull 'upstream-davem' branch of wireless-2.6 (2008-01-21)
From: John W. Linville @ 2008-01-21 20:28 UTC (permalink / raw)
To: davem-fT/PcQaiUtIeIZ0/mPfg9Q
Cc: netdev-u79uwXL29TY76Z2rM5mHXA,
linux-wireless-u79uwXL29TY76Z2rM5mHXA
Dave,
A slew of patches intended for 2.6.25... Included are some big updates to
b43, iwlwifi, libertas, and rt2x00. Also included are some sizeable
mac80211 updates and a bunch of cleanup work from Al Viro, as well as a
smattering of other patches.
More notable are two new drivers: ath5k and rtl8180. Both of these
drivers have seen a lot of development during this cycle, and both have
been serving commendably in Fedora 8 for some time. I think we are better
off with them in the upstream tree now.
Please let me know if there are problems!
Thanks,
John
P.S. It looks like there are some minor conflicts that you will see in
the rt2x00 driver when rebasing on Linus' current tree. Just FYI, but
feel free to ask if the fixes aren't obvious...thanks!
---
Individual patches are available here:
http://www.kernel.org/pub/linux/kernel/people/linville/wireless-2.6/upstream-davem
---
The following changes since commit f2b4e6efaad1ad76acc66683edec8eca26236eed:
Jan Engelhardt (1):
[IPV4]: Enable use of 240/4 address space.
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6.git upstream-davem
Al Viro (35):
eliminate byteswapping in struct ieee80211_qos_parameters
several missing cpu_to_le16() in ieee80211softmac_capabilities()
ieee80211softmac_auth_resp() fix
ieee80211: fix misannotations
ieee80211: beacon->capability is little-endian
airo: fix transmit_802_11_packet()
airo: fix endianness bug in ->dBm handling
airo: bug in airo_interrupt() handling on incoming 802.11
airo endianness bug: cap_rid.extSoftCap
airo: fix writerids() endianness
hostap: fix endianness with txdesc->sw_support
p54common annotations and fixes
ipw2100 annotations and fixes
ray_cs fixes
ipw2200 fix: struct ieee80211_radiotap_header is little-endian
ipw2200 fix: ->rt_chbitmask is le16
ipw2200: ipw_tx_skb() endianness bug
airo: trivial endianness annotations
airo: sanitize handling of SSID_rid
bap_read()/bap_write() work with fixed-endian buffers
airo: sanitize BSSListRid handling
airo: sanitize handling of WepKeyRid
airo: sanitize handling of StatsRid
airo: sanitize handling of CapabilityRid
airo: sanitize APListRid handling
airo: sanitize handling of StatusRid
airo: last of endianness annotations
hostap annotations
hostap: don't mess with mixed-endian even for internal skb queues
p54pci: endianness annotations and fixes
bcm43xx annotations
prism54 trivial annotations
ipw2200 trivial annotations
ipw2200: do not byteswap struct ipw_associate
misc wireless annotations
Andrew Morton (2):
drivers/net/wireless/iwlwifi/iwl-3945.c: fix printk warning
drivers/net/wireless/rt2x00/rt2x00usb.c: fix uninitialized var warning
Ben M Cahill (1):
iwlwifi: document scan command
Daniel Walker (1):
prism54: remove questionable down_interruptible usage
Helge Deller (1):
WAVELAN - compile-time check for struct sizes
Holger Schurig (5):
libertas cs/sdio: fix 'NOHZ: local_softirq_pending 08' message
libertas: move cardspecific data to driver
libertas: always show firmware release
libertas: don't blindly try mesh
libertas: pepper main with debug statement
Ivo van Doorn (15):
rt2x00: Fix chipset debugfs file
rt2x00: Always call ieee80211_stop_queue() when return NETDEV_TX_BUSY
rt2x00: Only set the TBCN flag when the interface is configured to send beacons.
rt2x00: Store queue idx and entry idx in data_ring and data_entry
rt2x00: Move start() and stop() handlers into rt2x00lib.c
rt2x00: Put 802.11 data on 4 byte boundary
rt2x00: Move packet filter flags
rt2x00: Cleanup write_tx_desc() arguments
rt2x00: Determine MY_BSS from descriptor
rt2x00: Move init_txring and init_rxring into rt2x00lib
rt2x00: Correctly initialize data and desc pointer
rt2x00: Release rt2x00 2.0.14
rt2x00: Data and desc pointer initialization
rt2x00: Fix queue_idx initialization
mac80211: Initialize vif pointer
Jiri Slaby (1):
Net: add ath5k wireless driver
Johannes Berg (5):
mac80211: dont use interface indices in drivers
mac80211: move interface type to vif structure
mac80211: add beacon configuration via cfg80211
mac80211: implement cfg80211 station handling
mac80211: add unified BSS configuration
John W. Linville (4):
wireless: cleanup some merge errors
Revert "rtl8187: fix tx power reading"
b43: finish removal of pio support
b43/nphy.c: include headers to avoid build breakage on some platforms
Luis R. Rodriguez (1):
ath5k: Fix frame duration oops
Michael Buesch (25):
ssb: Fix extraction of values from SPROM
b43: Only select allowed TX and RX antennas
b43: Fix chip access validation for new devices
ssb: Fix PCMCIA lowlevel register access
b43: Remove PIO support
b43: Add definitions for MAC Control register
b43-ssb-bridge: Add PCI ID for BCM43XG
b43: Add NPHY kconfig option
b43: Fix any N-PHY related WARN_ON() in the attach stage.
zd1211rw: fix alignment for QOS and WDS frames
b43: Add N-PHY register definitions
b43: Fix PHY register routing
b43: Remove the PHY spinlock
b43: Fix upload of beacon packets to the hardware
b43: Fix template upload locking.
b43: Put multicast frames on the mcast queue
b43: Fix tim search buffer overrun
b43: Add N-PHY related initvals firmware filenames.
b43: Fix radio ID register reading
b43: Add support for new firmware
b43: Add Broadcom 2055 radio register definitions
ssb: Add boardflags_hi field to the sprom data structure
b43: Add NPHY radio init code
b43: Add NPHY channel switch code
b43: Add lots of N-PHY lookup tables
Michael Wu (2):
Add rtl8180 wireless driver
mac80211: Fix rate reporting regression
Miguel Botón (3):
ssb: add 'ssb_pcihost_set_power_state' function
b44: power down PHY when interface down
iwlwifi: fix compilation warning in 'iwl-4965.c'
Pavel Roskin (1):
hostap_cs: don't match revisions in presense of the MAC chip name
Reinette Chatre (2):
iwlwifi: remove reference to non-existent documentation
iwlwifi: style fixes to usage of << and >> operators
Ron Rindjunsky (3):
iwlwifi: A-MPDU Rx flow enabled
mac80211: A-MPDU Rx stop aggregation on proper dev
mac80211: A-MPDU Rx remove stop_rx_ba_session warning print
Stefano Brivio (1):
b43legacy: fix use-after-free rfkill bug
Tomas Winkler (6):
iwl4965: Remove redundant code in iwl4965_tx_cmd
iwlwifi: move iwl4965_get_dma_hi_address function to iwl-helpers.h
iwlwifi: remove iwl4965_tx_cmd
iwlwifi: move uCode helper functions to iwl-helpers.h
iwlwifi: 4965 unify rate scale variable names for station data
iwlwifi: 3954 renames iwl3945_rate_scale_priv to iwl3945_rs_sta
Zhu Yi (4):
iwlwifi: fix typo in 'drivers/net/wireless/iwlwifi/Kconfig'
iwlwifi: delay firmware loading from pci_probe to network interface open
iwlwifi: fix problem when rf_killswitch change during suspend/resume
iwlwifi: Update iwlwifi version stamp to 1.2.23
Documentation/feature-removal-schedule.txt | 11 +-
MAINTAINERS | 11 +
drivers/net/b44.c | 28 +-
drivers/net/wireless/Kconfig | 73 +
drivers/net/wireless/Makefile | 5 +
drivers/net/wireless/adm8211.c | 11 +-
drivers/net/wireless/airo.c | 1233 +++----
drivers/net/wireless/ath5k/Makefile | 2 +
drivers/net/wireless/ath5k/ath5k.h | 1173 ++++++
drivers/net/wireless/ath5k/base.c | 2818 ++++++++++++++
drivers/net/wireless/ath5k/base.h | 178 +
drivers/net/wireless/ath5k/debug.c | 469 +++
drivers/net/wireless/ath5k/debug.h | 216 ++
drivers/net/wireless/ath5k/hw.c | 4353 ++++++++++++++++++++++
drivers/net/wireless/ath5k/hw.h | 588 +++
drivers/net/wireless/ath5k/initvals.c | 1347 +++++++
drivers/net/wireless/ath5k/phy.c | 2071 ++++++++++
drivers/net/wireless/ath5k/reg.h | 1987 ++++++++++
drivers/net/wireless/ath5k/regdom.c | 121 +
drivers/net/wireless/ath5k/regdom.h | 500 +++
drivers/net/wireless/atmel.c | 30 +-
drivers/net/wireless/b43/Kconfig | 58 +-
drivers/net/wireless/b43/Makefile | 11 +-
drivers/net/wireless/b43/b43.h | 119 +-
drivers/net/wireless/b43/debugfs.c | 7 +-
drivers/net/wireless/b43/dma.c | 123 +-
drivers/net/wireless/b43/dma.h | 50 -
drivers/net/wireless/b43/lo.c | 64 +-
drivers/net/wireless/b43/main.c | 702 ++--
drivers/net/wireless/b43/main.h | 3 +
drivers/net/wireless/b43/nphy.c | 199 +
drivers/net/wireless/b43/nphy.h | 926 +++++
drivers/net/wireless/b43/phy.c | 342 ++-
drivers/net/wireless/b43/phy.h | 79 +-
drivers/net/wireless/b43/pio.c | 652 ----
drivers/net/wireless/b43/pio.h | 153 -
drivers/net/wireless/b43/tables_nphy.c | 2476 ++++++++++++
drivers/net/wireless/b43/tables_nphy.h | 159 +
drivers/net/wireless/b43/xmit.c | 196 +-
drivers/net/wireless/b43/xmit.h | 200 +-
drivers/net/wireless/b43legacy/b43legacy.h | 5 +-
drivers/net/wireless/b43legacy/main.c | 18 +-
drivers/net/wireless/b43legacy/phy.c | 2 +-
drivers/net/wireless/b43legacy/rfkill.c | 11 +-
drivers/net/wireless/b43legacy/xmit.c | 26 +-
drivers/net/wireless/bcm43xx/bcm43xx.h | 6 +-
drivers/net/wireless/bcm43xx/bcm43xx_main.c | 40 +-
drivers/net/wireless/bcm43xx/bcm43xx_pio.c | 6 +-
drivers/net/wireless/bcm43xx/bcm43xx_xmit.c | 6 +-
drivers/net/wireless/hostap/hostap_80211.h | 34 +-
drivers/net/wireless/hostap/hostap_80211_rx.c | 2 +-
drivers/net/wireless/hostap/hostap_ap.c | 72 +-
drivers/net/wireless/hostap/hostap_common.h | 34 +-
drivers/net/wireless/hostap/hostap_cs.c | 15 +-
drivers/net/wireless/hostap/hostap_download.c | 22 +-
drivers/net/wireless/hostap/hostap_hw.c | 28 +-
drivers/net/wireless/hostap/hostap_info.c | 9 +-
drivers/net/wireless/hostap/hostap_ioctl.c | 66 +-
drivers/net/wireless/hostap/hostap_main.c | 6 +-
drivers/net/wireless/hostap/hostap_pci.c | 16 +-
drivers/net/wireless/hostap/hostap_wlan.h | 202 +-
drivers/net/wireless/ipw2100.c | 10 +-
drivers/net/wireless/ipw2200.c | 175 +-
drivers/net/wireless/ipw2200.h | 190 +-
drivers/net/wireless/iwlwifi/Kconfig | 24 +-
drivers/net/wireless/iwlwifi/iwl-3945-commands.h | 155 +-
drivers/net/wireless/iwlwifi/iwl-3945-debug.h | 58 +-
drivers/net/wireless/iwlwifi/iwl-3945-hw.h | 46 +-
drivers/net/wireless/iwlwifi/iwl-3945-rs.c | 218 +-
drivers/net/wireless/iwlwifi/iwl-3945-rs.h | 26 +-
drivers/net/wireless/iwlwifi/iwl-3945.c | 16 +-
drivers/net/wireless/iwlwifi/iwl-3945.h | 2 +-
drivers/net/wireless/iwlwifi/iwl-4965-commands.h | 187 +-
drivers/net/wireless/iwlwifi/iwl-4965-debug.h | 58 +-
drivers/net/wireless/iwlwifi/iwl-4965-hw.h | 36 +-
drivers/net/wireless/iwlwifi/iwl-4965-rs.c | 616 ++--
drivers/net/wireless/iwlwifi/iwl-4965-rs.h | 28 +-
drivers/net/wireless/iwlwifi/iwl-4965.c | 230 +-
drivers/net/wireless/iwlwifi/iwl-4965.h | 15 +-
drivers/net/wireless/iwlwifi/iwl-helpers.h | 23 +
drivers/net/wireless/iwlwifi/iwl3945-base.c | 401 +--
drivers/net/wireless/iwlwifi/iwl4965-base.c | 459 ++--
drivers/net/wireless/libertas/cmd.c | 23 +-
drivers/net/wireless/libertas/dev.h | 3 +-
drivers/net/wireless/libertas/hostcmd.h | 4 +-
drivers/net/wireless/libertas/if_usb.c | 5 +-
drivers/net/wireless/libertas/if_usb.h | 1 +
drivers/net/wireless/libertas/main.c | 194 +-
drivers/net/wireless/libertas/rx.c | 5 +-
drivers/net/wireless/libertas/wext.c | 16 +-
drivers/net/wireless/p54common.c | 11 +-
drivers/net/wireless/p54pci.c | 16 +-
drivers/net/wireless/p54pci.h | 4 +-
drivers/net/wireless/prism54/isl_38xx.h | 10 +-
drivers/net/wireless/prism54/isl_ioctl.c | 12 +-
drivers/net/wireless/prism54/islpci_eth.c | 2 +-
drivers/net/wireless/prism54/islpci_eth.h | 38 +-
drivers/net/wireless/prism54/islpci_mgt.h | 2 +-
drivers/net/wireless/ray_cs.c | 69 +-
drivers/net/wireless/rt2x00/rt2400pci.c | 104 +-
drivers/net/wireless/rt2x00/rt2500pci.c | 90 +-
drivers/net/wireless/rt2x00/rt2500usb.c | 35 +-
drivers/net/wireless/rt2x00/rt2x00.h | 43 +-
drivers/net/wireless/rt2x00/rt2x00debug.c | 13 +-
drivers/net/wireless/rt2x00/rt2x00dev.c | 166 +-
drivers/net/wireless/rt2x00/rt2x00lib.h | 4 +-
drivers/net/wireless/rt2x00/rt2x00mac.c | 80 +-
drivers/net/wireless/rt2x00/rt2x00pci.c | 28 +-
drivers/net/wireless/rt2x00/rt2x00ring.h | 13 +
drivers/net/wireless/rt2x00/rt2x00usb.c | 108 +-
drivers/net/wireless/rt2x00/rt2x00usb.h | 5 +-
drivers/net/wireless/rt2x00/rt61pci.c | 116 +-
drivers/net/wireless/rt2x00/rt73usb.c | 40 +-
drivers/net/wireless/rtl8180.h | 151 +
drivers/net/wireless/rtl8180_dev.c | 1051 ++++++
drivers/net/wireless/rtl8180_grf5101.c | 179 +
drivers/net/wireless/rtl8180_grf5101.h | 28 +
drivers/net/wireless/rtl8180_max2820.c | 150 +
drivers/net/wireless/rtl8180_max2820.h | 28 +
drivers/net/wireless/rtl8180_rtl8225.c | 779 ++++
drivers/net/wireless/rtl8180_rtl8225.h | 23 +
drivers/net/wireless/rtl8180_sa2400.c | 201 +
drivers/net/wireless/rtl8180_sa2400.h | 36 +
drivers/net/wireless/rtl8187.h | 4 +-
drivers/net/wireless/rtl8187_dev.c | 68 +-
drivers/net/wireless/rtl8187_rtl8225.c | 60 +-
drivers/net/wireless/rtl8187_rtl8225.h | 9 +-
drivers/net/wireless/rtl818x.h | 29 +-
drivers/net/wireless/wavelan.c | 34 +-
drivers/net/wireless/wavelan.p.h | 1 -
drivers/net/wireless/wavelan_cs.c | 33 +-
drivers/net/wireless/wavelan_cs.p.h | 3 +-
drivers/net/wireless/zd1211rw/zd_mac.c | 32 +-
drivers/ssb/b43_pci_bridge.c | 1 +
drivers/ssb/pci.c | 79 +-
drivers/ssb/pcmcia.c | 71 +-
include/linux/pci_ids.h | 3 +
include/linux/ssb/ssb.h | 30 +-
include/linux/ssb/ssb_regs.h | 38 +-
include/net/ieee80211.h | 6 +-
include/net/mac80211.h | 138 +-
net/ieee80211/ieee80211_crypt_tkip.c | 22 +-
net/ieee80211/ieee80211_rx.c | 47 +-
net/ieee80211/ieee80211_tx.c | 14 +-
net/ieee80211/softmac/ieee80211softmac_auth.c | 6 +-
net/ieee80211/softmac/ieee80211softmac_io.c | 10 +-
net/mac80211/cfg.c | 350 ++-
net/mac80211/debugfs_netdev.c | 33 +-
net/mac80211/ieee80211.c | 94 +-
net/mac80211/ieee80211_i.h | 42 +-
net/mac80211/ieee80211_iface.c | 16 +-
net/mac80211/ieee80211_ioctl.c | 65 +-
net/mac80211/ieee80211_rate.c | 18 +-
net/mac80211/ieee80211_sta.c | 121 +-
net/mac80211/key.c | 6 +-
net/mac80211/rc80211_pid_algo.c | 20 +-
net/mac80211/rc80211_simple.c | 19 +-
net/mac80211/rx.c | 38 +-
net/mac80211/sta_info.c | 27 +-
net/mac80211/tx.c | 136 +-
net/mac80211/util.c | 59 +-
161 files changed, 27651 insertions(+), 5360 deletions(-)
create mode 100644 drivers/net/wireless/ath5k/Makefile
create mode 100644 drivers/net/wireless/ath5k/ath5k.h
create mode 100644 drivers/net/wireless/ath5k/base.c
create mode 100644 drivers/net/wireless/ath5k/base.h
create mode 100644 drivers/net/wireless/ath5k/debug.c
create mode 100644 drivers/net/wireless/ath5k/debug.h
create mode 100644 drivers/net/wireless/ath5k/hw.c
create mode 100644 drivers/net/wireless/ath5k/hw.h
create mode 100644 drivers/net/wireless/ath5k/initvals.c
create mode 100644 drivers/net/wireless/ath5k/phy.c
create mode 100644 drivers/net/wireless/ath5k/reg.h
create mode 100644 drivers/net/wireless/ath5k/regdom.c
create mode 100644 drivers/net/wireless/ath5k/regdom.h
create mode 100644 drivers/net/wireless/b43/nphy.c
create mode 100644 drivers/net/wireless/b43/nphy.h
delete mode 100644 drivers/net/wireless/b43/pio.c
delete mode 100644 drivers/net/wireless/b43/pio.h
create mode 100644 drivers/net/wireless/b43/tables_nphy.c
create mode 100644 drivers/net/wireless/b43/tables_nphy.h
create mode 100644 drivers/net/wireless/rtl8180.h
create mode 100644 drivers/net/wireless/rtl8180_dev.c
create mode 100644 drivers/net/wireless/rtl8180_grf5101.c
create mode 100644 drivers/net/wireless/rtl8180_grf5101.h
create mode 100644 drivers/net/wireless/rtl8180_max2820.c
create mode 100644 drivers/net/wireless/rtl8180_max2820.h
create mode 100644 drivers/net/wireless/rtl8180_rtl8225.c
create mode 100644 drivers/net/wireless/rtl8180_rtl8225.h
create mode 100644 drivers/net/wireless/rtl8180_sa2400.c
create mode 100644 drivers/net/wireless/rtl8180_sa2400.h
Omnibus patch available here:
http://www.kernel.org:/pub/linux/kernel/people/linville/upstream-davem-2008-01-21.patch.bz2
--
John W. Linville
linville-2XuSBdqkA4R54TAoqtyWWQ@public.gmane.org
^ permalink raw reply
* Fwd: sysfs network namespace support - was this patch set forgotten ?
From: Ian Brown @ 2008-01-21 20:16 UTC (permalink / raw)
To: ebiederm, David Miller; +Cc: netdev
In-Reply-To: <d0383f90801192308h7888079cubb47daf6ec465d0f@mail.gmail.com>
---------- Forwarded message ----------
From: Ian Brown <ianbrn@gmail.com>
Date: Jan 20, 2008 9:08 AM
Subject: sysfs network namespace support - was this patch set forgotten ?
To: linux-kernel@vger.kernel.org, gregkh@suse.de, kpm@linux-foundation.org
Hello,
I saw some posts (from about a month ago) about network namespace
support patches; I wonder: what
is the status of this patch set ? was it somehow forgotten ?
(I don't see it in v2.6.24-rc8 mm tree).
see:
http://linux.derkeiler.com/Mailing-Lists/Kernel/2007-12/msg07720.html
http://linux.derkeiler.com/Mailing-Lists/Kernel/2007-12/msg00096.html
Regards,
Ian
^ permalink raw reply
* Re: [PATCH] PHYLIB: Locking fixes for PHY I/O potentially sleeping
From: Andy Fleming @ 2008-01-21 20:05 UTC (permalink / raw)
To: Nate Case; +Cc: netdev
In-Reply-To: <1199403419.25262.62.camel@localhost.localdomain>
On Jan 3, 2008, at 17:36, Nate Case wrote:
> PHY read/write functions can potentially sleep (e.g., a PHY accessed
> via I2C). The following changes were made to account for this:
>
> * Change spin locks to mutex locks
> * Add a BUG_ON() to phy_read() phy_write() to warn against
> calling them from an interrupt context.
> * Use work queue for PHY state machine handling since
> it can potentially sleep
> * Change phydev lock from spinlock to mutex
>
> Signed-off-by: Nate Case <ncase@xes-inc.com>
Ok, I've tested this on my system and it works.
Acked-by: Andy Fleming <afleming@freescale.com>
^ permalink raw reply
* Re: questions on NAPI processing latency and dropped network packets
From: Chris Friesen @ 2008-01-21 19:53 UTC (permalink / raw)
To: netdev; +Cc: linux-kernel
In-Reply-To: <478654C3.60806@nortel.com>
I've done some further digging, and it appears that one of the problems
we may be facing is very high instantaneous traffic rates.
Instrumentation showed up to 222K packets/sec for short periods (at
least 1.1 ms, possibly longer), although the long-term average is down
around 14-16K packets/sec.
If I bump the rx ring size up to 4096, we can handle all the packets and
we still have 44% idle on cpu0 and 27% idle on cpu1.
Is there anything else we can do to minimize the latency of network
packet processing and avoid having to crank the rx ring size up so high?
Thanks,
Chris
^ permalink raw reply
* Re: [PATCH 2/2] IPV6: RFC 2011 compatibility broken
From: David Stevens @ 2008-01-21 19:17 UTC (permalink / raw)
To: Wang Chen; +Cc: David S. Miller, Herbert Xu, netdev, netdev-owner
In-Reply-To: <47946A04.3080702@cn.fujitsu.com>
RFC 2011 doesn't apply to IPv6, and the internal names of /proc entries
are not used by the SNMP protocol, but it is an unintentional
incompatibility with the
previous Linux entry names, so I agree. :-)
+-DLS
Acked-by: David L Stevens <dlstevens@us.ibm.com>
netdev-owner@vger.kernel.org wrote on 01/21/2008 01:46:44 AM:
> [IPV6]: RFC 2011 compatibility broken
>
> The snmp6 entry name was changed, and it broke compatibility
> to RFC 2011.
>
> Signed-off-by: Wang Chen <wangchen@cn.fujitsu.com>
>
^ permalink raw reply
* [IPV4] ipmr sparse warnings
From: Stephen Hemminger @ 2008-01-21 17:53 UTC (permalink / raw)
To: David Miller; +Cc: netdev
Get rid of some of the sparse warnings.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
--- a/net/ipv4/ipmr.c 2008-01-21 09:37:02.000000000 -0800
+++ b/net/ipv4/ipmr.c 2008-01-21 09:39:56.000000000 -0800
@@ -141,7 +141,7 @@ struct net_device *ipmr_new_tunnel(struc
p.iph.ihl = 5;
p.iph.protocol = IPPROTO_IPIP;
sprintf(p.name, "dvmrp%d", v->vifc_vifi);
- ifr.ifr_ifru.ifru_data = (void*)&p;
+ ifr.ifr_ifru.ifru_data = (__force void __user *)&p;
oldfs = get_fs(); set_fs(KERNEL_DS);
err = dev->do_ioctl(dev, &ifr, SIOCADDTUNNEL);
@@ -954,10 +954,12 @@ int ip_mroute_setsockopt(struct sock *sk
#ifdef CONFIG_IP_PIMSM
case MRT_PIM:
{
- int v, ret;
+ int v;
+
if (get_user(v,(int __user *)optval))
return -EFAULT;
- v = (v)?1:0;
+ v = (v) ? 1 : 0;
+
rtnl_lock();
ret = 0;
if (v != mroute_do_pim) {
@@ -1659,6 +1661,7 @@ static struct vif_device *ipmr_vif_seq_i
}
static void *ipmr_vif_seq_start(struct seq_file *seq, loff_t *pos)
+ __acquires(mrt_lock)
{
read_lock(&mrt_lock);
return *pos ? ipmr_vif_seq_idx(seq->private, *pos - 1)
@@ -1682,6 +1685,7 @@ static void *ipmr_vif_seq_next(struct se
}
static void ipmr_vif_seq_stop(struct seq_file *seq, void *v)
+ __releases(mrt_lock)
{
read_unlock(&mrt_lock);
}
^ permalink raw reply
* [IPV4] igmp sparse warnings
From: Stephen Hemminger @ 2008-01-21 17:52 UTC (permalink / raw)
To: David Miller; +Cc: netdev
Partial sparse warning fix. The other conditional locking
is too much for sparse to handle.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
--- a/net/ipv4/igmp.c 2008-01-21 09:35:58.000000000 -0800
+++ b/net/ipv4/igmp.c 2008-01-21 09:36:20.000000000 -0800
@@ -2329,6 +2329,7 @@ static struct ip_mc_list *igmp_mc_get_id
}
static void *igmp_mc_seq_start(struct seq_file *seq, loff_t *pos)
+ __acquires(dev_base_lock)
{
read_lock(&dev_base_lock);
return *pos ? igmp_mc_get_idx(seq, *pos - 1) : SEQ_START_TOKEN;
@@ -2346,6 +2347,7 @@ static void *igmp_mc_seq_next(struct seq
}
static void igmp_mc_seq_stop(struct seq_file *seq, void *v)
+ __releases(dev_base_lock)
{
struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq);
if (likely(state->in_dev != NULL)) {
^ permalink raw reply
* [VLAN] sparse warning fix
From: Stephen Hemminger @ 2008-01-21 17:48 UTC (permalink / raw)
To: David Miller, Patrick McHardy; +Cc: netdev
In-Reply-To: <20080121.003406.162149599.davem@davemloft.net>
Minor sparse warning fix.
Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
--- a/net/8021q/vlanproc.c 2008-01-21 09:30:44.000000000 -0800
+++ b/net/8021q/vlanproc.c 2008-01-21 09:31:54.000000000 -0800
@@ -220,6 +220,7 @@ static inline int is_vlan_dev(struct net
/* start read of /proc/net/vlan/config */
static void *vlan_seq_start(struct seq_file *seq, loff_t *pos)
+ __acquires(dev_base_lock)
{
struct net_device *dev;
loff_t i = 1;
@@ -261,6 +262,7 @@ static void *vlan_seq_next(struct seq_fi
}
static void vlan_seq_stop(struct seq_file *seq, void *v)
+ __releases(dev_base_lock)
{
read_unlock(&dev_base_lock);
}
--
Stephen Hemminger <stephen.hemminger@vyatta.com>
^ permalink raw reply
* [PATCH] SCTP: Fix kernel panic while received AUTH chunk while enabled auth
From: Wei Yongjun @ 2008-01-21 16:15 UTC (permalink / raw)
To: netdev; +Cc: lksctp-developers, Vlad Yasevich
If STCP is started while /proc/sys/net/sctp/auth_enable is set 0 and
association is established between endpoints. Then if
/proc/sys/net/sctp/auth_enable is set 1, a received AUTH chunk will
cause kernel panic.
Test as following:
step 1: echo 0> /proc/sys/net/sctp/auth_enable
step 2:
SCTP client SCTP server
INIT --------->
<--------- INIT-ACK
COOKIE-ECHO --------->
<--------- COOKIE-ACK
step 3:
echo 1> /proc/sys/net/sctp/auth_enable
step 4:
SCTP client SCTP server
AUTH ----------->
Then kernel panic.
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000004
printing eip: c8a8a266 *pde = 047d4067 *pte = 00000000
Oops: 0000 [#1] SMP
Modules linked in: md5 sctp ipv6 dm_mirror dm_mod sbs sbshc battery lp snd_ens1371 gameport snd_rawmidi sg snd_ac97_codec ac97_bus snd_seq_dummy snd_seq_oss floppy snd_seq_midi_event snd_seq snd_seq_device snd_pcm_oss ide_cd snd_mixer_oss cdrom serio_raw snd_pcm snd_timer ac parport_pc snd parport button soundcore pcne t32 snd_page_alloc mii i2c_piix4 i2c_core pcspkr mptspi mptscsih mptbase scsi_tr ansport_spi sd_mod scsi_mod ext3 jbd ehci_hcd ohci_hcd uhci_hcd
Pid: 0, comm: swapper Not tainted (2.6.24-rc8 #1)
EIP: 0060:[<c8a8a266>] EFLAGS: 00010202 CPU: 0
EIP is at sctp_auth_calculate_hmac+0xd9/0x126 [sctp]
EAX: 00000000 EBX: c7ade000 ECX: 00000002 EDX: 00000001
ESI: 00000000 EDI: c0756d14 EBP: c7ac2c40 ESP: c0756cf4
DS: 007b ES: 007b FS: 00d8 GS: 0000 SS: 0068
Process swapper (pid: 0, ti=c0756000 task=c06d63a0 task.ti=c070f000)
Stack: c04058c0 c0756d04 00010246 00000000 c10f5842 00000c40 00000000 0000001c
0000007b 0000007b 00000014 c7ac2c48 c7ac2c5c c34a9820 c8a72157 00000020
c7ade000 c34aabc0 c7ade000 c0756da8 c7ac2c44 c8a76068 c34aabc0 c8a8fd04
Call Trace:
[<c04058c0>] apic_timer_interrupt+0x28/0x30
[<c8a72157>] sctp_sf_authenticate+0x126/0x160 [sctp]
[<c8a76068>] sctp_sf_eat_auth+0x13c/0x159 [sctp]
[<c8a89390>] sctp_cname+0x0/0x38 [sctp]
[<c8a76835>] sctp_do_sm+0xb4/0x103f [sctp]
[<c8a7a639>] sctp_assoc_bh_rcv+0xc1/0xf4 [sctp]
[<c8a7ebdb>] sctp_inq_push+0x2a/0x2d [sctp]
[<c8a892af>] sctp_rcv+0x5c3/0x6a4 [sctp]
[<c0425241>] try_to_wake_up+0x3bb/0x3c5
[<c042256f>] find_busiest_group+0x204/0x5f3
[<c042147d>] enqueue_task+0x49/0x54
[<c05dd7be>] ip_local_deliver_finish+0xda/0x17d
[<c05dd6c5>] ip_rcv_finish+0x2c5/0x2e4
[<c05dd91d>] ip_rcv+0x0/0x237
[<c05c13f1>] netif_receive_skb+0x328/0x392
[<c05c37c4>] process_backlog+0x5c/0x9a
[<c05c32d2>] net_rx_action+0x8d/0x163
[<c0432db7>] run_timer_softirq+0x2f/0x156
[<c042fdd3>] __do_softirq+0x5d/0xc1
[<c0406f38>] do_softirq+0x59/0xa8
[<c042cb0c>] profile_tick+0x43/0x5e
[<c0441e6b>] tick_handle_periodic+0x17/0x5c
[<c04546c7>] handle_fasteoi_irq+0x0/0xa6
[<c0407044>] do_IRQ+0xbd/0xd1
[<c041ae2a>] smp_apic_timer_interrupt+0x74/0x80
[<c0403c87>] default_idle+0x0/0x3e
[<c0405803>] common_interrupt+0x23/0x28
[<c0403c87>] default_idle+0x0/0x3e
[<c0403cb3>] default_idle+0x2c/0x3e
[<c0403571>] cpu_idle+0x92/0xab
[<c07148ea>] start_kernel+0x2f7/0x2ff
[<c07140e0>] unknown_bootoption+0x0/0x195
=======================
Code: 0b eb fe 83 e1 02 29 ea 09 c8 89 44 24 10 89 e8 25 ff 0f 00 00 89 54 24 1c 0f b7 54 24 0a 89 44 24 14 8b 43 58 8b 80 ac 00 00 00 <8b> 1c 90 8d 56 08 c7 44 24 24 00 00 00 00 89 5c 24 20 8b 4e 04
EIP: [<c8a8a266>] sctp_auth_calculate_hmac+0xd9/0x126 [sctp] SS:ESP 0068:c0756cf 4
Kernel panic - not syncing: Fatal exception in interrupt
This patch fix this probleam to treat AUTH chunk as unknow chunk if peer
has initialized with no auth capable.
Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com>
--- a/net/sctp/sm_statefuns.c 2008-01-21 00:03:25.000000000 -0500
+++ b/net/sctp/sm_statefuns.c 2008-01-21 05:14:08.000000000 -0500
@@ -3785,6 +3785,10 @@ sctp_disposition_t sctp_sf_eat_auth(cons
struct sctp_chunk *err_chunk;
sctp_ierror_t error;
+ /* Make sure that the peer has AUTH capable */
+ if (!asoc->peer.auth_capable)
+ return sctp_sf_unk_chunk(ep, asoc, type, arg, commands);
+
if (!sctp_vtag_verify(chunk, asoc)) {
sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_BAD_TAG,
SCTP_NULL());
^ permalink raw reply
* Re: post 2.6.24-rc7 regression: unregister_netdevice: waiting for eth1 to become free
From: Mariusz Kozlowski @ 2008-01-21 16:04 UTC (permalink / raw)
To: David Miller; +Cc: akpm, netdev, linux-kernel, jgarzik
In-Reply-To: <20080120.163241.80038143.davem@davemloft.net>
Hello,
> > kernel: unregister_netdevice: waiting for eth1 to become free. Usage count = 1
>
> Known problem:
>
> http://bugzilla.kernel.org/show_bug.cgi?id=9778
Hm ... I was largely offline on weekend and did not see that. Is there any way
I can subscribe 'somewhere' to get notified about any new entry in kernel bugzilla?
Regards,
Mariusz
^ permalink raw reply
* [PATCH 5/5] netns netfilter: per-netns FILTER, MANGLE, RAW
From: Alexey Dobriyan @ 2008-01-21 14:55 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel, netdev, devel
Now, iptables show and configure different set of rules in different
netnss'. Filtering decisions are still made by consulting only
init_net's set.
Changes are identical except naming so no splitting.
P.S.: one need to remove init_net checks in nf_sockopt.c and inet_create()
to see the effect.
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
---
include/net/netns/ipv4.h | 5 ++++
net/ipv4/netfilter/iptable_filter.c | 41 ++++++++++++++++++++++++-----------
net/ipv4/netfilter/iptable_mangle.c | 41 ++++++++++++++++++++++++-----------
net/ipv4/netfilter/iptable_raw.c | 41 ++++++++++++++++++++++++-----------
4 files changed, 92 insertions(+), 36 deletions(-)
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
@@ -22,5 +22,10 @@ struct netns_ipv4 {
#endif
struct hlist_head *fib_table_hash;
struct sock *fibnl;
+#ifdef CONFIG_NETFILTER
+ struct xt_table *iptable_filter;
+ struct xt_table *iptable_mangle;
+ struct xt_table *iptable_raw;
+#endif
};
#endif
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -28,7 +28,7 @@ static struct
struct ipt_replace repl;
struct ipt_standard entries[3];
struct ipt_error term;
-} initial_table __initdata = {
+} initial_table __net_initdata = {
.repl = {
.name = "filter",
.valid_hooks = FILTER_VALID_HOOKS,
@@ -53,14 +53,13 @@ static struct
.term = IPT_ERROR_INIT, /* ERROR */
};
-static struct xt_table __packet_filter = {
+static struct xt_table packet_filter = {
.name = "filter",
.valid_hooks = FILTER_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET,
};
-static struct xt_table *packet_filter;
/* The work comes in here from netfilter.c. */
static unsigned int
@@ -70,7 +69,7 @@ ipt_hook(unsigned int hook,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ipt_do_table(skb, hook, in, out, packet_filter);
+ return ipt_do_table(skb, hook, in, out, init_net.ipv4.iptable_filter);
}
static unsigned int
@@ -89,7 +88,7 @@ ipt_local_out_hook(unsigned int hook,
return NF_ACCEPT;
}
- return ipt_do_table(skb, hook, in, out, packet_filter);
+ return ipt_do_table(skb, hook, in, out, init_net.ipv4.iptable_filter);
}
static struct nf_hook_ops ipt_ops[] __read_mostly = {
@@ -120,6 +119,26 @@ static struct nf_hook_ops ipt_ops[] __read_mostly = {
static int forward = NF_ACCEPT;
module_param(forward, bool, 0000);
+static int __net_init iptable_filter_net_init(struct net *net)
+{
+ /* Register table */
+ net->ipv4.iptable_filter =
+ ipt_register_table(net, &packet_filter, &initial_table.repl);
+ if (IS_ERR(net->ipv4.iptable_filter))
+ return PTR_ERR(net->ipv4.iptable_filter);
+ return 0;
+}
+
+static void __net_exit iptable_filter_net_exit(struct net *net)
+{
+ ipt_unregister_table(net->ipv4.iptable_filter);
+}
+
+static struct pernet_operations iptable_filter_net_ops = {
+ .init = iptable_filter_net_init,
+ .exit = iptable_filter_net_exit,
+};
+
static int __init iptable_filter_init(void)
{
int ret;
@@ -132,11 +151,9 @@ static int __init iptable_filter_init(void)
/* Entry 1 is the FORWARD hook */
initial_table.entries[1].target.verdict = -forward - 1;
- /* Register table */
- packet_filter = ipt_register_table(&init_net, &__packet_filter,
- &initial_table.repl);
- if (IS_ERR(packet_filter))
- return PTR_ERR(packet_filter);
+ ret = register_pernet_subsys(&iptable_filter_net_ops);
+ if (ret < 0)
+ return ret;
/* Register hooks */
ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
@@ -146,14 +163,14 @@ static int __init iptable_filter_init(void)
return ret;
cleanup_table:
- ipt_unregister_table(packet_filter);
+ unregister_pernet_subsys(&iptable_filter_net_ops);
return ret;
}
static void __exit iptable_filter_fini(void)
{
nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
- ipt_unregister_table(packet_filter);
+ unregister_pernet_subsys(&iptable_filter_net_ops);
}
module_init(iptable_filter_init);
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -33,7 +33,7 @@ static struct
struct ipt_replace repl;
struct ipt_standard entries[5];
struct ipt_error term;
-} initial_table __initdata = {
+} initial_table __net_initdata = {
.repl = {
.name = "mangle",
.valid_hooks = MANGLE_VALID_HOOKS,
@@ -64,14 +64,13 @@ static struct
.term = IPT_ERROR_INIT, /* ERROR */
};
-static struct xt_table __packet_mangler = {
+static struct xt_table packet_mangler = {
.name = "mangle",
.valid_hooks = MANGLE_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET,
};
-static struct xt_table *packet_mangler;
/* The work comes in here from netfilter.c. */
static unsigned int
@@ -81,7 +80,7 @@ ipt_route_hook(unsigned int hook,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ipt_do_table(skb, hook, in, out, packet_mangler);
+ return ipt_do_table(skb, hook, in, out, init_net.ipv4.iptable_mangle);
}
static unsigned int
@@ -113,7 +112,7 @@ ipt_local_hook(unsigned int hook,
daddr = iph->daddr;
tos = iph->tos;
- ret = ipt_do_table(skb, hook, in, out, packet_mangler);
+ ret = ipt_do_table(skb, hook, in, out, init_net.ipv4.iptable_mangle);
/* Reroute for ANY change. */
if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) {
iph = ip_hdr(skb);
@@ -167,15 +166,33 @@ static struct nf_hook_ops ipt_ops[] __read_mostly = {
},
};
+static int __net_init iptable_mangle_net_init(struct net *net)
+{
+ /* Register table */
+ net->ipv4.iptable_mangle =
+ ipt_register_table(net, &packet_mangler, &initial_table.repl);
+ if (IS_ERR(net->ipv4.iptable_mangle))
+ return PTR_ERR(net->ipv4.iptable_mangle);
+ return 0;
+}
+
+static void __net_exit iptable_mangle_net_exit(struct net *net)
+{
+ ipt_unregister_table(net->ipv4.iptable_mangle);
+}
+
+static struct pernet_operations iptable_mangle_net_ops = {
+ .init = iptable_mangle_net_init,
+ .exit = iptable_mangle_net_exit,
+};
+
static int __init iptable_mangle_init(void)
{
int ret;
- /* Register table */
- packet_mangler = ipt_register_table(&init_net, &__packet_mangler,
- &initial_table.repl);
- if (IS_ERR(packet_mangler))
- return PTR_ERR(packet_mangler);
+ ret = register_pernet_subsys(&iptable_mangle_net_ops);
+ if (ret < 0)
+ return ret;
/* Register hooks */
ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
@@ -185,14 +202,14 @@ static int __init iptable_mangle_init(void)
return ret;
cleanup_table:
- ipt_unregister_table(packet_mangler);
+ unregister_pernet_subsys(&iptable_mangle_net_ops);
return ret;
}
static void __exit iptable_mangle_fini(void)
{
nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
- ipt_unregister_table(packet_mangler);
+ unregister_pernet_subsys(&iptable_mangle_net_ops);
}
module_init(iptable_mangle_init);
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -14,7 +14,7 @@ static struct
struct ipt_replace repl;
struct ipt_standard entries[2];
struct ipt_error term;
-} initial_table __initdata = {
+} initial_table __net_initdata = {
.repl = {
.name = "raw",
.valid_hooks = RAW_VALID_HOOKS,
@@ -36,14 +36,13 @@ static struct
.term = IPT_ERROR_INIT, /* ERROR */
};
-static struct xt_table __packet_raw = {
+static struct xt_table packet_raw = {
.name = "raw",
.valid_hooks = RAW_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET,
};
-static struct xt_table *packet_raw;
/* The work comes in here from netfilter.c. */
static unsigned int
@@ -53,7 +52,7 @@ ipt_hook(unsigned int hook,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ipt_do_table(skb, hook, in, out, packet_raw);
+ return ipt_do_table(skb, hook, in, out, init_net.ipv4.iptable_raw);
}
static unsigned int
@@ -71,7 +70,7 @@ ipt_local_hook(unsigned int hook,
"packet.\n");
return NF_ACCEPT;
}
- return ipt_do_table(skb, hook, in, out, packet_raw);
+ return ipt_do_table(skb, hook, in, out, init_net.ipv4.iptable_raw);
}
/* 'raw' is the very first table. */
@@ -92,15 +91,33 @@ static struct nf_hook_ops ipt_ops[] __read_mostly = {
},
};
+static int __net_init iptable_raw_net_init(struct net *net)
+{
+ /* Register table */
+ net->ipv4.iptable_raw =
+ ipt_register_table(net, &packet_raw, &initial_table.repl);
+ if (IS_ERR(net->ipv4.iptable_raw))
+ return PTR_ERR(net->ipv4.iptable_raw);
+ return 0;
+}
+
+static void __net_exit iptable_raw_net_exit(struct net *net)
+{
+ ipt_unregister_table(net->ipv4.iptable_raw);
+}
+
+static struct pernet_operations iptable_raw_net_ops = {
+ .init = iptable_raw_net_init,
+ .exit = iptable_raw_net_exit,
+};
+
static int __init iptable_raw_init(void)
{
int ret;
- /* Register table */
- packet_raw = ipt_register_table(&init_net, &__packet_raw,
- &initial_table.repl);
- if (IS_ERR(packet_raw))
- return PTR_ERR(packet_raw);
+ ret = register_pernet_subsys(&iptable_raw_net_ops);
+ if (ret < 0)
+ return ret;
/* Register hooks */
ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
@@ -110,14 +127,14 @@ static int __init iptable_raw_init(void)
return ret;
cleanup_table:
- ipt_unregister_table(packet_raw);
+ unregister_pernet_subsys(&iptable_raw_net_ops);
return ret;
}
static void __exit iptable_raw_fini(void)
{
nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
- ipt_unregister_table(packet_raw);
+ unregister_pernet_subsys(&iptable_raw_net_ops);
}
module_init(iptable_raw_init);
^ permalink raw reply
* Amateur Sexy babe inserting a huge toy
From: Queen @ 2008-01-21 15:47 UTC (permalink / raw)
To: netdev
http://www.bidopti.com
sylvage consists terpsichore soothe loaf inorb assumable
sobbing poggy thermonous unresolve rhizautoicous hyperemotivity
bracketing sophic
automatist nonunanimous coheres corkiness ultroneously
yex resaddles
protectorial embolismic weets airglow acanthoid earthboard circulative
dissentient sabulite yamalkas anaerophyte delft smudge
metaphysician docketing
limberer unaggregated toxify gaboons swimmers
destroyable gasifies
opened plebiscitic acromonogrammatic browntail insanities spreaders pind
inexpedient muslins underpayment proplasm miniskirts unmelancholy
protore scutellate
recedes nanometer brulyiement randn octogenarianism
unrip bluer
^ permalink raw reply
* [PATCH 4/5] netns netfilter: propagate netns from userspace
From: Alexey Dobriyan @ 2008-01-21 14:54 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel, netdev, devel
.. all the way down to table searching functions.
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
---
net/ipv4/netfilter/ip_tables.c | 46 ++++++++++++++++++++---------------------
1 file changed, 23 insertions(+), 23 deletions(-)
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1092,7 +1092,7 @@ static int compat_table_info(const struct xt_table_info *info,
}
#endif
-static int get_info(void __user *user, int *len, int compat)
+static int get_info(struct net *net, void __user *user, int *len, int compat)
{
char name[IPT_TABLE_MAXNAMELEN];
struct xt_table *t;
@@ -1112,7 +1112,7 @@ static int get_info(void __user *user, int *len, int compat)
if (compat)
xt_compat_lock(AF_INET);
#endif
- t = try_then_request_module(xt_find_table_lock(&init_net, AF_INET, name),
+ t = try_then_request_module(xt_find_table_lock(net, AF_INET, name),
"iptable_%s", name);
if (t && !IS_ERR(t)) {
struct ipt_getinfo info;
@@ -1152,7 +1152,7 @@ static int get_info(void __user *user, int *len, int compat)
}
static int
-get_entries(struct ipt_get_entries __user *uptr, int *len)
+get_entries(struct net *net, struct ipt_get_entries __user *uptr, int *len)
{
int ret;
struct ipt_get_entries get;
@@ -1170,7 +1170,7 @@ get_entries(struct ipt_get_entries __user *uptr, int *len)
return -EINVAL;
}
- t = xt_find_table_lock(&init_net, AF_INET, get.name);
+ t = xt_find_table_lock(net, AF_INET, get.name);
if (t && !IS_ERR(t)) {
struct xt_table_info *private = t->private;
duprintf("t->private->number = %u\n", private->number);
@@ -1191,7 +1191,7 @@ get_entries(struct ipt_get_entries __user *uptr, int *len)
}
static int
-__do_replace(const char *name, unsigned int valid_hooks,
+__do_replace(struct net *net, const char *name, unsigned int valid_hooks,
struct xt_table_info *newinfo, unsigned int num_counters,
void __user *counters_ptr)
{
@@ -1208,7 +1208,7 @@ __do_replace(const char *name, unsigned int valid_hooks,
goto out;
}
- t = try_then_request_module(xt_find_table_lock(&init_net, AF_INET, name),
+ t = try_then_request_module(xt_find_table_lock(net, AF_INET, name),
"iptable_%s", name);
if (!t || IS_ERR(t)) {
ret = t ? PTR_ERR(t) : -ENOENT;
@@ -1261,7 +1261,7 @@ __do_replace(const char *name, unsigned int valid_hooks,
}
static int
-do_replace(void __user *user, unsigned int len)
+do_replace(struct net *net, void __user *user, unsigned int len)
{
int ret;
struct ipt_replace tmp;
@@ -1295,7 +1295,7 @@ do_replace(void __user *user, unsigned int len)
duprintf("ip_tables: Translated table\n");
- ret = __do_replace(tmp.name, tmp.valid_hooks, newinfo,
+ ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo,
tmp.num_counters, tmp.counters);
if (ret)
goto free_newinfo_untrans;
@@ -1331,7 +1331,7 @@ add_counter_to_entry(struct ipt_entry *e,
}
static int
-do_add_counters(void __user *user, unsigned int len, int compat)
+do_add_counters(struct net *net, void __user *user, unsigned int len, int compat)
{
unsigned int i;
struct xt_counters_info tmp;
@@ -1383,7 +1383,7 @@ do_add_counters(void __user *user, unsigned int len, int compat)
goto free;
}
- t = xt_find_table_lock(&init_net, AF_INET, name);
+ t = xt_find_table_lock(net, AF_INET, name);
if (!t || IS_ERR(t)) {
ret = t ? PTR_ERR(t) : -ENOENT;
goto free;
@@ -1789,7 +1789,7 @@ out_unlock:
}
static int
-compat_do_replace(void __user *user, unsigned int len)
+compat_do_replace(struct net *net, void __user *user, unsigned int len)
{
int ret;
struct compat_ipt_replace tmp;
@@ -1826,7 +1826,7 @@ compat_do_replace(void __user *user, unsigned int len)
duprintf("compat_do_replace: Translated table\n");
- ret = __do_replace(tmp.name, tmp.valid_hooks, newinfo,
+ ret = __do_replace(net, tmp.name, tmp.valid_hooks, newinfo,
tmp.num_counters, compat_ptr(tmp.counters));
if (ret)
goto free_newinfo_untrans;
@@ -1850,11 +1850,11 @@ compat_do_ipt_set_ctl(struct sock *sk, int cmd, void __user *user,
switch (cmd) {
case IPT_SO_SET_REPLACE:
- ret = compat_do_replace(user, len);
+ ret = compat_do_replace(sk->sk_net, user, len);
break;
case IPT_SO_SET_ADD_COUNTERS:
- ret = do_add_counters(user, len, 1);
+ ret = do_add_counters(sk->sk_net, user, len, 1);
break;
default:
@@ -1903,7 +1903,8 @@ compat_copy_entries_to_user(unsigned int total_size, struct xt_table *table,
}
static int
-compat_get_entries(struct compat_ipt_get_entries __user *uptr, int *len)
+compat_get_entries(struct net *net, struct compat_ipt_get_entries __user *uptr,
+ int *len)
{
int ret;
struct compat_ipt_get_entries get;
@@ -1924,7 +1925,7 @@ compat_get_entries(struct compat_ipt_get_entries __user *uptr, int *len)
}
xt_compat_lock(AF_INET);
- t = xt_find_table_lock(&init_net, AF_INET, get.name);
+ t = xt_find_table_lock(net, AF_INET, get.name);
if (t && !IS_ERR(t)) {
struct xt_table_info *private = t->private;
struct xt_table_info info;
@@ -1960,10 +1961,10 @@ compat_do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
switch (cmd) {
case IPT_SO_GET_INFO:
- ret = get_info(user, len, 1);
+ ret = get_info(sk->sk_net, user, len, 1);
break;
case IPT_SO_GET_ENTRIES:
- ret = compat_get_entries(user, len);
+ ret = compat_get_entries(sk->sk_net, user, len);
break;
default:
ret = do_ipt_get_ctl(sk, cmd, user, len);
@@ -1982,11 +1983,11 @@ do_ipt_set_ctl(struct sock *sk, int cmd, void __user *user, unsigned int len)
switch (cmd) {
case IPT_SO_SET_REPLACE:
- ret = do_replace(user, len);
+ ret = do_replace(sk->sk_net, user, len);
break;
case IPT_SO_SET_ADD_COUNTERS:
- ret = do_add_counters(user, len, 0);
+ ret = do_add_counters(sk->sk_net, user, len, 0);
break;
default:
@@ -2007,11 +2008,11 @@ do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
switch (cmd) {
case IPT_SO_GET_INFO:
- ret = get_info(user, len, 0);
+ ret = get_info(sk->sk_net, user, len, 0);
break;
case IPT_SO_GET_ENTRIES:
- ret = get_entries(user, len);
+ ret = get_entries(sk->sk_net, user, len);
break;
case IPT_SO_GET_REVISION_MATCH:
^ permalink raw reply
* [PATCH 3/5] netns netfilter: return new table from {arp,ip,ip6}t_register_table()
From: Alexey Dobriyan @ 2008-01-21 14:53 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel, netdev, devel
Typical table module registers xt_table structure (i.e. packet_filter)
and link it to list during it. We can't use one template for it because
corresponding list_head will become corrupted. We also can't unregister
with template because it wasn't changed at all and thus doesn't know in
which list it is.
So, we duplicate template at the very first step of table registration.
Table modules will save it for use during unregistration time and actual
filtering.
Do it at once to not screw bisection.
P.S.: renaming i.e. packet_filter => __packet_filter is temporary until
full netnsization of table modules is done.
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
---
include/linux/netfilter_arp/arp_tables.h | 4 ++--
include/linux/netfilter_ipv4/ip_tables.h | 5 +++--
include/linux/netfilter_ipv6/ip6_tables.h | 4 ++--
net/ipv4/netfilter/arp_tables.c | 22 ++++++++++++----------
net/ipv4/netfilter/arptable_filter.c | 15 ++++++++-------
net/ipv4/netfilter/ip_tables.c | 28 +++++++++++++++++-----------
net/ipv4/netfilter/iptable_filter.c | 18 ++++++++++--------
net/ipv4/netfilter/iptable_mangle.c | 18 ++++++++++--------
net/ipv4/netfilter/iptable_raw.c | 18 ++++++++++--------
net/ipv4/netfilter/nf_nat_rule.c | 16 +++++++++-------
net/ipv6/netfilter/ip6_tables.c | 24 ++++++++++++++----------
net/ipv6/netfilter/ip6table_filter.c | 17 +++++++++--------
net/ipv6/netfilter/ip6table_mangle.c | 17 +++++++++--------
net/ipv6/netfilter/ip6table_raw.c | 15 ++++++++-------
net/netfilter/x_tables.c | 13 +++++++++++--
15 files changed, 134 insertions(+), 100 deletions(-)
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -271,8 +271,8 @@ struct arpt_error
xt_register_target(tgt); })
#define arpt_unregister_target(tgt) xt_unregister_target(tgt)
-extern int arpt_register_table(struct arpt_table *table,
- const struct arpt_replace *repl);
+extern struct arpt_table *arpt_register_table(struct arpt_table *table,
+ const struct arpt_replace *repl);
extern void arpt_unregister_table(struct arpt_table *table);
extern unsigned int arpt_do_table(struct sk_buff *skb,
unsigned int hook,
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -244,8 +244,9 @@ ipt_get_target(struct ipt_entry *e)
#include <linux/init.h>
extern void ipt_init(void) __init;
-extern int ipt_register_table(struct xt_table *table,
- const struct ipt_replace *repl);
+extern struct xt_table *ipt_register_table(struct net *net,
+ struct xt_table *table,
+ const struct ipt_replace *repl);
extern void ipt_unregister_table(struct xt_table *table);
/* Standard entry. */
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -305,8 +305,8 @@ ip6t_get_target(struct ip6t_entry *e)
#include <linux/init.h>
extern void ip6t_init(void) __init;
-extern int ip6t_register_table(struct xt_table *table,
- const struct ip6t_replace *repl);
+extern struct xt_table *ip6t_register_table(struct xt_table *table,
+ const struct ip6t_replace *repl);
extern void ip6t_unregister_table(struct xt_table *table);
extern unsigned int ip6t_do_table(struct sk_buff *skb,
unsigned int hook,
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -1719,8 +1719,8 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
return ret;
}
-int arpt_register_table(struct arpt_table *table,
- const struct arpt_replace *repl)
+struct arpt_table *arpt_register_table(struct arpt_table *table,
+ const struct arpt_replace *repl)
{
int ret;
struct xt_table_info *newinfo;
@@ -1732,7 +1732,7 @@ int arpt_register_table(struct arpt_table *table,
newinfo = xt_alloc_table_info(repl->size);
if (!newinfo) {
ret = -ENOMEM;
- return ret;
+ goto out;
}
/* choose the copy on our node/cpu */
@@ -1746,18 +1746,20 @@ int arpt_register_table(struct arpt_table *table,
repl->underflow);
duprintf("arpt_register_table: translate table gives %d\n", ret);
- if (ret != 0) {
- xt_free_table_info(newinfo);
- return ret;
- }
+ if (ret != 0)
+ goto out_free;
new_table = xt_register_table(&init_net, table, &bootstrap, newinfo);
if (IS_ERR(new_table)) {
- xt_free_table_info(newinfo);
- return PTR_ERR(new_table);
+ ret = PTR_ERR(new_table);
+ goto out_free;
}
+ return new_table;
- return 0;
+out_free:
+ xt_free_table_info(newinfo);
+out:
+ return ERR_PTR(ret);
}
void arpt_unregister_table(struct arpt_table *table)
--- a/net/ipv4/netfilter/arptable_filter.c
+++ b/net/ipv4/netfilter/arptable_filter.c
@@ -45,7 +45,7 @@ static struct
.term = ARPT_ERROR_INIT,
};
-static struct arpt_table packet_filter = {
+static struct arpt_table __packet_filter = {
.name = "filter",
.valid_hooks = FILTER_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
@@ -53,6 +53,7 @@ static struct arpt_table packet_filter = {
.me = THIS_MODULE,
.af = NF_ARP,
};
+static struct arpt_table *packet_filter;
/* The work comes in here from netfilter.c */
static unsigned int arpt_hook(unsigned int hook,
@@ -61,7 +62,7 @@ static unsigned int arpt_hook(unsigned int hook,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return arpt_do_table(skb, hook, in, out, &packet_filter);
+ return arpt_do_table(skb, hook, in, out, packet_filter);
}
static struct nf_hook_ops arpt_ops[] __read_mostly = {
@@ -90,9 +91,9 @@ static int __init arptable_filter_init(void)
int ret;
/* Register table */
- ret = arpt_register_table(&packet_filter, &initial_table.repl);
- if (ret < 0)
- return ret;
+ packet_filter = arpt_register_table(&__packet_filter, &initial_table.repl);
+ if (IS_ERR(packet_filter))
+ return PTR_ERR(packet_filter);
ret = nf_register_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));
if (ret < 0)
@@ -100,14 +101,14 @@ static int __init arptable_filter_init(void)
return ret;
cleanup_table:
- arpt_unregister_table(&packet_filter);
+ arpt_unregister_table(packet_filter);
return ret;
}
static void __exit arptable_filter_fini(void)
{
nf_unregister_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));
- arpt_unregister_table(&packet_filter);
+ arpt_unregister_table(packet_filter);
}
module_init(arptable_filter_init);
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -2048,7 +2048,8 @@ do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
return ret;
}
-int ipt_register_table(struct xt_table *table, const struct ipt_replace *repl)
+struct xt_table *ipt_register_table(struct net *net, struct xt_table *table,
+ const struct ipt_replace *repl)
{
int ret;
struct xt_table_info *newinfo;
@@ -2058,8 +2059,10 @@ int ipt_register_table(struct xt_table *table, const struct ipt_replace *repl)
struct xt_table *new_table;
newinfo = xt_alloc_table_info(repl->size);
- if (!newinfo)
- return -ENOMEM;
+ if (!newinfo) {
+ ret = -ENOMEM;
+ goto out;
+ }
/* choose the copy on our node/cpu, but dont care about preemption */
loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
@@ -2070,18 +2073,21 @@ int ipt_register_table(struct xt_table *table, const struct ipt_replace *repl)
repl->num_entries,
repl->hook_entry,
repl->underflow);
- if (ret != 0) {
- xt_free_table_info(newinfo);
- return ret;
- }
+ if (ret != 0)
+ goto out_free;
- new_table = xt_register_table(&init_net, table, &bootstrap, newinfo);
+ new_table = xt_register_table(net, table, &bootstrap, newinfo);
if (IS_ERR(new_table)) {
- xt_free_table_info(newinfo);
- return PTR_ERR(new_table);
+ ret = PTR_ERR(new_table);
+ goto out_free;
}
- return 0;
+ return new_table;
+
+out_free:
+ xt_free_table_info(newinfo);
+out:
+ return ERR_PTR(ret);
}
void ipt_unregister_table(struct xt_table *table)
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -53,13 +53,14 @@ static struct
.term = IPT_ERROR_INIT, /* ERROR */
};
-static struct xt_table packet_filter = {
+static struct xt_table __packet_filter = {
.name = "filter",
.valid_hooks = FILTER_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET,
};
+static struct xt_table *packet_filter;
/* The work comes in here from netfilter.c. */
static unsigned int
@@ -69,7 +70,7 @@ ipt_hook(unsigned int hook,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ipt_do_table(skb, hook, in, out, &packet_filter);
+ return ipt_do_table(skb, hook, in, out, packet_filter);
}
static unsigned int
@@ -88,7 +89,7 @@ ipt_local_out_hook(unsigned int hook,
return NF_ACCEPT;
}
- return ipt_do_table(skb, hook, in, out, &packet_filter);
+ return ipt_do_table(skb, hook, in, out, packet_filter);
}
static struct nf_hook_ops ipt_ops[] __read_mostly = {
@@ -132,9 +133,10 @@ static int __init iptable_filter_init(void)
initial_table.entries[1].target.verdict = -forward - 1;
/* Register table */
- ret = ipt_register_table(&packet_filter, &initial_table.repl);
- if (ret < 0)
- return ret;
+ packet_filter = ipt_register_table(&init_net, &__packet_filter,
+ &initial_table.repl);
+ if (IS_ERR(packet_filter))
+ return PTR_ERR(packet_filter);
/* Register hooks */
ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
@@ -144,14 +146,14 @@ static int __init iptable_filter_init(void)
return ret;
cleanup_table:
- ipt_unregister_table(&packet_filter);
+ ipt_unregister_table(packet_filter);
return ret;
}
static void __exit iptable_filter_fini(void)
{
nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
- ipt_unregister_table(&packet_filter);
+ ipt_unregister_table(packet_filter);
}
module_init(iptable_filter_init);
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -64,13 +64,14 @@ static struct
.term = IPT_ERROR_INIT, /* ERROR */
};
-static struct xt_table packet_mangler = {
+static struct xt_table __packet_mangler = {
.name = "mangle",
.valid_hooks = MANGLE_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET,
};
+static struct xt_table *packet_mangler;
/* The work comes in here from netfilter.c. */
static unsigned int
@@ -80,7 +81,7 @@ ipt_route_hook(unsigned int hook,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ipt_do_table(skb, hook, in, out, &packet_mangler);
+ return ipt_do_table(skb, hook, in, out, packet_mangler);
}
static unsigned int
@@ -112,7 +113,7 @@ ipt_local_hook(unsigned int hook,
daddr = iph->daddr;
tos = iph->tos;
- ret = ipt_do_table(skb, hook, in, out, &packet_mangler);
+ ret = ipt_do_table(skb, hook, in, out, packet_mangler);
/* Reroute for ANY change. */
if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) {
iph = ip_hdr(skb);
@@ -171,9 +172,10 @@ static int __init iptable_mangle_init(void)
int ret;
/* Register table */
- ret = ipt_register_table(&packet_mangler, &initial_table.repl);
- if (ret < 0)
- return ret;
+ packet_mangler = ipt_register_table(&init_net, &__packet_mangler,
+ &initial_table.repl);
+ if (IS_ERR(packet_mangler))
+ return PTR_ERR(packet_mangler);
/* Register hooks */
ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
@@ -183,14 +185,14 @@ static int __init iptable_mangle_init(void)
return ret;
cleanup_table:
- ipt_unregister_table(&packet_mangler);
+ ipt_unregister_table(packet_mangler);
return ret;
}
static void __exit iptable_mangle_fini(void)
{
nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
- ipt_unregister_table(&packet_mangler);
+ ipt_unregister_table(packet_mangler);
}
module_init(iptable_mangle_init);
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -36,13 +36,14 @@ static struct
.term = IPT_ERROR_INIT, /* ERROR */
};
-static struct xt_table packet_raw = {
+static struct xt_table __packet_raw = {
.name = "raw",
.valid_hooks = RAW_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET,
};
+static struct xt_table *packet_raw;
/* The work comes in here from netfilter.c. */
static unsigned int
@@ -52,7 +53,7 @@ ipt_hook(unsigned int hook,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ipt_do_table(skb, hook, in, out, &packet_raw);
+ return ipt_do_table(skb, hook, in, out, packet_raw);
}
static unsigned int
@@ -70,7 +71,7 @@ ipt_local_hook(unsigned int hook,
"packet.\n");
return NF_ACCEPT;
}
- return ipt_do_table(skb, hook, in, out, &packet_raw);
+ return ipt_do_table(skb, hook, in, out, packet_raw);
}
/* 'raw' is the very first table. */
@@ -96,9 +97,10 @@ static int __init iptable_raw_init(void)
int ret;
/* Register table */
- ret = ipt_register_table(&packet_raw, &initial_table.repl);
- if (ret < 0)
- return ret;
+ packet_raw = ipt_register_table(&init_net, &__packet_raw,
+ &initial_table.repl);
+ if (IS_ERR(packet_raw))
+ return PTR_ERR(packet_raw);
/* Register hooks */
ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
@@ -108,14 +110,14 @@ static int __init iptable_raw_init(void)
return ret;
cleanup_table:
- ipt_unregister_table(&packet_raw);
+ ipt_unregister_table(packet_raw);
return ret;
}
static void __exit iptable_raw_fini(void)
{
nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
- ipt_unregister_table(&packet_raw);
+ ipt_unregister_table(packet_raw);
}
module_init(iptable_raw_init);
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -58,13 +58,14 @@ static struct
.term = IPT_ERROR_INIT, /* ERROR */
};
-static struct xt_table nat_table = {
+static struct xt_table __nat_table = {
.name = "nat",
.valid_hooks = NAT_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET,
};
+static struct xt_table *nat_table;
/* Source NAT */
static unsigned int ipt_snat_target(struct sk_buff *skb,
@@ -214,7 +215,7 @@ int nf_nat_rule_find(struct sk_buff *skb,
{
int ret;
- ret = ipt_do_table(skb, hooknum, in, out, &nat_table);
+ ret = ipt_do_table(skb, hooknum, in, out, nat_table);
if (ret == NF_ACCEPT) {
if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum)))
@@ -248,9 +249,10 @@ int __init nf_nat_rule_init(void)
{
int ret;
- ret = ipt_register_table(&nat_table, &nat_initial_table.repl);
- if (ret != 0)
- return ret;
+ nat_table = ipt_register_table(&init_net, &__nat_table,
+ &nat_initial_table.repl);
+ if (IS_ERR(nat_table))
+ return PTR_ERR(nat_table);
ret = xt_register_target(&ipt_snat_reg);
if (ret != 0)
goto unregister_table;
@@ -264,7 +266,7 @@ int __init nf_nat_rule_init(void)
unregister_snat:
xt_unregister_target(&ipt_snat_reg);
unregister_table:
- ipt_unregister_table(&nat_table);
+ ipt_unregister_table(nat_table);
return ret;
}
@@ -273,5 +275,5 @@ void nf_nat_rule_cleanup(void)
{
xt_unregister_target(&ipt_dnat_reg);
xt_unregister_target(&ipt_snat_reg);
- ipt_unregister_table(&nat_table);
+ ipt_unregister_table(nat_table);
}
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -2074,7 +2074,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
return ret;
}
-int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl)
+struct xt_table *ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl)
{
int ret;
struct xt_table_info *newinfo;
@@ -2084,8 +2084,10 @@ int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl)
struct xt_table *new_table;
newinfo = xt_alloc_table_info(repl->size);
- if (!newinfo)
- return -ENOMEM;
+ if (!newinfo) {
+ ret = -ENOMEM;
+ goto out;
+ }
/* choose the copy on our node/cpu, but dont care about preemption */
loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
@@ -2096,18 +2098,20 @@ int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl)
repl->num_entries,
repl->hook_entry,
repl->underflow);
- if (ret != 0) {
- xt_free_table_info(newinfo);
- return ret;
- }
+ if (ret != 0)
+ goto out_free;
new_table = xt_register_table(&init_net, table, &bootstrap, newinfo);
if (IS_ERR(new_table)) {
- xt_free_table_info(newinfo);
- return PTR_ERR(new_table);
+ ret = PTR_ERR(new_table);
+ goto out_free;
}
+ return new_table;
- return 0;
+out_free:
+ xt_free_table_info(newinfo);
+out:
+ return ERR_PTR(ret);
}
void ip6t_unregister_table(struct xt_table *table)
--- a/net/ipv6/netfilter/ip6table_filter.c
+++ b/net/ipv6/netfilter/ip6table_filter.c
@@ -51,13 +51,14 @@ static struct
.term = IP6T_ERROR_INIT, /* ERROR */
};
-static struct xt_table packet_filter = {
+static struct xt_table __packet_filter = {
.name = "filter",
.valid_hooks = FILTER_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET6,
};
+static struct xt_table *packet_filter;
/* The work comes in here from netfilter.c. */
static unsigned int
@@ -67,7 +68,7 @@ ip6t_hook(unsigned int hook,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ip6t_do_table(skb, hook, in, out, &packet_filter);
+ return ip6t_do_table(skb, hook, in, out, packet_filter);
}
static unsigned int
@@ -87,7 +88,7 @@ ip6t_local_out_hook(unsigned int hook,
}
#endif
- return ip6t_do_table(skb, hook, in, out, &packet_filter);
+ return ip6t_do_table(skb, hook, in, out, packet_filter);
}
static struct nf_hook_ops ip6t_ops[] __read_mostly = {
@@ -131,9 +132,9 @@ static int __init ip6table_filter_init(void)
initial_table.entries[1].target.verdict = -forward - 1;
/* Register table */
- ret = ip6t_register_table(&packet_filter, &initial_table.repl);
- if (ret < 0)
- return ret;
+ packet_filter = ip6t_register_table(&__packet_filter, &initial_table.repl);
+ if (IS_ERR(packet_filter))
+ return PTR_ERR(packet_filter);
/* Register hooks */
ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
@@ -143,14 +144,14 @@ static int __init ip6table_filter_init(void)
return ret;
cleanup_table:
- ip6t_unregister_table(&packet_filter);
+ ip6t_unregister_table(packet_filter);
return ret;
}
static void __exit ip6table_filter_fini(void)
{
nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
- ip6t_unregister_table(&packet_filter);
+ ip6t_unregister_table(packet_filter);
}
module_init(ip6table_filter_init);
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -57,13 +57,14 @@ static struct
.term = IP6T_ERROR_INIT, /* ERROR */
};
-static struct xt_table packet_mangler = {
+static struct xt_table __packet_mangler = {
.name = "mangle",
.valid_hooks = MANGLE_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET6,
};
+static struct xt_table *packet_mangler;
/* The work comes in here from netfilter.c. */
static unsigned int
@@ -73,7 +74,7 @@ ip6t_route_hook(unsigned int hook,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ip6t_do_table(skb, hook, in, out, &packet_mangler);
+ return ip6t_do_table(skb, hook, in, out, packet_mangler);
}
static unsigned int
@@ -108,7 +109,7 @@ ip6t_local_hook(unsigned int hook,
/* flowlabel and prio (includes version, which shouldn't change either */
flowlabel = *((u_int32_t *)ipv6_hdr(skb));
- ret = ip6t_do_table(skb, hook, in, out, &packet_mangler);
+ ret = ip6t_do_table(skb, hook, in, out, packet_mangler);
if (ret != NF_DROP && ret != NF_STOLEN
&& (memcmp(&ipv6_hdr(skb)->saddr, &saddr, sizeof(saddr))
@@ -163,9 +164,9 @@ static int __init ip6table_mangle_init(void)
int ret;
/* Register table */
- ret = ip6t_register_table(&packet_mangler, &initial_table.repl);
- if (ret < 0)
- return ret;
+ packet_mangler = ip6t_register_table(&__packet_mangler, &initial_table.repl);
+ if (IS_ERR(packet_mangler))
+ return PTR_ERR(packet_mangler);
/* Register hooks */
ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
@@ -175,14 +176,14 @@ static int __init ip6table_mangle_init(void)
return ret;
cleanup_table:
- ip6t_unregister_table(&packet_mangler);
+ ip6t_unregister_table(packet_mangler);
return ret;
}
static void __exit ip6table_mangle_fini(void)
{
nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
- ip6t_unregister_table(&packet_mangler);
+ ip6t_unregister_table(packet_mangler);
}
module_init(ip6table_mangle_init);
--- a/net/ipv6/netfilter/ip6table_raw.c
+++ b/net/ipv6/netfilter/ip6table_raw.c
@@ -35,13 +35,14 @@ static struct
.term = IP6T_ERROR_INIT, /* ERROR */
};
-static struct xt_table packet_raw = {
+static struct xt_table __packet_raw = {
.name = "raw",
.valid_hooks = RAW_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET6,
};
+static struct xt_table *packet_raw;
/* The work comes in here from netfilter.c. */
static unsigned int
@@ -51,7 +52,7 @@ ip6t_hook(unsigned int hook,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ip6t_do_table(skb, hook, in, out, &packet_raw);
+ return ip6t_do_table(skb, hook, in, out, packet_raw);
}
static struct nf_hook_ops ip6t_ops[] __read_mostly = {
@@ -76,9 +77,9 @@ static int __init ip6table_raw_init(void)
int ret;
/* Register table */
- ret = ip6t_register_table(&packet_raw, &initial_table.repl);
- if (ret < 0)
- return ret;
+ packet_raw = ip6t_register_table(&__packet_raw, &initial_table.repl);
+ if (IS_ERR(packet_raw))
+ return PTR_ERR(packet_raw);
/* Register hooks */
ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
@@ -88,14 +89,14 @@ static int __init ip6table_raw_init(void)
return ret;
cleanup_table:
- ip6t_unregister_table(&packet_raw);
+ ip6t_unregister_table(packet_raw);
return ret;
}
static void __exit ip6table_raw_fini(void)
{
nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
- ip6t_unregister_table(&packet_raw);
+ ip6t_unregister_table(packet_raw);
}
module_init(ip6table_raw_init);
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -667,9 +667,16 @@ struct xt_table *xt_register_table(struct net *net, struct xt_table *table,
struct xt_table_info *private;
struct xt_table *t;
+ /* Don't add one object to multiple lists. */
+ table = kmemdup(table, sizeof(struct xt_table), GFP_KERNEL);
+ if (!table) {
+ ret = -ENOMEM;
+ goto out;
+ }
+
ret = mutex_lock_interruptible(&xt[table->af].mutex);
if (ret != 0)
- goto out;
+ goto out_free;
/* Don't autoload: we'd eat our tail... */
list_for_each_entry(t, &net->xt.tables[table->af], list) {
@@ -697,6 +704,8 @@ struct xt_table *xt_register_table(struct net *net, struct xt_table *table,
unlock:
mutex_unlock(&xt[table->af].mutex);
+out_free:
+ kfree(table);
out:
return ERR_PTR(ret);
}
@@ -710,6 +719,7 @@ void *xt_unregister_table(struct xt_table *table)
private = table->private;
list_del(&table->list);
mutex_unlock(&xt[table->af].mutex);
+ kfree(table);
return private;
}
^ permalink raw reply
* [PATCH 2/5] netns netfilter: per-netns xt_tables
From: Alexey Dobriyan @ 2008-01-21 14:52 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel, netdev, devel
In fact all we want is per-netns set of rules, however doing that will
unnecessary complicate routines such as ipt_hook()/ipt_do_table, so
make full xt_table array per-netns.
Every user stubbed with init_net for a while.
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
---
include/linux/netfilter/x_tables.h | 6 ++++--
include/net/net_namespace.h | 4 ++++
include/net/netns/x_tables.h | 10 ++++++++++
net/ipv4/netfilter/arp_tables.c | 12 ++++++------
net/ipv4/netfilter/ip_tables.c | 12 ++++++------
net/ipv6/netfilter/ip6_tables.c | 12 ++++++------
net/netfilter/x_tables.c | 35 ++++++++++++++++++++++++-----------
7 files changed, 60 insertions(+), 31 deletions(-)
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -335,7 +335,8 @@ extern int xt_check_target(const struct xt_target *target, unsigned short family
unsigned int size, const char *table, unsigned int hook,
unsigned short proto, int inv_proto);
-extern struct xt_table *xt_register_table(struct xt_table *table,
+extern struct xt_table *xt_register_table(struct net *net,
+ struct xt_table *table,
struct xt_table_info *bootstrap,
struct xt_table_info *newinfo);
extern void *xt_unregister_table(struct xt_table *table);
@@ -352,7 +353,8 @@ extern struct xt_target *xt_request_find_target(int af, const char *name,
extern int xt_find_revision(int af, const char *name, u8 revision, int target,
int *err);
-extern struct xt_table *xt_find_table_lock(int af, const char *name);
+extern struct xt_table *xt_find_table_lock(struct net *net, int af,
+ const char *name);
extern void xt_table_unlock(struct xt_table *t);
extern int xt_proto_init(int af);
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -12,6 +12,7 @@
#include <net/netns/packet.h>
#include <net/netns/ipv4.h>
#include <net/netns/ipv6.h>
+#include <net/netns/x_tables.h>
struct proc_dir_entry;
struct net_device;
@@ -56,6 +57,9 @@ struct net {
#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
struct netns_ipv6 ipv6;
#endif
+#ifdef CONFIG_NETFILTER
+ struct netns_xt xt;
+#endif
};
#ifdef CONFIG_NET
--- /dev/null
+++ b/include/net/netns/x_tables.h
@@ -0,0 +1,10 @@
+#ifndef __NETNS_X_TABLES_H
+#define __NETNS_X_TABLES_H
+
+#include <linux/list.h>
+#include <linux/net.h>
+
+struct netns_xt {
+ struct list_head tables[NPROTO];
+};
+#endif
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -870,7 +870,7 @@ static int get_info(void __user *user, int *len, int compat)
if (compat)
xt_compat_lock(NF_ARP);
#endif
- t = try_then_request_module(xt_find_table_lock(NF_ARP, name),
+ t = try_then_request_module(xt_find_table_lock(&init_net, NF_ARP, name),
"arptable_%s", name);
if (t && !IS_ERR(t)) {
struct arpt_getinfo info;
@@ -926,7 +926,7 @@ static int get_entries(struct arpt_get_entries __user *uptr, int *len)
return -EINVAL;
}
- t = xt_find_table_lock(NF_ARP, get.name);
+ t = xt_find_table_lock(&init_net, NF_ARP, get.name);
if (t && !IS_ERR(t)) {
struct xt_table_info *private = t->private;
duprintf("t->private->number = %u\n",
@@ -966,7 +966,7 @@ static int __do_replace(const char *name, unsigned int valid_hooks,
goto out;
}
- t = try_then_request_module(xt_find_table_lock(NF_ARP, name),
+ t = try_then_request_module(xt_find_table_lock(&init_net, NF_ARP, name),
"arptable_%s", name);
if (!t || IS_ERR(t)) {
ret = t ? PTR_ERR(t) : -ENOENT;
@@ -1132,7 +1132,7 @@ static int do_add_counters(void __user *user, unsigned int len, int compat)
goto free;
}
- t = xt_find_table_lock(NF_ARP, name);
+ t = xt_find_table_lock(&init_net, NF_ARP, name);
if (!t || IS_ERR(t)) {
ret = t ? PTR_ERR(t) : -ENOENT;
goto free;
@@ -1604,7 +1604,7 @@ static int compat_get_entries(struct compat_arpt_get_entries __user *uptr,
}
xt_compat_lock(NF_ARP);
- t = xt_find_table_lock(NF_ARP, get.name);
+ t = xt_find_table_lock(&init_net, NF_ARP, get.name);
if (t && !IS_ERR(t)) {
struct xt_table_info *private = t->private;
struct xt_table_info info;
@@ -1751,7 +1751,7 @@ int arpt_register_table(struct arpt_table *table,
return ret;
}
- new_table = xt_register_table(table, &bootstrap, newinfo);
+ new_table = xt_register_table(&init_net, table, &bootstrap, newinfo);
if (IS_ERR(new_table)) {
xt_free_table_info(newinfo);
return PTR_ERR(new_table);
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1112,7 +1112,7 @@ static int get_info(void __user *user, int *len, int compat)
if (compat)
xt_compat_lock(AF_INET);
#endif
- t = try_then_request_module(xt_find_table_lock(AF_INET, name),
+ t = try_then_request_module(xt_find_table_lock(&init_net, AF_INET, name),
"iptable_%s", name);
if (t && !IS_ERR(t)) {
struct ipt_getinfo info;
@@ -1170,7 +1170,7 @@ get_entries(struct ipt_get_entries __user *uptr, int *len)
return -EINVAL;
}
- t = xt_find_table_lock(AF_INET, get.name);
+ t = xt_find_table_lock(&init_net, AF_INET, get.name);
if (t && !IS_ERR(t)) {
struct xt_table_info *private = t->private;
duprintf("t->private->number = %u\n", private->number);
@@ -1208,7 +1208,7 @@ __do_replace(const char *name, unsigned int valid_hooks,
goto out;
}
- t = try_then_request_module(xt_find_table_lock(AF_INET, name),
+ t = try_then_request_module(xt_find_table_lock(&init_net, AF_INET, name),
"iptable_%s", name);
if (!t || IS_ERR(t)) {
ret = t ? PTR_ERR(t) : -ENOENT;
@@ -1383,7 +1383,7 @@ do_add_counters(void __user *user, unsigned int len, int compat)
goto free;
}
- t = xt_find_table_lock(AF_INET, name);
+ t = xt_find_table_lock(&init_net, AF_INET, name);
if (!t || IS_ERR(t)) {
ret = t ? PTR_ERR(t) : -ENOENT;
goto free;
@@ -1924,7 +1924,7 @@ compat_get_entries(struct compat_ipt_get_entries __user *uptr, int *len)
}
xt_compat_lock(AF_INET);
- t = xt_find_table_lock(AF_INET, get.name);
+ t = xt_find_table_lock(&init_net, AF_INET, get.name);
if (t && !IS_ERR(t)) {
struct xt_table_info *private = t->private;
struct xt_table_info info;
@@ -2075,7 +2075,7 @@ int ipt_register_table(struct xt_table *table, const struct ipt_replace *repl)
return ret;
}
- new_table = xt_register_table(table, &bootstrap, newinfo);
+ new_table = xt_register_table(&init_net, table, &bootstrap, newinfo);
if (IS_ERR(new_table)) {
xt_free_table_info(newinfo);
return PTR_ERR(new_table);
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1138,7 +1138,7 @@ static int get_info(void __user *user, int *len, int compat)
if (compat)
xt_compat_lock(AF_INET6);
#endif
- t = try_then_request_module(xt_find_table_lock(AF_INET6, name),
+ t = try_then_request_module(xt_find_table_lock(&init_net, AF_INET6, name),
"ip6table_%s", name);
if (t && !IS_ERR(t)) {
struct ip6t_getinfo info;
@@ -1196,7 +1196,7 @@ get_entries(struct ip6t_get_entries __user *uptr, int *len)
return -EINVAL;
}
- t = xt_find_table_lock(AF_INET6, get.name);
+ t = xt_find_table_lock(&init_net, AF_INET6, get.name);
if (t && !IS_ERR(t)) {
struct xt_table_info *private = t->private;
duprintf("t->private->number = %u\n", private->number);
@@ -1235,7 +1235,7 @@ __do_replace(const char *name, unsigned int valid_hooks,
goto out;
}
- t = try_then_request_module(xt_find_table_lock(AF_INET6, name),
+ t = try_then_request_module(xt_find_table_lock(&init_net, AF_INET6, name),
"ip6table_%s", name);
if (!t || IS_ERR(t)) {
ret = t ? PTR_ERR(t) : -ENOENT;
@@ -1410,7 +1410,7 @@ do_add_counters(void __user *user, unsigned int len, int compat)
goto free;
}
- t = xt_find_table_lock(AF_INET6, name);
+ t = xt_find_table_lock(&init_net, AF_INET6, name);
if (!t || IS_ERR(t)) {
ret = t ? PTR_ERR(t) : -ENOENT;
goto free;
@@ -1950,7 +1950,7 @@ compat_get_entries(struct compat_ip6t_get_entries __user *uptr, int *len)
}
xt_compat_lock(AF_INET6);
- t = xt_find_table_lock(AF_INET6, get.name);
+ t = xt_find_table_lock(&init_net, AF_INET6, get.name);
if (t && !IS_ERR(t)) {
struct xt_table_info *private = t->private;
struct xt_table_info info;
@@ -2101,7 +2101,7 @@ int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl)
return ret;
}
- new_table = xt_register_table(table, &bootstrap, newinfo);
+ new_table = xt_register_table(&init_net, table, &bootstrap, newinfo);
if (IS_ERR(new_table)) {
xt_free_table_info(newinfo);
return PTR_ERR(new_table);
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -44,7 +44,6 @@ struct xt_af {
struct mutex mutex;
struct list_head match;
struct list_head target;
- struct list_head tables;
#ifdef CONFIG_COMPAT
struct mutex compat_mutex;
struct compat_delta *compat_offsets;
@@ -597,14 +596,14 @@ void xt_free_table_info(struct xt_table_info *info)
EXPORT_SYMBOL(xt_free_table_info);
/* Find table by name, grabs mutex & ref. Returns ERR_PTR() on error. */
-struct xt_table *xt_find_table_lock(int af, const char *name)
+struct xt_table *xt_find_table_lock(struct net *net, int af, const char *name)
{
struct xt_table *t;
if (mutex_lock_interruptible(&xt[af].mutex) != 0)
return ERR_PTR(-EINTR);
- list_for_each_entry(t, &xt[af].tables, list)
+ list_for_each_entry(t, &net->xt.tables[af], list)
if (strcmp(t->name, name) == 0 && try_module_get(t->me))
return t;
mutex_unlock(&xt[af].mutex);
@@ -660,7 +659,7 @@ xt_replace_table(struct xt_table *table,
}
EXPORT_SYMBOL_GPL(xt_replace_table);
-struct xt_table *xt_register_table(struct xt_table *table,
+struct xt_table *xt_register_table(struct net *net, struct xt_table *table,
struct xt_table_info *bootstrap,
struct xt_table_info *newinfo)
{
@@ -673,7 +672,7 @@ struct xt_table *xt_register_table(struct xt_table *table,
goto out;
/* Don't autoload: we'd eat our tail... */
- list_for_each_entry(t, &xt[table->af].tables, list) {
+ list_for_each_entry(t, &net->xt.tables[table->af], list) {
if (strcmp(t->name, table->name) == 0) {
ret = -EEXIST;
goto unlock;
@@ -692,7 +691,7 @@ struct xt_table *xt_register_table(struct xt_table *table,
/* save number of initial entries */
private->initial_entries = private->number;
- list_add(&table->list, &xt[table->af].tables);
+ list_add(&table->list, &net->xt.tables[table->af]);
mutex_unlock(&xt[table->af].mutex);
return table;
@@ -744,7 +743,7 @@ static struct list_head *type2list(u_int16_t af, u_int16_t type)
list = &xt[af].match;
break;
case TABLE:
- list = &xt[af].tables;
+ list = &init_net.xt.tables[af];
break;
default:
list = NULL;
@@ -919,10 +918,22 @@ void xt_proto_fini(int af)
}
EXPORT_SYMBOL_GPL(xt_proto_fini);
+static int __net_init xt_net_init(struct net *net)
+{
+ int i;
+
+ for (i = 0; i < NPROTO; i++)
+ INIT_LIST_HEAD(&net->xt.tables[i]);
+ return 0;
+}
+
+static struct pernet_operations xt_net_ops = {
+ .init = xt_net_init,
+};
static int __init xt_init(void)
{
- int i;
+ int i, rv;
xt = kmalloc(sizeof(struct xt_af) * NPROTO, GFP_KERNEL);
if (!xt)
@@ -936,13 +947,16 @@ static int __init xt_init(void)
#endif
INIT_LIST_HEAD(&xt[i].target);
INIT_LIST_HEAD(&xt[i].match);
- INIT_LIST_HEAD(&xt[i].tables);
}
- return 0;
+ rv = register_pernet_subsys(&xt_net_ops);
+ if (rv < 0)
+ kfree(xt);
+ return rv;
}
static void __exit xt_fini(void)
{
+ unregister_pernet_subsys(&xt_net_ops);
kfree(xt);
}
^ permalink raw reply
* [PATCH 1/5] netns netfilter: change xt_table_register() return value convention
From: Alexey Dobriyan @ 2008-01-21 14:52 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel, netdev, devel
Switch from 0/-E to ptr/PTR_ERR convention.
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
---
include/linux/netfilter/x_tables.h | 6 +++---
net/ipv4/netfilter/arp_tables.c | 7 ++++---
net/ipv4/netfilter/ip_tables.c | 7 ++++---
net/ipv6/netfilter/ip6_tables.c | 7 ++++---
net/netfilter/x_tables.c | 15 ++++++++-------
5 files changed, 23 insertions(+), 19 deletions(-)
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -335,9 +335,9 @@ extern int xt_check_target(const struct xt_target *target, unsigned short family
unsigned int size, const char *table, unsigned int hook,
unsigned short proto, int inv_proto);
-extern int xt_register_table(struct xt_table *table,
- struct xt_table_info *bootstrap,
- struct xt_table_info *newinfo);
+extern struct xt_table *xt_register_table(struct xt_table *table,
+ struct xt_table_info *bootstrap,
+ struct xt_table_info *newinfo);
extern void *xt_unregister_table(struct xt_table *table);
extern struct xt_table_info *xt_replace_table(struct xt_table *table,
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -1727,6 +1727,7 @@ int arpt_register_table(struct arpt_table *table,
struct xt_table_info bootstrap
= { 0, 0, 0, { 0 }, { 0 }, { } };
void *loc_cpu_entry;
+ struct xt_table *new_table;
newinfo = xt_alloc_table_info(repl->size);
if (!newinfo) {
@@ -1750,10 +1751,10 @@ int arpt_register_table(struct arpt_table *table,
return ret;
}
- ret = xt_register_table(table, &bootstrap, newinfo);
- if (ret != 0) {
+ new_table = xt_register_table(table, &bootstrap, newinfo);
+ if (IS_ERR(new_table)) {
xt_free_table_info(newinfo);
- return ret;
+ return PTR_ERR(new_table);
}
return 0;
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -2055,6 +2055,7 @@ int ipt_register_table(struct xt_table *table, const struct ipt_replace *repl)
struct xt_table_info bootstrap
= { 0, 0, 0, { 0 }, { 0 }, { } };
void *loc_cpu_entry;
+ struct xt_table *new_table;
newinfo = xt_alloc_table_info(repl->size);
if (!newinfo)
@@ -2074,10 +2075,10 @@ int ipt_register_table(struct xt_table *table, const struct ipt_replace *repl)
return ret;
}
- ret = xt_register_table(table, &bootstrap, newinfo);
- if (ret != 0) {
+ new_table = xt_register_table(table, &bootstrap, newinfo);
+ if (IS_ERR(new_table)) {
xt_free_table_info(newinfo);
- return ret;
+ return PTR_ERR(new_table);
}
return 0;
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -2081,6 +2081,7 @@ int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl)
struct xt_table_info bootstrap
= { 0, 0, 0, { 0 }, { 0 }, { } };
void *loc_cpu_entry;
+ struct xt_table *new_table;
newinfo = xt_alloc_table_info(repl->size);
if (!newinfo)
@@ -2100,10 +2101,10 @@ int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl)
return ret;
}
- ret = xt_register_table(table, &bootstrap, newinfo);
- if (ret != 0) {
+ new_table = xt_register_table(table, &bootstrap, newinfo);
+ if (IS_ERR(new_table)) {
xt_free_table_info(newinfo);
- return ret;
+ return PTR_ERR(new_table);
}
return 0;
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -660,9 +660,9 @@ xt_replace_table(struct xt_table *table,
}
EXPORT_SYMBOL_GPL(xt_replace_table);
-int xt_register_table(struct xt_table *table,
- struct xt_table_info *bootstrap,
- struct xt_table_info *newinfo)
+struct xt_table *xt_register_table(struct xt_table *table,
+ struct xt_table_info *bootstrap,
+ struct xt_table_info *newinfo)
{
int ret;
struct xt_table_info *private;
@@ -670,7 +670,7 @@ int xt_register_table(struct xt_table *table,
ret = mutex_lock_interruptible(&xt[table->af].mutex);
if (ret != 0)
- return ret;
+ goto out;
/* Don't autoload: we'd eat our tail... */
list_for_each_entry(t, &xt[table->af].tables, list) {
@@ -693,11 +693,13 @@ int xt_register_table(struct xt_table *table,
private->initial_entries = private->number;
list_add(&table->list, &xt[table->af].tables);
+ mutex_unlock(&xt[table->af].mutex);
+ return table;
- ret = 0;
unlock:
mutex_unlock(&xt[table->af].mutex);
- return ret;
+out:
+ return ERR_PTR(ret);
}
EXPORT_SYMBOL_GPL(xt_register_table);
^ permalink raw reply
* [PATCH 2/6 net-2.6.25] [NETNS] Add netns parameter to inetdev_by_index.
From: Denis V. Lunev @ 2008-01-21 14:50 UTC (permalink / raw)
To: davem; +Cc: netdev, devel, containers, Denis V. Lunev
In-Reply-To: <4794B10E.7010703@sw.ru>
Signed-off-by: Denis V. Lunev <den@openvz.org>
---
include/linux/inetdevice.h | 2 +-
net/ipv4/devinet.c | 6 +++---
net/ipv4/fib_semantics.c | 2 +-
net/ipv4/igmp.c | 4 ++--
net/ipv4/ip_gre.c | 3 ++-
5 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h
index 45f3731..e74a2ee 100644
--- a/include/linux/inetdevice.h
+++ b/include/linux/inetdevice.h
@@ -133,7 +133,7 @@ extern struct net_device *ip_dev_find(__be32 addr);
extern int inet_addr_onlink(struct in_device *in_dev, __be32 a, __be32 b);
extern int devinet_ioctl(unsigned int cmd, void __user *);
extern void devinet_init(void);
-extern struct in_device *inetdev_by_index(int);
+extern struct in_device *inetdev_by_index(struct net *, int);
extern __be32 inet_select_addr(const struct net_device *dev, __be32 dst, int scope);
extern __be32 inet_confirm_addr(struct in_device *in_dev, __be32 dst, __be32 local, int scope);
extern struct in_ifaddr *inet_ifa_byprefix(struct in_device *in_dev, __be32 prefix, __be32 mask);
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index e381edb..21f71bf 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -409,12 +409,12 @@ static int inet_set_ifa(struct net_device *dev, struct in_ifaddr *ifa)
return inet_insert_ifa(ifa);
}
-struct in_device *inetdev_by_index(int ifindex)
+struct in_device *inetdev_by_index(struct net *net, int ifindex)
{
struct net_device *dev;
struct in_device *in_dev = NULL;
read_lock(&dev_base_lock);
- dev = __dev_get_by_index(&init_net, ifindex);
+ dev = __dev_get_by_index(net, ifindex);
if (dev)
in_dev = in_dev_get(dev);
read_unlock(&dev_base_lock);
@@ -454,7 +454,7 @@ static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg
goto errout;
ifm = nlmsg_data(nlh);
- in_dev = inetdev_by_index(ifm->ifa_index);
+ in_dev = inetdev_by_index(net, ifm->ifa_index);
if (in_dev == NULL) {
err = -ENODEV;
goto errout;
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index ecd91c6..8b47e11 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -583,7 +583,7 @@ out:
if (nh->nh_flags&(RTNH_F_PERVASIVE|RTNH_F_ONLINK))
return -EINVAL;
- in_dev = inetdev_by_index(nh->nh_oif);
+ in_dev = inetdev_by_index(&init_net, nh->nh_oif);
if (in_dev == NULL)
return -ENODEV;
if (!(in_dev->dev->flags&IFF_UP)) {
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 285d262..b4df39a 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -1389,7 +1389,7 @@ static struct in_device * ip_mc_find_dev(struct ip_mreqn *imr)
struct in_device *idev = NULL;
if (imr->imr_ifindex) {
- idev = inetdev_by_index(imr->imr_ifindex);
+ idev = inetdev_by_index(&init_net, imr->imr_ifindex);
if (idev)
__in_dev_put(idev);
return idev;
@@ -2222,7 +2222,7 @@ void ip_mc_drop_socket(struct sock *sk)
struct in_device *in_dev;
inet->mc_list = iml->next;
- in_dev = inetdev_by_index(iml->multi.imr_ifindex);
+ in_dev = inetdev_by_index(&init_net, iml->multi.imr_ifindex);
(void) ip_mc_leave_src(sk, iml, in_dev);
if (in_dev != NULL) {
ip_mc_dec_group(in_dev, iml->multi.imr_multiaddr.s_addr);
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 8b81deb..a74983d 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -1193,7 +1193,8 @@ static int ipgre_close(struct net_device *dev)
{
struct ip_tunnel *t = netdev_priv(dev);
if (ipv4_is_multicast(t->parms.iph.daddr) && t->mlink) {
- struct in_device *in_dev = inetdev_by_index(t->mlink);
+ struct in_device *in_dev;
+ in_dev = inetdev_by_index(dev->nd_net, t->mlink);
if (in_dev) {
ip_mc_dec_group(in_dev, t->parms.iph.daddr);
in_dev_put(in_dev);
--
1.5.3.rc5
^ permalink raw reply related
* [PATCH 6/6 net-2.6.25] [NETNS] Pass correct namespace in ip_rt_get_source.
From: Denis V. Lunev @ 2008-01-21 14:50 UTC (permalink / raw)
To: davem; +Cc: netdev, devel, containers, Denis V. Lunev
In-Reply-To: <4794B10E.7010703@sw.ru>
ip_rt_get_source is the infamous place for which dst_ifdown kludges have
been implemented. This means that rt->u.dst.dev can be safely dereferrenced
obtain nd_net.
Signed-off-by: Denis V. Lunev <den@openvz.org>
---
net/ipv4/route.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index b3c6122..ede0571 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1559,7 +1559,7 @@ void ip_rt_get_source(u8 *addr, struct rtable *rt)
if (rt->fl.iif == 0)
src = rt->rt_src;
- else if (fib_lookup(&init_net, &rt->fl, &res) == 0) {
+ else if (fib_lookup(rt->u.dst.dev->nd_net, &rt->fl, &res) == 0) {
src = FIB_RES_PREFSRC(res);
fib_res_put(&res);
} else
--
1.5.3.rc5
^ permalink raw reply related
* [PATCH 4/6 net-2.6.25] [NETNS] Pass correct namespace in context fib_check_nh.
From: Denis V. Lunev @ 2008-01-21 14:50 UTC (permalink / raw)
To: davem; +Cc: netdev, devel, containers, Denis V. Lunev
In-Reply-To: <4794B10E.7010703@sw.ru>
Correct network namespace is already used in fib_check_nh. Re-work its usage
for better readability and pass into fib_lookup & inetdev_by_index.
Signed-off-by: Denis V. Lunev <den@openvz.org>
---
net/ipv4/fib_semantics.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index 8b47e11..c791286 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -519,7 +519,9 @@ static int fib_check_nh(struct fib_config *cfg, struct fib_info *fi,
struct fib_nh *nh)
{
int err;
+ struct net *net;
+ net = cfg->fc_nlinfo.nl_net;
if (nh->nh_gw) {
struct fib_result res;
@@ -532,11 +534,9 @@ static int fib_check_nh(struct fib_config *cfg, struct fib_info *fi,
if (cfg->fc_scope >= RT_SCOPE_LINK)
return -EINVAL;
- if (inet_addr_type(cfg->fc_nlinfo.nl_net,
- nh->nh_gw) != RTN_UNICAST)
+ if (inet_addr_type(net, nh->nh_gw) != RTN_UNICAST)
return -EINVAL;
- if ((dev = __dev_get_by_index(cfg->fc_nlinfo.nl_net,
- nh->nh_oif)) == NULL)
+ if ((dev = __dev_get_by_index(net, nh->nh_oif)) == NULL)
return -ENODEV;
if (!(dev->flags&IFF_UP))
return -ENETDOWN;
@@ -559,7 +559,7 @@ static int fib_check_nh(struct fib_config *cfg, struct fib_info *fi,
/* It is not necessary, but requires a bit of thinking */
if (fl.fl4_scope < RT_SCOPE_LINK)
fl.fl4_scope = RT_SCOPE_LINK;
- if ((err = fib_lookup(&init_net, &fl, &res)) != 0)
+ if ((err = fib_lookup(net, &fl, &res)) != 0)
return err;
}
err = -EINVAL;
@@ -583,7 +583,7 @@ out:
if (nh->nh_flags&(RTNH_F_PERVASIVE|RTNH_F_ONLINK))
return -EINVAL;
- in_dev = inetdev_by_index(&init_net, nh->nh_oif);
+ in_dev = inetdev_by_index(net, nh->nh_oif);
if (in_dev == NULL)
return -ENODEV;
if (!(in_dev->dev->flags&IFF_UP)) {
--
1.5.3.rc5
^ permalink raw reply related
* [PATCH 5/6 net-2.6.25] [NETNS] Pass correct namespace in ip_route_input_slow.
From: Denis V. Lunev @ 2008-01-21 14:50 UTC (permalink / raw)
To: davem; +Cc: netdev, devel, containers, Denis V. Lunev
In-Reply-To: <4794B10E.7010703@sw.ru>
The packet on the input path always has a referrence to an input network
device it is passed from. Extract network namespace from it.
Signed-off-by: Denis V. Lunev <den@openvz.org>
---
net/ipv4/route.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index c107bc3..b3c6122 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1881,6 +1881,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
__be32 spec_dst;
int err = -EINVAL;
int free_res = 0;
+ struct net * net = dev->nd_net;
/* IP on this device is disabled. */
@@ -1911,7 +1912,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
/*
* Now we are ready to route packet.
*/
- if ((err = fib_lookup(&init_net, &fl, &res)) != 0) {
+ if ((err = fib_lookup(net, &fl, &res)) != 0) {
if (!IN_DEV_FORWARD(in_dev))
goto e_hostunreach;
goto no_route;
@@ -1926,7 +1927,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
if (res.type == RTN_LOCAL) {
int result;
result = fib_validate_source(saddr, daddr, tos,
- init_net.loopback_dev->ifindex,
+ net->loopback_dev->ifindex,
dev, &spec_dst, &itag);
if (result < 0)
goto martian_source;
@@ -1988,7 +1989,7 @@ local_input:
#endif
rth->rt_iif =
rth->fl.iif = dev->ifindex;
- rth->u.dst.dev = init_net.loopback_dev;
+ rth->u.dst.dev = net->loopback_dev;
dev_hold(rth->u.dst.dev);
rth->idev = in_dev_get(rth->u.dst.dev);
rth->rt_gateway = daddr;
--
1.5.3.rc5
^ permalink raw reply related
* [PATCH 1/6 net-2.6.25] [NETNS] Add netns parameter to fib_lookup.
From: Denis V. Lunev @ 2008-01-21 14:50 UTC (permalink / raw)
To: davem; +Cc: netdev, devel, containers, Denis V. Lunev
In-Reply-To: <4794B10E.7010703@sw.ru>
Signed-off-by: Denis V. Lunev <den@openvz.org>
---
include/net/ip_fib.h | 9 +++++----
net/ipv4/fib_frontend.c | 4 ++--
net/ipv4/fib_rules.c | 4 ++--
net/ipv4/fib_semantics.c | 2 +-
net/ipv4/route.c | 6 +++---
5 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h
index 08ebb1e..9daa60b 100644
--- a/include/net/ip_fib.h
+++ b/include/net/ip_fib.h
@@ -178,15 +178,16 @@ static inline struct fib_table *fib_new_table(struct net *net, u32 id)
return fib_get_table(net, id);
}
-static inline int fib_lookup(const struct flowi *flp, struct fib_result *res)
+static inline int fib_lookup(struct net *net, const struct flowi *flp,
+ struct fib_result *res)
{
struct fib_table *table;
- table = fib_get_table(&init_net, RT_TABLE_LOCAL);
+ table = fib_get_table(net, RT_TABLE_LOCAL);
if (!table->tb_lookup(table, flp, res))
return 0;
- table = fib_get_table(&init_net, RT_TABLE_MAIN);
+ table = fib_get_table(net, RT_TABLE_MAIN);
if (!table->tb_lookup(table, flp, res))
return 0;
return -ENETUNREACH;
@@ -200,7 +201,7 @@ extern void __net_exit fib4_rules_exit(struct net *net);
extern u32 fib_rules_tclass(struct fib_result *res);
#endif
-extern int fib_lookup(struct flowi *flp, struct fib_result *res);
+extern int fib_lookup(struct net *n, struct flowi *flp, struct fib_result *res);
extern struct fib_table *fib_new_table(struct net *net, u32 id);
extern struct fib_table *fib_get_table(struct net *net, u32 id);
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 8c0081c..dcd3a28 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -256,7 +256,7 @@ int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif,
if (in_dev == NULL)
goto e_inval;
- if (fib_lookup(&fl, &res))
+ if (fib_lookup(&init_net, &fl, &res))
goto last_resort;
if (res.type != RTN_UNICAST)
goto e_inval_res;
@@ -280,7 +280,7 @@ int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif,
fl.oif = dev->ifindex;
ret = 0;
- if (fib_lookup(&fl, &res) == 0) {
+ if (fib_lookup(&init_net, &fl, &res) == 0) {
if (res.type == RTN_UNICAST) {
*spec_dst = FIB_RES_PREFSRC(res);
ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST;
diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
index 2b43002..19274d0 100644
--- a/net/ipv4/fib_rules.c
+++ b/net/ipv4/fib_rules.c
@@ -54,14 +54,14 @@ u32 fib_rules_tclass(struct fib_result *res)
}
#endif
-int fib_lookup(struct flowi *flp, struct fib_result *res)
+int fib_lookup(struct net *net, struct flowi *flp, struct fib_result *res)
{
struct fib_lookup_arg arg = {
.result = res,
};
int err;
- err = fib_rules_lookup(init_net.ipv4.rules_ops, flp, 0, &arg);
+ err = fib_rules_lookup(net->ipv4.rules_ops, flp, 0, &arg);
res->r = arg.rule;
return err;
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index 0e08df4..ecd91c6 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -559,7 +559,7 @@ static int fib_check_nh(struct fib_config *cfg, struct fib_info *fi,
/* It is not necessary, but requires a bit of thinking */
if (fl.fl4_scope < RT_SCOPE_LINK)
fl.fl4_scope = RT_SCOPE_LINK;
- if ((err = fib_lookup(&fl, &res)) != 0)
+ if ((err = fib_lookup(&init_net, &fl, &res)) != 0)
return err;
}
err = -EINVAL;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 162e738..c107bc3 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1559,7 +1559,7 @@ void ip_rt_get_source(u8 *addr, struct rtable *rt)
if (rt->fl.iif == 0)
src = rt->rt_src;
- else if (fib_lookup(&rt->fl, &res) == 0) {
+ else if (fib_lookup(&init_net, &rt->fl, &res) == 0) {
src = FIB_RES_PREFSRC(res);
fib_res_put(&res);
} else
@@ -1911,7 +1911,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
/*
* Now we are ready to route packet.
*/
- if ((err = fib_lookup(&fl, &res)) != 0) {
+ if ((err = fib_lookup(&init_net, &fl, &res)) != 0) {
if (!IN_DEV_FORWARD(in_dev))
goto e_hostunreach;
goto no_route;
@@ -2363,7 +2363,7 @@ static int ip_route_output_slow(struct rtable **rp, const struct flowi *oldflp)
goto make_route;
}
- if (fib_lookup(&fl, &res)) {
+ if (fib_lookup(&init_net, &fl, &res)) {
res.fi = NULL;
if (oldflp->oif) {
/* Apparently, routing tables are wrong. Assume,
--
1.5.3.rc5
^ permalink raw reply related
* [PATCH 3/6 net-2.6.25] [NETNS] Pass correct namespace in fib_validate_source.
From: Denis V. Lunev @ 2008-01-21 14:50 UTC (permalink / raw)
To: davem; +Cc: netdev, devel, containers, Denis V. Lunev
In-Reply-To: <4794B10E.7010703@sw.ru>
Correct network namespace is available inside fib_validate_source. It can be
obtained from the device passed in. The device is not NULL as in_device is
obtained from it just above.
Signed-off-by: Denis V. Lunev <den@openvz.org>
---
net/ipv4/fib_frontend.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index dcd3a28..39b8b35 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -243,6 +243,7 @@ int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif,
struct fib_result res;
int no_addr, rpf;
int ret;
+ struct net *net;
no_addr = rpf = 0;
rcu_read_lock();
@@ -256,7 +257,8 @@ int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif,
if (in_dev == NULL)
goto e_inval;
- if (fib_lookup(&init_net, &fl, &res))
+ net = dev->nd_net;
+ if (fib_lookup(net, &fl, &res))
goto last_resort;
if (res.type != RTN_UNICAST)
goto e_inval_res;
@@ -280,7 +282,7 @@ int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif,
fl.oif = dev->ifindex;
ret = 0;
- if (fib_lookup(&init_net, &fl, &res) == 0) {
+ if (fib_lookup(net, &fl, &res) == 0) {
if (res.type == RTN_UNICAST) {
*spec_dst = FIB_RES_PREFSRC(res);
ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST;
--
1.5.3.rc5
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox