From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org
Subject: [PATCH net-next 23/28] netfilter: ebtables: use net_generic infra
Date: Tue, 6 Apr 2021 14:21:28 +0200 [thread overview]
Message-ID: <20210406122133.1644-24-pablo@netfilter.org> (raw)
In-Reply-To: <20210406122133.1644-1-pablo@netfilter.org>
From: Florian Westphal <fw@strlen.de>
ebtables currently uses net->xt.tables[BRIDGE], but upcoming
patch will move net->xt.tables away from struct net.
To avoid exposing x_tables internals to ebtables, use a private list
instead.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/bridge/netfilter/ebtables.c | 39 ++++++++++++++++++++++++++++-----
1 file changed, 34 insertions(+), 5 deletions(-)
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index ebe33b60efd6..11625d05bbbc 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -24,6 +24,7 @@
#include <linux/cpumask.h>
#include <linux/audit.h>
#include <net/sock.h>
+#include <net/netns/generic.h>
/* needed for logical [in,out]-dev filtering */
#include "../br_private.h"
@@ -39,8 +40,11 @@
#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \
COUNTER_OFFSET(n) * cpu))
+struct ebt_pernet {
+ struct list_head tables;
+};
-
+static unsigned int ebt_pernet_id __read_mostly;
static DEFINE_MUTEX(ebt_mutex);
#ifdef CONFIG_COMPAT
@@ -336,7 +340,9 @@ static inline struct ebt_table *
find_table_lock(struct net *net, const char *name, int *error,
struct mutex *mutex)
{
- return find_inlist_lock(&net->xt.tables[NFPROTO_BRIDGE], name,
+ struct ebt_pernet *ebt_net = net_generic(net, ebt_pernet_id);
+
+ return find_inlist_lock(&ebt_net->tables, name,
"ebtable_", error, mutex);
}
@@ -1136,6 +1142,7 @@ static void __ebt_unregister_table(struct net *net, struct ebt_table *table)
int ebt_register_table(struct net *net, const struct ebt_table *input_table,
const struct nf_hook_ops *ops, struct ebt_table **res)
{
+ struct ebt_pernet *ebt_net = net_generic(net, ebt_pernet_id);
struct ebt_table_info *newinfo;
struct ebt_table *t, *table;
struct ebt_replace_kernel *repl;
@@ -1194,7 +1201,7 @@ int ebt_register_table(struct net *net, const struct ebt_table *input_table,
table->private = newinfo;
rwlock_init(&table->lock);
mutex_lock(&ebt_mutex);
- list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
+ list_for_each_entry(t, &ebt_net->tables, list) {
if (strcmp(t->name, table->name) == 0) {
ret = -EEXIST;
goto free_unlock;
@@ -1206,7 +1213,7 @@ int ebt_register_table(struct net *net, const struct ebt_table *input_table,
ret = -ENOENT;
goto free_unlock;
}
- list_add(&table->list, &net->xt.tables[NFPROTO_BRIDGE]);
+ list_add(&table->list, &ebt_net->tables);
mutex_unlock(&ebt_mutex);
WRITE_ONCE(*res, table);
@@ -2412,6 +2419,20 @@ static struct nf_sockopt_ops ebt_sockopts = {
.owner = THIS_MODULE,
};
+static int __net_init ebt_pernet_init(struct net *net)
+{
+ struct ebt_pernet *ebt_net = net_generic(net, ebt_pernet_id);
+
+ INIT_LIST_HEAD(&ebt_net->tables);
+ return 0;
+}
+
+static struct pernet_operations ebt_net_ops = {
+ .init = ebt_pernet_init,
+ .id = &ebt_pernet_id,
+ .size = sizeof(struct ebt_pernet),
+};
+
static int __init ebtables_init(void)
{
int ret;
@@ -2425,13 +2446,21 @@ static int __init ebtables_init(void)
return ret;
}
+ ret = register_pernet_subsys(&ebt_net_ops);
+ if (ret < 0) {
+ nf_unregister_sockopt(&ebt_sockopts);
+ xt_unregister_target(&ebt_standard_target);
+ return ret;
+ }
+
return 0;
}
-static void __exit ebtables_fini(void)
+static void ebtables_fini(void)
{
nf_unregister_sockopt(&ebt_sockopts);
xt_unregister_target(&ebt_standard_target);
+ unregister_pernet_subsys(&ebt_net_ops);
}
EXPORT_SYMBOL(ebt_register_table);
--
2.30.2
next prev parent reply other threads:[~2021-04-06 12:22 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-06 12:21 [PATCH net-next 00/28] Netfilter updates for net-next Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 01/28] netfilter: nf_log_ipv4: rename to nf_log_syslog Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 02/28] netfilter: nf_log_arp: merge with nf_log_syslog Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 03/28] netfilter: nf_log_ipv6: " Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 04/28] netfilter: nf_log_netdev: " Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 05/28] netfilter: nf_log_bridge: " Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 06/28] netfilter: nf_log_common: " Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 07/28] netfilter: nf_log: add module softdeps Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 08/28] netfilter: nft_log: perform module load from nf_tables Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 09/28] audit: log nftables configuration change events once per table Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 10/28] netfilter: ipset: Remove duplicate declaration Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 11/28] netfilter: flowtable: dst_check() from garbage collector path Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 12/28] netfilter: nftables: remove unnecessary spin_lock_init() Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 13/28] netfilter: nftables: add helper function to set the base sequence number Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 14/28] netfilter: add helper function to set up the nfnetlink header and use it Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 15/28] netfilter: ipvs: do not printk on netns creation Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 16/28] netfilter: nftables: fix a warning message in nf_tables_commit_audit_collect() Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 17/28] netfilter: nftables: remove documentation on static functions Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 18/28] netfilter: nfnetlink: add and use nfnetlink_broadcast Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 19/28] netfilter: nfnetlink: use net_generic infra Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 20/28] netfilter: cttimeout: " Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 21/28] netfilter: nf_defrag_ipv6: " Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 22/28] netfilter: nf_defrag_ipv4: " Pablo Neira Ayuso
2021-04-06 12:21 ` Pablo Neira Ayuso [this message]
2021-04-06 12:21 ` [PATCH net-next 24/28] netfilter: nf_tables: use net_generic infra for transaction data Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 25/28] netfilter: x_tables: move known table lists to net_generic infra Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 26/28] netfilter: conntrack: move sysctl pointer " Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 27/28] netfilter: conntrack: move ecache dwork " Pablo Neira Ayuso
2021-04-06 12:21 ` [PATCH net-next 28/28] net: remove obsolete members from struct net Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210406122133.1644-24-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).