Commit 3cb609d57c20027a8b39fc60b79b930a89da82d4
Committed by
David S. Miller
David S. Miller
1 parent
715cf35ac9
Exists in
master
and in
7 other branches
[NETFILTER]: x_tables: create per-netns /proc/net/*_tables_*
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 5 changed files with 67 additions and 21 deletions Side-by-side Diff
include/linux/netfilter/x_tables.h
| ... | ... | @@ -357,8 +357,8 @@ |
| 357 | 357 | const char *name); |
| 358 | 358 | extern void xt_table_unlock(struct xt_table *t); |
| 359 | 359 | |
| 360 | -extern int xt_proto_init(int af); | |
| 361 | -extern void xt_proto_fini(int af); | |
| 360 | +extern int xt_proto_init(struct net *net, int af); | |
| 361 | +extern void xt_proto_fini(struct net *net, int af); | |
| 362 | 362 | |
| 363 | 363 | extern struct xt_table_info *xt_alloc_table_info(unsigned int size); |
| 364 | 364 | extern void xt_free_table_info(struct xt_table_info *info); |
net/ipv4/netfilter/arp_tables.c
| ... | ... | @@ -1822,11 +1822,26 @@ |
| 1822 | 1822 | .owner = THIS_MODULE, |
| 1823 | 1823 | }; |
| 1824 | 1824 | |
| 1825 | +static int __net_init arp_tables_net_init(struct net *net) | |
| 1826 | +{ | |
| 1827 | + return xt_proto_init(net, NF_ARP); | |
| 1828 | +} | |
| 1829 | + | |
| 1830 | +static void __net_exit arp_tables_net_exit(struct net *net) | |
| 1831 | +{ | |
| 1832 | + xt_proto_fini(net, NF_ARP); | |
| 1833 | +} | |
| 1834 | + | |
| 1835 | +static struct pernet_operations arp_tables_net_ops = { | |
| 1836 | + .init = arp_tables_net_init, | |
| 1837 | + .exit = arp_tables_net_exit, | |
| 1838 | +}; | |
| 1839 | + | |
| 1825 | 1840 | static int __init arp_tables_init(void) |
| 1826 | 1841 | { |
| 1827 | 1842 | int ret; |
| 1828 | 1843 | |
| 1829 | - ret = xt_proto_init(NF_ARP); | |
| 1844 | + ret = register_pernet_subsys(&arp_tables_net_ops); | |
| 1830 | 1845 | if (ret < 0) |
| 1831 | 1846 | goto err1; |
| 1832 | 1847 | |
| ... | ... | @@ -1851,7 +1866,7 @@ |
| 1851 | 1866 | err3: |
| 1852 | 1867 | xt_unregister_target(&arpt_standard_target); |
| 1853 | 1868 | err2: |
| 1854 | - xt_proto_fini(NF_ARP); | |
| 1869 | + unregister_pernet_subsys(&arp_tables_net_ops); | |
| 1855 | 1870 | err1: |
| 1856 | 1871 | return ret; |
| 1857 | 1872 | } |
| ... | ... | @@ -1861,7 +1876,7 @@ |
| 1861 | 1876 | nf_unregister_sockopt(&arpt_sockopts); |
| 1862 | 1877 | xt_unregister_target(&arpt_error_target); |
| 1863 | 1878 | xt_unregister_target(&arpt_standard_target); |
| 1864 | - xt_proto_fini(NF_ARP); | |
| 1879 | + unregister_pernet_subsys(&arp_tables_net_ops); | |
| 1865 | 1880 | } |
| 1866 | 1881 | |
| 1867 | 1882 | EXPORT_SYMBOL(arpt_register_table); |
net/ipv4/netfilter/ip_tables.c
| ... | ... | @@ -2213,11 +2213,26 @@ |
| 2213 | 2213 | .family = AF_INET, |
| 2214 | 2214 | }; |
| 2215 | 2215 | |
| 2216 | +static int __net_init ip_tables_net_init(struct net *net) | |
| 2217 | +{ | |
| 2218 | + return xt_proto_init(net, AF_INET); | |
| 2219 | +} | |
| 2220 | + | |
| 2221 | +static void __net_exit ip_tables_net_exit(struct net *net) | |
| 2222 | +{ | |
| 2223 | + xt_proto_fini(net, AF_INET); | |
| 2224 | +} | |
| 2225 | + | |
| 2226 | +static struct pernet_operations ip_tables_net_ops = { | |
| 2227 | + .init = ip_tables_net_init, | |
| 2228 | + .exit = ip_tables_net_exit, | |
| 2229 | +}; | |
| 2230 | + | |
| 2216 | 2231 | static int __init ip_tables_init(void) |
| 2217 | 2232 | { |
| 2218 | 2233 | int ret; |
| 2219 | 2234 | |
| 2220 | - ret = xt_proto_init(AF_INET); | |
| 2235 | + ret = register_pernet_subsys(&ip_tables_net_ops); | |
| 2221 | 2236 | if (ret < 0) |
| 2222 | 2237 | goto err1; |
| 2223 | 2238 | |
| ... | ... | @@ -2247,7 +2262,7 @@ |
| 2247 | 2262 | err3: |
| 2248 | 2263 | xt_unregister_target(&ipt_standard_target); |
| 2249 | 2264 | err2: |
| 2250 | - xt_proto_fini(AF_INET); | |
| 2265 | + unregister_pernet_subsys(&ip_tables_net_ops); | |
| 2251 | 2266 | err1: |
| 2252 | 2267 | return ret; |
| 2253 | 2268 | } |
| ... | ... | @@ -2260,7 +2275,7 @@ |
| 2260 | 2275 | xt_unregister_target(&ipt_error_target); |
| 2261 | 2276 | xt_unregister_target(&ipt_standard_target); |
| 2262 | 2277 | |
| 2263 | - xt_proto_fini(AF_INET); | |
| 2278 | + unregister_pernet_subsys(&ip_tables_net_ops); | |
| 2264 | 2279 | } |
| 2265 | 2280 | |
| 2266 | 2281 | EXPORT_SYMBOL(ipt_register_table); |
net/ipv6/netfilter/ip6_tables.c
| ... | ... | @@ -2238,11 +2238,26 @@ |
| 2238 | 2238 | .family = AF_INET6, |
| 2239 | 2239 | }; |
| 2240 | 2240 | |
| 2241 | +static int __net_init ip6_tables_net_init(struct net *net) | |
| 2242 | +{ | |
| 2243 | + return xt_proto_init(net, AF_INET6); | |
| 2244 | +} | |
| 2245 | + | |
| 2246 | +static void __net_exit ip6_tables_net_exit(struct net *net) | |
| 2247 | +{ | |
| 2248 | + xt_proto_fini(net, AF_INET6); | |
| 2249 | +} | |
| 2250 | + | |
| 2251 | +static struct pernet_operations ip6_tables_net_ops = { | |
| 2252 | + .init = ip6_tables_net_init, | |
| 2253 | + .exit = ip6_tables_net_exit, | |
| 2254 | +}; | |
| 2255 | + | |
| 2241 | 2256 | static int __init ip6_tables_init(void) |
| 2242 | 2257 | { |
| 2243 | 2258 | int ret; |
| 2244 | 2259 | |
| 2245 | - ret = xt_proto_init(AF_INET6); | |
| 2260 | + ret = register_pernet_subsys(&ip6_tables_net_ops); | |
| 2246 | 2261 | if (ret < 0) |
| 2247 | 2262 | goto err1; |
| 2248 | 2263 | |
| ... | ... | @@ -2272,7 +2287,7 @@ |
| 2272 | 2287 | err3: |
| 2273 | 2288 | xt_unregister_target(&ip6t_standard_target); |
| 2274 | 2289 | err2: |
| 2275 | - xt_proto_fini(AF_INET6); | |
| 2290 | + unregister_pernet_subsys(&ip6_tables_net_ops); | |
| 2276 | 2291 | err1: |
| 2277 | 2292 | return ret; |
| 2278 | 2293 | } |
| ... | ... | @@ -2284,7 +2299,8 @@ |
| 2284 | 2299 | xt_unregister_match(&icmp6_matchstruct); |
| 2285 | 2300 | xt_unregister_target(&ip6t_error_target); |
| 2286 | 2301 | xt_unregister_target(&ip6t_standard_target); |
| 2287 | - xt_proto_fini(AF_INET6); | |
| 2302 | + | |
| 2303 | + unregister_pernet_subsys(&ip6_tables_net_ops); | |
| 2288 | 2304 | } |
| 2289 | 2305 | |
| 2290 | 2306 | /* |
net/netfilter/x_tables.c
| ... | ... | @@ -922,7 +922,7 @@ |
| 922 | 922 | |
| 923 | 923 | #endif /* CONFIG_PROC_FS */ |
| 924 | 924 | |
| 925 | -int xt_proto_init(int af) | |
| 925 | +int xt_proto_init(struct net *net, int af) | |
| 926 | 926 | { |
| 927 | 927 | #ifdef CONFIG_PROC_FS |
| 928 | 928 | char buf[XT_FUNCTION_MAXNAMELEN]; |
| ... | ... | @@ -936,7 +936,7 @@ |
| 936 | 936 | #ifdef CONFIG_PROC_FS |
| 937 | 937 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 938 | 938 | strlcat(buf, FORMAT_TABLES, sizeof(buf)); |
| 939 | - proc = proc_net_fops_create(&init_net, buf, 0440, &xt_table_ops); | |
| 939 | + proc = proc_net_fops_create(net, buf, 0440, &xt_table_ops); | |
| 940 | 940 | if (!proc) |
| 941 | 941 | goto out; |
| 942 | 942 | proc->data = (void *)(unsigned long)af; |
| 943 | 943 | |
| ... | ... | @@ -944,14 +944,14 @@ |
| 944 | 944 | |
| 945 | 945 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 946 | 946 | strlcat(buf, FORMAT_MATCHES, sizeof(buf)); |
| 947 | - proc = proc_net_fops_create(&init_net, buf, 0440, &xt_match_ops); | |
| 947 | + proc = proc_net_fops_create(net, buf, 0440, &xt_match_ops); | |
| 948 | 948 | if (!proc) |
| 949 | 949 | goto out_remove_tables; |
| 950 | 950 | proc->data = (void *)(unsigned long)af; |
| 951 | 951 | |
| 952 | 952 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 953 | 953 | strlcat(buf, FORMAT_TARGETS, sizeof(buf)); |
| 954 | - proc = proc_net_fops_create(&init_net, buf, 0440, &xt_target_ops); | |
| 954 | + proc = proc_net_fops_create(net, buf, 0440, &xt_target_ops); | |
| 955 | 955 | if (!proc) |
| 956 | 956 | goto out_remove_matches; |
| 957 | 957 | proc->data = (void *)(unsigned long)af; |
| 958 | 958 | |
| 959 | 959 | |
| 960 | 960 | |
| 961 | 961 | |
| 962 | 962 | |
| ... | ... | @@ -963,34 +963,34 @@ |
| 963 | 963 | out_remove_matches: |
| 964 | 964 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 965 | 965 | strlcat(buf, FORMAT_MATCHES, sizeof(buf)); |
| 966 | - proc_net_remove(&init_net, buf); | |
| 966 | + proc_net_remove(net, buf); | |
| 967 | 967 | |
| 968 | 968 | out_remove_tables: |
| 969 | 969 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 970 | 970 | strlcat(buf, FORMAT_TABLES, sizeof(buf)); |
| 971 | - proc_net_remove(&init_net, buf); | |
| 971 | + proc_net_remove(net, buf); | |
| 972 | 972 | out: |
| 973 | 973 | return -1; |
| 974 | 974 | #endif |
| 975 | 975 | } |
| 976 | 976 | EXPORT_SYMBOL_GPL(xt_proto_init); |
| 977 | 977 | |
| 978 | -void xt_proto_fini(int af) | |
| 978 | +void xt_proto_fini(struct net *net, int af) | |
| 979 | 979 | { |
| 980 | 980 | #ifdef CONFIG_PROC_FS |
| 981 | 981 | char buf[XT_FUNCTION_MAXNAMELEN]; |
| 982 | 982 | |
| 983 | 983 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 984 | 984 | strlcat(buf, FORMAT_TABLES, sizeof(buf)); |
| 985 | - proc_net_remove(&init_net, buf); | |
| 985 | + proc_net_remove(net, buf); | |
| 986 | 986 | |
| 987 | 987 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 988 | 988 | strlcat(buf, FORMAT_TARGETS, sizeof(buf)); |
| 989 | - proc_net_remove(&init_net, buf); | |
| 989 | + proc_net_remove(net, buf); | |
| 990 | 990 | |
| 991 | 991 | strlcpy(buf, xt_prefix[af], sizeof(buf)); |
| 992 | 992 | strlcat(buf, FORMAT_MATCHES, sizeof(buf)); |
| 993 | - proc_net_remove(&init_net, buf); | |
| 993 | + proc_net_remove(net, buf); | |
| 994 | 994 | #endif /*CONFIG_PROC_FS*/ |
| 995 | 995 | } |
| 996 | 996 | EXPORT_SYMBOL_GPL(xt_proto_fini); |