From b6d9ffbbeb5d838e64e46e4ef3da9073a0dde514 Mon Sep 17 00:00:00 2001 From: Alexey Dobriyan Date: Tue, 4 Nov 2008 14:30:46 +0100 Subject: [PATCH] --- yaml --- r: 122367 b: refs/heads/master c: b71b30a626fd0e43c825a05036e7a2c3f377a563 h: refs/heads/master i: 122365: c6908eabe0ca0fe5bd1dce1c964581d95f87172d 122363: 8c086c778cb4d7bfce7614c072ff9ad07b755a16 122359: d46d87b70466a10c4c7431a848ba91c292b66b79 122351: fd5631037f8db67b09fe7736a39e650cb5c81658 122335: f6e6583d82290db7083bfa89c13080c0f9636d91 122303: 656b83311aa9855f22d671ff1d7cf4d0dba1808f 122239: d88f660716b785f96518cf6fe8ea4e6d8486b126 122111: 5ca8caff03b2d6940d572238608bd91128b6a39a 121855: 189b7f72aa64eecf1b3ee4b8652d4973b4cdeb92 v: v3 --- [refs] | 2 +- trunk/include/net/netns/x_tables.h | 1 + trunk/net/bridge/netfilter/ebtable_nat.c | 47 ++++++++++++++++-------- 3 files changed, 34 insertions(+), 16 deletions(-) diff --git a/[refs] b/[refs] index e690a5aad7a6..1aee5349b954 100644 --- a/[refs] +++ b/[refs] @@ -1,2 +1,2 @@ --- -refs/heads/master: 4aad10938d4e4e8364b664cd5420c3bfeb9b679b +refs/heads/master: b71b30a626fd0e43c825a05036e7a2c3f377a563 diff --git a/trunk/include/net/netns/x_tables.h b/trunk/include/net/netns/x_tables.h index d258e16c894e..9554a644a8f8 100644 --- a/trunk/include/net/netns/x_tables.h +++ b/trunk/include/net/netns/x_tables.h @@ -10,5 +10,6 @@ struct netns_xt { struct list_head tables[NFPROTO_NUMPROTO]; struct ebt_table *broute_table; struct ebt_table *frame_filter; + struct ebt_table *frame_nat; }; #endif diff --git a/trunk/net/bridge/netfilter/ebtable_nat.c b/trunk/net/bridge/netfilter/ebtable_nat.c index 0d8fc5bcddd1..3fe1ae87e35f 100644 --- a/trunk/net/bridge/netfilter/ebtable_nat.c +++ b/trunk/net/bridge/netfilter/ebtable_nat.c @@ -50,48 +50,47 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks) return 0; } -static struct ebt_table __frame_nat = +static struct ebt_table frame_nat = { .name = "nat", .table = &initial_table, .valid_hooks = NAT_VALID_HOOKS, - .lock = __RW_LOCK_UNLOCKED(__frame_nat.lock), + .lock = __RW_LOCK_UNLOCKED(frame_nat.lock), .check = check, .me = THIS_MODULE, }; -static struct ebt_table *frame_nat; static unsigned int -ebt_nat_dst(unsigned int hook, struct sk_buff *skb, const struct net_device *in +ebt_nat_in(unsigned int hook, struct sk_buff *skb, const struct net_device *in , const struct net_device *out, int (*okfn)(struct sk_buff *)) { - return ebt_do_table(hook, skb, in, out, frame_nat); + return ebt_do_table(hook, skb, in, out, dev_net(in)->xt.frame_nat); } static unsigned int -ebt_nat_src(unsigned int hook, struct sk_buff *skb, const struct net_device *in +ebt_nat_out(unsigned int hook, struct sk_buff *skb, const struct net_device *in , const struct net_device *out, int (*okfn)(struct sk_buff *)) { - return ebt_do_table(hook, skb, in, out, frame_nat); + return ebt_do_table(hook, skb, in, out, dev_net(out)->xt.frame_nat); } static struct nf_hook_ops ebt_ops_nat[] __read_mostly = { { - .hook = ebt_nat_dst, + .hook = ebt_nat_out, .owner = THIS_MODULE, .pf = PF_BRIDGE, .hooknum = NF_BR_LOCAL_OUT, .priority = NF_BR_PRI_NAT_DST_OTHER, }, { - .hook = ebt_nat_src, + .hook = ebt_nat_out, .owner = THIS_MODULE, .pf = PF_BRIDGE, .hooknum = NF_BR_POST_ROUTING, .priority = NF_BR_PRI_NAT_SRC, }, { - .hook = ebt_nat_dst, + .hook = ebt_nat_in, .owner = THIS_MODULE, .pf = PF_BRIDGE, .hooknum = NF_BR_PRE_ROUTING, @@ -99,23 +98,41 @@ static struct nf_hook_ops ebt_ops_nat[] __read_mostly = { }, }; +static int __net_init frame_nat_net_init(struct net *net) +{ + net->xt.frame_nat = ebt_register_table(net, &frame_nat); + if (IS_ERR(net->xt.frame_nat)) + return PTR_ERR(net->xt.frame_nat); + return 0; +} + +static void __net_exit frame_nat_net_exit(struct net *net) +{ + ebt_unregister_table(net->xt.frame_nat); +} + +static struct pernet_operations frame_nat_net_ops = { + .init = frame_nat_net_init, + .exit = frame_nat_net_exit, +}; + static int __init ebtable_nat_init(void) { int ret; - frame_nat = ebt_register_table(&init_net, &__frame_nat); - if (IS_ERR(frame_nat)) - return PTR_ERR(frame_nat); + ret = register_pernet_subsys(&frame_nat_net_ops); + if (ret < 0) + return ret; ret = nf_register_hooks(ebt_ops_nat, ARRAY_SIZE(ebt_ops_nat)); if (ret < 0) - ebt_unregister_table(frame_nat); + unregister_pernet_subsys(&frame_nat_net_ops); return ret; } static void __exit ebtable_nat_fini(void) { nf_unregister_hooks(ebt_ops_nat, ARRAY_SIZE(ebt_ops_nat)); - ebt_unregister_table(frame_nat); + unregister_pernet_subsys(&frame_nat_net_ops); } module_init(ebtable_nat_init);