From patchwork Wed Oct 15 04:23:41 2008 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Dobriyan X-Patchwork-Id: 4561 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.176.167]) by ozlabs.org (Postfix) with ESMTP id 67E0ADDDE6 for ; Wed, 15 Oct 2008 15:20:53 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751680AbYJOEUr (ORCPT ); Wed, 15 Oct 2008 00:20:47 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751646AbYJOEUq (ORCPT ); Wed, 15 Oct 2008 00:20:46 -0400 Received: from nf-out-0910.google.com ([64.233.182.186]:16235 "EHLO nf-out-0910.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751520AbYJOEUp (ORCPT ); Wed, 15 Oct 2008 00:20:45 -0400 Received: by nf-out-0910.google.com with SMTP id d3so1135493nfc.21 for ; Tue, 14 Oct 2008 21:20:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:mime-version:content-type:content-disposition:user-agent; bh=CiZQYz8NGmzrZveA+6Mmj9zTl4waijq6pguv9Vweqcg=; b=OzFoLLnuNUpLYKRIwYSWEENpLw7i4mmnuTcQTRO8VLeIpodVts1Rtp+JpkQ+JWp0ud gssxGweDX+j3Fg1d0pSolbS0xT4EZX/K0Ldi+ScFYGG506gyMtR7khzsU4jpY90j3wt9 kIEReUA+TaqsD/NiwZrxbS2JuAgUMPlWqjrws= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:mime-version:content-type :content-disposition:user-agent; b=mz3h2FY5Rsd0ks0HlUO3mhsNpD/bhB6KonWUzfx4DOibdxT3ATA4R38o5XOM7WMSX4 MZIqsWPK9CxhC0hr35Hny+OFqjGM/85ZatqvjnclrqctWxynxGLOcmKsC+isk5jjupS+ J2iBIgiAnyQDSXho96zPOl9PM14IBrtBKUEXA= Received: by 10.210.120.7 with SMTP id s7mr577592ebc.53.1224044443944; Tue, 14 Oct 2008 21:20:43 -0700 (PDT) Received: from localhost (gw.zunet.ru [217.67.117.64]) by mx.google.com with ESMTPS id k5sm2210356nfh.0.2008.10.14.21.20.41 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 14 Oct 2008 21:20:42 -0700 (PDT) Date: Wed, 15 Oct 2008 08:23:41 +0400 From: Alexey Dobriyan To: kaber@trash.net Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org, containers@osdl.org Subject: [PATCH 6/7] netns ebtables: ebtable_nat in netns Message-ID: <20081015042341.GJ24058@x200.localdomain> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.18 (2008-05-17) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Signed-off-by: Alexey Dobriyan --- include/net/netns/x_tables.h | 1 net/bridge/netfilter/ebtable_nat.c | 47 +++++++++++++++++++++++++------------ 2 files changed, 33 insertions(+), 15 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html --- a/include/net/netns/x_tables.h +++ b/include/net/netns/x_tables.h @@ -11,5 +11,6 @@ struct netns_xt { struct list_head ebt_tables; struct ebt_table *broute_table; struct ebt_table *frame_filter; + struct ebt_table *frame_nat; }; #endif --- a/net/bridge/netfilter/ebtable_nat.c +++ b/net/bridge/netfilter/ebtable_nat.c @@ -50,48 +50,47 @@ static int check(const struct ebt_table_info *info, unsigned int valid_hooks) return 0; } -static struct ebt_table __frame_nat = +static struct ebt_table frame_nat = { .name = "nat", .table = &initial_table, .valid_hooks = NAT_VALID_HOOKS, - .lock = __RW_LOCK_UNLOCKED(__frame_nat.lock), + .lock = __RW_LOCK_UNLOCKED(frame_nat.lock), .check = check, .me = THIS_MODULE, }; -static struct ebt_table *frame_nat; static unsigned int -ebt_nat_dst(unsigned int hook, struct sk_buff *skb, const struct net_device *in +ebt_nat_in(unsigned int hook, struct sk_buff *skb, const struct net_device *in , const struct net_device *out, int (*okfn)(struct sk_buff *)) { - return ebt_do_table(hook, skb, in, out, frame_nat); + return ebt_do_table(hook, skb, in, out, dev_net(in)->xt.frame_nat); } static unsigned int -ebt_nat_src(unsigned int hook, struct sk_buff *skb, const struct net_device *in +ebt_nat_out(unsigned int hook, struct sk_buff *skb, const struct net_device *in , const struct net_device *out, int (*okfn)(struct sk_buff *)) { - return ebt_do_table(hook, skb, in, out, frame_nat); + return ebt_do_table(hook, skb, in, out, dev_net(out)->xt.frame_nat); } static struct nf_hook_ops ebt_ops_nat[] __read_mostly = { { - .hook = ebt_nat_dst, + .hook = ebt_nat_out, .owner = THIS_MODULE, .pf = PF_BRIDGE, .hooknum = NF_BR_LOCAL_OUT, .priority = NF_BR_PRI_NAT_DST_OTHER, }, { - .hook = ebt_nat_src, + .hook = ebt_nat_out, .owner = THIS_MODULE, .pf = PF_BRIDGE, .hooknum = NF_BR_POST_ROUTING, .priority = NF_BR_PRI_NAT_SRC, }, { - .hook = ebt_nat_dst, + .hook = ebt_nat_in, .owner = THIS_MODULE, .pf = PF_BRIDGE, .hooknum = NF_BR_PRE_ROUTING, @@ -99,23 +98,41 @@ static struct nf_hook_ops ebt_ops_nat[] __read_mostly = { }, }; +static int __net_init frame_nat_net_init(struct net *net) +{ + net->xt.frame_nat = ebt_register_table(net, &frame_nat); + if (IS_ERR(net->xt.frame_nat)) + return PTR_ERR(net->xt.frame_nat); + return 0; +} + +static void __net_exit frame_nat_net_exit(struct net *net) +{ + ebt_unregister_table(net->xt.frame_nat); +} + +static struct pernet_operations frame_nat_net_ops = { + .init = frame_nat_net_init, + .exit = frame_nat_net_exit, +}; + static int __init ebtable_nat_init(void) { int ret; - frame_nat = ebt_register_table(&init_net, &__frame_nat); - if (IS_ERR(frame_nat)) - return PTR_ERR(frame_nat); + ret = register_pernet_subsys(&frame_nat_net_ops); + if (ret < 0) + return ret; ret = nf_register_hooks(ebt_ops_nat, ARRAY_SIZE(ebt_ops_nat)); if (ret < 0) - ebt_unregister_table(frame_nat); + unregister_pernet_subsys(&frame_nat_net_ops); return ret; } static void __exit ebtable_nat_fini(void) { nf_unregister_hooks(ebt_ops_nat, ARRAY_SIZE(ebt_ops_nat)); - ebt_unregister_table(frame_nat); + unregister_pernet_subsys(&frame_nat_net_ops); } module_init(ebtable_nat_init);