Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1785e8f4 authored by Vitaly Lavrov's avatar Vitaly Lavrov Committed by Jozsef Kadlecsik
Browse files

netfiler: ipset: Add net namespace for ipset 

This patch adds netns support for ipset.

Major changes were made in ip_set_core.c and ip_set.h.
Global variables are moved to per net namespace.
Added initialization code and the destruction of the network namespace ipset subsystem.
In the prototypes of public functions ip_set_* added parameter "struct net*".

The remaining corrections related to the change prototypes of public functions ip_set_*.

The patch for git://git.netfilter.org/ipset.git

 commit 6a4ec96c0b8caac5c35474e40e319704d92ca347

Signed-off-by: default avatarVitaly Lavrov <lve@guap.ru>
Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
parent 3fd986b3

include/linux/netfilter/ipset/ip_set.h

+9 −7
Original line number Diff line number Diff line
@@ -184,7 +184,8 @@ struct ip_set_type { 
	u8 revision_min, revision_max;



	/* Create set */

	int (*create)(struct ip_set *set, struct nlattr *tb[], u32 flags);

	int (*create)(struct net *net, struct ip_set *set,

		      struct nlattr *tb[], u32 flags);



	/* Attribute policies */

	const struct nla_policy create_policy[IPSET_ATTR_CREATE_MAX + 1];
@@ -316,12 +317,13 @@ ip_set_init_counter(struct ip_set_counter *counter, 
}



/* register and unregister set references */

extern ip_set_id_t ip_set_get_byname(const char *name, struct ip_set **set);

extern void ip_set_put_byindex(ip_set_id_t index);

extern const char *ip_set_name_byindex(ip_set_id_t index);

extern ip_set_id_t ip_set_nfnl_get(const char *name);

extern ip_set_id_t ip_set_nfnl_get_byindex(ip_set_id_t index);

extern void ip_set_nfnl_put(ip_set_id_t index);

extern ip_set_id_t ip_set_get_byname(struct net *net,

				     const char *name, struct ip_set **set);

extern void ip_set_put_byindex(struct net *net, ip_set_id_t index);

extern const char *ip_set_name_byindex(struct net *net, ip_set_id_t index);

extern ip_set_id_t ip_set_nfnl_get(struct net *net, const char *name);

extern ip_set_id_t ip_set_nfnl_get_byindex(struct net *net, ip_set_id_t index);

extern void ip_set_nfnl_put(struct net *net, ip_set_id_t index);



/* API for iptables set match, and SET target */

net/netfilter/ipset/ip_set_bitmap_ip.c

+2 −1
Original line number Diff line number Diff line
@@ -242,7 +242,8 @@ init_map_ip(struct ip_set *set, struct bitmap_ip *map, 
}



static int

bitmap_ip_create(struct ip_set *set, struct nlattr *tb[], u32 flags)

bitmap_ip_create(struct net *net, struct ip_set *set, struct nlattr *tb[],

		 u32 flags)

{

	struct bitmap_ip *map;

	u32 first_ip = 0, last_ip = 0, hosts;

net/netfilter/ipset/ip_set_bitmap_ipmac.c

+1 −1
Original line number Diff line number Diff line
@@ -309,7 +309,7 @@ init_map_ipmac(struct ip_set *set, struct bitmap_ipmac *map, 
}



static int

bitmap_ipmac_create(struct ip_set *set, struct nlattr *tb[],

bitmap_ipmac_create(struct net *net, struct ip_set *set, struct nlattr *tb[],

		    u32 flags)

{

	u32 first_ip = 0, last_ip = 0;

net/netfilter/ipset/ip_set_bitmap_port.c

+2 −1
Original line number Diff line number Diff line
@@ -228,7 +228,8 @@ init_map_port(struct ip_set *set, struct bitmap_port *map, 
}



static int

bitmap_port_create(struct ip_set *set, struct nlattr *tb[], u32 flags)

bitmap_port_create(struct net *net, struct ip_set *set, struct nlattr *tb[],

		   u32 flags)

{

	struct bitmap_port *map;

	u16 first_port, last_port;

net/netfilter/ipset/ip_set_core.c

+187 −101

File changed.

Preview size limit exceeded, changes collapsed.