Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3918fed5 authored by Alexey Dobriyan's avatar Alexey Dobriyan Committed by David S. Miller
Browse files

netfilter: arptables in netns for real 



IN, FORWARD -- grab netns from in device, OUT -- from out device.

Signed-off-by: default avatarAlexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent f858b486

net/ipv4/netfilter/arptable_filter.c

+30 −9
Original line number Diff line number Diff line
@@ -55,32 +55,53 @@ static struct xt_table packet_filter = { 
};



/* The work comes in here from netfilter.c */

static unsigned int arpt_hook(unsigned int hook,

static unsigned int arpt_in_hook(unsigned int hook,

				 struct sk_buff *skb,

				 const struct net_device *in,

				 const struct net_device *out,

				 int (*okfn)(struct sk_buff *))

{

	return arpt_do_table(skb, hook, in, out, init_net.ipv4.arptable_filter);

	return arpt_do_table(skb, hook, in, out,

			     dev_net(in)->ipv4.arptable_filter);

}



static unsigned int arpt_out_hook(unsigned int hook,

				  struct sk_buff *skb,

				  const struct net_device *in,

				  const struct net_device *out,

				  int (*okfn)(struct sk_buff *))

{

	return arpt_do_table(skb, hook, in, out,

			     dev_net(out)->ipv4.arptable_filter);

}



static unsigned int arpt_forward_hook(unsigned int hook,

				      struct sk_buff *skb,

				      const struct net_device *in,

				      const struct net_device *out,

				      int (*okfn)(struct sk_buff *))

{

	return arpt_do_table(skb, hook, in, out,

			     dev_net(in)->ipv4.arptable_filter);

}



static struct nf_hook_ops arpt_ops[] __read_mostly = {

	{

		.hook		= arpt_hook,

		.hook		= arpt_in_hook,

		.owner		= THIS_MODULE,

		.pf		= NF_ARP,

		.hooknum	= NF_ARP_IN,

		.priority	= NF_IP_PRI_FILTER,

	},

	{

		.hook		= arpt_hook,

		.hook		= arpt_out_hook,

		.owner		= THIS_MODULE,

		.pf		= NF_ARP,

		.hooknum	= NF_ARP_OUT,

		.priority	= NF_IP_PRI_FILTER,

	},

	{

		.hook		= arpt_hook,

		.hook		= arpt_forward_hook,

		.owner		= THIS_MODULE,

		.pf		= NF_ARP,

		.hooknum	= NF_ARP_FORWARD,