diff options
| author |   Alexey Dobriyan <adobriyan@sw.ru> | 2008-01-31 04:02:44 -0800 |
|---|---|---|
| committer |   David S. Miller <davem@davemloft.net> | 2008-01-31 19:27:36 -0800 |
| commit | 44d34e721e2c81ccdfb13cf34996309247ae2981 (patch) | |
| tree | fec2063c8573700fd01cb6c11875769751744603 /net/ipv4/netfilter/nf_nat_rule.c | |
| parent | [NETFILTER]: x_tables: per-netns xt_tables (diff) | |
| download | linux-dev-44d34e721e2c81ccdfb13cf34996309247ae2981.tar.xz linux-dev-44d34e721e2c81ccdfb13cf34996309247ae2981.zip | |
[NETFILTER]: x_tables: return new table from {arp,ip,ip6}t_register_table()
Typical table module registers xt_table structure (i.e. packet_filter)
and link it to list during it. We can't use one template for it because
corresponding list_head will become corrupted. We also can't unregister
with template because it wasn't changed at all and thus doesn't know in
which list it is.
So, we duplicate template at the very first step of table registration.
Table modules will save it for use during unregistration time and actual
filtering.
Do it at once to not screw bisection.
P.S.: renaming i.e. packet_filter => __packet_filter is temporary until
full netnsization of table modules is done.
Signed-off-by: Alexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/netfilter/nf_nat_rule.c')
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_rule.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index 519182269e76..f8fda57ba20b 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c @@ -58,13 +58,14 @@ static struct .term = IPT_ERROR_INIT, /* ERROR */ }; -static struct xt_table nat_table = { +static struct xt_table __nat_table = { .name = "nat", .valid_hooks = NAT_VALID_HOOKS, .lock = RW_LOCK_UNLOCKED, .me = THIS_MODULE, .af = AF_INET, }; +static struct xt_table *nat_table; /* Source NAT */ static unsigned int ipt_snat_target(struct sk_buff *skb, @@ -214,7 +215,7 @@ int nf_nat_rule_find(struct sk_buff *skb, { int ret; - ret = ipt_do_table(skb, hooknum, in, out, &nat_table); + ret = ipt_do_table(skb, hooknum, in, out, nat_table); if (ret == NF_ACCEPT) { if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum))) @@ -248,9 +249,10 @@ int __init nf_nat_rule_init(void) { int ret; - ret = ipt_register_table(&nat_table, &nat_initial_table.repl); - if (ret != 0) - return ret; + nat_table = ipt_register_table(&init_net, &__nat_table, + &nat_initial_table.repl); + if (IS_ERR(nat_table)) + return PTR_ERR(nat_table); ret = xt_register_target(&ipt_snat_reg); if (ret != 0) goto unregister_table; @@ -264,7 +266,7 @@ int __init nf_nat_rule_init(void) unregister_snat: xt_unregister_target(&ipt_snat_reg); unregister_table: - ipt_unregister_table(&nat_table); + ipt_unregister_table(nat_table); return ret; } @@ -273,5 +275,5 @@ void nf_nat_rule_cleanup(void) { xt_unregister_target(&ipt_dnat_reg); xt_unregister_target(&ipt_snat_reg); - ipt_unregister_table(&nat_table); + ipt_unregister_table(nat_table); } |