diff options
| author | Eric W. Biederman | 2015-07-11 01:15:44 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso | 2015-07-15 18:17:36 +0200 |
| commit | fd2ecda0341960d0ce361d648cf4dd98187afb06 (patch) | |
| tree | 31c7d09add0eab85326a0200331a68c5f4815edd /net/netfilter/nf_tables_api.c | |
| parent | netfilter: Per network namespace netfilter hooks. (diff) | |
| download | kernel-qcow2-linux-fd2ecda0341960d0ce361d648cf4dd98187afb06.tar.gz kernel-qcow2-linux-fd2ecda0341960d0ce361d648cf4dd98187afb06.tar.xz kernel-qcow2-linux-fd2ecda0341960d0ce361d648cf4dd98187afb06.zip | |
netfilter: nftables: Only run the nftables chains in the proper netns
- Register the nftables chains in the network namespace that they need
to run in.
- Remove the hacks that stopped chains running in the wrong network
namespace.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nf_tables_api.c')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index cfe636808541..4a41eb92bcc0 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -130,20 +130,24 @@ static void nft_trans_destroy(struct nft_trans *trans) int nft_register_basechain(struct nft_base_chain *basechain, unsigned int hook_nops) { + struct net *net = read_pnet(&basechain->pnet); + if (basechain->flags & NFT_BASECHAIN_DISABLED) return 0; - return nf_register_hooks(basechain->ops, hook_nops); + return nf_register_net_hooks(net, basechain->ops, hook_nops); } EXPORT_SYMBOL_GPL(nft_register_basechain); void nft_unregister_basechain(struct nft_base_chain *basechain, unsigned int hook_nops) { + struct net *net = read_pnet(&basechain->pnet); + if (basechain->flags & NFT_BASECHAIN_DISABLED) return; - nf_unregister_hooks(basechain->ops, hook_nops); + nf_unregister_net_hooks(net, basechain->ops, hook_nops); } EXPORT_SYMBOL_GPL(nft_unregister_basechain); |