now sysctl nf_call_arptables uses per-netns setting
.data in sysctl tables now points to per-netns struct brnf_net
Signed-off-by: Vasily Averin <vvs@xxxxxxxxxx>
---
net/bridge/br_netfilter.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 16b68da..dbf73cb 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -834,13 +834,15 @@ static unsigned int br_nf_forward_arp(const struct nf_hook_ops *ops,
struct net_bridge_port *p;
struct net_bridge *br;
struct net_device **d = (struct net_device **)(skb->cb);
+ struct brnf_net *bn;
p = br_port_get_rcu(out);
if (p == NULL)
return NF_ACCEPT;
br = p->br;
+ bn = brnf_net(dev_net(skb->dev));
- if (!init_brnf_net.nf_call_arptables && !br->nf_call_arptables)
+ if (!bn->nf_call_arptables && !br->nf_call_arptables)
return NF_ACCEPT;
if (!IS_ARP(skb)) {
@@ -1064,6 +1066,7 @@ static int brnf_sysctl_net_register(struct brnf_net *bn)
{
struct ctl_table *table;
struct ctl_table_header *hdr;
+ int i;
table = brnf_table;
if (!net_eq(bn->net, &init_net)) {
@@ -1072,6 +1075,9 @@ static int brnf_sysctl_net_register(struct brnf_net *bn)
if (!table)
goto err_alloc;
}
+ for (i = 0; i < 1; i++)
+ table[i].data += (char *)bn - (char *)&init_brnf_net;
+
hdr = register_net_sysctl(bn->net, "net/bridge", table);
if (!hdr)
goto err_reg;
--
1.7.5.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
