[NETFILTER]: arp_tables: per-netns arp_tables FILTER

[safe/jmp/linux-2.6] / net / ipv4 / arp.c

diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index d12f31b..8e17f65 100644 (file)
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -382,8 +382,7 @@ static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb)
                read_unlock_bh(&neigh->lock);
 }
 
-static int arp_ignore(struct in_device *in_dev, struct net_device *dev,
-                     __be32 sip, __be32 tip)
+static int arp_ignore(struct in_device *in_dev, __be32 sip, __be32 tip)
 {
        int scope;
 
@@ -403,7 +402,6 @@ static int arp_ignore(struct in_device *in_dev, struct net_device *dev,
        case 3: /* Do not reply for scope host addresses */
                sip = 0;
                scope = RT_SCOPE_LINK;
-               dev = NULL;
                break;
        case 4: /* Reserved */
        case 5:
@@ -415,7 +413,7 @@ static int arp_ignore(struct in_device *in_dev, struct net_device *dev,
        default:
                return 0;
        }
-       return !inet_confirm_addr(dev, sip, tip, scope);
+       return !inet_confirm_addr(in_dev, sip, tip, scope);
 }
 
 static int arp_filter(__be32 sip, __be32 tip, struct net_device *dev)
@@ -426,7 +424,7 @@ static int arp_filter(__be32 sip, __be32 tip, struct net_device *dev)
        int flag = 0;
        /*unsigned long now; */
 
-       if (ip_route_output_key(&rt, &fl) < 0)
+       if (ip_route_output_key(&init_net, &rt, &fl) < 0)
                return 1;
        if (rt->u.dst.dev != dev) {
                NET_INC_STATS_BH(LINUX_MIB_ARPFILTER);
@@ -560,8 +558,9 @@ static inline int arp_fwd_proxy(struct in_device *in_dev, struct rtable *rt)
  */
 struct sk_buff *arp_create(int type, int ptype, __be32 dest_ip,
                           struct net_device *dev, __be32 src_ip,
-                          unsigned char *dest_hw, unsigned char *src_hw,
-                          unsigned char *target_hw)
+                          const unsigned char *dest_hw,
+                          const unsigned char *src_hw,
+                          const unsigned char *target_hw)
 {
        struct sk_buff *skb;
        struct arphdr *arp;
@@ -674,8 +673,8 @@ void arp_xmit(struct sk_buff *skb)
  */
 void arp_send(int type, int ptype, __be32 dest_ip,
              struct net_device *dev, __be32 src_ip,
-             unsigned char *dest_hw, unsigned char *src_hw,
-             unsigned char *target_hw)
+             const unsigned char *dest_hw, const unsigned char *src_hw,
+             const unsigned char *target_hw)
 {
        struct sk_buff *skb;
 
@@ -807,7 +806,7 @@ static int arp_process(struct sk_buff *skb)
        if (sip == 0) {
                if (arp->ar_op == htons(ARPOP_REQUEST) &&
                    inet_addr_type(&init_net, tip) == RTN_LOCAL &&
-                   !arp_ignore(in_dev,dev,sip,tip))
+                   !arp_ignore(in_dev, sip, tip))
                        arp_send(ARPOP_REPLY, ETH_P_ARP, sip, dev, tip, sha,
                                 dev->dev_addr, sha);
                goto out;
@@ -825,7 +824,7 @@ static int arp_process(struct sk_buff *skb)
                                int dont_send = 0;
 
                                if (!dont_send)
-                                       dont_send |= arp_ignore(in_dev,dev,sip,tip);
+                                       dont_send |= arp_ignore(in_dev,sip,tip);
                                if (!dont_send && IN_DEV_ARPFILTER(in_dev))
                                        dont_send |= arp_filter(sip,tip,dev);
                                if (!dont_send)
@@ -973,13 +972,13 @@ static int arp_req_set_public(struct net *net, struct arpreq *r,
        if (mask && mask != htonl(0xFFFFFFFF))
                return -EINVAL;
        if (!dev && (r->arp_flags & ATF_COM)) {
-               dev = dev_getbyhwaddr(&init_net, r->arp_ha.sa_family,
+               dev = dev_getbyhwaddr(net, r->arp_ha.sa_family,
                                r->arp_ha.sa_data);
                if (!dev)
                        return -ENODEV;
        }
        if (mask) {
-               if (pneigh_lookup(&arp_tbl, &init_net, &ip, dev, 1) == NULL)
+               if (pneigh_lookup(&arp_tbl, net, &ip, dev, 1) == NULL)
                        return -ENOBUFS;
                return 0;
        }
@@ -1004,7 +1003,7 @@ static int arp_req_set(struct net *net, struct arpreq *r,
                struct flowi fl = { .nl_u = { .ip4_u = { .daddr = ip,
                                                         .tos = RTO_ONLINK } } };
                struct rtable * rt;
-               if ((err = ip_route_output_key(&rt, &fl)) != 0)
+               if ((err = ip_route_output_key(net, &rt, &fl)) != 0)
                        return err;
                dev = rt->u.dst.dev;
                ip_rt_put(rt);
@@ -1088,7 +1087,7 @@ static int arp_req_delete_public(struct net *net, struct arpreq *r,
        __be32 mask = ((struct sockaddr_in *)&r->arp_netmask)->sin_addr.s_addr;
 
        if (mask == htonl(0xFFFFFFFF))
-               return pneigh_delete(&arp_tbl, &init_net, &ip, dev);
+               return pneigh_delete(&arp_tbl, net, &ip, dev);
 
        if (mask)
                return -EINVAL;
@@ -1111,7 +1110,7 @@ static int arp_req_delete(struct net *net, struct arpreq *r,
                struct flowi fl = { .nl_u = { .ip4_u = { .daddr = ip,
                                                         .tos = RTO_ONLINK } } };
                struct rtable * rt;
-               if ((err = ip_route_output_key(&rt, &fl)) != 0)
+               if ((err = ip_route_output_key(net, &rt, &fl)) != 0)
                        return err;
                dev = rt->u.dst.dev;
                ip_rt_put(rt);
@@ -1166,7 +1165,7 @@ int arp_ioctl(struct net *net, unsigned int cmd, void __user *arg)
        rtnl_lock();
        if (r.arp_dev[0]) {
                err = -ENODEV;
-               if ((dev = __dev_get_by_name(&init_net, r.arp_dev)) == NULL)
+               if ((dev = __dev_get_by_name(net, r.arp_dev)) == NULL)
                        goto out;
 
                /* Mmmm... It is wrong... ARPHRD_NETROM==0 */