Commit f3c1a44a authored by Gao feng's avatar Gao feng Committed by Pablo Neira Ayuso

netfilter: make /proc/net/netfilter pernet

This patch makes this proc dentry pernet. So far only init_net
had a /proc/net/netfilter directory.
Signed-off-by: default avatarGao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 152b0f5d
...@@ -17,6 +17,7 @@ ...@@ -17,6 +17,7 @@
#include <net/netns/ipv6.h> #include <net/netns/ipv6.h>
#include <net/netns/sctp.h> #include <net/netns/sctp.h>
#include <net/netns/dccp.h> #include <net/netns/dccp.h>
#include <net/netns/netfilter.h>
#include <net/netns/x_tables.h> #include <net/netns/x_tables.h>
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
#include <net/netns/conntrack.h> #include <net/netns/conntrack.h>
...@@ -94,6 +95,7 @@ struct net { ...@@ -94,6 +95,7 @@ struct net {
struct netns_dccp dccp; struct netns_dccp dccp;
#endif #endif
#ifdef CONFIG_NETFILTER #ifdef CONFIG_NETFILTER
struct netns_nf nf;
struct netns_xt xt; struct netns_xt xt;
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
struct netns_ct ct; struct netns_ct ct;
......
#ifndef __NETNS_NETFILTER_H
#define __NETNS_NETFILTER_H
#include <linux/proc_fs.h>
struct netns_nf {
#if defined CONFIG_PROC_FS
struct proc_dir_entry *proc_netfilter;
#endif
};
#endif
...@@ -281,6 +281,34 @@ struct proc_dir_entry *proc_net_netfilter; ...@@ -281,6 +281,34 @@ struct proc_dir_entry *proc_net_netfilter;
EXPORT_SYMBOL(proc_net_netfilter); EXPORT_SYMBOL(proc_net_netfilter);
#endif #endif
static int __net_init netfilter_net_init(struct net *net)
{
#ifdef CONFIG_PROC_FS
net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter",
net->proc_net);
if (net_eq(net, &init_net)) {
if (!net->nf.proc_netfilter)
return -ENOMEM;
else
proc_net_netfilter = net->nf.proc_netfilter;
} else if (!net->nf.proc_netfilter) {
pr_err("cannot create netfilter proc entry");
return -ENOMEM;
}
#endif
return 0;
}
static void __net_exit netfilter_net_exit(struct net *net)
{
remove_proc_entry("netfilter", net->proc_net);
}
static struct pernet_operations netfilter_net_ops = {
.init = netfilter_net_init,
.exit = netfilter_net_exit,
};
void __init netfilter_init(void) void __init netfilter_init(void)
{ {
int i, h; int i, h;
...@@ -289,11 +317,8 @@ void __init netfilter_init(void) ...@@ -289,11 +317,8 @@ void __init netfilter_init(void)
INIT_LIST_HEAD(&nf_hooks[i][h]); INIT_LIST_HEAD(&nf_hooks[i][h]);
} }
#ifdef CONFIG_PROC_FS if (register_pernet_subsys(&netfilter_net_ops) < 0)
proc_net_netfilter = proc_mkdir("netfilter", init_net.proc_net);
if (!proc_net_netfilter)
panic("cannot create netfilter proc entry"); panic("cannot create netfilter proc entry");
#endif
if (netfilter_log_init() < 0) if (netfilter_log_init() < 0)
panic("cannot initialize nf_log"); panic("cannot initialize nf_log");
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment