On Mon, Mar 25, 2013 at 05:50:39PM +0800, Gao feng wrote:
> Now,only init net has directroy /proc/net/netfilter,
> this patch makes this proc dentry pernet.
Applied with minor glitch, see below:
> Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
> ---
> include/net/net_namespace.h | 2 ++
> include/net/netns/netfilter.h | 11 +++++++++++
> net/netfilter/core.c | 36 +++++++++++++++++++++++++++++++-----
> 3 files changed, 44 insertions(+), 5 deletions(-)
> create mode 100644 include/net/netns/netfilter.h
>
> diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
> index de644bc..b176978 100644
> --- a/include/net/net_namespace.h
> +++ b/include/net/net_namespace.h
> @@ -17,6 +17,7 @@
> #include <net/netns/ipv6.h>
> #include <net/netns/sctp.h>
> #include <net/netns/dccp.h>
> +#include <net/netns/netfilter.h>
> #include <net/netns/x_tables.h>
> #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
> #include <net/netns/conntrack.h>
> @@ -94,6 +95,7 @@ struct net {
> struct netns_dccp dccp;
> #endif
> #ifdef CONFIG_NETFILTER
> + struct netns_nf nf;
> struct netns_xt xt;
> #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
> struct netns_ct ct;
> diff --git a/include/net/netns/netfilter.h b/include/net/netns/netfilter.h
> new file mode 100644
> index 0000000..248ca1c
> --- /dev/null
> +++ b/include/net/netns/netfilter.h
> @@ -0,0 +1,11 @@
> +#ifndef __NETNS_NETFILTER_H
> +#define __NETNS_NETFILTER_H
> +
> +#include <linux/proc_fs.h>
> +
> +struct netns_nf {
> +#if defined CONFIG_PROC_FS
> + struct proc_dir_entry *proc_netfilter;
> +#endif
> +};
> +#endif
> diff --git a/net/netfilter/core.c b/net/netfilter/core.c
> index a9c488b..e054799 100644
> --- a/net/netfilter/core.c
> +++ b/net/netfilter/core.c
> @@ -281,6 +281,35 @@ struct proc_dir_entry *proc_net_netfilter;
> EXPORT_SYMBOL(proc_net_netfilter);
> #endif
>
> +static int __net_init netfilter_net_init(struct net *net)
> +{
> +#ifdef CONFIG_PROC_FS
> + net->nf.proc_netfilter = proc_net_mkdir(net,
> + "netfilter",
> + net->proc_net);
> + if (net_eq(net, &init_net)) {
> + if (!net->nf.proc_netfilter)
> + panic("cannot create netfilter proc entry");
Moved this panic() to netfilter_init and it just returns -ENOMEM.
> + else
> + proc_net_netfilter = net->nf.proc_netfilter;
> + } else if (!net->nf.proc_netfilter) {
> + pr_err("cannot create netfilter proc entry");
> + return -ENOMEM;
> + }
> +#endif
> + return 0;
> +}
> +
> +static void __net_exit netfilter_net_exit(struct net *net)
> +{
> + remove_proc_entry("netfilter", net->proc_net);
> +}
> +
> +static struct pernet_operations netfilter_net_ops = {
> + .init = netfilter_net_init,
> + .exit = netfilter_net_exit,
> +};
> +
> void __init netfilter_init(void)
> {
> int i, h;
> @@ -289,11 +318,8 @@ void __init netfilter_init(void)
> INIT_LIST_HEAD(&nf_hooks[i][h]);
> }
>
> -#ifdef CONFIG_PROC_FS
> - proc_net_netfilter = proc_mkdir("netfilter", init_net.proc_net);
> - if (!proc_net_netfilter)
> - panic("cannot create netfilter proc entry");
> -#endif
> + if (register_pernet_subsys(&netfilter_net_ops) < 0)
> + return;
>
> if (netfilter_log_init() < 0)
> panic("cannot initialize nf_log");
> --
> 1.7.11.7
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
