Skip to content

Commit f3c1a44

Browse files
Gao fengummakynes
Gao feng
authored and
ummakynes
committed
netfilter: make /proc/net/netfilter pernet
This patch makes this proc dentry pernet. So far only init_net had a /proc/net/netfilter directory. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1 parent 152b0f5 commit f3c1a44

File tree

3 files changed

+42
-4
lines changed

3 files changed

+42
-4
lines changed

include/net/net_namespace.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
#include <net/netns/ipv6.h>
1818
#include <net/netns/sctp.h>
1919
#include <net/netns/dccp.h>
20+
#include <net/netns/netfilter.h>
2021
#include <net/netns/x_tables.h>
2122
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
2223
#include <net/netns/conntrack.h>
@@ -94,6 +95,7 @@ struct net {
9495
struct netns_dccp dccp;
9596
#endif
9697
#ifdef CONFIG_NETFILTER
98+
struct netns_nf nf;
9799
struct netns_xt xt;
98100
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
99101
struct netns_ct ct;

include/net/netns/netfilter.h

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
#ifndef __NETNS_NETFILTER_H
2+
#define __NETNS_NETFILTER_H
3+
4+
#include <linux/proc_fs.h>
5+
6+
struct netns_nf {
7+
#if defined CONFIG_PROC_FS
8+
struct proc_dir_entry *proc_netfilter;
9+
#endif
10+
};
11+
#endif

net/netfilter/core.c

Lines changed: 29 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -281,6 +281,34 @@ struct proc_dir_entry *proc_net_netfilter;
281281
EXPORT_SYMBOL(proc_net_netfilter);
282282
#endif
283283

284+
static int __net_init netfilter_net_init(struct net *net)
285+
{
286+
#ifdef CONFIG_PROC_FS
287+
net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter",
288+
net->proc_net);
289+
if (net_eq(net, &init_net)) {
290+
if (!net->nf.proc_netfilter)
291+
return -ENOMEM;
292+
else
293+
proc_net_netfilter = net->nf.proc_netfilter;
294+
} else if (!net->nf.proc_netfilter) {
295+
pr_err("cannot create netfilter proc entry");
296+
return -ENOMEM;
297+
}
298+
#endif
299+
return 0;
300+
}
301+
302+
static void __net_exit netfilter_net_exit(struct net *net)
303+
{
304+
remove_proc_entry("netfilter", net->proc_net);
305+
}
306+
307+
static struct pernet_operations netfilter_net_ops = {
308+
.init = netfilter_net_init,
309+
.exit = netfilter_net_exit,
310+
};
311+
284312
void __init netfilter_init(void)
285313
{
286314
int i, h;
@@ -289,11 +317,8 @@ void __init netfilter_init(void)
289317
INIT_LIST_HEAD(&nf_hooks[i][h]);
290318
}
291319

292-
#ifdef CONFIG_PROC_FS
293-
proc_net_netfilter = proc_mkdir("netfilter", init_net.proc_net);
294-
if (!proc_net_netfilter)
320+
if (register_pernet_subsys(&netfilter_net_ops) < 0)
295321
panic("cannot create netfilter proc entry");
296-
#endif
297322

298323
if (netfilter_log_init() < 0)
299324
panic("cannot initialize nf_log");

0 commit comments

Comments
 (0)