netfilter: make /proc/net/netfilter pernet

This patch makes this proc dentry pernet. So far only init_net
had a /proc/net/netfilter directory.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index de644bcd861343961d2ef6de675250416b98725b..b176978274828206b784e7003e04c871bef582a3 100644 (file)
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -17,6 +17,7 @@
 #include <net/netns/ipv6.h>
 #include <net/netns/sctp.h>
 #include <net/netns/dccp.h>
+#include <net/netns/netfilter.h>
 #include <net/netns/x_tables.h>
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
 #include <net/netns/conntrack.h>
@@ -94,6 +95,7 @@ struct net {
        struct netns_dccp       dccp;
 #endif
 #ifdef CONFIG_NETFILTER
+       struct netns_nf         nf;
        struct netns_xt         xt;
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        struct netns_ct         ct;

diff --git a/include/net/netns/netfilter.h b/include/net/netns/netfilter.h
new file mode 100644 (file)
index 0000000..248ca1c
--- /dev/null
+++ b/include/net/netns/netfilter.h
@@ -0,0 +1,11 @@
+#ifndef __NETNS_NETFILTER_H
+#define __NETNS_NETFILTER_H
+
+#include <linux/proc_fs.h>
+
+struct netns_nf {
+#if defined CONFIG_PROC_FS
+       struct proc_dir_entry *proc_netfilter;
+#endif
+};
+#endif

diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index a9c488b6c50d446e1c9e5276553728af83281fad..b085184d9b45a384003750ff89ef60ecfe86fb17 100644 (file)
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -281,6 +281,34 @@ struct proc_dir_entry *proc_net_netfilter;
 EXPORT_SYMBOL(proc_net_netfilter);
 #endif
 
+static int __net_init netfilter_net_init(struct net *net)
+{
+#ifdef CONFIG_PROC_FS
+       net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter",
+                                               net->proc_net);
+       if (net_eq(net, &init_net)) {
+               if (!net->nf.proc_netfilter)
+                       return -ENOMEM;
+               else
+                       proc_net_netfilter = net->nf.proc_netfilter;
+       } else if (!net->nf.proc_netfilter) {
+               pr_err("cannot create netfilter proc entry");
+               return -ENOMEM;
+       }
+#endif
+       return 0;
+}
+
+static void __net_exit netfilter_net_exit(struct net *net)
+{
+       remove_proc_entry("netfilter", net->proc_net);
+}
+
+static struct pernet_operations netfilter_net_ops = {
+       .init = netfilter_net_init,
+       .exit = netfilter_net_exit,
+};
+
 void __init netfilter_init(void)
 {
        int i, h;
@@ -289,11 +317,8 @@ void __init netfilter_init(void)
                        INIT_LIST_HEAD(&nf_hooks[i][h]);
        }
 
-#ifdef CONFIG_PROC_FS
-       proc_net_netfilter = proc_mkdir("netfilter", init_net.proc_net);
-       if (!proc_net_netfilter)
+       if (register_pernet_subsys(&netfilter_net_ops) < 0)
                panic("cannot create netfilter proc entry");
-#endif
 
        if (netfilter_log_init() < 0)
                panic("cannot initialize nf_log");