From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: Patrick McHardy <kaber@trash.net>, netfilter-devel@vger.kernel.org
Subject: netfilter 22/79: netns nf_conntrack: per-netns /proc/net/ip_conntrack, /proc/net/stat/ip_conntrack, /proc/net/ip_conntrack_expect
Date: Wed, 8 Oct 2008 12:46:51 +0200 (MEST) [thread overview]
Message-ID: <20081008104651.10423.92602.sendpatchset@x2.localnet> (raw)
In-Reply-To: <20081008104621.10423.12648.sendpatchset@x2.localnet>
commit 5e6b29972b7e9c9c39882227e36fe0cd3463fe96
Author: Alexey Dobriyan <adobriyan@gmail.com>
Date: Wed Oct 8 11:35:06 2008 +0200
netfilter: netns nf_conntrack: per-netns /proc/net/ip_conntrack, /proc/net/stat/ip_conntrack, /proc/net/ip_conntrack_expect
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
index f8636a5..b294083 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -21,18 +21,20 @@
#include <net/netfilter/nf_conntrack_acct.h>
struct ct_iter_state {
+ struct seq_net_private p;
unsigned int bucket;
};
static struct hlist_node *ct_get_first(struct seq_file *seq)
{
+ struct net *net = seq_file_net(seq);
struct ct_iter_state *st = seq->private;
struct hlist_node *n;
for (st->bucket = 0;
st->bucket < nf_conntrack_htable_size;
st->bucket++) {
- n = rcu_dereference(init_net.ct.hash[st->bucket].first);
+ n = rcu_dereference(net->ct.hash[st->bucket].first);
if (n)
return n;
}
@@ -42,13 +44,14 @@ static struct hlist_node *ct_get_first(struct seq_file *seq)
static struct hlist_node *ct_get_next(struct seq_file *seq,
struct hlist_node *head)
{
+ struct net *net = seq_file_net(seq);
struct ct_iter_state *st = seq->private;
head = rcu_dereference(head->next);
while (head == NULL) {
if (++st->bucket >= nf_conntrack_htable_size)
return NULL;
- head = rcu_dereference(init_net.ct.hash[st->bucket].first);
+ head = rcu_dereference(net->ct.hash[st->bucket].first);
}
return head;
}
@@ -158,8 +161,8 @@ static const struct seq_operations ct_seq_ops = {
static int ct_open(struct inode *inode, struct file *file)
{
- return seq_open_private(file, &ct_seq_ops,
- sizeof(struct ct_iter_state));
+ return seq_open_net(inode, file, &ct_seq_ops,
+ sizeof(struct ct_iter_state));
}
static const struct file_operations ct_file_ops = {
@@ -167,17 +170,18 @@ static const struct file_operations ct_file_ops = {
.open = ct_open,
.read = seq_read,
.llseek = seq_lseek,
- .release = seq_release_private,
+ .release = seq_release_net,
};
/* expects */
struct ct_expect_iter_state {
+ struct seq_net_private p;
unsigned int bucket;
};
static struct hlist_node *ct_expect_get_first(struct seq_file *seq)
{
- struct net *net = &init_net;
+ struct net *net = seq_file_net(seq);
struct ct_expect_iter_state *st = seq->private;
struct hlist_node *n;
@@ -192,7 +196,7 @@ static struct hlist_node *ct_expect_get_first(struct seq_file *seq)
static struct hlist_node *ct_expect_get_next(struct seq_file *seq,
struct hlist_node *head)
{
- struct net *net = &init_net;
+ struct net *net = seq_file_net(seq);
struct ct_expect_iter_state *st = seq->private;
head = rcu_dereference(head->next);
@@ -267,8 +271,8 @@ static const struct seq_operations exp_seq_ops = {
static int exp_open(struct inode *inode, struct file *file)
{
- return seq_open_private(file, &exp_seq_ops,
- sizeof(struct ct_expect_iter_state));
+ return seq_open_net(inode, file, &exp_seq_ops,
+ sizeof(struct ct_expect_iter_state));
}
static const struct file_operations ip_exp_file_ops = {
@@ -276,7 +280,7 @@ static const struct file_operations ip_exp_file_ops = {
.open = exp_open,
.read = seq_read,
.llseek = seq_lseek,
- .release = seq_release_private,
+ .release = seq_release_net,
};
static void *ct_cpu_seq_start(struct seq_file *seq, loff_t *pos)
@@ -367,36 +371,51 @@ static const struct file_operations ct_cpu_seq_fops = {
.release = seq_release,
};
-int __init nf_conntrack_ipv4_compat_init(void)
+static int __net_init ip_conntrack_net_init(struct net *net)
{
struct proc_dir_entry *proc, *proc_exp, *proc_stat;
- proc = proc_net_fops_create(&init_net, "ip_conntrack", 0440, &ct_file_ops);
+ proc = proc_net_fops_create(net, "ip_conntrack", 0440, &ct_file_ops);
if (!proc)
goto err1;
- proc_exp = proc_net_fops_create(&init_net, "ip_conntrack_expect", 0440,
+ proc_exp = proc_net_fops_create(net, "ip_conntrack_expect", 0440,
&ip_exp_file_ops);
if (!proc_exp)
goto err2;
proc_stat = proc_create("ip_conntrack", S_IRUGO,
- init_net.proc_net_stat, &ct_cpu_seq_fops);
+ net->proc_net_stat, &ct_cpu_seq_fops);
if (!proc_stat)
goto err3;
return 0;
err3:
- proc_net_remove(&init_net, "ip_conntrack_expect");
+ proc_net_remove(net, "ip_conntrack_expect");
err2:
- proc_net_remove(&init_net, "ip_conntrack");
+ proc_net_remove(net, "ip_conntrack");
err1:
return -ENOMEM;
}
+static void __net_exit ip_conntrack_net_exit(struct net *net)
+{
+ remove_proc_entry("ip_conntrack", net->proc_net_stat);
+ proc_net_remove(net, "ip_conntrack_expect");
+ proc_net_remove(net, "ip_conntrack");
+}
+
+static struct pernet_operations ip_conntrack_net_ops = {
+ .init = ip_conntrack_net_init,
+ .exit = ip_conntrack_net_exit,
+};
+
+int __init nf_conntrack_ipv4_compat_init(void)
+{
+ return register_pernet_subsys(&ip_conntrack_net_ops);
+}
+
void __exit nf_conntrack_ipv4_compat_fini(void)
{
- remove_proc_entry("ip_conntrack", init_net.proc_net_stat);
- proc_net_remove(&init_net, "ip_conntrack_expect");
- proc_net_remove(&init_net, "ip_conntrack");
+ unregister_pernet_subsys(&ip_conntrack_net_ops);
}
next prev parent reply other threads:[~2008-10-08 10:46 UTC|newest]
Thread overview: 81+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-10-08 10:46 netfilter 00/79: netfilter update Patrick McHardy
2008-10-08 10:46 ` netfilter 01/79: Use unsigned types for hooknum and pf vars Patrick McHardy
2008-10-08 10:46 ` netfilter 02/79: rename ipt_recent to xt_recent Patrick McHardy
2008-10-08 10:46 ` netfilter 03/79: xt_recent: IPv6 support Patrick McHardy
2008-10-08 10:46 ` netfilter 04/79: Introduce NFPROTO_* constants Patrick McHardy
2008-10-08 10:46 ` netfilter 05/79: x_tables: use NFPROTO_* in extensions Patrick McHardy
2008-10-08 10:46 ` netfilter 06/79: implement NFPROTO_UNSPEC as a wildcard for extensions Patrick McHardy
2008-10-08 10:46 ` netfilter 07/79: netns: remove nf_*_net() wrappers Patrick McHardy
2008-10-08 10:46 ` netfilter 08/79: netns: ip6table_raw in netns for real Patrick McHardy
2008-10-08 10:46 ` netfilter 09/79: netns: ip6table_mangle " Patrick McHardy
2008-10-08 10:46 ` netfilter 10/79: netns: ip6t_REJECT " Patrick McHardy
2008-10-08 10:46 ` netfilter 11/79: netns nf_conntrack: add netns boilerplate Patrick McHardy
2008-10-08 10:46 ` netfilter 12/79: netns nf_conntrack: add ->ct_net pointer from conntrack to netns Patrick McHardy
2008-10-08 10:46 ` netfilter 13/79: netns nf_conntrack: per-netns conntrack count Patrick McHardy
2008-10-08 10:46 ` netfilter 14/79: netns nf_conntrack: per-netns conntrack hash Patrick McHardy
2008-10-08 10:46 ` netfilter 15/79: netns: fix {ip,6}_route_me_harder() in netns Patrick McHardy
2008-10-08 10:46 ` netfilter 16/79: netns nf_conntrack: per-netns expectations Patrick McHardy
2008-10-08 10:46 ` netfilter 17/79: netns nf_conntrack: per-netns unconfirmed list Patrick McHardy
2008-10-08 10:46 ` netfilter 18/79: netns nf_conntrack: pass netns pointer to nf_conntrack_in() Patrick McHardy
2008-10-08 10:46 ` netfilter 19/79: netns nf_conntrack: pass netns pointer to L4 protocol's ->error hook Patrick McHardy
2008-10-08 10:46 ` netfilter 20/79: netns nf_conntrack: per-netns /proc/net/nf_conntrack, /proc/net/stat/nf_conntrack Patrick McHardy
2008-10-08 10:46 ` netfilter 21/79: netns nf_conntrack: per-netns /proc/net/nf_conntrack_expect Patrick McHardy
2008-10-08 10:46 ` Patrick McHardy [this message]
2008-10-08 10:46 ` netns 23/79: export netns list Patrick McHardy
2008-10-08 10:46 ` netfilter 24/79: netns nf_conntrack: unregister helper in every netns Patrick McHardy
2008-10-08 10:46 ` netfilter 25/79: netns nf_conntrack: cleanup after L3 and L4 proto unregister " Patrick McHardy
2008-10-08 10:46 ` netfilter 26/79: netns nf_conntrack: pass conntrack to nf_conntrack_event_cache() not skb Patrick McHardy
2008-10-08 10:46 ` netfilter 27/79: netns nf_conntrack: per-netns event cache Patrick McHardy
2008-10-08 10:46 ` netfilter 28/79: netns nf_conntrack: per-netns statistics Patrick McHardy
2008-10-08 10:47 ` netfilter 29/79: netns nf_conntrack: per-netns /proc/net/stat/nf_conntrack, /proc/net/stat/ip_conntrack Patrick McHardy
2008-10-08 10:47 ` netfilter 30/79: netns nf_conntrack: per-netns net.netfilter.nf_conntrack_count sysctl Patrick McHardy
2008-10-08 10:47 ` netfilter 31/79: netns nf_conntrack: per-netns net.netfilter.nf_conntrack_checksum sysctl Patrick McHardy
2008-10-08 10:47 ` netfilter 32/79: netns nf_conntrack: per-netns net.netfilter.nf_conntrack_log_invalid sysctl Patrick McHardy
2008-10-08 10:47 ` netfilter 33/79: netns nf_conntrack: per-netns conntrack accounting Patrick McHardy
2008-10-08 10:47 ` netfilter 34/79: netns nf_conntrack: final netns tweaks Patrick McHardy
2008-10-08 10:47 ` netfilter 35/79: netns nf_conntrack: SIP conntracking in netns Patrick McHardy
2008-10-08 10:47 ` netfilter 36/79: netns nf_conntrack: H323 " Patrick McHardy
2008-10-08 10:47 ` netfilter 37/79: netns nf_conntrack: GRE " Patrick McHardy
2008-10-08 10:47 ` netfilter 38/79: netns nf_conntrack: PPTP " Patrick McHardy
2008-10-08 10:47 ` netfilter 39/79: netns nat: fix ipt_MASQUERADE " Patrick McHardy
2008-10-08 10:47 ` netfilter 40/79: netns nat: per-netns NAT table Patrick McHardy
2008-10-08 10:47 ` netfilter 41/79: netns nat: per-netns bysource hash Patrick McHardy
2008-10-08 10:47 ` netfilter 42/79: netns nf_conntrack: fixup DNAT in netns Patrick McHardy
2008-10-08 10:47 ` netfilter 43/79: netns nat: PPTP NAT " Patrick McHardy
2008-10-08 10:47 ` netfilter 44/79: enable netfilter " Patrick McHardy
2008-10-08 10:47 ` netfilter 45/79: split netfilter IPv4 defragmentation into a separate module Patrick McHardy
2008-10-08 10:47 ` netfilter 46/79: iptables tproxy core Patrick McHardy
2008-10-08 10:47 ` netfilter 47/79: iptables socket match Patrick McHardy
2008-10-08 10:47 ` netfilter 48/79: iptables TPROXY target Patrick McHardy
2008-10-08 10:47 ` netfilter 49/79: Add documentation for tproxy Patrick McHardy
2008-10-08 10:47 ` netfilter 50/79: ebtables: do centralized size checking Patrick McHardy
2008-10-08 10:47 ` netfilter 51/79: change return types of check functions for Ebtables extensions Patrick McHardy
2008-10-08 10:47 ` netfilter 52/79: change return types of match functions for ebtables extensions Patrick McHardy
2008-10-08 10:47 ` netfilter 53/79: Change return types of targets/watchers for Ebtables extensions Patrick McHardy
2008-10-08 10:47 ` netfilter 54/79: add dummy members to Ebtables code to ease transition to Xtables Patrick McHardy
2008-10-08 10:47 ` netfilter 55/79: ebt_among: obtain match size through different means Patrick McHardy
2008-10-08 10:47 ` netfilter 56/79: change Ebtables function signatures to match Xtables's Patrick McHardy
2008-10-08 10:47 ` netfilter 57/79: move Ebtables to use Xtables Patrick McHardy
2008-10-08 10:47 ` netfilter 58/79: x_tables: output bad hook mask in hexadecimal Patrick McHardy
2008-10-08 10:47 ` netfilter 59/79: ebtables: use generic table checking Patrick McHardy
2008-10-08 10:47 ` netfilter 60/79: implement hotdrop for Ebtables Patrick McHardy
2008-10-08 10:47 ` netfilter 61/79: remove unused Ebtables functions Patrick McHardy
2008-10-08 10:47 ` netfilter 62/79: remove redundant casts from Ebtables Patrick McHardy
2008-10-08 10:47 ` netfilter 63/79: ebtables: fix one wrong return value Patrick McHardy
2008-10-08 10:47 ` netfilter 64/79: xtables: do centralized checkentry call (1/2) Patrick McHardy
2008-10-08 10:47 ` netfilter 65/79: ip6tables: fix name of hopbyhop in Kconfig Patrick McHardy
2008-10-08 10:47 ` netfilter 66/79: ip6tables: fix Kconfig entry dependency for ip6t_LOG Patrick McHardy
2008-10-08 10:47 ` netfilter 67/79: ebtables: make BRIDGE_NF_EBTABLES a menuconfig option Patrick McHardy
2008-10-08 10:47 ` netfilter 68/79: xtables: sort extensions alphabetically in Kconfig Patrick McHardy
2008-10-08 10:47 ` netfilter 69/79: xtables: use "if" blocks " Patrick McHardy
2008-10-08 10:47 ` netfilter 70/79: xtables: move extension arguments into compound structure (1/6) Patrick McHardy
2008-10-08 10:47 ` netfilter 71/79: xtables: move extension arguments into compound structure (2/6) Patrick McHardy
2008-10-08 10:47 ` netfilter 72/79: xtables: move extension arguments into compound structure (3/6) Patrick McHardy
2008-10-08 10:48 ` netfilter 73/79: xtables: move extension arguments into compound structure (4/6) Patrick McHardy
2008-10-08 10:48 ` netfilter 74/79: xtables: move extension arguments into compound structure (5/6) Patrick McHardy
2008-10-08 10:48 ` netfilter 75/79: xtables: move extension arguments into compound structure (6/6) Patrick McHardy
2008-10-08 10:48 ` netfilter 76/79: xtables: provide invoked family value to extensions Patrick McHardy
2008-10-08 10:48 ` netfilter 77/79: xtables: cut down on static data for family-independent extensions Patrick McHardy
2008-10-08 10:48 ` netfilter 78/79: xtables: use NFPROTO_UNSPEC in more extensions Patrick McHardy
2008-10-08 10:48 ` netfilter 79/79: xtables: remove bogus mangle table dependency of connmark Patrick McHardy
2008-10-08 17:29 ` netfilter 00/79: netfilter update David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081008104651.10423.92602.sendpatchset@x2.localnet \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.