Re: [PATCH 1/4] ipv6: add a new namespace for nf_conntrack_reasm

[Pablo Neira Ayuso <pablo@netfilter.org>]

On Tue, Sep 18, 2012 at 09:45:08PM +0800, Cong Wang wrote:
> As pointed by Michal, it is necessary to add a new
> namespace for nf_conntrack_reasm code, this prepares
> for the second patch.
> 
> Cc: Herbert Xu <herbert@gondor.apana.org.au>
> Cc: Michal Kubeček <mkubecek@suse.cz>
> Cc: David Miller <davem@davemloft.net>
> Cc: Patrick McHardy <kaber@trash.net>
> Cc: Pablo Neira Ayuso <pablo@netfilter.org>
> Cc: netfilter-devel@vger.kernel.org
> Signed-off-by: Cong Wang <amwang@redhat.com>
> ---
>  include/net/net_namespace.h             |    3 +
>  include/net/netns/ipv6.h                |    8 ++
>  net/ipv6/netfilter/nf_conntrack_reasm.c |  135 +++++++++++++++++++++----------
>  3 files changed, 104 insertions(+), 42 deletions(-)
> 
> diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
> index 5ae57f1..d61e2b3 100644
> --- a/include/net/net_namespace.h
> +++ b/include/net/net_namespace.h
> @@ -93,6 +93,9 @@ struct net {
>  #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
>  	struct netns_ct		ct;
>  #endif
> +#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
> +	struct netns_nf_frag	nf_frag;
> +#endif
>  	struct sock		*nfnl;
>  	struct sock		*nfnl_stash;
>  #endif
> diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
> index 0318104..214cb0a 100644
> --- a/include/net/netns/ipv6.h
> +++ b/include/net/netns/ipv6.h
> @@ -71,4 +71,12 @@ struct netns_ipv6 {
>  #endif
>  #endif
>  };
> +
> +#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
> +struct netns_nf_frag {
> +	struct netns_sysctl_ipv6 sysctl;
> +	struct netns_frags	frags;
> +};
> +#endif
> +
>  #endif
> diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
> index f94fb3a..d28c067 100644
> --- a/net/ipv6/netfilter/nf_conntrack_reasm.c
> +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
> @@ -71,27 +71,26 @@ struct nf_ct_frag6_queue
>  };
>  
>  static struct inet_frags nf_frags;
> -static struct netns_frags nf_init_frags;
>  
>  #ifdef CONFIG_SYSCTL
>  static struct ctl_table nf_ct_frag6_sysctl_table[] = {
>  	{
>  		.procname	= "nf_conntrack_frag6_timeout",
> -		.data		= &nf_init_frags.timeout,
> +		.data		= &init_net.nf_frag.frags.timeout,
>  		.maxlen		= sizeof(unsigned int),
>  		.mode		= 0644,
>  		.proc_handler	= proc_dointvec_jiffies,
>  	},
>  	{
>  		.procname	= "nf_conntrack_frag6_low_thresh",
> -		.data		= &nf_init_frags.low_thresh,
> +		.data		= &init_net.nf_frag.frags.low_thresh,
>  		.maxlen		= sizeof(unsigned int),
>  		.mode		= 0644,
>  		.proc_handler	= proc_dointvec,
>  	},
>  	{
>  		.procname	= "nf_conntrack_frag6_high_thresh",
> -		.data		= &nf_init_frags.high_thresh,
> +		.data		= &init_net.nf_frag.frags.high_thresh,
>  		.maxlen		= sizeof(unsigned int),
>  		.mode		= 0644,
>  		.proc_handler	= proc_dointvec,
> @@ -99,7 +98,54 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = {
>  	{ }
>  };
>  
> -static struct ctl_table_header *nf_ct_frag6_sysctl_header;
> +static int __net_init nf_ct_frag6_sysctl_register(struct net *net)
> +{
> +	struct ctl_table *table;
> +	struct ctl_table_header *hdr;
> +
> +	table = nf_ct_frag6_sysctl_table;
> +	if (!net_eq(net, &init_net)) {
> +		table = kmemdup(table, sizeof(nf_ct_frag6_sysctl_table), GFP_KERNEL);

Sorry, you have to break lines at 80 chars.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html