Re: [PATCH nf-next v2 01/10] netfilter: make /proc/net/netfilter pernet

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Gao feng <gaofeng@cn.fujitsu.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nf-next v2 01/10] netfilter: make /proc/net/netfilter pernet
Date: Fri, 5 Apr 2013 19:44:04 +0200	[thread overview]
Message-ID: <20130405174404.GA4853@localhost> (raw)
In-Reply-To: <1364205048-32632-1-git-send-email-gaofeng@cn.fujitsu.com>

On Mon, Mar 25, 2013 at 05:50:39PM +0800, Gao feng wrote:
> Now,only init net has directroy /proc/net/netfilter,
> this patch makes this proc dentry pernet.

Applied with minor glitch, see below:

> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
> ---
>  include/net/net_namespace.h   |  2 ++
>  include/net/netns/netfilter.h | 11 +++++++++++
>  net/netfilter/core.c          | 36 +++++++++++++++++++++++++++++++-----
>  3 files changed, 44 insertions(+), 5 deletions(-)
>  create mode 100644 include/net/netns/netfilter.h
> 
> diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
> index de644bc..b176978 100644
> --- a/include/net/net_namespace.h
> +++ b/include/net/net_namespace.h
> @@ -17,6 +17,7 @@
>  #include <net/netns/ipv6.h>
>  #include <net/netns/sctp.h>
>  #include <net/netns/dccp.h>
> +#include <net/netns/netfilter.h>
>  #include <net/netns/x_tables.h>
>  #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
>  #include <net/netns/conntrack.h>
> @@ -94,6 +95,7 @@ struct net {
>  	struct netns_dccp	dccp;
>  #endif
>  #ifdef CONFIG_NETFILTER
> +	struct netns_nf		nf;
>  	struct netns_xt		xt;
>  #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
>  	struct netns_ct		ct;
> diff --git a/include/net/netns/netfilter.h b/include/net/netns/netfilter.h
> new file mode 100644
> index 0000000..248ca1c
> --- /dev/null
> +++ b/include/net/netns/netfilter.h
> @@ -0,0 +1,11 @@
> +#ifndef __NETNS_NETFILTER_H
> +#define __NETNS_NETFILTER_H
> +
> +#include <linux/proc_fs.h>
> +
> +struct netns_nf {
> +#if defined CONFIG_PROC_FS
> +	struct proc_dir_entry *proc_netfilter;
> +#endif
> +};
> +#endif
> diff --git a/net/netfilter/core.c b/net/netfilter/core.c
> index a9c488b..e054799 100644
> --- a/net/netfilter/core.c
> +++ b/net/netfilter/core.c
> @@ -281,6 +281,35 @@ struct proc_dir_entry *proc_net_netfilter;
>  EXPORT_SYMBOL(proc_net_netfilter);
>  #endif
>  
> +static int __net_init netfilter_net_init(struct net *net)
> +{
> +#ifdef CONFIG_PROC_FS
> +	net->nf.proc_netfilter = proc_net_mkdir(net,
> +						"netfilter",
> +						net->proc_net);
> +	if (net_eq(net, &init_net)) {
> +		if (!net->nf.proc_netfilter)
> +			panic("cannot create netfilter proc entry");

Moved this panic() to netfilter_init and it just returns -ENOMEM.

> +		else
> +			proc_net_netfilter = net->nf.proc_netfilter;
> +	} else if (!net->nf.proc_netfilter) {
> +		pr_err("cannot create netfilter proc entry");
> +		return -ENOMEM;
> +	}
> +#endif
> +	return 0;
> +}
> +
> +static void __net_exit netfilter_net_exit(struct net *net)
> +{
> +	remove_proc_entry("netfilter", net->proc_net);
> +}
> +
> +static struct pernet_operations netfilter_net_ops = {
> +	.init = netfilter_net_init,
> +	.exit = netfilter_net_exit,
> +};
> +
>  void __init netfilter_init(void)
>  {
>  	int i, h;
> @@ -289,11 +318,8 @@ void __init netfilter_init(void)
>  			INIT_LIST_HEAD(&nf_hooks[i][h]);
>  	}
>  
> -#ifdef CONFIG_PROC_FS
> -	proc_net_netfilter = proc_mkdir("netfilter", init_net.proc_net);
> -	if (!proc_net_netfilter)
> -		panic("cannot create netfilter proc entry");
> -#endif
> +	if (register_pernet_subsys(&netfilter_net_ops) < 0)
> +		return;
>  
>  	if (netfilter_log_init() < 0)
>  		panic("cannot initialize nf_log");
> -- 
> 1.7.11.7
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

     prev parent reply	other threads:[~2013-04-05 17:44 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-03-25  9:50 [PATCH nf-next v2 01/10] netfilter: make /proc/net/netfilter pernet Gao feng
2013-03-25  9:50 ` [PATCH nf-next v2 02/10] netfilter: nf_log: prepar net namespace support for nf_log Gao feng
2013-04-05 18:30   ` Pablo Neira Ayuso
2013-04-08  2:46     ` Gao feng
2013-03-25  9:50 ` [PATCH nf-next v2 03/10] netfilter: ebt_log: add net namespace support for ebt_log Gao feng
2013-04-05 18:32   ` Pablo Neira Ayuso
2013-04-08  2:50     ` Gao feng
2013-03-25  9:50 ` [PATCH nf-next v2 04/10] netfilter: xt_LOG: add net namespace support for xt_LOG Gao feng
2013-04-05 18:33   ` Pablo Neira Ayuso
2013-04-08  2:50     ` Gao feng
2013-03-25  9:50 ` [PATCH nf-next v2 05/10] netfilter: ebt_ulog: add net namesapce support for ebt_ulog Gao feng
2013-04-05 18:34   ` Pablo Neira Ayuso
2013-03-25  9:50 ` [PATCH nf-next v2 06/10] netfilter: ipt_ulog: add net namespace support for ipt_ulog Gao feng
2013-04-05 18:35   ` Pablo Neira Ayuso
2013-03-25  9:50 ` [PATCH nf-next v2 07/10] netfilter: nfnetlink_log: add net namespace support for nfnetlink_log Gao feng
2013-04-05 18:38   ` Pablo Neira Ayuso
2013-03-25  9:50 ` [PATCH nf-next v2 08/10] netfilter: nf_log: enable nflog in un-init net namespace Gao feng
2013-04-05 18:38   ` Pablo Neira Ayuso
2013-03-25  9:50 ` [PATCH nf-next v2 09/10] netfilter: nfnetlink_queue: add net namespace support for nfnetlink_queue Gao feng
2013-04-05 18:40   ` Pablo Neira Ayuso
2013-03-25  9:50 ` [PATCH nf-next v2 10/10] netfilter: remove useless variable proc_net_netfilter Gao feng
2013-04-05 18:45   ` Pablo Neira Ayuso
2013-04-08  2:56     ` Gao feng
2013-04-05 17:44 ` Pablo Neira Ayuso [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130405174404.GA4853@localhost \
    --to=pablo@netfilter.org \
    --cc=gaofeng@cn.fujitsu.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.