From: Vasily Averin <vvs@parallels.com>
To: Bart De Schuymer <bdschuym@pandora.be>
Cc: Florian Westphal <fw@strlen.de>,
netfilter-devel@vger.kernel.org,
Stephen Hemminger <stephen@networkplumber.org>,
Patrick McHardy <kaber@trash.net>,
Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH 10/15] br_netfilter: added per-netns sysctl registration
Date: Sat, 10 May 2014 01:28:22 +0400 [thread overview]
Message-ID: <536D4876.4040501@parallels.com> (raw)
In-Reply-To: <cover.1399660706.git.vvs@openvz.org>
added separate per-netns sysctl tables,
however systcl variables from init_brnf_net are still used
Signed-off-by: Vasily Averin <vvs@openvz.org>
---
net/bridge/br_netfilter.c | 59 +++++++++++++++++++++++++++++++-------------
1 files changed, 41 insertions(+), 18 deletions(-)
diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c
index 460917c..16b68da 100644
--- a/net/bridge/br_netfilter.c
+++ b/net/bridge/br_netfilter.c
@@ -66,10 +66,6 @@ static inline struct brnf_net *brnf_net(const struct net *net)
return net_generic(net, brnf_net_id);
}
-#ifdef CONFIG_SYSCTL
-static struct ctl_table_header *brnf_sysctl_header;
-#endif
-
#define IS_IP(skb) \
(!vlan_tx_tag_present(skb) && skb->protocol == htons(ETH_P_IP))
@@ -1063,10 +1059,49 @@ static struct ctl_table brnf_table[] = {
},
{ }
};
-#endif
+static int brnf_sysctl_net_register(struct brnf_net *bn)
+{
+ struct ctl_table *table;
+ struct ctl_table_header *hdr;
+
+ table = brnf_table;
+ if (!net_eq(bn->net, &init_net)) {
+
+ table = kmemdup(table, sizeof(brnf_table), GFP_KERNEL);
+ if (!table)
+ goto err_alloc;
+ }
+ hdr = register_net_sysctl(bn->net, "net/bridge", table);
+ if (!hdr)
+ goto err_reg;
+
+ bn->hdr = hdr;
+ return 0;
+
+err_reg:
+ if (!net_eq(bn->net, &init_net))
+ kfree(table);
+err_alloc:
+ return -ENOMEM;
+}
+
+static void brnf_sysctl_net_unregister(struct brnf_net *bn)
+{
+ struct ctl_table *table;
+
+ if (bn->hdr == NULL)
+ return;
+
+ table = bn->hdr->ctl_table_arg;
+ unregister_net_sysctl_table(bn->hdr);
+ if (!net_eq(bn->net, &init_net))
+ kfree(table);
+}
+#else
#define brnf_sysctl_net_register(x) (0)
#define brnf_sysctl_net_unregister(x)
+#endif
static int __net_init brnf_net_init(struct net *net)
{
@@ -1105,16 +1140,7 @@ int __init br_netfilter_init(void)
ret = register_pernet_subsys(&brnf_net_ops);
if (ret < 0)
goto err_pernet;
-#ifdef CONFIG_SYSCTL
- brnf_sysctl_header = register_net_sysctl(&init_net, "net/bridge", brnf_table);
- if (brnf_sysctl_header == NULL) {
- printk(KERN_WARNING
- "br_netfilter: can't register to sysctl.\n");
- ret = -ENOMEM;
- unregister_pernet_subsys(&brnf_net_ops);
- goto err_pernet;
- }
-#endif
+
printk(KERN_NOTICE "Bridge firewalling registered\n");
return 0;
@@ -1128,9 +1154,6 @@ err_dst:
void br_netfilter_fini(void)
{
-#ifdef CONFIG_SYSCTL
- unregister_net_sysctl_table(brnf_sysctl_header);
-#endif
unregister_pernet_subsys(&brnf_net_ops);
nf_unregister_hooks(br_nf_ops, ARRAY_SIZE(br_nf_ops));
dst_entries_destroy(&fake_dst_ops);
--
1.7.5.4
next prev parent reply other threads:[~2014-05-09 21:30 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <536A8054.90201@pandora.de>
2014-05-09 21:26 ` [PATCH 00/15 RFC] per-netns sysctl for br_netfilter Vasily Averin
[not found] ` <cover.1399660706.git.vvs@openvz.org>
2014-05-09 21:26 ` [PATCH 01/15] br_netfilter: brnf_net structure Vasily Averin
2014-05-11 19:26 ` Bart De Schuymer
2014-05-09 21:27 ` [PATCH 02/15] br_netfilter: default settings in init_brnf_net Vasily Averin
2014-05-09 21:27 ` [PATCH 03/15] br_netfilter: switch sysctl nf_call_arptables to init_brnf_net Vasily Averin
2014-05-09 21:27 ` [PATCH 04/15] br_netfilter: switch sysctl nf_call_iptables " Vasily Averin
2014-05-11 19:35 ` Bart De Schuymer
2014-05-09 21:27 ` [PATCH 05/15] br_netfilter: switch sysctl nf_call_ip6tables " Vasily Averin
2014-05-09 21:27 ` [PATCH 06/15] br_netfilter: switch sysctl filter_vlan_tagged " Vasily Averin
2014-05-09 21:27 ` [PATCH 07/15] br_netfilter: switch sysctl filter_pppoe_tagged " Vasily Averin
2014-05-09 21:28 ` [PATCH 08/15] br_netfilter: switch sysctl pass_vlan_indev " Vasily Averin
2014-05-09 21:28 ` [PATCH 09/15] br_netfilter: pernet_operations brnf_net_ops without per-netns sysctl registration Vasily Averin
2014-05-11 19:26 ` Bart De Schuymer
2014-05-09 21:28 ` Vasily Averin [this message]
2014-05-09 21:28 ` [PATCH 11/15] br_netfilter: switch sysctl nf_call_arptables to per-netns processing Vasily Averin
2014-05-09 21:28 ` [PATCH 12/15] br_netfilter: switch sysctls nf_call_iptables and nf_call_ip6tables " Vasily Averin
2014-05-09 21:28 ` [PATCH 13/15] br_netfilter: switch sysctl filter_vlan_tagged " Vasily Averin
2014-05-09 21:28 ` [PATCH 14/15] br_netfilter: switch sysctl filter_pppoe_tagged " Vasily Averin
2014-05-09 21:29 ` [PATCH 15/15] br_netfilter: switch sysctl pass_vlan_indev " Vasily Averin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=536D4876.4040501@parallels.com \
--to=vvs@parallels.com \
--cc=bdschuym@pandora.be \
--cc=fw@strlen.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.