diff options
author | Pavel Emelyanov <xemul@openvz.org> | 2008-03-26 04:56:24 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-03-26 04:56:24 -0400 |
commit | 68528f09980a60c8df046d16336333cac4fc0c32 (patch) | |
tree | 88d2f93f5e6ea4a8c7539e3f9a28afc27f71a3d9 | |
parent | a24022e1887978decaa28fb11d1ddff63e31497f (diff) |
[NETNS][ICMP]: Make ctl tables for ICMP sysctls per-net.
Add some flesh to ipv4_sysctl_init_net and ipv4_sysctl_exit_net,
i.e. copy the table, alter .data pointers and register it per-net.
Other ipv4_table's sysctls are now global, but this is going to
change once sysctl permissions patches migrate from -mm tree to
mainline in 2.6.26 merge window :)
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | include/net/netns/ipv4.h | 1 | ||||
-rw-r--r-- | net/ipv4/sysctl_net_ipv4.c | 138 |
2 files changed, 91 insertions, 48 deletions
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h index e3de0ff8ea4b..af685f71f4b5 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h | |||
@@ -17,6 +17,7 @@ struct netns_ipv4 { | |||
17 | #ifdef CONFIG_SYSCTL | 17 | #ifdef CONFIG_SYSCTL |
18 | struct ctl_table_header *forw_hdr; | 18 | struct ctl_table_header *forw_hdr; |
19 | struct ctl_table_header *frags_hdr; | 19 | struct ctl_table_header *frags_hdr; |
20 | struct ctl_table_header *ipv4_hdr; | ||
20 | #endif | 21 | #endif |
21 | struct ipv4_devconf *devconf_all; | 22 | struct ipv4_devconf *devconf_all; |
22 | struct ipv4_devconf *devconf_dflt; | 23 | struct ipv4_devconf *devconf_dflt; |
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index e9585c02f243..c437f804ee38 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c | |||
@@ -404,38 +404,6 @@ static struct ctl_table ipv4_table[] = { | |||
404 | .strategy = &ipv4_sysctl_local_port_range, | 404 | .strategy = &ipv4_sysctl_local_port_range, |
405 | }, | 405 | }, |
406 | { | 406 | { |
407 | .ctl_name = NET_IPV4_ICMP_ECHO_IGNORE_ALL, | ||
408 | .procname = "icmp_echo_ignore_all", | ||
409 | .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all, | ||
410 | .maxlen = sizeof(int), | ||
411 | .mode = 0644, | ||
412 | .proc_handler = &proc_dointvec | ||
413 | }, | ||
414 | { | ||
415 | .ctl_name = NET_IPV4_ICMP_ECHO_IGNORE_BROADCASTS, | ||
416 | .procname = "icmp_echo_ignore_broadcasts", | ||
417 | .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts, | ||
418 | .maxlen = sizeof(int), | ||
419 | .mode = 0644, | ||
420 | .proc_handler = &proc_dointvec | ||
421 | }, | ||
422 | { | ||
423 | .ctl_name = NET_IPV4_ICMP_IGNORE_BOGUS_ERROR_RESPONSES, | ||
424 | .procname = "icmp_ignore_bogus_error_responses", | ||
425 | .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses, | ||
426 | .maxlen = sizeof(int), | ||
427 | .mode = 0644, | ||
428 | .proc_handler = &proc_dointvec | ||
429 | }, | ||
430 | { | ||
431 | .ctl_name = NET_IPV4_ICMP_ERRORS_USE_INBOUND_IFADDR, | ||
432 | .procname = "icmp_errors_use_inbound_ifaddr", | ||
433 | .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr, | ||
434 | .maxlen = sizeof(int), | ||
435 | .mode = 0644, | ||
436 | .proc_handler = &proc_dointvec | ||
437 | }, | ||
438 | { | ||
439 | .ctl_name = NET_IPV4_ROUTE, | 407 | .ctl_name = NET_IPV4_ROUTE, |
440 | .procname = "route", | 408 | .procname = "route", |
441 | .maxlen = 0, | 409 | .maxlen = 0, |
@@ -586,22 +554,6 @@ static struct ctl_table ipv4_table[] = { | |||
586 | .proc_handler = &proc_dointvec | 554 | .proc_handler = &proc_dointvec |
587 | }, | 555 | }, |
588 | { | 556 | { |
589 | .ctl_name = NET_IPV4_ICMP_RATELIMIT, | ||
590 | .procname = "icmp_ratelimit", | ||
591 | .data = &init_net.ipv4.sysctl_icmp_ratelimit, | ||
592 | .maxlen = sizeof(int), | ||
593 | .mode = 0644, | ||
594 | .proc_handler = &proc_dointvec | ||
595 | }, | ||
596 | { | ||
597 | .ctl_name = NET_IPV4_ICMP_RATEMASK, | ||
598 | .procname = "icmp_ratemask", | ||
599 | .data = &init_net.ipv4.sysctl_icmp_ratemask, | ||
600 | .maxlen = sizeof(int), | ||
601 | .mode = 0644, | ||
602 | .proc_handler = &proc_dointvec | ||
603 | }, | ||
604 | { | ||
605 | .ctl_name = NET_TCP_TW_REUSE, | 557 | .ctl_name = NET_TCP_TW_REUSE, |
606 | .procname = "tcp_tw_reuse", | 558 | .procname = "tcp_tw_reuse", |
607 | .data = &sysctl_tcp_tw_reuse, | 559 | .data = &sysctl_tcp_tw_reuse, |
@@ -804,6 +756,58 @@ static struct ctl_table ipv4_table[] = { | |||
804 | { .ctl_name = 0 } | 756 | { .ctl_name = 0 } |
805 | }; | 757 | }; |
806 | 758 | ||
759 | static struct ctl_table ipv4_net_table[] = { | ||
760 | { | ||
761 | .ctl_name = NET_IPV4_ICMP_ECHO_IGNORE_ALL, | ||
762 | .procname = "icmp_echo_ignore_all", | ||
763 | .data = &init_net.ipv4.sysctl_icmp_echo_ignore_all, | ||
764 | .maxlen = sizeof(int), | ||
765 | .mode = 0644, | ||
766 | .proc_handler = &proc_dointvec | ||
767 | }, | ||
768 | { | ||
769 | .ctl_name = NET_IPV4_ICMP_ECHO_IGNORE_BROADCASTS, | ||
770 | .procname = "icmp_echo_ignore_broadcasts", | ||
771 | .data = &init_net.ipv4.sysctl_icmp_echo_ignore_broadcasts, | ||
772 | .maxlen = sizeof(int), | ||
773 | .mode = 0644, | ||
774 | .proc_handler = &proc_dointvec | ||
775 | }, | ||
776 | { | ||
777 | .ctl_name = NET_IPV4_ICMP_IGNORE_BOGUS_ERROR_RESPONSES, | ||
778 | .procname = "icmp_ignore_bogus_error_responses", | ||
779 | .data = &init_net.ipv4.sysctl_icmp_ignore_bogus_error_responses, | ||
780 | .maxlen = sizeof(int), | ||
781 | .mode = 0644, | ||
782 | .proc_handler = &proc_dointvec | ||
783 | }, | ||
784 | { | ||
785 | .ctl_name = NET_IPV4_ICMP_ERRORS_USE_INBOUND_IFADDR, | ||
786 | .procname = "icmp_errors_use_inbound_ifaddr", | ||
787 | .data = &init_net.ipv4.sysctl_icmp_errors_use_inbound_ifaddr, | ||
788 | .maxlen = sizeof(int), | ||
789 | .mode = 0644, | ||
790 | .proc_handler = &proc_dointvec | ||
791 | }, | ||
792 | { | ||
793 | .ctl_name = NET_IPV4_ICMP_RATELIMIT, | ||
794 | .procname = "icmp_ratelimit", | ||
795 | .data = &init_net.ipv4.sysctl_icmp_ratelimit, | ||
796 | .maxlen = sizeof(int), | ||
797 | .mode = 0644, | ||
798 | .proc_handler = &proc_dointvec | ||
799 | }, | ||
800 | { | ||
801 | .ctl_name = NET_IPV4_ICMP_RATEMASK, | ||
802 | .procname = "icmp_ratemask", | ||
803 | .data = &init_net.ipv4.sysctl_icmp_ratemask, | ||
804 | .maxlen = sizeof(int), | ||
805 | .mode = 0644, | ||
806 | .proc_handler = &proc_dointvec | ||
807 | }, | ||
808 | { } | ||
809 | }; | ||
810 | |||
807 | struct ctl_path net_ipv4_ctl_path[] = { | 811 | struct ctl_path net_ipv4_ctl_path[] = { |
808 | { .procname = "net", .ctl_name = CTL_NET, }, | 812 | { .procname = "net", .ctl_name = CTL_NET, }, |
809 | { .procname = "ipv4", .ctl_name = NET_IPV4, }, | 813 | { .procname = "ipv4", .ctl_name = NET_IPV4, }, |
@@ -813,11 +817,49 @@ EXPORT_SYMBOL_GPL(net_ipv4_ctl_path); | |||
813 | 817 | ||
814 | static __net_init int ipv4_sysctl_init_net(struct net *net) | 818 | static __net_init int ipv4_sysctl_init_net(struct net *net) |
815 | { | 819 | { |
820 | struct ctl_table *table; | ||
821 | |||
822 | table = ipv4_net_table; | ||
823 | if (net != &init_net) { | ||
824 | table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL); | ||
825 | if (table == NULL) | ||
826 | goto err_alloc; | ||
827 | |||
828 | table[0].data = | ||
829 | &net->ipv4.sysctl_icmp_echo_ignore_all; | ||
830 | table[1].data = | ||
831 | &net->ipv4.sysctl_icmp_echo_ignore_broadcasts; | ||
832 | table[2].data = | ||
833 | &net->ipv4.sysctl_icmp_ignore_bogus_error_responses; | ||
834 | table[3].data = | ||
835 | &net->ipv4.sysctl_icmp_errors_use_inbound_ifaddr; | ||
836 | table[4].data = | ||
837 | &net->ipv4.sysctl_icmp_ratelimit; | ||
838 | table[5].data = | ||
839 | &net->ipv4.sysctl_icmp_ratemask; | ||
840 | } | ||
841 | |||
842 | net->ipv4.ipv4_hdr = register_net_sysctl_table(net, | ||
843 | net_ipv4_ctl_path, table); | ||
844 | if (net->ipv4.ipv4_hdr == NULL) | ||
845 | goto err_reg; | ||
846 | |||
816 | return 0; | 847 | return 0; |
848 | |||
849 | err_reg: | ||
850 | if (net != &init_net) | ||
851 | kfree(table); | ||
852 | err_alloc: | ||
853 | return -ENOMEM; | ||
817 | } | 854 | } |
818 | 855 | ||
819 | static __net_exit void ipv4_sysctl_exit_net(struct net *net) | 856 | static __net_exit void ipv4_sysctl_exit_net(struct net *net) |
820 | { | 857 | { |
858 | struct ctl_table *table; | ||
859 | |||
860 | table = net->ipv4.ipv4_hdr->ctl_table_arg; | ||
861 | unregister_net_sysctl_table(net->ipv4.ipv4_hdr); | ||
862 | kfree(table); | ||
821 | } | 863 | } |
822 | 864 | ||
823 | static __net_initdata struct pernet_operations ipv4_sysctl_ops = { | 865 | static __net_initdata struct pernet_operations ipv4_sysctl_ops = { |