diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-10-08 05:35:08 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:08 -0400 |
| commit | c2a2c7e0cc39e7f9336cd67e8307a110bdba82f3 (patch) | |
| tree | 7f9636ad72ab8f2309b2d5b3ca74f8c074ac807a /include | |
| parent | c04d05529a6e0bf97183a2caf76a0c7f07f5b78c (diff) | |
netfilter: netns nf_conntrack: per-netns net.netfilter.nf_conntrack_log_invalid sysctl
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/netfilter/nf_conntrack_l4proto.h | 15 | ||||
| -rw-r--r-- | include/net/netns/conntrack.h | 1 |
2 files changed, 8 insertions, 8 deletions
diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h index 97723d33c950..7f2f43c77284 100644 --- a/include/net/netfilter/nf_conntrack_l4proto.h +++ b/include/net/netfilter/nf_conntrack_l4proto.h | |||
| @@ -117,20 +117,19 @@ extern int nf_ct_port_nlattr_to_tuple(struct nlattr *tb[], | |||
| 117 | struct nf_conntrack_tuple *t); | 117 | struct nf_conntrack_tuple *t); |
| 118 | extern const struct nla_policy nf_ct_port_nla_policy[]; | 118 | extern const struct nla_policy nf_ct_port_nla_policy[]; |
| 119 | 119 | ||
| 120 | /* Log invalid packets */ | ||
| 121 | extern unsigned int nf_ct_log_invalid; | ||
| 122 | |||
| 123 | #ifdef CONFIG_SYSCTL | 120 | #ifdef CONFIG_SYSCTL |
| 124 | #ifdef DEBUG_INVALID_PACKETS | 121 | #ifdef DEBUG_INVALID_PACKETS |
| 125 | #define LOG_INVALID(proto) \ | 122 | #define LOG_INVALID(net, proto) \ |
| 126 | (nf_ct_log_invalid == (proto) || nf_ct_log_invalid == IPPROTO_RAW) | 123 | ((net)->ct.sysctl_log_invalid == (proto) || \ |
| 124 | (net)->ct.sysctl_log_invalid == IPPROTO_RAW) | ||
| 127 | #else | 125 | #else |
| 128 | #define LOG_INVALID(proto) \ | 126 | #define LOG_INVALID(net, proto) \ |
| 129 | ((nf_ct_log_invalid == (proto) || nf_ct_log_invalid == IPPROTO_RAW) \ | 127 | (((net)->ct.sysctl_log_invalid == (proto) || \ |
| 128 | (net)->ct.sysctl_log_invalid == IPPROTO_RAW) \ | ||
| 130 | && net_ratelimit()) | 129 | && net_ratelimit()) |
| 131 | #endif | 130 | #endif |
| 132 | #else | 131 | #else |
| 133 | #define LOG_INVALID(proto) 0 | 132 | #define LOG_INVALID(net, proto) 0 |
| 134 | #endif /* CONFIG_SYSCTL */ | 133 | #endif /* CONFIG_SYSCTL */ |
| 135 | 134 | ||
| 136 | #endif /*_NF_CONNTRACK_PROTOCOL_H*/ | 135 | #endif /*_NF_CONNTRACK_PROTOCOL_H*/ |
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h index 38b6dae4d3de..503e37551b17 100644 --- a/include/net/netns/conntrack.h +++ b/include/net/netns/conntrack.h | |||
| @@ -18,6 +18,7 @@ struct netns_ct { | |||
| 18 | struct nf_conntrack_ecache *ecache; | 18 | struct nf_conntrack_ecache *ecache; |
| 19 | #endif | 19 | #endif |
| 20 | int sysctl_checksum; | 20 | int sysctl_checksum; |
| 21 | unsigned int sysctl_log_invalid; /* Log invalid packets */ | ||
| 21 | #ifdef CONFIG_SYSCTL | 22 | #ifdef CONFIG_SYSCTL |
| 22 | struct ctl_table_header *sysctl_header; | 23 | struct ctl_table_header *sysctl_header; |
| 23 | #endif | 24 | #endif |