diff options
author | Alexey Dobriyan <adobriyan@gmail.com> | 2008-10-08 05:35:02 -0400 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:02 -0400 |
commit | 5a1fb391d881905e89623d78858d05b248cbc86a (patch) | |
tree | 5a373417064f8792f413b22be37302fe0668966e /include | |
parent | dfdb8d791877052bbb527d9688d94a064721d8f7 (diff) |
netfilter: netns nf_conntrack: add ->ct_net -- pointer from conntrack to netns
Conntrack (struct nf_conn) gets pointer to netns: ->ct_net -- netns in which
it was created. It comes from netdevice.
->ct_net is write-once field.
Every conntrack in system has ->ct_net initialized, no exceptions.
->ct_net doesn't pin netns: conntracks are recycled after timeouts and
pinning background traffic will prevent netns from even starting shutdown
sequence.
Right now every conntrack is created in init_net.
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/netfilter/nf_conntrack.h | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 0741ad592da0..2b8d6efecf32 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h | |||
@@ -123,7 +123,9 @@ struct nf_conn | |||
123 | 123 | ||
124 | /* Extensions */ | 124 | /* Extensions */ |
125 | struct nf_ct_ext *ext; | 125 | struct nf_ct_ext *ext; |
126 | 126 | #ifdef CONFIG_NET_NS | |
127 | struct net *ct_net; | ||
128 | #endif | ||
127 | struct rcu_head rcu; | 129 | struct rcu_head rcu; |
128 | }; | 130 | }; |
129 | 131 | ||
@@ -147,6 +149,17 @@ static inline u_int8_t nf_ct_protonum(const struct nf_conn *ct) | |||
147 | /* get master conntrack via master expectation */ | 149 | /* get master conntrack via master expectation */ |
148 | #define master_ct(conntr) (conntr->master) | 150 | #define master_ct(conntr) (conntr->master) |
149 | 151 | ||
152 | extern struct net init_net; | ||
153 | |||
154 | static inline struct net *nf_ct_net(const struct nf_conn *ct) | ||
155 | { | ||
156 | #ifdef CONFIG_NET_NS | ||
157 | return ct->ct_net; | ||
158 | #else | ||
159 | return &init_net; | ||
160 | #endif | ||
161 | } | ||
162 | |||
150 | /* Alter reply tuple (maybe alter helper). */ | 163 | /* Alter reply tuple (maybe alter helper). */ |
151 | extern void | 164 | extern void |
152 | nf_conntrack_alter_reply(struct nf_conn *ct, | 165 | nf_conntrack_alter_reply(struct nf_conn *ct, |
@@ -251,7 +264,8 @@ extern void | |||
251 | nf_ct_iterate_cleanup(int (*iter)(struct nf_conn *i, void *data), void *data); | 264 | nf_ct_iterate_cleanup(int (*iter)(struct nf_conn *i, void *data), void *data); |
252 | extern void nf_conntrack_free(struct nf_conn *ct); | 265 | extern void nf_conntrack_free(struct nf_conn *ct); |
253 | extern struct nf_conn * | 266 | extern struct nf_conn * |
254 | nf_conntrack_alloc(const struct nf_conntrack_tuple *orig, | 267 | nf_conntrack_alloc(struct net *net, |
268 | const struct nf_conntrack_tuple *orig, | ||
255 | const struct nf_conntrack_tuple *repl, | 269 | const struct nf_conntrack_tuple *repl, |
256 | gfp_t gfp); | 270 | gfp_t gfp); |
257 | 271 | ||