netfilter: nf_ct_icmp: add namespace support

This patch adds namespace support for ICMP protocol tracker. Acked-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Gao feng <gaofeng@cn.fujitsu.com> 2012-05-28 17:04:14 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2012-06-07 08:58:40 -0400
commit: 4b626b9c5d35b4f99b073dc5d6457abddcbcf429 (patch)
tree: 774457d18f064a5a1ca8ee54724ab5ff3b5e0487 /net/ipv4
parent: 0ce490ad4387a67ee8ca5253476272d508fc0b6f (diff)
1 files changed, 35 insertions, 3 deletions
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index 0847e373d33c..a0eabeb36b9f 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -23,6 +23,11 @@
 static unsigned int nf_ct_icmp_timeout __read_mostly = 30*HZ;
+static inline struct nf_icmp_net *icmp_pernet(struct net *net)
+{
+        return &net->ct.nf_ct_proto.icmp;
+}
 static bool icmp_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
                              struct nf_conntrack_tuple *tuple)
 {
@@ -77,7 +82,7 @@ static int icmp_print_tuple(struct seq_file *s,
 static unsigned int *icmp_get_timeouts(struct net *net)
 {
-        return &nf_ct_icmp_timeout;
+        return &icmp_pernet(net)->timeout;
 }
 /* Returns verdict for packet, or -1 for invalid. */
@@ -312,7 +317,6 @@ static struct ctl_table_header *icmp_sysctl_header;
 static struct ctl_table icmp_sysctl_table[] = {
        {
                .procname       = "nf_conntrack_icmp_timeout",
-                .data           = &nf_ct_icmp_timeout,
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
@@ -323,7 +327,6 @@ static struct ctl_table icmp_sysctl_table[] = {
 static struct ctl_table icmp_compat_sysctl_table[] = {
        {
                .procname       = "ip_conntrack_icmp_timeout",
-                .data           = &nf_ct_icmp_timeout,
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
@@ -333,6 +336,34 @@ static struct ctl_table icmp_compat_sysctl_table[] = {
 #endif /* CONFIG_NF_CONNTRACK_PROC_COMPAT */
 #endif /* CONFIG_SYSCTL */
+static int icmp_init_net(struct net *net)
+{
+        struct nf_icmp_net *in = icmp_pernet(net);
+        struct nf_proto_net *pn = (struct nf_proto_net *)in;
+        in->timeout = nf_ct_icmp_timeout;
+#ifdef CONFIG_SYSCTL
+        pn->ctl_table = kmemdup(icmp_sysctl_table,
+                                sizeof(icmp_sysctl_table),
+                                GFP_KERNEL);
+        if (!pn->ctl_table)
+                return -ENOMEM;
+        pn->ctl_table[0].data = &in->timeout;
+#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
+        pn->ctl_compat_table = kmemdup(icmp_compat_sysctl_table,
+                                       sizeof(icmp_compat_sysctl_table),
+                                       GFP_KERNEL);
+        if (!pn->ctl_compat_table) {
+                kfree(pn->ctl_table);
+                pn->ctl_table = NULL;
+                return -ENOMEM;
+        }
+        pn->ctl_compat_table[0].data = &in->timeout;
+#endif
+#endif
+        return 0;
+}
 struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly =
 {
        .l3proto                = PF_INET,
@@ -369,4 +400,5 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmp __read_mostly =
        .ctl_compat_table       = icmp_compat_sysctl_table,
 #endif
 #endif
+        .init_net               = icmp_init_net,
 };
author	Gao feng <gaofeng@cn.fujitsu.com>	2012-05-28 17:04:14 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2012-06-07 08:58:40 -0400
commit	4b626b9c5d35b4f99b073dc5d6457abddcbcf429 (patch)
tree	774457d18f064a5a1ca8ee54724ab5ff3b5e0487 /net/ipv4
parent	0ce490ad4387a67ee8ca5253476272d508fc0b6f (diff)