netfilter: nf_ct_icmp: add namespace support

This patch adds namespace support for ICMPv6 protocol tracker. Acked-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Gao feng <gaofeng@cn.fujitsu.com> 2012-05-28 17:04:15 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2012-06-07 08:58:40 -0400
commit: 7080ba0955438ecd2885c1b73fbd9760b1594a41 (patch)
tree: dcb91bea5da6c1cb70bc52acfd3a17db3da259c7 /net/ipv6
parent: 4b626b9c5d35b4f99b073dc5d6457abddcbcf429 (diff)
1 files changed, 23 insertions, 2 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
index 3e81904fbbcd..f606355200d8 100644
--- a/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_proto_icmpv6.c
@@ -29,6 +29,11 @@
 static unsigned int nf_ct_icmpv6_timeout __read_mostly = 30*HZ;
+static inline struct nf_icmp_net *icmpv6_pernet(struct net *net)
+{
+        return &net->ct.nf_ct_proto.icmpv6;
+}
 static bool icmpv6_pkt_to_tuple(const struct sk_buff *skb,
                                unsigned int dataoff,
                                struct nf_conntrack_tuple *tuple)
@@ -90,7 +95,7 @@ static int icmpv6_print_tuple(struct seq_file *s,
 static unsigned int *icmpv6_get_timeouts(struct net *net)
 {
-        return &nf_ct_icmpv6_timeout;
+        return &icmpv6_pernet(net)->timeout;
 }
 /* Returns verdict for packet, or -1 for invalid. */
@@ -319,7 +324,6 @@ static struct ctl_table_header *icmpv6_sysctl_header;
 static struct ctl_table icmpv6_sysctl_table[] = {
        {
                .procname       = "nf_conntrack_icmpv6_timeout",
-                .data           = &nf_ct_icmpv6_timeout,
                .maxlen         = sizeof(unsigned int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec_jiffies,
@@ -328,6 +332,22 @@ static struct ctl_table icmpv6_sysctl_table[] = {
 };
 #endif /* CONFIG_SYSCTL */
+static int icmpv6_init_net(struct net *net)
+{
+        struct nf_icmp_net *in = icmpv6_pernet(net);
+        struct nf_proto_net *pn = (struct nf_proto_net *)in;
+        in->timeout = nf_ct_icmpv6_timeout;
+#ifdef CONFIG_SYSCTL
+        pn->ctl_table = kmemdup(icmpv6_sysctl_table,
+                                sizeof(icmpv6_sysctl_table),
+                                GFP_KERNEL);
+        if (!pn->ctl_table)
+                return -ENOMEM;
+        pn->ctl_table[0].data = &in->timeout;
+#endif
+        return 0;
+}
 struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 __read_mostly =
 {
        .l3proto                = PF_INET6,
@@ -359,4 +379,5 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_icmpv6 __read_mostly =
        .ctl_table_header       = &icmpv6_sysctl_header,
        .ctl_table              = icmpv6_sysctl_table,
 #endif
+        .init_net               = icmpv6_init_net,
 };
author	Gao feng <gaofeng@cn.fujitsu.com>	2012-05-28 17:04:15 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2012-06-07 08:58:40 -0400
commit	7080ba0955438ecd2885c1b73fbd9760b1594a41 (patch)
tree	dcb91bea5da6c1cb70bc52acfd3a17db3da259c7 /net/ipv6
parent	4b626b9c5d35b4f99b073dc5d6457abddcbcf429 (diff)