netfilter: nf_ct_ipv6: add namespace support

This patch adds namespace support for IPv6 protocol tracker. Acked-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Gao feng <gaofeng@cn.fujitsu.com> 2012-05-28 17:04:17 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2012-06-07 08:58:40 -0400
commit: a7c439d3968e67c426f75fe7d455f214e52f1ab0 (patch)
tree: debc01a2cdc498fa53e2c54891a11fac1975e906 /net/ipv6
parent: 3ea04dd3a78916db9186a602b6ce974d36a33fbb (diff)
1 files changed, 59 insertions, 29 deletions
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index 7334cbfd6003..fca10da80ea7 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -333,37 +333,75 @@ MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET6));
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Yasuyuki KOZAKAI @USAGI <yasuyuki.kozakai@toshiba.co.jp>");
-static int __init nf_conntrack_l3proto_ipv6_init(void)
+static int ipv6_net_init(struct net *net)
 {
        int ret = 0;
-        need_conntrack();
+        ret = nf_conntrack_l4proto_register(net,
-        nf_defrag_ipv6_enable();
+                                            &nf_conntrack_l4proto_tcp6);
-        ret = nf_conntrack_l4proto_register(&init_net, &nf_conntrack_l4proto_tcp6);
        if (ret < 0) {
-                pr_err("nf_conntrack_ipv6: can't register tcp.\n");
+                printk(KERN_ERR "nf_conntrack_l4proto_tcp6: protocol register failed\n");
-                return ret;
+                goto out;
        }
+        ret = nf_conntrack_l4proto_register(net,
-        ret = nf_conntrack_l4proto_register(&init_net, &nf_conntrack_l4proto_udp6);
+                                            &nf_conntrack_l4proto_udp6);
        if (ret < 0) {
-                pr_err("nf_conntrack_ipv6: can't register udp.\n");
+                printk(KERN_ERR "nf_conntrack_l4proto_udp6: protocol register failed\n");
-                goto cleanup_tcp;
+                goto cleanup_tcp6;
        }
+        ret = nf_conntrack_l4proto_register(net,
-        ret = nf_conntrack_l4proto_register(&init_net, &nf_conntrack_l4proto_icmpv6);
+                                            &nf_conntrack_l4proto_icmpv6);
        if (ret < 0) {
-                pr_err("nf_conntrack_ipv6: can't register icmpv6.\n");
+                printk(KERN_ERR "nf_conntrack_l4proto_icmp6: protocol register failed\n");
-                goto cleanup_udp;
+                goto cleanup_udp6;
        }
+        ret = nf_conntrack_l3proto_register(net,
-        ret = nf_conntrack_l3proto_register(&init_net, &nf_conntrack_l3proto_ipv6);
+                                            &nf_conntrack_l3proto_ipv6);
        if (ret < 0) {
-                pr_err("nf_conntrack_ipv6: can't register ipv6\n");
+                printk(KERN_ERR "nf_conntrack_l3proto_ipv6: protocol register failed\n");
                goto cleanup_icmpv6;
        }
+        return 0;
+ cleanup_icmpv6:
+        nf_conntrack_l4proto_unregister(net,
+                                        &nf_conntrack_l4proto_icmpv6);
+ cleanup_udp6:
+        nf_conntrack_l4proto_unregister(net,
+                                        &nf_conntrack_l4proto_udp6);
+ cleanup_tcp6:
+        nf_conntrack_l4proto_unregister(net,
+                                        &nf_conntrack_l4proto_tcp6);
+ out:
+        return ret;
+}
+static void ipv6_net_exit(struct net *net)
+{
+        nf_conntrack_l3proto_unregister(net,
+                                        &nf_conntrack_l3proto_ipv6);
+        nf_conntrack_l4proto_unregister(net,
+                                        &nf_conntrack_l4proto_icmpv6);
+        nf_conntrack_l4proto_unregister(net,
+                                        &nf_conntrack_l4proto_udp6);
+        nf_conntrack_l4proto_unregister(net,
+                                        &nf_conntrack_l4proto_tcp6);
+}
+static struct pernet_operations ipv6_net_ops = {
+        .init = ipv6_net_init,
+        .exit = ipv6_net_exit,
+};
+static int __init nf_conntrack_l3proto_ipv6_init(void)
+{
+        int ret = 0;
+        need_conntrack();
+        nf_defrag_ipv6_enable();
+        ret = register_pernet_subsys(&ipv6_net_ops);
+        if (ret < 0)
+                goto cleanup_pernet;
        ret = nf_register_hooks(ipv6_conntrack_ops,
                                ARRAY_SIZE(ipv6_conntrack_ops));
        if (ret < 0) {
@@ -374,13 +412,8 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)
        return ret;
 cleanup_ipv6:
-        nf_conntrack_l3proto_unregister(&init_net, &nf_conntrack_l3proto_ipv6);
+        unregister_pernet_subsys(&ipv6_net_ops);
- cleanup_icmpv6:
+ cleanup_pernet:
-        nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_icmpv6);
- cleanup_udp:
-        nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_udp6);
- cleanup_tcp:
-        nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_tcp6);
        return ret;
 }
@@ -388,10 +421,7 @@ static void __exit nf_conntrack_l3proto_ipv6_fini(void)
 {
        synchronize_net();
        nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops));
-        nf_conntrack_l3proto_unregister(&init_net, &nf_conntrack_l3proto_ipv6);
+        unregister_pernet_subsys(&ipv6_net_ops);
-        nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_icmpv6);
-        nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_udp6);
-        nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_tcp6);
 }
 module_init(nf_conntrack_l3proto_ipv6_init);
author	Gao feng <gaofeng@cn.fujitsu.com>	2012-05-28 17:04:17 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2012-06-07 08:58:40 -0400
commit	a7c439d3968e67c426f75fe7d455f214e52f1ab0 (patch)
tree	debc01a2cdc498fa53e2c54891a11fac1975e906 /net/ipv6
parent	3ea04dd3a78916db9186a602b6ce974d36a33fbb (diff)

diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index 7334cbfd6003..fca10da80ea7 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -333,37 +333,75 @@ MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET6));
333	MODULE_LICENSE("GPL");	333	MODULE_LICENSE("GPL");
334	MODULE_AUTHOR("Yasuyuki KOZAKAI @USAGI <yasuyuki.kozakai@toshiba.co.jp>");	334	MODULE_AUTHOR("Yasuyuki KOZAKAI @USAGI <yasuyuki.kozakai@toshiba.co.jp>");
335		335
336	static int __init nf_conntrack_l3proto_ipv6_init(void)	336	static int ipv6_net_init(struct net *net)
337	{	337	{
338	int ret = 0;	338	int ret = 0;
339		339
340	need_conntrack();	340	ret = nf_conntrack_l4proto_register(net,
341	nf_defrag_ipv6_enable();	341	&nf_conntrack_l4proto_tcp6);
342
343	ret = nf_conntrack_l4proto_register(&init_net, &nf_conntrack_l4proto_tcp6);
344	if (ret < 0) {	342	if (ret < 0) {
345	pr_err("nf_conntrack_ipv6: can't register tcp.\n");	343	printk(KERN_ERR "nf_conntrack_l4proto_tcp6: protocol register failed\n");
346	return ret;	344	goto out;
347	}	345	}
348		346	ret = nf_conntrack_l4proto_register(net,
349	ret = nf_conntrack_l4proto_register(&init_net, &nf_conntrack_l4proto_udp6);	347	&nf_conntrack_l4proto_udp6);
350	if (ret < 0) {	348	if (ret < 0) {
351	pr_err("nf_conntrack_ipv6: can't register udp.\n");	349	printk(KERN_ERR "nf_conntrack_l4proto_udp6: protocol register failed\n");
352	goto cleanup_tcp;	350	goto cleanup_tcp6;
353	}	351	}
354		352	ret = nf_conntrack_l4proto_register(net,
355	ret = nf_conntrack_l4proto_register(&init_net, &nf_conntrack_l4proto_icmpv6);	353	&nf_conntrack_l4proto_icmpv6);
356	if (ret < 0) {	354	if (ret < 0) {
357	pr_err("nf_conntrack_ipv6: can't register icmpv6.\n");	355	printk(KERN_ERR "nf_conntrack_l4proto_icmp6: protocol register failed\n");
358	goto cleanup_udp;	356	goto cleanup_udp6;
359	}	357	}
360		358	ret = nf_conntrack_l3proto_register(net,
361	ret = nf_conntrack_l3proto_register(&init_net, &nf_conntrack_l3proto_ipv6);	359	&nf_conntrack_l3proto_ipv6);
362	if (ret < 0) {	360	if (ret < 0) {
363	pr_err("nf_conntrack_ipv6: can't register ipv6\n");	361	printk(KERN_ERR "nf_conntrack_l3proto_ipv6: protocol register failed\n");
364	goto cleanup_icmpv6;	362	goto cleanup_icmpv6;
365	}	363	}
		364	return 0;
		365	cleanup_icmpv6:
		366	nf_conntrack_l4proto_unregister(net,
		367	&nf_conntrack_l4proto_icmpv6);
		368	cleanup_udp6:
		369	nf_conntrack_l4proto_unregister(net,
		370	&nf_conntrack_l4proto_udp6);
		371	cleanup_tcp6:
		372	nf_conntrack_l4proto_unregister(net,
		373	&nf_conntrack_l4proto_tcp6);
		374	out:
		375	return ret;
		376	}
366		377
		378	static void ipv6_net_exit(struct net *net)
		379	{
		380	nf_conntrack_l3proto_unregister(net,
		381	&nf_conntrack_l3proto_ipv6);
		382	nf_conntrack_l4proto_unregister(net,
		383	&nf_conntrack_l4proto_icmpv6);
		384	nf_conntrack_l4proto_unregister(net,
		385	&nf_conntrack_l4proto_udp6);
		386	nf_conntrack_l4proto_unregister(net,
		387	&nf_conntrack_l4proto_tcp6);
		388	}
		389
		390	static struct pernet_operations ipv6_net_ops = {
		391	.init = ipv6_net_init,
		392	.exit = ipv6_net_exit,
		393	};
		394
		395	static int __init nf_conntrack_l3proto_ipv6_init(void)
		396	{
		397	int ret = 0;
		398
		399	need_conntrack();
		400	nf_defrag_ipv6_enable();
		401
		402	ret = register_pernet_subsys(&ipv6_net_ops);
		403	if (ret < 0)
		404	goto cleanup_pernet;
367	ret = nf_register_hooks(ipv6_conntrack_ops,	405	ret = nf_register_hooks(ipv6_conntrack_ops,
368	ARRAY_SIZE(ipv6_conntrack_ops));	406	ARRAY_SIZE(ipv6_conntrack_ops));
369	if (ret < 0) {	407	if (ret < 0) {
@@ -374,13 +412,8 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)
374	return ret;	412	return ret;
375		413
376	cleanup_ipv6:	414	cleanup_ipv6:
377	nf_conntrack_l3proto_unregister(&init_net, &nf_conntrack_l3proto_ipv6);	415	unregister_pernet_subsys(&ipv6_net_ops);
378	cleanup_icmpv6:	416	cleanup_pernet:
379	nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_icmpv6);
380	cleanup_udp:
381	nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_udp6);
382	cleanup_tcp:
383	nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_tcp6);
384	return ret;	417	return ret;
385	}	418	}
386		419
@@ -388,10 +421,7 @@ static void __exit nf_conntrack_l3proto_ipv6_fini(void)
388	{	421	{
389	synchronize_net();	422	synchronize_net();
390	nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops));	423	nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops));
391	nf_conntrack_l3proto_unregister(&init_net, &nf_conntrack_l3proto_ipv6);	424	unregister_pernet_subsys(&ipv6_net_ops);
392	nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_icmpv6);
393	nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_udp6);
394	nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_tcp6);
395	}	425	}
396		426
397	module_init(nf_conntrack_l3proto_ipv6_init);	427	module_init(nf_conntrack_l3proto_ipv6_init);