3 files changed, 42 insertions, 4 deletions
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index de644bcd8613..b17697827482 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -17,6 +17,7 @@
 #include <net/netns/ipv6.h>
 #include <net/netns/sctp.h>
 #include <net/netns/dccp.h>
+#include <net/netns/netfilter.h>
 #include <net/netns/x_tables.h>
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
 #include <net/netns/conntrack.h>
@@ -94,6 +95,7 @@ struct net {
        struct netns_dccp       dccp;
 #endif
 #ifdef CONFIG_NETFILTER
+        struct netns_nf         nf;
        struct netns_xt         xt;
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
        struct netns_ct         ct;
diff --git a/include/net/netns/netfilter.h b/include/net/netns/netfilter.h
new file mode 100644
index 000000000000..248ca1c68dba
--- /dev/null
+++ b/include/net/netns/netfilter.h
@@ -0,0 +1,11 @@
+#ifndef __NETNS_NETFILTER_H
+#define __NETNS_NETFILTER_H
+#include <linux/proc_fs.h>
+struct netns_nf {
+#if defined CONFIG_PROC_FS
+        struct proc_dir_entry *proc_netfilter;
+#endif
+};
+#endif
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index a9c488b6c50d..b085184d9b45 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -281,6 +281,34 @@ struct proc_dir_entry *proc_net_netfilter;
 EXPORT_SYMBOL(proc_net_netfilter);
 #endif
+static int __net_init netfilter_net_init(struct net *net)
+{
+#ifdef CONFIG_PROC_FS
+        net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter",
+                                                net->proc_net);
+        if (net_eq(net, &init_net)) {
+                if (!net->nf.proc_netfilter)
+                        return -ENOMEM;
+                else
+                        proc_net_netfilter = net->nf.proc_netfilter;
+        } else if (!net->nf.proc_netfilter) {
+                pr_err("cannot create netfilter proc entry");
+                return -ENOMEM;
+        }
+#endif
+        return 0;
+}
+static void __net_exit netfilter_net_exit(struct net *net)
+{
+        remove_proc_entry("netfilter", net->proc_net);
+}
+static struct pernet_operations netfilter_net_ops = {
+        .init = netfilter_net_init,
+        .exit = netfilter_net_exit,
+};
 void __init netfilter_init(void)
 {
        int i, h;
@@ -289,11 +317,8 @@ void __init netfilter_init(void)
                        INIT_LIST_HEAD(&nf_hooks[i][h]);
        }
-#ifdef CONFIG_PROC_FS
+        if (register_pernet_subsys(&netfilter_net_ops) < 0)
-        proc_net_netfilter = proc_mkdir("netfilter", init_net.proc_net);
-        if (!proc_net_netfilter)
                panic("cannot create netfilter proc entry");
-#endif
        if (netfilter_log_init() < 0)
                panic("cannot initialize nf_log");

diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h index de644bcd8613..b17697827482 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h
@@ -17,6 +17,7 @@
17	#include <net/netns/ipv6.h>	17	#include <net/netns/ipv6.h>
18	#include <net/netns/sctp.h>	18	#include <net/netns/sctp.h>
19	#include <net/netns/dccp.h>	19	#include <net/netns/dccp.h>
		20	#include <net/netns/netfilter.h>
20	#include <net/netns/x_tables.h>	21	#include <net/netns/x_tables.h>
21	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)	22	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
22	#include <net/netns/conntrack.h>	23	#include <net/netns/conntrack.h>
@@ -94,6 +95,7 @@ struct net {
94	struct netns_dccp dccp;	95	struct netns_dccp dccp;
95	#endif	96	#endif
96	#ifdef CONFIG_NETFILTER	97	#ifdef CONFIG_NETFILTER
		98	struct netns_nf nf;
97	struct netns_xt xt;	99	struct netns_xt xt;
98	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)	100	#if defined(CONFIG_NF_CONNTRACK) \|\| defined(CONFIG_NF_CONNTRACK_MODULE)
99	struct netns_ct ct;	101	struct netns_ct ct;


diff --git a/include/net/netns/netfilter.h b/include/net/netns/netfilter.h new file mode 100644 index 000000000000..248ca1c68dba --- /dev/null +++ b/include/net/netns/netfilter.h
@@ -0,0 +1,11 @@
		1	#ifndef __NETNS_NETFILTER_H
		2	#define __NETNS_NETFILTER_H
		3
		4	#include <linux/proc_fs.h>
		5
		6	struct netns_nf {
		7	#if defined CONFIG_PROC_FS
		8	struct proc_dir_entry *proc_netfilter;
		9	#endif
		10	};
		11	#endif


diff --git a/net/netfilter/core.c b/net/netfilter/core.c index a9c488b6c50d..b085184d9b45 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c
@@ -281,6 +281,34 @@ struct proc_dir_entry *proc_net_netfilter;
281	EXPORT_SYMBOL(proc_net_netfilter);	281	EXPORT_SYMBOL(proc_net_netfilter);
282	#endif	282	#endif
283		283
		284	static int __net_init netfilter_net_init(struct net *net)
		285	{
		286	#ifdef CONFIG_PROC_FS
		287	net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter",
		288	net->proc_net);
		289	if (net_eq(net, &init_net)) {
		290	if (!net->nf.proc_netfilter)
		291	return -ENOMEM;
		292	else
		293	proc_net_netfilter = net->nf.proc_netfilter;
		294	} else if (!net->nf.proc_netfilter) {
		295	pr_err("cannot create netfilter proc entry");
		296	return -ENOMEM;
		297	}
		298	#endif
		299	return 0;
		300	}
		301
		302	static void __net_exit netfilter_net_exit(struct net *net)
		303	{
		304	remove_proc_entry("netfilter", net->proc_net);
		305	}
		306
		307	static struct pernet_operations netfilter_net_ops = {
		308	.init = netfilter_net_init,
		309	.exit = netfilter_net_exit,
		310	};
		311
284	void __init netfilter_init(void)	312	void __init netfilter_init(void)
285	{	313	{
286	int i, h;	314	int i, h;
@@ -289,11 +317,8 @@ void __init netfilter_init(void)
289	INIT_LIST_HEAD(&nf_hooks[i][h]);	317	INIT_LIST_HEAD(&nf_hooks[i][h]);
290	}	318	}
291		319
292	#ifdef CONFIG_PROC_FS	320	if (register_pernet_subsys(&netfilter_net_ops) < 0)
293	proc_net_netfilter = proc_mkdir("netfilter", init_net.proc_net);
294	if (!proc_net_netfilter)
295	panic("cannot create netfilter proc entry");	321	panic("cannot create netfilter proc entry");
296	#endif
297		322
298	if (netfilter_log_init() < 0)	323	if (netfilter_log_init() < 0)
299	panic("cannot initialize nf_log");	324	panic("cannot initialize nf_log");