netfilter: nf_ct_ipv6: add namespace support

This patch adds namespace support for IPv6 protocol tracker. Acked-by: N Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: N Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nf_ct_ipv6: add namespace support
This patch adds namespace support for IPv6 protocol tracker. Acked-by: N Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: N Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: N Pablo Neira Ayuso <pablo@netfilter.org>
a7c439d3 · Gao feng · Pablo Neira Ayuso · 3ea04dd3 · a7c439d3
隐藏空白更改
内联并排

Showing with 59 addition and 29 deletion

net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +59 -29

未找到文件。
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -333,37 +333,75 @@ MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET6));
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Yasuyuki KOZAKAI @USAGI <yasuyuki.kozakai@toshiba.co.jp>");
-static int __init nf_conntrack_l3proto_ipv6_init(void)
+static int ipv6_net_init(struct net *net)
 {
 	int ret = 0;
-	need_conntrack();
+	ret = nf_conntrack_l4proto_register(net,
-	nf_defrag_ipv6_enable();
+					    &nf_conntrack_l4proto_tcp6);
-	ret = nf_conntrack_l4proto_register(&init_net, &nf_conntrack_l4proto_tcp6);
 	if (ret < 0) {
-		pr_err("nf_conntrack_ipv6: can't register tcp.\n");
+		printk(KERN_ERR "nf_conntrack_l4proto_tcp6: protocol register failed\n");
-		return ret;
+		goto out;
 	}
+	ret = nf_conntrack_l4proto_register(net,
-	ret = nf_conntrack_l4proto_register(&init_net, &nf_conntrack_l4proto_udp6);
+					    &nf_conntrack_l4proto_udp6);
 	if (ret < 0) {
-		pr_err("nf_conntrack_ipv6: can't register udp.\n");
+		printk(KERN_ERR "nf_conntrack_l4proto_udp6: protocol register failed\n");
-		goto cleanup_tcp;
+		goto cleanup_tcp6;
 	}
+	ret = nf_conntrack_l4proto_register(net,
-	ret = nf_conntrack_l4proto_register(&init_net, &nf_conntrack_l4proto_icmpv6);
+					    &nf_conntrack_l4proto_icmpv6);
 	if (ret < 0) {
-		pr_err("nf_conntrack_ipv6: can't register icmpv6.\n");
+		printk(KERN_ERR "nf_conntrack_l4proto_icmp6: protocol register failed\n");
-		goto cleanup_udp;
+		goto cleanup_udp6;
 	}
+	ret = nf_conntrack_l3proto_register(net,
-	ret = nf_conntrack_l3proto_register(&init_net, &nf_conntrack_l3proto_ipv6);
+					    &nf_conntrack_l3proto_ipv6);
 	if (ret < 0) {
-		pr_err("nf_conntrack_ipv6: can't register ipv6\n");
+		printk(KERN_ERR "nf_conntrack_l3proto_ipv6: protocol register failed\n");
 		goto cleanup_icmpv6;
 	}
+	return 0;
+ cleanup_icmpv6:
+	nf_conntrack_l4proto_unregister(net,
+					&nf_conntrack_l4proto_icmpv6);
+ cleanup_udp6:
+	nf_conntrack_l4proto_unregister(net,
+					&nf_conntrack_l4proto_udp6);
+ cleanup_tcp6:
+	nf_conntrack_l4proto_unregister(net,
+					&nf_conntrack_l4proto_tcp6);
+ out:
+	return ret;
+}
+static void ipv6_net_exit(struct net *net)
+{
+	nf_conntrack_l3proto_unregister(net,
+					&nf_conntrack_l3proto_ipv6);
+	nf_conntrack_l4proto_unregister(net,
+					&nf_conntrack_l4proto_icmpv6);
+	nf_conntrack_l4proto_unregister(net,
+					&nf_conntrack_l4proto_udp6);
+	nf_conntrack_l4proto_unregister(net,
+					&nf_conntrack_l4proto_tcp6);
+}
+static struct pernet_operations ipv6_net_ops = {
+	.init = ipv6_net_init,
+	.exit = ipv6_net_exit,
+};
+static int __init nf_conntrack_l3proto_ipv6_init(void)
+{
+	int ret = 0;
+	need_conntrack();
+	nf_defrag_ipv6_enable();
+	ret = register_pernet_subsys(&ipv6_net_ops);
+	if (ret < 0)
+		goto cleanup_pernet;
 	ret = nf_register_hooks(ipv6_conntrack_ops,
 				ARRAY_SIZE(ipv6_conntrack_ops));
 	if (ret < 0) {
@@ -374,13 +412,8 @@ static int __init nf_conntrack_l3proto_ipv6_init(void)
 	return ret;
 cleanup_ipv6:
-	nf_conntrack_l3proto_unregister(&init_net, &nf_conntrack_l3proto_ipv6);
+	unregister_pernet_subsys(&ipv6_net_ops);
- cleanup_icmpv6:
+ cleanup_pernet:
-	nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_icmpv6);
- cleanup_udp:
-	nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_udp6);
- cleanup_tcp:
-	nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_tcp6);
 	return ret;
 }
@@ -388,10 +421,7 @@ static void __exit nf_conntrack_l3proto_ipv6_fini(void)
 {
 	synchronize_net();
 	nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops));
-	nf_conntrack_l3proto_unregister(&init_net, &nf_conntrack_l3proto_ipv6);
+	unregister_pernet_subsys(&ipv6_net_ops);
-	nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_icmpv6);
-	nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_udp6);
-	nf_conntrack_l4proto_unregister(&init_net, &nf_conntrack_l4proto_tcp6);
 }
 module_init(nf_conntrack_l3proto_ipv6_init);