aboutsummaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorGao feng <gaofeng@cn.fujitsu.com>2013-03-24 23:50:39 +0000
committerPablo Neira Ayuso <pablo@netfilter.org>2013-04-05 19:35:02 +0200
commitf3c1a44a2208d14b061ad665d9549c9b321f38e5 (patch)
treeef7a34138ce6bde4524478343d762b3ec39b1902 /net
parent152b0f5da798c56566737f4d0bd85f69688e7d7b (diff)
netfilter: make /proc/net/netfilter pernet
This patch makes this proc dentry pernet. So far only init_net had a /proc/net/netfilter directory. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/core.c33
1 files changed, 29 insertions, 4 deletions
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index a9c488b6c50..b085184d9b4 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -281,6 +281,34 @@ struct proc_dir_entry *proc_net_netfilter;
EXPORT_SYMBOL(proc_net_netfilter);
#endif
+static int __net_init netfilter_net_init(struct net *net)
+{
+#ifdef CONFIG_PROC_FS
+ net->nf.proc_netfilter = proc_net_mkdir(net, "netfilter",
+ net->proc_net);
+ if (net_eq(net, &init_net)) {
+ if (!net->nf.proc_netfilter)
+ return -ENOMEM;
+ else
+ proc_net_netfilter = net->nf.proc_netfilter;
+ } else if (!net->nf.proc_netfilter) {
+ pr_err("cannot create netfilter proc entry");
+ return -ENOMEM;
+ }
+#endif
+ return 0;
+}
+
+static void __net_exit netfilter_net_exit(struct net *net)
+{
+ remove_proc_entry("netfilter", net->proc_net);
+}
+
+static struct pernet_operations netfilter_net_ops = {
+ .init = netfilter_net_init,
+ .exit = netfilter_net_exit,
+};
+
void __init netfilter_init(void)
{
int i, h;
@@ -289,11 +317,8 @@ void __init netfilter_init(void)
INIT_LIST_HEAD(&nf_hooks[i][h]);
}
-#ifdef CONFIG_PROC_FS
- proc_net_netfilter = proc_mkdir("netfilter", init_net.proc_net);
- if (!proc_net_netfilter)
+ if (register_pernet_subsys(&netfilter_net_ops) < 0)
panic("cannot create netfilter proc entry");
-#endif
if (netfilter_log_init() < 0)
panic("cannot initialize nf_log");