From patchwork Tue Apr 17 02:56:14 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gao feng <gaofeng@cn.fujitsu.com>
X-Patchwork-Id: 153035
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 1D936B7033
	for <patchwork-incoming@ozlabs.org>;
	Tue, 17 Apr 2012 13:35:26 +1000 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755627Ab2DQDfO (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Mon, 16 Apr 2012 23:35:14 -0400
Received: from cn.fujitsu.com ([222.73.24.84]:9871 "EHLO song.cn.fujitsu.com"
	rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP
	id S1754408Ab2DQDfI (ORCPT <rfc822;netdev@vger.kernel.org>);
	Mon, 16 Apr 2012 23:35:08 -0400
X-IronPort-AV: E=Sophos;i="4.75,432,1330876800"; d="scan'208";a="4768311"
Received: from unknown (HELO tang.cn.fujitsu.com) ([10.167.250.3])
	by song.cn.fujitsu.com with ESMTP; 17 Apr 2012 11:34:43 +0800
Received: from mailserver.fnst.cn.fujitsu.com (tang.cn.fujitsu.com
	[127.0.0.1])
	by tang.cn.fujitsu.com (8.14.3/8.13.1) with ESMTP id q3H2vVlQ022523;
	Tue, 17 Apr 2012 10:57:33 +0800
Received: from Donkey.fnst.cn.fujitsu.com ([10.167.225.206])
	by mailserver.fnst.cn.fujitsu.com (Lotus Domino Release 8.5.3)
	with ESMTP id 2012041710564017-28723 ;
	Tue, 17 Apr 2012 10:56:40 +0800
From: Gao feng <gaofeng@cn.fujitsu.com>
To: pablo@netfilter.org
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org,
	ebiederm@xmission.com, serge.hallyn@canonical.com,
	dlezcano@fr.ibm.com, Gao feng <gaofeng@cn.fujitsu.com>
Subject: [PATCH 03/12] netfilter: generic proto sysctl support for net
	namespace
Date: Tue, 17 Apr 2012 10:56:14 +0800
Message-Id: <1334631383-12326-4-git-send-email-gaofeng@cn.fujitsu.com>
X-Mailer: git-send-email 1.7.7.6
In-Reply-To: <1334631383-12326-1-git-send-email-gaofeng@cn.fujitsu.com>
References: <1334631383-12326-1-git-send-email-gaofeng@cn.fujitsu.com>
X-MIMETrack: Itemize by SMTP Server on mailserver/fnst(Release
	8.5.3|September 15, 2011) at 2012/04/17 10:56:40,
	Serialize by Router on mailserver/fnst(Release 8.5.3|September 15,
	2011) at 2012/04/17 10:56:49,
	Serialize complete at 2012/04/17 10:56:49
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

register the generic proto's sysctl in pernet_operations.init.
and use net->ct.proto.sysctl_generic_timeout replaces nf_ct_generic_timeout.

in the after patch,the timeout_nlattr_to_obj will be modified too.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---
 net/netfilter/nf_conntrack_core.c          |    6 ++
 net/netfilter/nf_conntrack_proto_generic.c |   93 +++++++++++++++++++++++++---
 2 files changed, 91 insertions(+), 8 deletions(-)

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 729f157..bf11dd6 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1358,6 +1358,7 @@ static void nf_conntrack_cleanup_net(struct net *net)
 	nf_conntrack_tstamp_fini(net);
 	nf_conntrack_acct_fini(net);
 	nf_conntrack_expect_fini(net);
+	nf_conntrack_proto_generic_net_fini(net);
 	kmem_cache_destroy(net->ct.nf_conntrack_cachep);
 	kfree(net->ct.slabname);
 	free_percpu(net->ct.stat);
@@ -1573,6 +1574,9 @@ static int nf_conntrack_init_net(struct net *net)
 		printk(KERN_ERR "Unable to create nf_conntrack_hash\n");
 		goto err_hash;
 	}
+	ret = nf_conntrack_proto_generic_net_init(net);
+	if (ret < 0)
+		goto err_generic;
 	ret = nf_conntrack_expect_init(net);
 	if (ret < 0)
 		goto err_expect;
@@ -1600,6 +1604,8 @@ err_tstamp:
 err_acct:
 	nf_conntrack_expect_fini(net);
 err_expect:
+	nf_conntrack_proto_generic_net_fini(net);
+err_generic:
 	nf_ct_free_hashtable(net->ct.hash, net->ct.htable_size);
 err_hash:
 	kmem_cache_destroy(net->ct.nf_conntrack_cachep);
diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c
index 835e24c..0d4545b 100644
--- a/net/netfilter/nf_conntrack_proto_generic.c
+++ b/net/netfilter/nf_conntrack_proto_generic.c
@@ -42,7 +42,7 @@ static int generic_print_tuple(struct seq_file *s,
 
 static unsigned int *generic_get_timeouts(struct net *net)
 {
-	return &nf_ct_generic_timeout;
+	return &(net->ct.proto.sysctl_generic_timeout);
 }
 
 /* Returns verdict for packet, or -1 for invalid. */
@@ -105,11 +105,10 @@ generic_timeout_nla_policy[CTA_TIMEOUT_GENERIC_MAX+1] = {
 #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
 
 #ifdef CONFIG_SYSCTL
-static struct ctl_table_header *generic_sysctl_header;
 static struct ctl_table generic_sysctl_table[] = {
 	{
 		.procname	= "nf_conntrack_generic_timeout",
-		.data		= &nf_ct_generic_timeout,
+		.data		= &init_net.ct.proto.sysctl_generic_timeout,
 		.maxlen		= sizeof(unsigned int),
 		.mode		= 0644,
 		.proc_handler	= proc_dointvec_jiffies,
@@ -120,7 +119,7 @@ static struct ctl_table generic_sysctl_table[] = {
 static struct ctl_table generic_compat_sysctl_table[] = {
 	{
 		.procname	= "ip_conntrack_generic_timeout",
-		.data		= &nf_ct_generic_timeout,
+		.data		= &init_net.ct.proto.sysctl_generic_timeout,
 		.maxlen		= sizeof(unsigned int),
 		.mode		= 0644,
 		.proc_handler	= proc_dointvec_jiffies,
@@ -150,11 +149,89 @@ struct nf_conntrack_l4proto nf_conntrack_l4proto_generic __read_mostly =
 		.nla_policy	= generic_timeout_nla_policy,
 	},
 #endif /* CONFIG_NF_CT_NETLINK_TIMEOUT */
+};
+
+int nf_conntrack_proto_generic_net_init(struct net *net)
+{
+	struct ctl_table *table;
+	int ret = 0;
 #ifdef CONFIG_SYSCTL
-	.ctl_table_header	= &generic_sysctl_header,
-	.ctl_table		= generic_sysctl_table,
 #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
-	.ctl_compat_table	= generic_compat_sysctl_table,
+	struct ctl_table *compat_table;
 #endif
 #endif
-};
+	net->ct.proto.sysctl_generic_timeout = nf_ct_generic_timeout;
+#ifdef CONFIG_SYSCTL
+	table = kmemdup(generic_sysctl_table,
+			sizeof(generic_sysctl_table),
+			GFP_KERNEL);
+	if (!table)
+		return -ENOMEM;
+	
+	table[0].data = &net->ct.proto.sysctl_generic_timeout;
+
+	ret = nf_ct_register_net_sysctl(net,
+					&net->ct.proto.generic_sysctl_header,
+					nf_net_netfilter_sysctl_path,
+					table,
+					NULL);
+	if (ret < 0) {
+		printk(KERN_ERR 
+			"nf_conntrack_proto_generic:"
+			" can't register to sysctl.\n");
+		kfree(table);
+		return ret;
+	}
+#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
+	compat_table = kmemdup(generic_compat_sysctl_table,
+			       sizeof(generic_compat_sysctl_table),
+			       GFP_KERNEL);
+	if (!compat_table) {
+		ret = -ENOMEM;
+		goto out_compat;
+	}
+	compat_table[0].data = &net->ct.proto.sysctl_generic_timeout;
+	ret = nf_ct_register_net_sysctl(net,
+					&net->ct.proto.generic_compat_header,
+					nf_net_ipv4_netfilter_sysctl_path,
+					compat_table,
+					NULL);
+	if (ret < 0) {
+		printk(KERN_ERR 
+			"nf_conntrack_proto_generic:"
+			" can't register to compat sysctl.\n");
+		goto out_compat_register;
+	}
+#endif
+	return 0;
+#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
+out_compat_register:
+	kfree(compat_table);
+out_compat:
+	nf_ct_unregister_net_sysctl(&net->ct.proto.generic_sysctl_header,
+				    table,
+				    NULL);
+#endif
+#endif
+	return ret;
+}
+
+void nf_conntrack_proto_generic_net_fini(struct net *net)
+{
+#ifdef CONFIG_SYSCTL
+	struct ctl_table *table;
+#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
+	struct ctl_table *compat_table;
+#endif
+	table = net->ct.proto.generic_sysctl_header->ctl_table_arg;
+	nf_ct_unregister_net_sysctl(&net->ct.proto.generic_sysctl_header,
+				    table,
+				    NULL);
+#ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT
+	compat_table = net->ct.proto.generic_compat_header->ctl_table_arg;
+	nf_ct_unregister_net_sysctl(&net->ct.proto.generic_compat_header,
+				    compat_table,
+				    NULL);
+#endif
+#endif
+}