kybaaz/linux-xiaomi-chiron
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

netfilter: nfacct: per network namespace support

Browse source 
- Move the nfnl_acct_list into the network namespace, initialize
  and destroy it per namespace
- Keep track of refcnt on nfacct objects, the old logic does not
  longer work with a per namespace list
- Adjust xt_nfacct to pass the namespace when registring objects

Signed-off-by: Andreas Schultz <aschultz@tpip.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Andreas Schultz 2015-08-05 17:51:45 +02:00 committed by Pablo Neira Ayuso
parent d2168e849e
commit 3499abb249
4 changed files with 56 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

3
include/linux/netfilter/nfnetlink_acct.h
View file

@ -2,6 +2,7 @@
#define _NFNL_ACCT_H_
#include <uapi/linux/netfilter/nfnetlink_acct.h>
#include <net/net_namespace.h>
enum {
NFACCT_NO_QUOTA = -1,
@ -11,7 +12,7 @@ enum {
struct nf_acct;
struct nf_acct *nfnl_acct_find_get(const char *filter_name);
struct nf_acct *nfnl_acct_find_get(struct net *net, const char *filter_name);
void nfnl_acct_put(struct nf_acct *acct);
void nfnl_acct_update(const struct sk_buff *skb, struct nf_acct *nfacct);
extern int nfnl_acct_overquota(const struct sk_buff *skb,