diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2015-07-11 02:15:06 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-07-15 19:17:26 +0300 |
commit | 085db2c04557d31db61541f361bd8b4de92c9939 (patch) | |
tree | b62e22e0613903ea366e3a5af1649869b9c5bd1d /include/net/netns | |
parent | 0edcf282b0a6f38168294264837cf7d52a2f5255 (diff) | |
download | linux-085db2c04557d31db61541f361bd8b4de92c9939.tar.xz |
netfilter: Per network namespace netfilter hooks.
- Add a new set of functions for registering and unregistering per
network namespace hooks.
- Modify the old global namespace hook functions to use the per
network namespace hooks in their implementation, so their remains a
single list that needs to be walked for any hook (this is important
for keeping the hook priority working and for keeping the code
walking the hooks simple).
- Only allow registering the per netdevice hooks in the network
namespace where the network device lives.
- Dynamically allocate the structures in the per network namespace
hook list in nf_register_net_hook, and unregister them in
nf_unregister_net_hook.
Dynamic allocate is required somewhere as the number of network
namespaces are not fixed so we might as well allocate them in the
registration function.
The chain of registered hooks on any list is expected to be small so
the cost of walking that list to find the entry we are unregistering
should also be small.
Performing the management of the dynamically allocated list entries
in the registration and unregistration functions keeps the complexity
from spreading.
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'include/net/netns')
-rw-r--r-- | include/net/netns/netfilter.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/netns/netfilter.h b/include/net/netns/netfilter.h index 532e4ba64f49..38aa4983e2a9 100644 --- a/include/net/netns/netfilter.h +++ b/include/net/netns/netfilter.h @@ -14,5 +14,6 @@ struct netns_nf { #ifdef CONFIG_SYSCTL struct ctl_table_header *nf_log_dir_header; #endif + struct list_head hooks[NFPROTO_NUMPROTO][NF_MAX_HOOKS]; }; #endif |