netfilter: nfacct: per network namespace support

- Move the nfnl_acct_list into the network namespace, initialize and destroy it per namespace - Keep track of refcnt on nfacct objects, the old logic does not longer work with a per namespace list - Adjust xt_nfacct to pass the namespace when registring objects Signed-off-by: Andreas Schultz <aschultz@tpip.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Andreas Schultz 2015-08-05 17:51:45 +0200
committer: Pablo Neira Ayuso 2015-08-07 11:50:56 +0200
commit: 3499abb249bb5ed9d21031944bc3059ec4aa2909 (patch)
tree: a9aa2226572e58808719670ba93e0192953db302 /include/net/net_namespace.h
parent: netfilter: nft_limit: add per-byte limiting (diff)
download: kernel-qcow2-linux-3499abb249bb5ed9d21031944bc3059ec4aa2909.tar.gz
kernel-qcow2-linux-3499abb249bb5ed9d21031944bc3059ec4aa2909.tar.xz
kernel-qcow2-linux-3499abb249bb5ed9d21031944bc3059ec4aa2909.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index e951453e0a23..2dcea635ecce 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -118,6 +118,9 @@ struct net {
 #endif
 	struct sock		*nfnl;
 	struct sock		*nfnl_stash;
+#if IS_ENABLED(CONFIG_NETFILTER_NETLINK_ACCT)
+	struct list_head        nfnl_acct_list;
+#endif
 #endif
 #ifdef CONFIG_WEXT_CORE
 	struct sk_buff_head	wext_nlevents;
author	Andreas Schultz	2015-08-05 17:51:45 +0200
committer	Pablo Neira Ayuso	2015-08-07 11:50:56 +0200
commit	3499abb249bb5ed9d21031944bc3059ec4aa2909 (patch)
tree	a9aa2226572e58808719670ba93e0192953db302 /include/net/net_namespace.h
parent	netfilter: nft_limit: add per-byte limiting (diff)
download	kernel-qcow2-linux-3499abb249bb5ed9d21031944bc3059ec4aa2909.tar.gz kernel-qcow2-linux-3499abb249bb5ed9d21031944bc3059ec4aa2909.tar.xz kernel-qcow2-linux-3499abb249bb5ed9d21031944bc3059ec4aa2909.zip