netfilter: nfacct: per network namespace support

- Move the nfnl_acct_list into the network namespace, initialize and destroy it per namespace - Keep track of refcnt on nfacct objects, the old logic does not longer work with a per namespace list - Adjust xt_nfacct to pass the namespace when registring objects Signed-off-by: Andreas Schultz <aschultz@tpip.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Andreas Schultz <aschultz@tpip.net> 2015-08-05 17:51:45 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-08-07 11:50:56 +0200
commit: 3499abb249bb5ed9d21031944bc3059ec4aa2909 (patch)
tree: a9aa2226572e58808719670ba93e0192953db302 /include/linux/netfilter
parent: d2168e849ebf617b2b7feae44c0c0baf739cb610 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/include/linux/netfilter/nfnetlink_acct.h b/include/linux/netfilter/nfnetlink_acct.h
index 6ec975748742..80ca889b164e 100644
--- a/include/linux/netfilter/nfnetlink_acct.h
+++ b/include/linux/netfilter/nfnetlink_acct.h
@@ -2,6 +2,7 @@
 #define _NFNL_ACCT_H_
 
 #include <uapi/linux/netfilter/nfnetlink_acct.h>
+#include <net/net_namespace.h>
 
 enum {
 	NFACCT_NO_QUOTA		= -1,
@@ -11,7 +12,7 @@ enum {
 
 struct nf_acct;
 
-struct nf_acct *nfnl_acct_find_get(const char *filter_name);
+struct nf_acct *nfnl_acct_find_get(struct net *net, const char *filter_name);
 void nfnl_acct_put(struct nf_acct *acct);
 void nfnl_acct_update(const struct sk_buff *skb, struct nf_acct *nfacct);
 extern int nfnl_acct_overquota(const struct sk_buff *skb,
author	Andreas Schultz <aschultz@tpip.net>	2015-08-05 17:51:45 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-08-07 11:50:56 +0200
commit	3499abb249bb5ed9d21031944bc3059ec4aa2909 (patch)
tree	a9aa2226572e58808719670ba93e0192953db302 /include/linux/netfilter
parent	d2168e849ebf617b2b7feae44c0c0baf739cb610 (diff)