netfilter: allow logging from non-init namespaces

[linux-2.6-microblaze.git] / net / netfilter / nf_log.c

diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index 3dca90d..0a034f5 100644 (file)
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -16,6 +16,9 @@
 #define NF_LOG_PREFIXLEN               128
 #define NFLOGGER_NAME_LEN              64
 
+int sysctl_nf_log_all_netns __read_mostly;
+EXPORT_SYMBOL(sysctl_nf_log_all_netns);
+
 static struct nf_logger __rcu *loggers[NFPROTO_NUMPROTO][NF_LOG_TYPE_MAX] __read_mostly;
 static DEFINE_MUTEX(nf_log_mutex);
 
@@ -414,6 +417,18 @@ static const struct file_operations nflog_file_ops = {
 #ifdef CONFIG_SYSCTL
 static char nf_log_sysctl_fnames[NFPROTO_NUMPROTO-NFPROTO_UNSPEC][3];
 static struct ctl_table nf_log_sysctl_table[NFPROTO_NUMPROTO+1];
+static struct ctl_table_header *nf_log_sysctl_fhdr;
+
+static struct ctl_table nf_log_sysctl_ftable[] = {
+       {
+               .procname       = "nf_log_all_netns",
+               .data           = &sysctl_nf_log_all_netns,
+               .maxlen         = sizeof(sysctl_nf_log_all_netns),
+               .mode           = 0644,
+               .proc_handler   = proc_dointvec,
+       },
+       { }
+};
 
 static int nf_log_proc_dostring(struct ctl_table *table, int write,
                         void __user *buffer, size_t *lenp, loff_t *ppos)
@@ -483,6 +498,10 @@ static int netfilter_log_sysctl_init(struct net *net)
                        nf_log_sysctl_table[i].extra1 =
                                (void *)(unsigned long) i;
                }
+               nf_log_sysctl_fhdr = register_net_sysctl(net, "net/netfilter",
+                                                        nf_log_sysctl_ftable);
+               if (!nf_log_sysctl_fhdr)
+                       goto err_freg;
        }
 
        for (i = NFPROTO_UNSPEC; i < NFPROTO_NUMPROTO; i++)
@@ -499,6 +518,9 @@ static int netfilter_log_sysctl_init(struct net *net)
 err_reg:
        if (!net_eq(net, &init_net))
                kfree(table);
+       else
+               unregister_net_sysctl_table(nf_log_sysctl_fhdr);
+err_freg:
 err_alloc:
        return -ENOMEM;
 }
@@ -511,6 +533,8 @@ static void netfilter_log_sysctl_exit(struct net *net)
        unregister_net_sysctl_table(net->nf.nf_log_dir_header);
        if (!net_eq(net, &init_net))
                kfree(table);
+       else
+               unregister_net_sysctl_table(nf_log_sysctl_fhdr);
 }
 #else
 static int netfilter_log_sysctl_init(struct net *net)