iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: provide config option to disable ancient procfs parts

Browse Source 
Using /proc/net/nf_conntrack has been deprecated in favour of the
conntrack(8) tool.

Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Jan Engelhardt 2011-04-21 09:32:45 +02:00 committed by Pablo Neira Ayuso
parent 42c344a3bc
commit 54b07dca68
4 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/ipv4/netfilter/Kconfig
View File

@ -27,7 +27,7 @@ config NF_CONNTRACK_IPV4
config NF_CONNTRACK_PROC_COMPAT config NF_CONNTRACK_PROC_COMPAT
bool "proc/sysctl compatibility with old connection tracking" bool "proc/sysctl compatibility with old connection tracking"
depends on NF_CONNTRACK_IPV4 depends on NF_CONNTRACK_PROCFS && NF_CONNTRACK_IPV4
default y default y
help help
This option enables /proc and sysctl compatibility with the old This option enables /proc and sysctl compatibility with the old

10
net/netfilter/Kconfig
View File

@ -83,6 +83,16 @@ config NF_CONNTRACK_ZONES
If unsure, say `N'. If unsure, say `N'.
config NF_CONNTRACK_PROCFS
bool "Supply CT list in procfs (OBSOLETE)"
default y
depends on PROC_FS
---help---
This option enables for the list of known conntrack entries
to be shown in procfs under net/netfilter/nf_conntrack. This
is considered obsolete in favor of using the conntrack(8)
tool which uses Netlink.
config NF_CONNTRACK_EVENTS config NF_CONNTRACK_EVENTS
bool "Connection tracking events" bool "Connection tracking events"
depends on NETFILTER_ADVANCED depends on NETFILTER_ADVANCED

12
net/netfilter/nf_conntrack_expect.c
View File

@ -455,7 +455,7 @@ out:
} }
EXPORT_SYMBOL_GPL(nf_ct_expect_related_report); EXPORT_SYMBOL_GPL(nf_ct_expect_related_report);
#ifdef CONFIG_PROC_FS #ifdef CONFIG_NF_CONNTRACK_PROCFS
struct ct_expect_iter_state { struct ct_expect_iter_state {
struct seq_net_private p; struct seq_net_private p;
unsigned int bucket; unsigned int bucket;
@ -583,25 +583,25 @@ static const struct file_operations exp_file_ops = {
.llseek = seq_lseek, .llseek = seq_lseek,
.release = seq_release_net, .release = seq_release_net,
}; };
#endif /* CONFIG_PROC_FS */ #endif /* CONFIG_NF_CONNTRACK_PROCFS */
static int exp_proc_init(struct net *net) static int exp_proc_init(struct net *net)
{ {
#ifdef CONFIG_PROC_FS #ifdef CONFIG_NF_CONNTRACK_PROCFS
struct proc_dir_entry *proc; struct proc_dir_entry *proc;
proc = proc_net_fops_create(net, "nf_conntrack_expect", 0440, &exp_file_ops); proc = proc_net_fops_create(net, "nf_conntrack_expect", 0440, &exp_file_ops);
if (!proc) if (!proc)
return -ENOMEM; return -ENOMEM;
#endif /* CONFIG_PROC_FS */ #endif /* CONFIG_NF_CONNTRACK_PROCFS */
return 0; return 0;
} }
static void exp_proc_remove(struct net *net) static void exp_proc_remove(struct net *net)
{ {
#ifdef CONFIG_PROC_FS #ifdef CONFIG_NF_CONNTRACK_PROCFS
proc_net_remove(net, "nf_conntrack_expect"); proc_net_remove(net, "nf_conntrack_expect");
#endif /* CONFIG_PROC_FS */ #endif /* CONFIG_NF_CONNTRACK_PROCFS */
} }
module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400); module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400);

4
net/netfilter/nf_conntrack_standalone.c
View File

@ -34,7 +34,7 @@
MODULE_LICENSE("GPL"); MODULE_LICENSE("GPL");
#ifdef CONFIG_PROC_FS #ifdef CONFIG_NF_CONNTRACK_PROCFS
int int
print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple, print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple,
const struct nf_conntrack_l3proto *l3proto, const struct nf_conntrack_l3proto *l3proto,
@ -396,7 +396,7 @@ static int nf_conntrack_standalone_init_proc(struct net *net)
static void nf_conntrack_standalone_fini_proc(struct net *net) static void nf_conntrack_standalone_fini_proc(struct net *net)
{ {
} }
#endif /* CONFIG_PROC_FS */ #endif /* CONFIG_NF_CONNTRACK_PROCFS */
/* Sysctl support */ /* Sysctl support */