bridge: fix compile warning in net/bridge/br_netfilter.c

[linux-2.6] / net / netfilter / core.c

diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 95e18635ce7aa8be983629c326ae3cc73224e3bb..292fa28146fb33cfe5beb77e70c95a4f8caa96e2 100644 (file)
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -26,10 +26,10 @@
 
 static DEFINE_MUTEX(afinfo_mutex);
 
-struct nf_afinfo *nf_afinfo[NPROTO] __read_mostly;
+const struct nf_afinfo *nf_afinfo[NPROTO] __read_mostly;
 EXPORT_SYMBOL(nf_afinfo);
 
-int nf_register_afinfo(struct nf_afinfo *afinfo)
+int nf_register_afinfo(const struct nf_afinfo *afinfo)
 {
        int err;
 
@@ -42,7 +42,7 @@ int nf_register_afinfo(struct nf_afinfo *afinfo)
 }
 EXPORT_SYMBOL_GPL(nf_register_afinfo);
 
-void nf_unregister_afinfo(struct nf_afinfo *afinfo)
+void nf_unregister_afinfo(const struct nf_afinfo *afinfo)
 {
        mutex_lock(&afinfo_mutex);
        rcu_assign_pointer(nf_afinfo[afinfo->family], NULL);
@@ -165,6 +165,14 @@ int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb,
        unsigned int verdict;
        int ret = 0;
 
+#ifdef CONFIG_NET_NS
+       struct net *net;
+
+       net = indev == NULL ? dev_net(outdev) : dev_net(indev);
+       if (net != &init_net)
+               return 1;
+#endif
+
        /* We may already have this, but read-locks nest anyway */
        rcu_read_lock();
 
@@ -272,3 +280,12 @@ void __init netfilter_init(void)
        if (netfilter_log_init() < 0)
                panic("cannot initialize nf_log");
 }
+
+#ifdef CONFIG_SYSCTL
+struct ctl_path nf_net_netfilter_sysctl_path[] = {
+       { .procname = "net", .ctl_name = CTL_NET, },
+       { .procname = "netfilter", .ctl_name = NET_NETFILTER, },
+       { }
+};
+EXPORT_SYMBOL_GPL(nf_net_netfilter_sysctl_path);
+#endif /* CONFIG_SYSCTL */