[Devel] [PATCH vz7 3/5] nf_conntrack: export nf_conntrack_hide_sysctl() helper

[Stanislav Kinsburskiy]

From: Stanislav Kinsburskiy <skinsbursky at parallels.com>

Will be used for other tables

Signed-off-by: Stanislav Kinsburskiy <skinsbursky at parallels.com>
---
 include/net/netfilter/nf_conntrack_core.h |    2 ++
 net/netfilter/nf_conntrack_standalone.c   |    7 ++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index cc0c188..9a54afc 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -39,6 +39,8 @@ void nf_conntrack_cleanup_start(void);
 void nf_conntrack_init_end(void);
 void nf_conntrack_cleanup_end(void);
 
+int nf_conntrack_hide_sysctl(struct net *net);
+
 bool nf_ct_get_tuple(const struct sk_buff *skb, unsigned int nhoff,
 		     unsigned int dataoff, u_int16_t l3num, u_int8_t protonum,
 		     struct nf_conntrack_tuple *tuple,
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 5de29af..a137b27 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -475,7 +475,7 @@ static struct ctl_table nf_ct_netfilter_table[] = {
 
 static int zero;
 
-static int nf_conntrack_hide_sysctl(struct net *net)
+int nf_conntrack_hide_sysctl(struct net *net)
 {
 	/*
 	 * This can happen only on VE creation, when process created VE cgroup,
@@ -573,6 +573,11 @@ static void nf_conntrack_standalone_fini_sysctl(struct net *net)
 	kfree(table);
 }
 #else
+int nf_conntrack_hide_sysctl(struct net *net)
+{
+	return 0;
+}
+
 static int nf_conntrack_netfilter_init_sysctl(struct net *net)
 {
 	return 0;