aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2013-05-22 18:42:36 -0400
committerPablo Neira Ayuso <pablo@netfilter.org>2013-05-23 08:22:30 -0400
commit6d11cfdba52af08b889fd6d3ee4212930493eb38 (patch)
treea6de2aaf9eb6ca94884faa8e56bc2960fd6c1467
parent8bc14d25ffb9dfc242d3a877bb4fe683adb27692 (diff)
netfilter: don't panic on error while walking through the init path
Don't panic if we hit an error while adding the nf_log or pernet netfilter support, just bail out. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Acked-by: Gao feng <gaofeng@cn.fujitsu.com>
Diffstat
-rw-r--r--include/linux/netfilter.h2
-rw-r--r--net/netfilter/core.c21
-rw-r--r--net/netfilter/nf_log.c5
-rw-r--r--net/socket.c4
4 files changed, 20 insertions, 12 deletions
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 0060fde3160e..de70f7b45b68 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -35,7 +35,7 @@ static inline void nf_inet_addr_mask(const union nf_inet_addr *a1,
35 result->all[3] = a1->all[3] & mask->all[3]; 35 result->all[3] = a1->all[3] & mask->all[3];
36} 36}
37 37
38extern void netfilter_init(void); 38extern int netfilter_init(void);
39 39
40/* Largest hook number + 1 */ 40/* Largest hook number + 1 */
41#define NF_MAX_HOOKS 8 41#define NF_MAX_HOOKS 8
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 07c865a31a3d..300539db7bb1 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -302,17 +302,26 @@ static struct pernet_operations netfilter_net_ops = {
302 .exit = netfilter_net_exit, 302 .exit = netfilter_net_exit,
303}; 303};
304 304
305void __init netfilter_init(void) 305int __init netfilter_init(void)
306{ 306{
307 int i, h; 307 int i, h, ret;
308
308 for (i = 0; i < ARRAY_SIZE(nf_hooks); i++) { 309 for (i = 0; i < ARRAY_SIZE(nf_hooks); i++) {
309 for (h = 0; h < NF_MAX_HOOKS; h++) 310 for (h = 0; h < NF_MAX_HOOKS; h++)
310 INIT_LIST_HEAD(&nf_hooks[i][h]); 311 INIT_LIST_HEAD(&nf_hooks[i][h]);
311 } 312 }
312 313
313 if (register_pernet_subsys(&netfilter_net_ops) < 0) 314 ret = register_pernet_subsys(&netfilter_net_ops);
314 panic("cannot create netfilter proc entry"); 315 if (ret < 0)
316 goto err;
317
318 ret = netfilter_log_init();
319 if (ret < 0)
320 goto err_pernet;
315 321
316 if (netfilter_log_init() < 0) 322 return 0;
317 panic("cannot initialize nf_log"); 323err_pernet:
324 unregister_pernet_subsys(&netfilter_net_ops);
325err:
326 return ret;
318} 327}
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index 388656d5a9ec..bd5474adcabc 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -368,10 +368,7 @@ static int __net_init nf_log_net_init(struct net *net)
368 return 0; 368 return 0;
369 369
370out_sysctl: 370out_sysctl:
371 /* For init_net: errors will trigger panic, don't unroll on error. */ 371 remove_proc_entry("nf_log", net->nf.proc_netfilter);
372 if (!net_eq(net, &init_net))
373 remove_proc_entry("nf_log", net->nf.proc_netfilter);
374
375 return ret; 372 return ret;
376} 373}
377 374
diff --git a/net/socket.c b/net/socket.c
index 6b94633ca61d..734194d36242 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -2612,7 +2612,9 @@ static int __init sock_init(void)
2612 */ 2612 */
2613 2613
2614#ifdef CONFIG_NETFILTER 2614#ifdef CONFIG_NETFILTER
2615 netfilter_init(); 2615 err = netfilter_init();
2616 if (err)
2617 goto out;
2616#endif 2618#endif
2617 2619
2618#ifdef CONFIG_NETWORK_PHY_TIMESTAMPING 2620#ifdef CONFIG_NETWORK_PHY_TIMESTAMPING
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-12 00:35:40 -0400