diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2010-01-18 02:25:47 -0500 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-01-18 02:25:47 -0500 |
| commit | f54e9367f8499a9bf6b2afbc0dce63e1d53c525a (patch) | |
| tree | a2e852b0fc05c0e1397136bca29c359163bc2445 | |
| parent | a83d8e8d099fc373a5ca7112ad08c553bb2c180f (diff) | |
netfilter: xtables: add struct xt_mtdtor_param::net
Add ->net to match destructor list like ->net in constructor list.
Make sure it's set in ebtables/iptables/ip6tables, this requires to
propagate netns up to *_unregister_table().
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
| -rw-r--r-- | include/linux/netfilter/x_tables.h | 1 | ||||
| -rw-r--r-- | include/linux/netfilter_bridge/ebtables.h | 2 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv4/ip_tables.h | 2 | ||||
| -rw-r--r-- | include/linux/netfilter_ipv6/ip6_tables.h | 2 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebtable_broute.c | 2 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebtable_filter.c | 2 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebtable_nat.c | 2 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebtables.c | 19 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 25 | ||||
| -rw-r--r-- | net/ipv4/netfilter/iptable_filter.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/iptable_mangle.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/iptable_raw.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/iptable_security.c | 2 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_rule.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 37 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_filter.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_mangle.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_raw.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_security.c | 2 |
19 files changed, 59 insertions, 53 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 88261b9829a..3caf5e15110 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h | |||
| @@ -216,6 +216,7 @@ struct xt_mtchk_param { | |||
| 216 | 216 | ||
| 217 | /* Match destructor parameters */ | 217 | /* Match destructor parameters */ |
| 218 | struct xt_mtdtor_param { | 218 | struct xt_mtdtor_param { |
| 219 | struct net *net; | ||
| 219 | const struct xt_match *match; | 220 | const struct xt_match *match; |
| 220 | void *matchinfo; | 221 | void *matchinfo; |
| 221 | u_int8_t family; | 222 | u_int8_t family; |
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h index 3cc40c131cc..1c6f0c5f530 100644 --- a/include/linux/netfilter_bridge/ebtables.h +++ b/include/linux/netfilter_bridge/ebtables.h | |||
| @@ -289,7 +289,7 @@ struct ebt_table { | |||
| 289 | ~(__alignof__(struct ebt_replace)-1)) | 289 | ~(__alignof__(struct ebt_replace)-1)) |
| 290 | extern struct ebt_table *ebt_register_table(struct net *net, | 290 | extern struct ebt_table *ebt_register_table(struct net *net, |
| 291 | const struct ebt_table *table); | 291 | const struct ebt_table *table); |
| 292 | extern void ebt_unregister_table(struct ebt_table *table); | 292 | extern void ebt_unregister_table(struct net *net, struct ebt_table *table); |
| 293 | extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb, | 293 | extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb, |
| 294 | const struct net_device *in, const struct net_device *out, | 294 | const struct net_device *in, const struct net_device *out, |
| 295 | struct ebt_table *table); | 295 | struct ebt_table *table); |
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index 27b3f580730..8d1f273d350 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h | |||
| @@ -242,7 +242,7 @@ extern void ipt_init(void) __init; | |||
| 242 | extern struct xt_table *ipt_register_table(struct net *net, | 242 | extern struct xt_table *ipt_register_table(struct net *net, |
| 243 | const struct xt_table *table, | 243 | const struct xt_table *table, |
| 244 | const struct ipt_replace *repl); | 244 | const struct ipt_replace *repl); |
| 245 | extern void ipt_unregister_table(struct xt_table *table); | 245 | extern void ipt_unregister_table(struct net *net, struct xt_table *table); |
| 246 | 246 | ||
| 247 | /* Standard entry. */ | 247 | /* Standard entry. */ |
| 248 | struct ipt_standard { | 248 | struct ipt_standard { |
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index b31050d20ae..d2952d2fa65 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h | |||
| @@ -300,7 +300,7 @@ extern void ip6t_init(void) __init; | |||
| 300 | extern struct xt_table *ip6t_register_table(struct net *net, | 300 | extern struct xt_table *ip6t_register_table(struct net *net, |
| 301 | const struct xt_table *table, | 301 | const struct xt_table *table, |
| 302 | const struct ip6t_replace *repl); | 302 | const struct ip6t_replace *repl); |
| 303 | extern void ip6t_unregister_table(struct xt_table *table); | 303 | extern void ip6t_unregister_table(struct net *net, struct xt_table *table); |
| 304 | extern unsigned int ip6t_do_table(struct sk_buff *skb, | 304 | extern unsigned int ip6t_do_table(struct sk_buff *skb, |
| 305 | unsigned int hook, | 305 | unsigned int hook, |
| 306 | const struct net_device *in, | 306 | const struct net_device *in, |
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c index d32ab13e728..ae3f106c390 100644 --- a/net/bridge/netfilter/ebtable_broute.c +++ b/net/bridge/netfilter/ebtable_broute.c | |||
| @@ -71,7 +71,7 @@ static int __net_init broute_net_init(struct net *net) | |||
| 71 | 71 | ||
| 72 | static void __net_exit broute_net_exit(struct net *net) | 72 | static void __net_exit broute_net_exit(struct net *net) |
| 73 | { | 73 | { |
| 74 | ebt_unregister_table(net->xt.broute_table); | 74 | ebt_unregister_table(net, net->xt.broute_table); |
| 75 | } | 75 | } |
| 76 | 76 | ||
| 77 | static struct pernet_operations broute_net_ops = { | 77 | static struct pernet_operations broute_net_ops = { |
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c index 60b1a6ca718..42e6bd09457 100644 --- a/net/bridge/netfilter/ebtable_filter.c +++ b/net/bridge/netfilter/ebtable_filter.c | |||
| @@ -107,7 +107,7 @@ static int __net_init frame_filter_net_init(struct net *net) | |||
| 107 | 107 | ||
| 108 | static void __net_exit frame_filter_net_exit(struct net *net) | 108 | static void __net_exit frame_filter_net_exit(struct net *net) |
| 109 | { | 109 | { |
| 110 | ebt_unregister_table(net->xt.frame_filter); | 110 | ebt_unregister_table(net, net->xt.frame_filter); |
| 111 | } | 111 | } |
| 112 | 112 | ||
| 113 | static struct pernet_operations frame_filter_net_ops = { | 113 | static struct pernet_operations frame_filter_net_ops = { |
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c index 4a98804203b..6dc2f878ae0 100644 --- a/net/bridge/netfilter/ebtable_nat.c +++ b/net/bridge/netfilter/ebtable_nat.c | |||
| @@ -107,7 +107,7 @@ static int __net_init frame_nat_net_init(struct net *net) | |||
| 107 | 107 | ||
| 108 | static void __net_exit frame_nat_net_exit(struct net *net) | 108 | static void __net_exit frame_nat_net_exit(struct net *net) |
| 109 | { | 109 | { |
| 110 | ebt_unregister_table(net->xt.frame_nat); | 110 | ebt_unregister_table(net, net->xt.frame_nat); |
| 111 | } | 111 | } |
| 112 | 112 | ||
| 113 | static struct pernet_operations frame_nat_net_ops = { | 113 | static struct pernet_operations frame_nat_net_ops = { |
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index c77bab98669..1aa0e4c1f52 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
| @@ -561,13 +561,14 @@ ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo, | |||
| 561 | } | 561 | } |
| 562 | 562 | ||
| 563 | static inline int | 563 | static inline int |
| 564 | ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) | 564 | ebt_cleanup_match(struct ebt_entry_match *m, struct net *net, unsigned int *i) |
| 565 | { | 565 | { |
| 566 | struct xt_mtdtor_param par; | 566 | struct xt_mtdtor_param par; |
| 567 | 567 | ||
| 568 | if (i && (*i)-- == 0) | 568 | if (i && (*i)-- == 0) |
| 569 | return 1; | 569 | return 1; |
| 570 | 570 | ||
| 571 | par.net = net; | ||
| 571 | par.match = m->u.match; | 572 | par.match = m->u.match; |
| 572 | par.matchinfo = m->data; | 573 | par.matchinfo = m->data; |
| 573 | par.family = NFPROTO_BRIDGE; | 574 | par.family = NFPROTO_BRIDGE; |
| @@ -595,7 +596,7 @@ ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) | |||
| 595 | } | 596 | } |
| 596 | 597 | ||
| 597 | static inline int | 598 | static inline int |
| 598 | ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) | 599 | ebt_cleanup_entry(struct ebt_entry *e, struct net *net, unsigned int *cnt) |
| 599 | { | 600 | { |
| 600 | struct xt_tgdtor_param par; | 601 | struct xt_tgdtor_param par; |
| 601 | struct ebt_entry_target *t; | 602 | struct ebt_entry_target *t; |
| @@ -606,7 +607,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) | |||
| 606 | if (cnt && (*cnt)-- == 0) | 607 | if (cnt && (*cnt)-- == 0) |
| 607 | return 1; | 608 | return 1; |
| 608 | EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); | 609 | EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); |
| 609 | EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); | 610 | EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, NULL); |
| 610 | t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); | 611 | t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); |
| 611 | 612 | ||
| 612 | par.target = t->u.target; | 613 | par.target = t->u.target; |
| @@ -731,7 +732,7 @@ ebt_check_entry(struct ebt_entry *e, | |||
| 731 | cleanup_watchers: | 732 | cleanup_watchers: |
| 732 | EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j); | 733 | EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j); |
| 733 | cleanup_matches: | 734 | cleanup_matches: |
| 734 | EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i); | 735 | EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, &i); |
| 735 | return ret; | 736 | return ret; |
| 736 | } | 737 | } |
| 737 | 738 | ||
| @@ -924,7 +925,7 @@ static int translate_table(struct net *net, char *name, | |||
| 924 | ebt_check_entry, net, newinfo, name, &i, cl_s, udc_cnt); | 925 | ebt_check_entry, net, newinfo, name, &i, cl_s, udc_cnt); |
| 925 | if (ret != 0) { | 926 | if (ret != 0) { |
| 926 | EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, | 927 | EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, |
| 927 | ebt_cleanup_entry, &i); | 928 | ebt_cleanup_entry, net, &i); |
| 928 | } | 929 | } |
| 929 | vfree(cl_s); | 930 | vfree(cl_s); |
| 930 | return ret; | 931 | return ret; |
| @@ -1074,7 +1075,7 @@ static int do_replace(struct net *net, void __user *user, unsigned int len) | |||
| 1074 | 1075 | ||
| 1075 | /* decrease module count and free resources */ | 1076 | /* decrease module count and free resources */ |
| 1076 | EBT_ENTRY_ITERATE(table->entries, table->entries_size, | 1077 | EBT_ENTRY_ITERATE(table->entries, table->entries_size, |
| 1077 | ebt_cleanup_entry, NULL); | 1078 | ebt_cleanup_entry, net, NULL); |
| 1078 | 1079 | ||
| 1079 | vfree(table->entries); | 1080 | vfree(table->entries); |
| 1080 | if (table->chainstack) { | 1081 | if (table->chainstack) { |
| @@ -1091,7 +1092,7 @@ free_unlock: | |||
| 1091 | mutex_unlock(&ebt_mutex); | 1092 | mutex_unlock(&ebt_mutex); |
| 1092 | free_iterate: | 1093 | free_iterate: |
| 1093 | EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, | 1094 | EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, |
| 1094 | ebt_cleanup_entry, NULL); | 1095 | ebt_cleanup_entry, net, NULL); |
| 1095 | free_counterstmp: | 1096 | free_counterstmp: |
| 1096 | vfree(counterstmp); | 1097 | vfree(counterstmp); |
| 1097 | /* can be initialized in translate_table() */ | 1098 | /* can be initialized in translate_table() */ |
| @@ -1208,7 +1209,7 @@ out: | |||
| 1208 | return ERR_PTR(ret); | 1209 | return ERR_PTR(ret); |
| 1209 | } | 1210 | } |
| 1210 | 1211 | ||
| 1211 | void ebt_unregister_table(struct ebt_table *table) | 1212 | void ebt_unregister_table(struct net *net, struct ebt_table *table) |
| 1212 | { | 1213 | { |
| 1213 | int i; | 1214 | int i; |
| 1214 | 1215 | ||
| @@ -1220,7 +1221,7 @@ void ebt_unregister_table(struct ebt_table *table) | |||
| 1220 | list_del(&table->list); | 1221 | list_del(&table->list); |
| 1221 | mutex_unlock(&ebt_mutex); | 1222 | mutex_unlock(&ebt_mutex); |
| 1222 | EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size, | 1223 | EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size, |
| 1223 | ebt_cleanup_entry, NULL); | 1224 | ebt_cleanup_entry, net, NULL); |
| 1224 | if (table->private->nentries) | 1225 | if (table->private->nentries) |
| 1225 | module_put(table->me); | 1226 | module_put(table->me); |
| 1226 | vfree(table->private->entries); | 1227 | vfree(table->private->entries); |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index a069d72d948..cfaba0e2e6f 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -553,13 +553,14 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
| 553 | } | 553 | } |
| 554 | 554 | ||
| 555 | static int | 555 | static int |
| 556 | cleanup_match(struct ipt_entry_match *m, unsigned int *i) | 556 | cleanup_match(struct ipt_entry_match *m, struct net *net, unsigned int *i) |
| 557 | { | 557 | { |
| 558 | struct xt_mtdtor_param par; | 558 | struct xt_mtdtor_param par; |
| 559 | 559 | ||
| 560 | if (i && (*i)-- == 0) | 560 | if (i && (*i)-- == 0) |
| 561 | return 1; | 561 | return 1; |
| 562 | 562 | ||
| 563 | par.net = net; | ||
| 563 | par.match = m->u.kernel.match; | 564 | par.match = m->u.kernel.match; |
| 564 | par.matchinfo = m->data; | 565 | par.matchinfo = m->data; |
| 565 | par.family = NFPROTO_IPV4; | 566 | par.family = NFPROTO_IPV4; |
| @@ -705,7 +706,7 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name, | |||
| 705 | err: | 706 | err: |
| 706 | module_put(t->u.kernel.target->me); | 707 | module_put(t->u.kernel.target->me); |
| 707 | cleanup_matches: | 708 | cleanup_matches: |
| 708 | IPT_MATCH_ITERATE(e, cleanup_match, &j); | 709 | IPT_MATCH_ITERATE(e, cleanup_match, net, &j); |
| 709 | return ret; | 710 | return ret; |
| 710 | } | 711 | } |
| 711 | 712 | ||
| @@ -775,7 +776,7 @@ check_entry_size_and_hooks(struct ipt_entry *e, | |||
| 775 | } | 776 | } |
| 776 | 777 | ||
| 777 | static int | 778 | static int |
| 778 | cleanup_entry(struct ipt_entry *e, unsigned int *i) | 779 | cleanup_entry(struct ipt_entry *e, struct net *net, unsigned int *i) |
| 779 | { | 780 | { |
| 780 | struct xt_tgdtor_param par; | 781 | struct xt_tgdtor_param par; |
| 781 | struct ipt_entry_target *t; | 782 | struct ipt_entry_target *t; |
| @@ -784,7 +785,7 @@ cleanup_entry(struct ipt_entry *e, unsigned int *i) | |||
| 784 | return 1; | 785 | return 1; |
| 785 | 786 | ||
| 786 | /* Cleanup all matches */ | 787 | /* Cleanup all matches */ |
| 787 | IPT_MATCH_ITERATE(e, cleanup_match, NULL); | 788 | IPT_MATCH_ITERATE(e, cleanup_match, net, NULL); |
| 788 | t = ipt_get_target(e); | 789 | t = ipt_get_target(e); |
| 789 | 790 | ||
| 790 | par.target = t->u.kernel.target; | 791 | par.target = t->u.kernel.target; |
| @@ -866,7 +867,7 @@ translate_table(struct net *net, | |||
| 866 | 867 | ||
| 867 | if (ret != 0) { | 868 | if (ret != 0) { |
| 868 | IPT_ENTRY_ITERATE(entry0, newinfo->size, | 869 | IPT_ENTRY_ITERATE(entry0, newinfo->size, |
| 869 | cleanup_entry, &i); | 870 | cleanup_entry, net, &i); |
| 870 | return ret; | 871 | return ret; |
| 871 | } | 872 | } |
| 872 | 873 | ||
| @@ -1260,7 +1261,7 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks, | |||
| 1260 | /* Decrease module usage counts and free resource */ | 1261 | /* Decrease module usage counts and free resource */ |
| 1261 | loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()]; | 1262 | loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()]; |
| 1262 | IPT_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry, | 1263 | IPT_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry, |
| 1263 | NULL); | 1264 | net, NULL); |
| 1264 | xt_free_table_info(oldinfo); | 1265 | xt_free_table_info(oldinfo); |
| 1265 | if (copy_to_user(counters_ptr, counters, | 1266 | if (copy_to_user(counters_ptr, counters, |
| 1266 | sizeof(struct xt_counters) * num_counters) != 0) | 1267 | sizeof(struct xt_counters) * num_counters) != 0) |
| @@ -1320,7 +1321,7 @@ do_replace(struct net *net, void __user *user, unsigned int len) | |||
| 1320 | return 0; | 1321 | return 0; |
| 1321 | 1322 | ||
| 1322 | free_newinfo_untrans: | 1323 | free_newinfo_untrans: |
| 1323 | IPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL); | 1324 | IPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, net, NULL); |
| 1324 | free_newinfo: | 1325 | free_newinfo: |
| 1325 | xt_free_table_info(newinfo); | 1326 | xt_free_table_info(newinfo); |
| 1326 | return ret; | 1327 | return ret; |
| @@ -1682,7 +1683,7 @@ compat_check_entry(struct ipt_entry *e, struct net *net, const char *name, | |||
| 1682 | return 0; | 1683 | return 0; |
| 1683 | 1684 | ||
| 1684 | cleanup_matches: | 1685 | cleanup_matches: |
| 1685 | IPT_MATCH_ITERATE(e, cleanup_match, &j); | 1686 | IPT_MATCH_ITERATE(e, cleanup_match, net, &j); |
| 1686 | return ret; | 1687 | return ret; |
| 1687 | } | 1688 | } |
| 1688 | 1689 | ||
| @@ -1782,7 +1783,7 @@ translate_compat_table(struct net *net, | |||
| 1782 | j -= i; | 1783 | j -= i; |
| 1783 | COMPAT_IPT_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i, | 1784 | COMPAT_IPT_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i, |
| 1784 | compat_release_entry, &j); | 1785 | compat_release_entry, &j); |
| 1785 | IPT_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, &i); | 1786 | IPT_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, net, &i); |
| 1786 | xt_free_table_info(newinfo); | 1787 | xt_free_table_info(newinfo); |
| 1787 | return ret; | 1788 | return ret; |
| 1788 | } | 1789 | } |
| @@ -1853,7 +1854,7 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len) | |||
| 1853 | return 0; | 1854 | return 0; |
| 1854 | 1855 | ||
| 1855 | free_newinfo_untrans: | 1856 | free_newinfo_untrans: |
| 1856 | IPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL); | 1857 | IPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, net, NULL); |
| 1857 | free_newinfo: | 1858 | free_newinfo: |
| 1858 | xt_free_table_info(newinfo); | 1859 | xt_free_table_info(newinfo); |
| 1859 | return ret; | 1860 | return ret; |
| @@ -2112,7 +2113,7 @@ out: | |||
| 2112 | return ERR_PTR(ret); | 2113 | return ERR_PTR(ret); |
| 2113 | } | 2114 | } |
| 2114 | 2115 | ||
| 2115 | void ipt_unregister_table(struct xt_table *table) | 2116 | void ipt_unregister_table(struct net *net, struct xt_table *table) |
| 2116 | { | 2117 | { |
| 2117 | struct xt_table_info *private; | 2118 | struct xt_table_info *private; |
| 2118 | void *loc_cpu_entry; | 2119 | void *loc_cpu_entry; |
| @@ -2122,7 +2123,7 @@ void ipt_unregister_table(struct xt_table *table) | |||
| 2122 | 2123 | ||
| 2123 | /* Decrease module usage counts and free resources */ | 2124 | /* Decrease module usage counts and free resources */ |
| 2124 | loc_cpu_entry = private->entries[raw_smp_processor_id()]; | 2125 | loc_cpu_entry = private->entries[raw_smp_processor_id()]; |
| 2125 | IPT_ENTRY_ITERATE(loc_cpu_entry, private->size, cleanup_entry, NULL); | 2126 | IPT_ENTRY_ITERATE(loc_cpu_entry, private->size, cleanup_entry, net, NULL); |
| 2126 | if (private->number > private->initial_entries) | 2127 | if (private->number > private->initial_entries) |
| 2127 | module_put(table_owner); | 2128 | module_put(table_owner); |
| 2128 | xt_free_table_info(private); | 2129 | xt_free_table_info(private); |
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index df566cbd68e..dee90eb8aa4 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c | |||
| @@ -138,7 +138,7 @@ static int __net_init iptable_filter_net_init(struct net *net) | |||
| 138 | 138 | ||
| 139 | static void __net_exit iptable_filter_net_exit(struct net *net) | 139 | static void __net_exit iptable_filter_net_exit(struct net *net) |
| 140 | { | 140 | { |
| 141 | ipt_unregister_table(net->ipv4.iptable_filter); | 141 | ipt_unregister_table(net, net->ipv4.iptable_filter); |
| 142 | } | 142 | } |
| 143 | 143 | ||
| 144 | static struct pernet_operations iptable_filter_net_ops = { | 144 | static struct pernet_operations iptable_filter_net_ops = { |
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index fae78c3076c..e07bf242343 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c | |||
| @@ -208,7 +208,7 @@ static int __net_init iptable_mangle_net_init(struct net *net) | |||
| 208 | 208 | ||
| 209 | static void __net_exit iptable_mangle_net_exit(struct net *net) | 209 | static void __net_exit iptable_mangle_net_exit(struct net *net) |
| 210 | { | 210 | { |
| 211 | ipt_unregister_table(net->ipv4.iptable_mangle); | 211 | ipt_unregister_table(net, net->ipv4.iptable_mangle); |
| 212 | } | 212 | } |
| 213 | 213 | ||
| 214 | static struct pernet_operations iptable_mangle_net_ops = { | 214 | static struct pernet_operations iptable_mangle_net_ops = { |
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index 993edc23be0..40f2b9f611a 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c | |||
| @@ -100,7 +100,7 @@ static int __net_init iptable_raw_net_init(struct net *net) | |||
| 100 | 100 | ||
| 101 | static void __net_exit iptable_raw_net_exit(struct net *net) | 101 | static void __net_exit iptable_raw_net_exit(struct net *net) |
| 102 | { | 102 | { |
| 103 | ipt_unregister_table(net->ipv4.iptable_raw); | 103 | ipt_unregister_table(net, net->ipv4.iptable_raw); |
| 104 | } | 104 | } |
| 105 | 105 | ||
| 106 | static struct pernet_operations iptable_raw_net_ops = { | 106 | static struct pernet_operations iptable_raw_net_ops = { |
diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c index 3bd3d6388da..7ce2366e430 100644 --- a/net/ipv4/netfilter/iptable_security.c +++ b/net/ipv4/netfilter/iptable_security.c | |||
| @@ -138,7 +138,7 @@ static int __net_init iptable_security_net_init(struct net *net) | |||
| 138 | 138 | ||
| 139 | static void __net_exit iptable_security_net_exit(struct net *net) | 139 | static void __net_exit iptable_security_net_exit(struct net *net) |
| 140 | { | 140 | { |
| 141 | ipt_unregister_table(net->ipv4.iptable_security); | 141 | ipt_unregister_table(net, net->ipv4.iptable_security); |
| 142 | } | 142 | } |
| 143 | 143 | ||
| 144 | static struct pernet_operations iptable_security_net_ops = { | 144 | static struct pernet_operations iptable_security_net_ops = { |
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c index 9e81e0dfb4e..85da34fdc75 100644 --- a/net/ipv4/netfilter/nf_nat_rule.c +++ b/net/ipv4/netfilter/nf_nat_rule.c | |||
| @@ -195,7 +195,7 @@ static int __net_init nf_nat_rule_net_init(struct net *net) | |||
| 195 | 195 | ||
| 196 | static void __net_exit nf_nat_rule_net_exit(struct net *net) | 196 | static void __net_exit nf_nat_rule_net_exit(struct net *net) |
| 197 | { | 197 | { |
| 198 | ipt_unregister_table(net->ipv4.nat_table); | 198 | ipt_unregister_table(net, net->ipv4.nat_table); |
| 199 | } | 199 | } |
| 200 | 200 | ||
| 201 | static struct pernet_operations nf_nat_rule_net_ops = { | 201 | static struct pernet_operations nf_nat_rule_net_ops = { |
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index a825940a92e..9f1d45f2ba8 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -585,13 +585,14 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
| 585 | } | 585 | } |
| 586 | 586 | ||
| 587 | static int | 587 | static int |
| 588 | cleanup_match(struct ip6t_entry_match *m, unsigned int *i) | 588 | cleanup_match(struct ip6t_entry_match *m, struct net *net, unsigned int *i) |
| 589 | { | 589 | { |
| 590 | struct xt_mtdtor_param par; | 590 | struct xt_mtdtor_param par; |
| 591 | 591 | ||
| 592 | if (i && (*i)-- == 0) | 592 | if (i && (*i)-- == 0) |
| 593 | return 1; | 593 | return 1; |
| 594 | 594 | ||
| 595 | par.net = net; | ||
| 595 | par.match = m->u.kernel.match; | 596 | par.match = m->u.kernel.match; |
| 596 | par.matchinfo = m->data; | 597 | par.matchinfo = m->data; |
| 597 | par.family = NFPROTO_IPV6; | 598 | par.family = NFPROTO_IPV6; |
| @@ -737,7 +738,7 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name, | |||
| 737 | err: | 738 | err: |
| 738 | module_put(t->u.kernel.target->me); | 739 | module_put(t->u.kernel.target->me); |
| 739 | cleanup_matches: | 740 | cleanup_matches: |
| 740 | IP6T_MATCH_ITERATE(e, cleanup_match, &j); | 741 | IP6T_MATCH_ITERATE(e, cleanup_match, net, &j); |
| 741 | return ret; | 742 | return ret; |
| 742 | } | 743 | } |
| 743 | 744 | ||
| @@ -807,7 +808,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e, | |||
| 807 | } | 808 | } |
| 808 | 809 | ||
| 809 | static int | 810 | static int |
| 810 | cleanup_entry(struct ip6t_entry *e, unsigned int *i) | 811 | cleanup_entry(struct ip6t_entry *e, struct net *net, unsigned int *i) |
| 811 | { | 812 | { |
| 812 | struct xt_tgdtor_param par; | 813 | struct xt_tgdtor_param par; |
| 813 | struct ip6t_entry_target *t; | 814 | struct ip6t_entry_target *t; |
| @@ -816,7 +817,7 @@ cleanup_entry(struct ip6t_entry *e, unsigned int *i) | |||
| 816 | return 1; | 817 | return 1; |
| 817 | 818 | ||
| 818 | /* Cleanup all matches */ | 819 | /* Cleanup all matches */ |
| 819 | IP6T_MATCH_ITERATE(e, cleanup_match, NULL); | 820 | IP6T_MATCH_ITERATE(e, cleanup_match, net, NULL); |
| 820 | t = ip6t_get_target(e); | 821 | t = ip6t_get_target(e); |
| 821 | 822 | ||
| 822 | par.target = t->u.kernel.target; | 823 | par.target = t->u.kernel.target; |
| @@ -898,7 +899,7 @@ translate_table(struct net *net, | |||
| 898 | 899 | ||
| 899 | if (ret != 0) { | 900 | if (ret != 0) { |
| 900 | IP6T_ENTRY_ITERATE(entry0, newinfo->size, | 901 | IP6T_ENTRY_ITERATE(entry0, newinfo->size, |
| 901 | cleanup_entry, &i); | 902 | cleanup_entry, net, &i); |
| 902 | return ret; | 903 | return ret; |
| 903 | } | 904 | } |
| 904 | 905 | ||
| @@ -1293,7 +1294,7 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks, | |||
| 1293 | /* Decrease module usage counts and free resource */ | 1294 | /* Decrease module usage counts and free resource */ |
| 1294 | loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()]; | 1295 | loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()]; |
| 1295 | IP6T_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry, | 1296 | IP6T_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry, |
| 1296 | NULL); | 1297 | net, NULL); |
| 1297 | xt_free_table_info(oldinfo); | 1298 | xt_free_table_info(oldinfo); |
| 1298 | if (copy_to_user(counters_ptr, counters, | 1299 | if (copy_to_user(counters_ptr, counters, |
| 1299 | sizeof(struct xt_counters) * num_counters) != 0) | 1300 | sizeof(struct xt_counters) * num_counters) != 0) |
| @@ -1353,7 +1354,7 @@ do_replace(struct net *net, void __user *user, unsigned int len) | |||
| 1353 | return 0; | 1354 | return 0; |
| 1354 | 1355 | ||
| 1355 | free_newinfo_untrans: | 1356 | free_newinfo_untrans: |
| 1356 | IP6T_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL); | 1357 | IP6T_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, net, NULL); |
| 1357 | free_newinfo: | 1358 | free_newinfo: |
| 1358 | xt_free_table_info(newinfo); | 1359 | xt_free_table_info(newinfo); |
| 1359 | return ret; | 1360 | return ret; |
| @@ -1692,14 +1693,15 @@ compat_copy_entry_from_user(struct compat_ip6t_entry *e, void **dstptr, | |||
| 1692 | return ret; | 1693 | return ret; |
| 1693 | } | 1694 | } |
| 1694 | 1695 | ||
| 1695 | static int compat_check_entry(struct ip6t_entry *e, const char *name, | 1696 | static int compat_check_entry(struct ip6t_entry *e, struct net *net, |
| 1696 | unsigned int *i) | 1697 | const char *name, unsigned int *i) |
| 1697 | { | 1698 | { |
| 1698 | unsigned int j; | 1699 | unsigned int j; |
| 1699 | int ret; | 1700 | int ret; |
| 1700 | struct xt_mtchk_param mtpar; | 1701 | struct xt_mtchk_param mtpar; |
| 1701 | 1702 | ||
| 1702 | j = 0; | 1703 | j = 0; |
| 1704 | mtpar.net = net; | ||
| 1703 | mtpar.table = name; | 1705 | mtpar.table = name; |
| 1704 | mtpar.entryinfo = &e->ipv6; | 1706 | mtpar.entryinfo = &e->ipv6; |
| 1705 | mtpar.hook_mask = e->comefrom; | 1707 | mtpar.hook_mask = e->comefrom; |
| @@ -1716,12 +1718,13 @@ static int compat_check_entry(struct ip6t_entry *e, const char *name, | |||
| 1716 | return 0; | 1718 | return 0; |
| 1717 | 1719 | ||
| 1718 | cleanup_matches: | 1720 | cleanup_matches: |
| 1719 | IP6T_MATCH_ITERATE(e, cleanup_match, &j); | 1721 | IP6T_MATCH_ITERATE(e, cleanup_match, net, &j); |
| 1720 | return ret; | 1722 | return ret; |
| 1721 | } | 1723 | } |
| 1722 | 1724 | ||
| 1723 | static int | 1725 | static int |
| 1724 | translate_compat_table(const char *name, | 1726 | translate_compat_table(struct net *net, |
| 1727 | const char *name, | ||
| 1725 | unsigned int valid_hooks, | 1728 | unsigned int valid_hooks, |
| 1726 | struct xt_table_info **pinfo, | 1729 | struct xt_table_info **pinfo, |
| 1727 | void **pentry0, | 1730 | void **pentry0, |
| @@ -1810,12 +1813,12 @@ translate_compat_table(const char *name, | |||
| 1810 | 1813 | ||
| 1811 | i = 0; | 1814 | i = 0; |
| 1812 | ret = IP6T_ENTRY_ITERATE(entry1, newinfo->size, compat_check_entry, | 1815 | ret = IP6T_ENTRY_ITERATE(entry1, newinfo->size, compat_check_entry, |
| 1813 | name, &i); | 1816 | net, name, &i); |
| 1814 | if (ret) { | 1817 | if (ret) { |
| 1815 | j -= i; | 1818 | j -= i; |
| 1816 | COMPAT_IP6T_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i, | 1819 | COMPAT_IP6T_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i, |
| 1817 | compat_release_entry, &j); | 1820 | compat_release_entry, &j); |
| 1818 | IP6T_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, &i); | 1821 | IP6T_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, net, &i); |
| 1819 | xt_free_table_info(newinfo); | 1822 | xt_free_table_info(newinfo); |
| 1820 | return ret; | 1823 | return ret; |
| 1821 | } | 1824 | } |
| @@ -1870,7 +1873,7 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len) | |||
| 1870 | goto free_newinfo; | 1873 | goto free_newinfo; |
| 1871 | } | 1874 | } |
| 1872 | 1875 | ||
| 1873 | ret = translate_compat_table(tmp.name, tmp.valid_hooks, | 1876 | ret = translate_compat_table(net, tmp.name, tmp.valid_hooks, |
| 1874 | &newinfo, &loc_cpu_entry, tmp.size, | 1877 | &newinfo, &loc_cpu_entry, tmp.size, |
| 1875 | tmp.num_entries, tmp.hook_entry, | 1878 | tmp.num_entries, tmp.hook_entry, |
| 1876 | tmp.underflow); | 1879 | tmp.underflow); |
| @@ -1886,7 +1889,7 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len) | |||
| 1886 | return 0; | 1889 | return 0; |
| 1887 | 1890 | ||
| 1888 | free_newinfo_untrans: | 1891 | free_newinfo_untrans: |
| 1889 | IP6T_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL); | 1892 | IP6T_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, net, NULL); |
| 1890 | free_newinfo: | 1893 | free_newinfo: |
| 1891 | xt_free_table_info(newinfo); | 1894 | xt_free_table_info(newinfo); |
| 1892 | return ret; | 1895 | return ret; |
| @@ -2144,7 +2147,7 @@ out: | |||
| 2144 | return ERR_PTR(ret); | 2147 | return ERR_PTR(ret); |
| 2145 | } | 2148 | } |
| 2146 | 2149 | ||
| 2147 | void ip6t_unregister_table(struct xt_table *table) | 2150 | void ip6t_unregister_table(struct net *net, struct xt_table *table) |
| 2148 | { | 2151 | { |
| 2149 | struct xt_table_info *private; | 2152 | struct xt_table_info *private; |
| 2150 | void *loc_cpu_entry; | 2153 | void *loc_cpu_entry; |
| @@ -2154,7 +2157,7 @@ void ip6t_unregister_table(struct xt_table *table) | |||
| 2154 | 2157 | ||
| 2155 | /* Decrease module usage counts and free resources */ | 2158 | /* Decrease module usage counts and free resources */ |
| 2156 | loc_cpu_entry = private->entries[raw_smp_processor_id()]; | 2159 | loc_cpu_entry = private->entries[raw_smp_processor_id()]; |
| 2157 | IP6T_ENTRY_ITERATE(loc_cpu_entry, private->size, cleanup_entry, NULL); | 2160 | IP6T_ENTRY_ITERATE(loc_cpu_entry, private->size, cleanup_entry, net, NULL); |
| 2158 | if (private->number > private->initial_entries) | 2161 | if (private->number > private->initial_entries) |
| 2159 | module_put(table_owner); | 2162 | module_put(table_owner); |
| 2160 | xt_free_table_info(private); | 2163 | xt_free_table_info(private); |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index ad378efd0eb..33ddfe53e18 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
| @@ -131,7 +131,7 @@ static int __net_init ip6table_filter_net_init(struct net *net) | |||
| 131 | 131 | ||
| 132 | static void __net_exit ip6table_filter_net_exit(struct net *net) | 132 | static void __net_exit ip6table_filter_net_exit(struct net *net) |
| 133 | { | 133 | { |
| 134 | ip6t_unregister_table(net->ipv6.ip6table_filter); | 134 | ip6t_unregister_table(net, net->ipv6.ip6table_filter); |
| 135 | } | 135 | } |
| 136 | 136 | ||
| 137 | static struct pernet_operations ip6table_filter_net_ops = { | 137 | static struct pernet_operations ip6table_filter_net_ops = { |
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index a929c19d30e..9bc483f000e 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
| @@ -182,7 +182,7 @@ static int __net_init ip6table_mangle_net_init(struct net *net) | |||
| 182 | 182 | ||
| 183 | static void __net_exit ip6table_mangle_net_exit(struct net *net) | 183 | static void __net_exit ip6table_mangle_net_exit(struct net *net) |
| 184 | { | 184 | { |
| 185 | ip6t_unregister_table(net->ipv6.ip6table_mangle); | 185 | ip6t_unregister_table(net, net->ipv6.ip6table_mangle); |
| 186 | } | 186 | } |
| 187 | 187 | ||
| 188 | static struct pernet_operations ip6table_mangle_net_ops = { | 188 | static struct pernet_operations ip6table_mangle_net_ops = { |
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index ed1a1180f3b..4c90b552e43 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c | |||
| @@ -94,7 +94,7 @@ static int __net_init ip6table_raw_net_init(struct net *net) | |||
| 94 | 94 | ||
| 95 | static void __net_exit ip6table_raw_net_exit(struct net *net) | 95 | static void __net_exit ip6table_raw_net_exit(struct net *net) |
| 96 | { | 96 | { |
| 97 | ip6t_unregister_table(net->ipv6.ip6table_raw); | 97 | ip6t_unregister_table(net, net->ipv6.ip6table_raw); |
| 98 | } | 98 | } |
| 99 | 99 | ||
| 100 | static struct pernet_operations ip6table_raw_net_ops = { | 100 | static struct pernet_operations ip6table_raw_net_ops = { |
diff --git a/net/ipv6/netfilter/ip6table_security.c b/net/ipv6/netfilter/ip6table_security.c index 41b444c6093..baa8d4ef3b0 100644 --- a/net/ipv6/netfilter/ip6table_security.c +++ b/net/ipv6/netfilter/ip6table_security.c | |||
| @@ -134,7 +134,7 @@ static int __net_init ip6table_security_net_init(struct net *net) | |||
| 134 | 134 | ||
| 135 | static void __net_exit ip6table_security_net_exit(struct net *net) | 135 | static void __net_exit ip6table_security_net_exit(struct net *net) |
| 136 | { | 136 | { |
| 137 | ip6t_unregister_table(net->ipv6.ip6table_security); | 137 | ip6t_unregister_table(net, net->ipv6.ip6table_security); |
| 138 | } | 138 | } |
| 139 | 139 | ||
| 140 | static struct pernet_operations ip6table_security_net_ops = { | 140 | static struct pernet_operations ip6table_security_net_ops = { |