netfilter: xtables: add struct xt_mtdtor_param::net

Add ->net to match destructor list like ->net in constructor list.

Make sure it's set in ebtables/iptables/ip6tables, this requires to
propagate netns up to *_unregister_table().

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

6 files changed, 18 insertions, 17 deletions

diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index a069d72d9482..cfaba0e2e6fc 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -553,13 +553,14 @@ mark_source_chains(struct xt_table_info *newinfo,
 }
 
 static int
-cleanup_match(struct ipt_entry_match *m, unsigned int *i)
+cleanup_match(struct ipt_entry_match *m, struct net *net, unsigned int *i)
 {
         struct xt_mtdtor_param par;
 
         if (i && (*i)-- == 0)
                 return 1;
 
+        par.net       = net;
         par.match     = m->u.kernel.match;
         par.matchinfo = m->data;
         par.family    = NFPROTO_IPV4;
@@ -705,7 +706,7 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name,
  err:
         module_put(t->u.kernel.target->me);
  cleanup_matches:
-        IPT_MATCH_ITERATE(e, cleanup_match, &j);
+        IPT_MATCH_ITERATE(e, cleanup_match, net, &j);
         return ret;
 }
 
@@ -775,7 +776,7 @@ check_entry_size_and_hooks(struct ipt_entry *e,
 }
 
 static int
-cleanup_entry(struct ipt_entry *e, unsigned int *i)
+cleanup_entry(struct ipt_entry *e, struct net *net, unsigned int *i)
 {
         struct xt_tgdtor_param par;
         struct ipt_entry_target *t;
@@ -784,7 +785,7 @@ cleanup_entry(struct ipt_entry *e, unsigned int *i)
                 return 1;
 
         /* Cleanup all matches */
-        IPT_MATCH_ITERATE(e, cleanup_match, NULL);
+        IPT_MATCH_ITERATE(e, cleanup_match, net, NULL);
         t = ipt_get_target(e);
 
         par.target   = t->u.kernel.target;
@@ -866,7 +867,7 @@ translate_table(struct net *net,
 
         if (ret != 0) {
                 IPT_ENTRY_ITERATE(entry0, newinfo->size,
-                                cleanup_entry, &i);
+                                cleanup_entry, net, &i);
                 return ret;
         }
 
@@ -1260,7 +1261,7 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks,
         /* Decrease module usage counts and free resource */
         loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()];
         IPT_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry,
-                          NULL);
+                          net, NULL);
         xt_free_table_info(oldinfo);
         if (copy_to_user(counters_ptr, counters,
                          sizeof(struct xt_counters) * num_counters) != 0)
@@ -1320,7 +1321,7 @@ do_replace(struct net *net, void __user *user, unsigned int len)
         return 0;
 
  free_newinfo_untrans:
-        IPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL);
+        IPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, net, NULL);
  free_newinfo:
         xt_free_table_info(newinfo);
         return ret;
@@ -1682,7 +1683,7 @@ compat_check_entry(struct ipt_entry *e, struct net *net, const char *name,
         return 0;
 
  cleanup_matches:
-        IPT_MATCH_ITERATE(e, cleanup_match, &j);
+        IPT_MATCH_ITERATE(e, cleanup_match, net, &j);
         return ret;
 }
 
@@ -1782,7 +1783,7 @@ translate_compat_table(struct net *net,
                 j -= i;
                 COMPAT_IPT_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i,
                                                   compat_release_entry, &j);
-                IPT_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, &i);
+                IPT_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, net, &i);
                 xt_free_table_info(newinfo);
                 return ret;
         }
@@ -1853,7 +1854,7 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len)
         return 0;
 
  free_newinfo_untrans:
-        IPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL);
+        IPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, net, NULL);
  free_newinfo:
         xt_free_table_info(newinfo);
         return ret;
@@ -2112,7 +2113,7 @@ out:
         return ERR_PTR(ret);
 }
 
-void ipt_unregister_table(struct xt_table *table)
+void ipt_unregister_table(struct net *net, struct xt_table *table)
 {
         struct xt_table_info *private;
         void *loc_cpu_entry;
@@ -2122,7 +2123,7 @@ void ipt_unregister_table(struct xt_table *table)
 
         /* Decrease module usage counts and free resources */
         loc_cpu_entry = private->entries[raw_smp_processor_id()];
-        IPT_ENTRY_ITERATE(loc_cpu_entry, private->size, cleanup_entry, NULL);
+        IPT_ENTRY_ITERATE(loc_cpu_entry, private->size, cleanup_entry, net, NULL);
         if (private->number > private->initial_entries)
                 module_put(table_owner);
         xt_free_table_info(private);
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index df566cbd68e5..dee90eb8aa47 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -138,7 +138,7 @@ static int __net_init iptable_filter_net_init(struct net *net)
 
 static void __net_exit iptable_filter_net_exit(struct net *net)
 {
-        ipt_unregister_table(net->ipv4.iptable_filter);
+        ipt_unregister_table(net, net->ipv4.iptable_filter);
 }
 
 static struct pernet_operations iptable_filter_net_ops = {
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index fae78c3076c4..e07bf242343a 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -208,7 +208,7 @@ static int __net_init iptable_mangle_net_init(struct net *net)
 
 static void __net_exit iptable_mangle_net_exit(struct net *net)
 {
-        ipt_unregister_table(net->ipv4.iptable_mangle);
+        ipt_unregister_table(net, net->ipv4.iptable_mangle);
 }
 
 static struct pernet_operations iptable_mangle_net_ops = {
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c
index 993edc23be09..40f2b9f611a2 100644
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -100,7 +100,7 @@ static int __net_init iptable_raw_net_init(struct net *net)
 
 static void __net_exit iptable_raw_net_exit(struct net *net)
 {
-        ipt_unregister_table(net->ipv4.iptable_raw);
+        ipt_unregister_table(net, net->ipv4.iptable_raw);
 }
 
 static struct pernet_operations iptable_raw_net_ops = {
diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c
index 3bd3d6388da5..7ce2366e4305 100644
--- a/net/ipv4/netfilter/iptable_security.c
+++ b/net/ipv4/netfilter/iptable_security.c
@@ -138,7 +138,7 @@ static int __net_init iptable_security_net_init(struct net *net)
 
 static void __net_exit iptable_security_net_exit(struct net *net)
 {
-        ipt_unregister_table(net->ipv4.iptable_security);
+        ipt_unregister_table(net, net->ipv4.iptable_security);
 }
 
 static struct pernet_operations iptable_security_net_ops = {
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index 9e81e0dfb4ec..85da34fdc755 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -195,7 +195,7 @@ static int __net_init nf_nat_rule_net_init(struct net *net)
 
 static void __net_exit nf_nat_rule_net_exit(struct net *net)
 {
-        ipt_unregister_table(net->ipv4.nat_table);
+        ipt_unregister_table(net, net->ipv4.nat_table);
 }
 
 static struct pernet_operations nf_nat_rule_net_ops = {