diff options
| author | Alexey Dobriyan <adobriyan@gmail.com> | 2010-01-18 02:25:47 -0500 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-01-18 02:25:47 -0500 |
| commit | f54e9367f8499a9bf6b2afbc0dce63e1d53c525a (patch) | |
| tree | a2e852b0fc05c0e1397136bca29c359163bc2445 /net/ipv6 | |
| parent | a83d8e8d099fc373a5ca7112ad08c553bb2c180f (diff) | |
netfilter: xtables: add struct xt_mtdtor_param::net
Add ->net to match destructor list like ->net in constructor list.
Make sure it's set in ebtables/iptables/ip6tables, this requires to
propagate netns up to *_unregister_table().
Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 37 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_filter.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_mangle.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_raw.c | 2 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_security.c | 2 |
5 files changed, 24 insertions, 21 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index a825940a92ef..9f1d45f2ba8f 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -585,13 +585,14 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
| 585 | } | 585 | } |
| 586 | 586 | ||
| 587 | static int | 587 | static int |
| 588 | cleanup_match(struct ip6t_entry_match *m, unsigned int *i) | 588 | cleanup_match(struct ip6t_entry_match *m, struct net *net, unsigned int *i) |
| 589 | { | 589 | { |
| 590 | struct xt_mtdtor_param par; | 590 | struct xt_mtdtor_param par; |
| 591 | 591 | ||
| 592 | if (i && (*i)-- == 0) | 592 | if (i && (*i)-- == 0) |
| 593 | return 1; | 593 | return 1; |
| 594 | 594 | ||
| 595 | par.net = net; | ||
| 595 | par.match = m->u.kernel.match; | 596 | par.match = m->u.kernel.match; |
| 596 | par.matchinfo = m->data; | 597 | par.matchinfo = m->data; |
| 597 | par.family = NFPROTO_IPV6; | 598 | par.family = NFPROTO_IPV6; |
| @@ -737,7 +738,7 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name, | |||
| 737 | err: | 738 | err: |
| 738 | module_put(t->u.kernel.target->me); | 739 | module_put(t->u.kernel.target->me); |
| 739 | cleanup_matches: | 740 | cleanup_matches: |
| 740 | IP6T_MATCH_ITERATE(e, cleanup_match, &j); | 741 | IP6T_MATCH_ITERATE(e, cleanup_match, net, &j); |
| 741 | return ret; | 742 | return ret; |
| 742 | } | 743 | } |
| 743 | 744 | ||
| @@ -807,7 +808,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e, | |||
| 807 | } | 808 | } |
| 808 | 809 | ||
| 809 | static int | 810 | static int |
| 810 | cleanup_entry(struct ip6t_entry *e, unsigned int *i) | 811 | cleanup_entry(struct ip6t_entry *e, struct net *net, unsigned int *i) |
| 811 | { | 812 | { |
| 812 | struct xt_tgdtor_param par; | 813 | struct xt_tgdtor_param par; |
| 813 | struct ip6t_entry_target *t; | 814 | struct ip6t_entry_target *t; |
| @@ -816,7 +817,7 @@ cleanup_entry(struct ip6t_entry *e, unsigned int *i) | |||
| 816 | return 1; | 817 | return 1; |
| 817 | 818 | ||
| 818 | /* Cleanup all matches */ | 819 | /* Cleanup all matches */ |
| 819 | IP6T_MATCH_ITERATE(e, cleanup_match, NULL); | 820 | IP6T_MATCH_ITERATE(e, cleanup_match, net, NULL); |
| 820 | t = ip6t_get_target(e); | 821 | t = ip6t_get_target(e); |
| 821 | 822 | ||
| 822 | par.target = t->u.kernel.target; | 823 | par.target = t->u.kernel.target; |
| @@ -898,7 +899,7 @@ translate_table(struct net *net, | |||
| 898 | 899 | ||
| 899 | if (ret != 0) { | 900 | if (ret != 0) { |
| 900 | IP6T_ENTRY_ITERATE(entry0, newinfo->size, | 901 | IP6T_ENTRY_ITERATE(entry0, newinfo->size, |
| 901 | cleanup_entry, &i); | 902 | cleanup_entry, net, &i); |
| 902 | return ret; | 903 | return ret; |
| 903 | } | 904 | } |
| 904 | 905 | ||
| @@ -1293,7 +1294,7 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks, | |||
| 1293 | /* Decrease module usage counts and free resource */ | 1294 | /* Decrease module usage counts and free resource */ |
| 1294 | loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()]; | 1295 | loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()]; |
| 1295 | IP6T_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry, | 1296 | IP6T_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry, |
| 1296 | NULL); | 1297 | net, NULL); |
| 1297 | xt_free_table_info(oldinfo); | 1298 | xt_free_table_info(oldinfo); |
| 1298 | if (copy_to_user(counters_ptr, counters, | 1299 | if (copy_to_user(counters_ptr, counters, |
| 1299 | sizeof(struct xt_counters) * num_counters) != 0) | 1300 | sizeof(struct xt_counters) * num_counters) != 0) |
| @@ -1353,7 +1354,7 @@ do_replace(struct net *net, void __user *user, unsigned int len) | |||
| 1353 | return 0; | 1354 | return 0; |
| 1354 | 1355 | ||
| 1355 | free_newinfo_untrans: | 1356 | free_newinfo_untrans: |
| 1356 | IP6T_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL); | 1357 | IP6T_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, net, NULL); |
| 1357 | free_newinfo: | 1358 | free_newinfo: |
| 1358 | xt_free_table_info(newinfo); | 1359 | xt_free_table_info(newinfo); |
| 1359 | return ret; | 1360 | return ret; |
| @@ -1692,14 +1693,15 @@ compat_copy_entry_from_user(struct compat_ip6t_entry *e, void **dstptr, | |||
| 1692 | return ret; | 1693 | return ret; |
| 1693 | } | 1694 | } |
| 1694 | 1695 | ||
| 1695 | static int compat_check_entry(struct ip6t_entry *e, const char *name, | 1696 | static int compat_check_entry(struct ip6t_entry *e, struct net *net, |
| 1696 | unsigned int *i) | 1697 | const char *name, unsigned int *i) |
| 1697 | { | 1698 | { |
| 1698 | unsigned int j; | 1699 | unsigned int j; |
| 1699 | int ret; | 1700 | int ret; |
| 1700 | struct xt_mtchk_param mtpar; | 1701 | struct xt_mtchk_param mtpar; |
| 1701 | 1702 | ||
| 1702 | j = 0; | 1703 | j = 0; |
| 1704 | mtpar.net = net; | ||
| 1703 | mtpar.table = name; | 1705 | mtpar.table = name; |
| 1704 | mtpar.entryinfo = &e->ipv6; | 1706 | mtpar.entryinfo = &e->ipv6; |
| 1705 | mtpar.hook_mask = e->comefrom; | 1707 | mtpar.hook_mask = e->comefrom; |
| @@ -1716,12 +1718,13 @@ static int compat_check_entry(struct ip6t_entry *e, const char *name, | |||
| 1716 | return 0; | 1718 | return 0; |
| 1717 | 1719 | ||
| 1718 | cleanup_matches: | 1720 | cleanup_matches: |
| 1719 | IP6T_MATCH_ITERATE(e, cleanup_match, &j); | 1721 | IP6T_MATCH_ITERATE(e, cleanup_match, net, &j); |
| 1720 | return ret; | 1722 | return ret; |
| 1721 | } | 1723 | } |
| 1722 | 1724 | ||
| 1723 | static int | 1725 | static int |
| 1724 | translate_compat_table(const char *name, | 1726 | translate_compat_table(struct net *net, |
| 1727 | const char *name, | ||
| 1725 | unsigned int valid_hooks, | 1728 | unsigned int valid_hooks, |
| 1726 | struct xt_table_info **pinfo, | 1729 | struct xt_table_info **pinfo, |
| 1727 | void **pentry0, | 1730 | void **pentry0, |
| @@ -1810,12 +1813,12 @@ translate_compat_table(const char *name, | |||
| 1810 | 1813 | ||
| 1811 | i = 0; | 1814 | i = 0; |
| 1812 | ret = IP6T_ENTRY_ITERATE(entry1, newinfo->size, compat_check_entry, | 1815 | ret = IP6T_ENTRY_ITERATE(entry1, newinfo->size, compat_check_entry, |
| 1813 | name, &i); | 1816 | net, name, &i); |
| 1814 | if (ret) { | 1817 | if (ret) { |
| 1815 | j -= i; | 1818 | j -= i; |
| 1816 | COMPAT_IP6T_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i, | 1819 | COMPAT_IP6T_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i, |
| 1817 | compat_release_entry, &j); | 1820 | compat_release_entry, &j); |
| 1818 | IP6T_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, &i); | 1821 | IP6T_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, net, &i); |
| 1819 | xt_free_table_info(newinfo); | 1822 | xt_free_table_info(newinfo); |
| 1820 | return ret; | 1823 | return ret; |
| 1821 | } | 1824 | } |
| @@ -1870,7 +1873,7 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len) | |||
| 1870 | goto free_newinfo; | 1873 | goto free_newinfo; |
| 1871 | } | 1874 | } |
| 1872 | 1875 | ||
| 1873 | ret = translate_compat_table(tmp.name, tmp.valid_hooks, | 1876 | ret = translate_compat_table(net, tmp.name, tmp.valid_hooks, |
| 1874 | &newinfo, &loc_cpu_entry, tmp.size, | 1877 | &newinfo, &loc_cpu_entry, tmp.size, |
| 1875 | tmp.num_entries, tmp.hook_entry, | 1878 | tmp.num_entries, tmp.hook_entry, |
| 1876 | tmp.underflow); | 1879 | tmp.underflow); |
| @@ -1886,7 +1889,7 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len) | |||
| 1886 | return 0; | 1889 | return 0; |
| 1887 | 1890 | ||
| 1888 | free_newinfo_untrans: | 1891 | free_newinfo_untrans: |
| 1889 | IP6T_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL); | 1892 | IP6T_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, net, NULL); |
| 1890 | free_newinfo: | 1893 | free_newinfo: |
| 1891 | xt_free_table_info(newinfo); | 1894 | xt_free_table_info(newinfo); |
| 1892 | return ret; | 1895 | return ret; |
| @@ -2144,7 +2147,7 @@ out: | |||
| 2144 | return ERR_PTR(ret); | 2147 | return ERR_PTR(ret); |
| 2145 | } | 2148 | } |
| 2146 | 2149 | ||
| 2147 | void ip6t_unregister_table(struct xt_table *table) | 2150 | void ip6t_unregister_table(struct net *net, struct xt_table *table) |
| 2148 | { | 2151 | { |
| 2149 | struct xt_table_info *private; | 2152 | struct xt_table_info *private; |
| 2150 | void *loc_cpu_entry; | 2153 | void *loc_cpu_entry; |
| @@ -2154,7 +2157,7 @@ void ip6t_unregister_table(struct xt_table *table) | |||
| 2154 | 2157 | ||
| 2155 | /* Decrease module usage counts and free resources */ | 2158 | /* Decrease module usage counts and free resources */ |
| 2156 | loc_cpu_entry = private->entries[raw_smp_processor_id()]; | 2159 | loc_cpu_entry = private->entries[raw_smp_processor_id()]; |
| 2157 | IP6T_ENTRY_ITERATE(loc_cpu_entry, private->size, cleanup_entry, NULL); | 2160 | IP6T_ENTRY_ITERATE(loc_cpu_entry, private->size, cleanup_entry, net, NULL); |
| 2158 | if (private->number > private->initial_entries) | 2161 | if (private->number > private->initial_entries) |
| 2159 | module_put(table_owner); | 2162 | module_put(table_owner); |
| 2160 | xt_free_table_info(private); | 2163 | xt_free_table_info(private); |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index ad378efd0eb8..33ddfe53e18d 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
| @@ -131,7 +131,7 @@ static int __net_init ip6table_filter_net_init(struct net *net) | |||
| 131 | 131 | ||
| 132 | static void __net_exit ip6table_filter_net_exit(struct net *net) | 132 | static void __net_exit ip6table_filter_net_exit(struct net *net) |
| 133 | { | 133 | { |
| 134 | ip6t_unregister_table(net->ipv6.ip6table_filter); | 134 | ip6t_unregister_table(net, net->ipv6.ip6table_filter); |
| 135 | } | 135 | } |
| 136 | 136 | ||
| 137 | static struct pernet_operations ip6table_filter_net_ops = { | 137 | static struct pernet_operations ip6table_filter_net_ops = { |
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index a929c19d30e3..9bc483f000e5 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
| @@ -182,7 +182,7 @@ static int __net_init ip6table_mangle_net_init(struct net *net) | |||
| 182 | 182 | ||
| 183 | static void __net_exit ip6table_mangle_net_exit(struct net *net) | 183 | static void __net_exit ip6table_mangle_net_exit(struct net *net) |
| 184 | { | 184 | { |
| 185 | ip6t_unregister_table(net->ipv6.ip6table_mangle); | 185 | ip6t_unregister_table(net, net->ipv6.ip6table_mangle); |
| 186 | } | 186 | } |
| 187 | 187 | ||
| 188 | static struct pernet_operations ip6table_mangle_net_ops = { | 188 | static struct pernet_operations ip6table_mangle_net_ops = { |
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index ed1a1180f3b3..4c90b552e433 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c | |||
| @@ -94,7 +94,7 @@ static int __net_init ip6table_raw_net_init(struct net *net) | |||
| 94 | 94 | ||
| 95 | static void __net_exit ip6table_raw_net_exit(struct net *net) | 95 | static void __net_exit ip6table_raw_net_exit(struct net *net) |
| 96 | { | 96 | { |
| 97 | ip6t_unregister_table(net->ipv6.ip6table_raw); | 97 | ip6t_unregister_table(net, net->ipv6.ip6table_raw); |
| 98 | } | 98 | } |
| 99 | 99 | ||
| 100 | static struct pernet_operations ip6table_raw_net_ops = { | 100 | static struct pernet_operations ip6table_raw_net_ops = { |
diff --git a/net/ipv6/netfilter/ip6table_security.c b/net/ipv6/netfilter/ip6table_security.c index 41b444c60934..baa8d4ef3b0a 100644 --- a/net/ipv6/netfilter/ip6table_security.c +++ b/net/ipv6/netfilter/ip6table_security.c | |||
| @@ -134,7 +134,7 @@ static int __net_init ip6table_security_net_init(struct net *net) | |||
| 134 | 134 | ||
| 135 | static void __net_exit ip6table_security_net_exit(struct net *net) | 135 | static void __net_exit ip6table_security_net_exit(struct net *net) |
| 136 | { | 136 | { |
| 137 | ip6t_unregister_table(net->ipv6.ip6table_security); | 137 | ip6t_unregister_table(net, net->ipv6.ip6table_security); |
| 138 | } | 138 | } |
| 139 | 139 | ||
| 140 | static struct pernet_operations ip6table_security_net_ops = { | 140 | static struct pernet_operations ip6table_security_net_ops = { |