netfilter: fix two recent sysctl problems

Starting with 9043476f726802f4b00c96d0c4f418dde48d1304 ("[PATCH] sanitize proc_sysctl") we have two netfilter releated problems: - WARNING: at kernel/sysctl.c:1966 unregister_sysctl_table+0xcc/0x103(), caused by wrong order of ini/fini calls - net.netfilter is duplicated and has truncated set of records Thanks to very useful guidelines from Al Viro, this patch fixes both of them. Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl> Acked-by: Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Krzysztof Piotr Oledzki <ole@ans.pl> 2008-08-06 05:35:44 -0400
committer: David S. Miller <davem@davemloft.net> 2008-08-06 05:35:44 -0400
commit: 9714be7da8b32f36d2468fe08ff603b6402df8cf (patch)
tree: 56bb581898846b695eb9b1cd20556bb619924251 /net
parent: 1ca615fb816ba85dc765209a9b58ab82cc99bce0 (diff)
2 files changed, 20 insertions, 14 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index c519d090bdb9..9d1830da8e84 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -1032,10 +1032,10 @@ void nf_conntrack_cleanup(void)
        nf_ct_free_hashtable(nf_conntrack_hash, nf_conntrack_vmalloc,
                             nf_conntrack_htable_size);
-        nf_conntrack_proto_fini();
-        nf_conntrack_helper_fini();
-        nf_conntrack_expect_fini();
        nf_conntrack_acct_fini();
+        nf_conntrack_expect_fini();
+        nf_conntrack_helper_fini();
+        nf_conntrack_proto_fini();
 }
 struct hlist_head *nf_ct_alloc_hashtable(unsigned int *sizep, int *vmalloced)
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 869ef9349d0f..8509db14670b 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -324,6 +324,7 @@ static int log_invalid_proto_min = 0;
 static int log_invalid_proto_max = 255;
 static struct ctl_table_header *nf_ct_sysctl_header;
+static struct ctl_table_header *nf_ct_netfilter_header;
 static ctl_table nf_ct_sysctl_table[] = {
        {
@@ -384,12 +385,6 @@ static ctl_table nf_ct_sysctl_table[] = {
 static ctl_table nf_ct_netfilter_table[] = {
        {
-                .ctl_name       = NET_NETFILTER,
-                .procname       = "netfilter",
-                .mode           = 0555,
-                .child          = nf_ct_sysctl_table,
-        },
-        {
                .ctl_name       = NET_NF_CONNTRACK_MAX,
                .procname       = "nf_conntrack_max",
                .data           = &nf_conntrack_max,
@@ -409,18 +404,29 @@ EXPORT_SYMBOL_GPL(nf_ct_log_invalid);
 static int nf_conntrack_standalone_init_sysctl(void)
 {
-        nf_ct_sysctl_header =
+        nf_ct_netfilter_header =
                register_sysctl_paths(nf_ct_path, nf_ct_netfilter_table);
-        if (nf_ct_sysctl_header == NULL) {
+        if (!nf_ct_netfilter_header)
-                printk("nf_conntrack: can't register to sysctl.\n");
+                goto out;
-                return -ENOMEM;
-        }
+        nf_ct_sysctl_header =
+                 register_sysctl_paths(nf_net_netfilter_sysctl_path,
+                                        nf_ct_sysctl_table);
+        if (!nf_ct_sysctl_header)
+                goto out_unregister_netfilter;
        return 0;
+out_unregister_netfilter:
+        unregister_sysctl_table(nf_ct_netfilter_header);
+out:
+        printk("nf_conntrack: can't register to sysctl.\n");
+        return -ENOMEM;
 }
 static void nf_conntrack_standalone_fini_sysctl(void)
 {
+        unregister_sysctl_table(nf_ct_netfilter_header);
        unregister_sysctl_table(nf_ct_sysctl_header);
 }
 #else
author	Krzysztof Piotr Oledzki <ole@ans.pl>	2008-08-06 05:35:44 -0400
committer	David S. Miller <davem@davemloft.net>	2008-08-06 05:35:44 -0400
commit	9714be7da8b32f36d2468fe08ff603b6402df8cf (patch)
tree	56bb581898846b695eb9b1cd20556bb619924251 /net
parent	1ca615fb816ba85dc765209a9b58ab82cc99bce0 (diff)

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index c519d090bdb9..9d1830da8e84 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c
@@ -1032,10 +1032,10 @@ void nf_conntrack_cleanup(void)
1032	nf_ct_free_hashtable(nf_conntrack_hash, nf_conntrack_vmalloc,	1032	nf_ct_free_hashtable(nf_conntrack_hash, nf_conntrack_vmalloc,
1033	nf_conntrack_htable_size);	1033	nf_conntrack_htable_size);
1034		1034
1035	nf_conntrack_proto_fini();
1036	nf_conntrack_helper_fini();
1037	nf_conntrack_expect_fini();
1038	nf_conntrack_acct_fini();	1035	nf_conntrack_acct_fini();
		1036	nf_conntrack_expect_fini();
		1037	nf_conntrack_helper_fini();
		1038	nf_conntrack_proto_fini();
1039	}	1039	}
1040		1040
1041	struct hlist_head nf_ct_alloc_hashtable(unsigned int sizep, int *vmalloced)	1041	struct hlist_head nf_ct_alloc_hashtable(unsigned int sizep, int *vmalloced)


diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 869ef9349d0f..8509db14670b 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c
@@ -324,6 +324,7 @@ static int log_invalid_proto_min = 0;
324	static int log_invalid_proto_max = 255;	324	static int log_invalid_proto_max = 255;
325		325
326	static struct ctl_table_header *nf_ct_sysctl_header;	326	static struct ctl_table_header *nf_ct_sysctl_header;
		327	static struct ctl_table_header *nf_ct_netfilter_header;
327		328
328	static ctl_table nf_ct_sysctl_table[] = {	329	static ctl_table nf_ct_sysctl_table[] = {
329	{	330	{
@@ -384,12 +385,6 @@ static ctl_table nf_ct_sysctl_table[] = {
384		385
385	static ctl_table nf_ct_netfilter_table[] = {	386	static ctl_table nf_ct_netfilter_table[] = {
386	{	387	{
387	.ctl_name = NET_NETFILTER,
388	.procname = "netfilter",
389	.mode = 0555,
390	.child = nf_ct_sysctl_table,
391	},
392	{
393	.ctl_name = NET_NF_CONNTRACK_MAX,	388	.ctl_name = NET_NF_CONNTRACK_MAX,
394	.procname = "nf_conntrack_max",	389	.procname = "nf_conntrack_max",
395	.data = &nf_conntrack_max,	390	.data = &nf_conntrack_max,
@@ -409,18 +404,29 @@ EXPORT_SYMBOL_GPL(nf_ct_log_invalid);
409		404
410	static int nf_conntrack_standalone_init_sysctl(void)	405	static int nf_conntrack_standalone_init_sysctl(void)
411	{	406	{
412	nf_ct_sysctl_header =	407	nf_ct_netfilter_header =
413	register_sysctl_paths(nf_ct_path, nf_ct_netfilter_table);	408	register_sysctl_paths(nf_ct_path, nf_ct_netfilter_table);
414	if (nf_ct_sysctl_header == NULL) {	409	if (!nf_ct_netfilter_header)
415	printk("nf_conntrack: can't register to sysctl.\n");	410	goto out;
416	return -ENOMEM;	411
417	}	412	nf_ct_sysctl_header =
		413	register_sysctl_paths(nf_net_netfilter_sysctl_path,
		414	nf_ct_sysctl_table);
		415	if (!nf_ct_sysctl_header)
		416	goto out_unregister_netfilter;
		417
418	return 0;	418	return 0;
419		419
		420	out_unregister_netfilter:
		421	unregister_sysctl_table(nf_ct_netfilter_header);
		422	out:
		423	printk("nf_conntrack: can't register to sysctl.\n");
		424	return -ENOMEM;
420	}	425	}
421		426
422	static void nf_conntrack_standalone_fini_sysctl(void)	427	static void nf_conntrack_standalone_fini_sysctl(void)
423	{	428	{
		429	unregister_sysctl_table(nf_ct_netfilter_header);
424	unregister_sysctl_table(nf_ct_sysctl_header);	430	unregister_sysctl_table(nf_ct_sysctl_header);
425	}	431	}
426	#else	432	#else