aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/linux/netfilter/x_tables.h2
-rw-r--r--net/bridge/netfilter/ebtables.c10
-rw-r--r--net/ipv4/netfilter/ip_tables.c8
-rw-r--r--net/ipv6/netfilter/ip6_tables.c8
4 files changed, 18 insertions, 10 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 026eb78ee83c..365fabe1b16e 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -249,6 +249,7 @@ struct xt_target_param {
249 * Other fields see above. 249 * Other fields see above.
250 */ 250 */
251struct xt_tgchk_param { 251struct xt_tgchk_param {
252 struct net *net;
252 const char *table; 253 const char *table;
253 const void *entryinfo; 254 const void *entryinfo;
254 const struct xt_target *target; 255 const struct xt_target *target;
@@ -259,6 +260,7 @@ struct xt_tgchk_param {
259 260
260/* Target destructor parameters */ 261/* Target destructor parameters */
261struct xt_tgdtor_param { 262struct xt_tgdtor_param {
263 struct net *net;
262 const struct xt_target *target; 264 const struct xt_target *target;
263 void *targinfo; 265 void *targinfo;
264 u_int8_t family; 266 u_int8_t family;
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 1aa0e4c1f52d..12beb580aa21 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -579,13 +579,14 @@ ebt_cleanup_match(struct ebt_entry_match *m, struct net *net, unsigned int *i)
579} 579}
580 580
581static inline int 581static inline int
582ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) 582ebt_cleanup_watcher(struct ebt_entry_watcher *w, struct net *net, unsigned int *i)
583{ 583{
584 struct xt_tgdtor_param par; 584 struct xt_tgdtor_param par;
585 585
586 if (i && (*i)-- == 0) 586 if (i && (*i)-- == 0)
587 return 1; 587 return 1;
588 588
589 par.net = net;
589 par.target = w->u.watcher; 590 par.target = w->u.watcher;
590 par.targinfo = w->data; 591 par.targinfo = w->data;
591 par.family = NFPROTO_BRIDGE; 592 par.family = NFPROTO_BRIDGE;
@@ -606,10 +607,11 @@ ebt_cleanup_entry(struct ebt_entry *e, struct net *net, unsigned int *cnt)
606 /* we're done */ 607 /* we're done */
607 if (cnt && (*cnt)-- == 0) 608 if (cnt && (*cnt)-- == 0)
608 return 1; 609 return 1;
609 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); 610 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, NULL);
610 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, NULL); 611 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, NULL);
611 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 612 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
612 613
614 par.net = net;
613 par.target = t->u.target; 615 par.target = t->u.target;
614 par.targinfo = t->data; 616 par.targinfo = t->data;
615 par.family = NFPROTO_BRIDGE; 617 par.family = NFPROTO_BRIDGE;
@@ -674,7 +676,7 @@ ebt_check_entry(struct ebt_entry *e,
674 } 676 }
675 i = 0; 677 i = 0;
676 678
677 mtpar.net = net; 679 mtpar.net = tgpar.net = net;
678 mtpar.table = tgpar.table = name; 680 mtpar.table = tgpar.table = name;
679 mtpar.entryinfo = tgpar.entryinfo = e; 681 mtpar.entryinfo = tgpar.entryinfo = e;
680 mtpar.hook_mask = tgpar.hook_mask = hookmask; 682 mtpar.hook_mask = tgpar.hook_mask = hookmask;
@@ -730,7 +732,7 @@ ebt_check_entry(struct ebt_entry *e,
730 (*cnt)++; 732 (*cnt)++;
731 return 0; 733 return 0;
732cleanup_watchers: 734cleanup_watchers:
733 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j); 735 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, net, &j);
734cleanup_matches: 736cleanup_matches:
735 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, &i); 737 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, &i);
736 return ret; 738 return ret;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index cfaba0e2e6fc..7fde8f6950d8 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -638,10 +638,11 @@ err:
638 return ret; 638 return ret;
639} 639}
640 640
641static int check_target(struct ipt_entry *e, const char *name) 641static int check_target(struct ipt_entry *e, struct net *net, const char *name)
642{ 642{
643 struct ipt_entry_target *t = ipt_get_target(e); 643 struct ipt_entry_target *t = ipt_get_target(e);
644 struct xt_tgchk_param par = { 644 struct xt_tgchk_param par = {
645 .net = net,
645 .table = name, 646 .table = name,
646 .entryinfo = e, 647 .entryinfo = e,
647 .target = t->u.kernel.target, 648 .target = t->u.kernel.target,
@@ -697,7 +698,7 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name,
697 } 698 }
698 t->u.kernel.target = target; 699 t->u.kernel.target = target;
699 700
700 ret = check_target(e, name); 701 ret = check_target(e, net, name);
701 if (ret) 702 if (ret)
702 goto err; 703 goto err;
703 704
@@ -788,6 +789,7 @@ cleanup_entry(struct ipt_entry *e, struct net *net, unsigned int *i)
788 IPT_MATCH_ITERATE(e, cleanup_match, net, NULL); 789 IPT_MATCH_ITERATE(e, cleanup_match, net, NULL);
789 t = ipt_get_target(e); 790 t = ipt_get_target(e);
790 791
792 par.net = net;
791 par.target = t->u.kernel.target; 793 par.target = t->u.kernel.target;
792 par.targinfo = t->data; 794 par.targinfo = t->data;
793 par.family = NFPROTO_IPV4; 795 par.family = NFPROTO_IPV4;
@@ -1675,7 +1677,7 @@ compat_check_entry(struct ipt_entry *e, struct net *net, const char *name,
1675 if (ret) 1677 if (ret)
1676 goto cleanup_matches; 1678 goto cleanup_matches;
1677 1679
1678 ret = check_target(e, name); 1680 ret = check_target(e, net, name);
1679 if (ret) 1681 if (ret)
1680 goto cleanup_matches; 1682 goto cleanup_matches;
1681 1683
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 9f1d45f2ba8f..0376ed6d5594 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -669,10 +669,11 @@ err:
669 return ret; 669 return ret;
670} 670}
671 671
672static int check_target(struct ip6t_entry *e, const char *name) 672static int check_target(struct ip6t_entry *e, struct net *net, const char *name)
673{ 673{
674 struct ip6t_entry_target *t = ip6t_get_target(e); 674 struct ip6t_entry_target *t = ip6t_get_target(e);
675 struct xt_tgchk_param par = { 675 struct xt_tgchk_param par = {
676 .net = net,
676 .table = name, 677 .table = name,
677 .entryinfo = e, 678 .entryinfo = e,
678 .target = t->u.kernel.target, 679 .target = t->u.kernel.target,
@@ -729,7 +730,7 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name,
729 } 730 }
730 t->u.kernel.target = target; 731 t->u.kernel.target = target;
731 732
732 ret = check_target(e, name); 733 ret = check_target(e, net, name);
733 if (ret) 734 if (ret)
734 goto err; 735 goto err;
735 736
@@ -820,6 +821,7 @@ cleanup_entry(struct ip6t_entry *e, struct net *net, unsigned int *i)
820 IP6T_MATCH_ITERATE(e, cleanup_match, net, NULL); 821 IP6T_MATCH_ITERATE(e, cleanup_match, net, NULL);
821 t = ip6t_get_target(e); 822 t = ip6t_get_target(e);
822 823
824 par.net = net;
823 par.target = t->u.kernel.target; 825 par.target = t->u.kernel.target;
824 par.targinfo = t->data; 826 par.targinfo = t->data;
825 par.family = NFPROTO_IPV6; 827 par.family = NFPROTO_IPV6;
@@ -1710,7 +1712,7 @@ static int compat_check_entry(struct ip6t_entry *e, struct net *net,
1710 if (ret) 1712 if (ret)
1711 goto cleanup_matches; 1713 goto cleanup_matches;
1712 1714
1713 ret = check_target(e, name); 1715 ret = check_target(e, net, name);
1714 if (ret) 1716 if (ret)
1715 goto cleanup_matches; 1717 goto cleanup_matches;
1716 1718
generated by cgit v1.2.2 (git 2.25.0) at 2025-03-10 23:09:54 -0400