aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter/x_tables.h1
-rw-r--r--include/linux/netfilter_bridge/ebtables.h2
-rw-r--r--include/linux/netfilter_ipv4/ip_tables.h2
-rw-r--r--include/linux/netfilter_ipv6/ip6_tables.h2
-rw-r--r--net/bridge/netfilter/ebtable_broute.c2
-rw-r--r--net/bridge/netfilter/ebtable_filter.c2
-rw-r--r--net/bridge/netfilter/ebtable_nat.c2
-rw-r--r--net/bridge/netfilter/ebtables.c19
-rw-r--r--net/ipv4/netfilter/ip_tables.c25
-rw-r--r--net/ipv4/netfilter/iptable_filter.c2
-rw-r--r--net/ipv4/netfilter/iptable_mangle.c2
-rw-r--r--net/ipv4/netfilter/iptable_raw.c2
-rw-r--r--net/ipv4/netfilter/iptable_security.c2
-rw-r--r--net/ipv4/netfilter/nf_nat_rule.c2
-rw-r--r--net/ipv6/netfilter/ip6_tables.c37
-rw-r--r--net/ipv6/netfilter/ip6table_filter.c2
-rw-r--r--net/ipv6/netfilter/ip6table_mangle.c2
-rw-r--r--net/ipv6/netfilter/ip6table_raw.c2
-rw-r--r--net/ipv6/netfilter/ip6table_security.c2
19 files changed, 59 insertions, 53 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 88261b9829a7..3caf5e151102 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -216,6 +216,7 @@ struct xt_mtchk_param {
216 216
217/* Match destructor parameters */ 217/* Match destructor parameters */
218struct xt_mtdtor_param { 218struct xt_mtdtor_param {
219 struct net *net;
219 const struct xt_match *match; 220 const struct xt_match *match;
220 void *matchinfo; 221 void *matchinfo;
221 u_int8_t family; 222 u_int8_t family;
diff --git a/include/linux/netfilter_bridge/ebtables.h b/include/linux/netfilter_bridge/ebtables.h
index 3cc40c131cc3..1c6f0c5f530e 100644
--- a/include/linux/netfilter_bridge/ebtables.h
+++ b/include/linux/netfilter_bridge/ebtables.h
@@ -289,7 +289,7 @@ struct ebt_table {
289 ~(__alignof__(struct ebt_replace)-1)) 289 ~(__alignof__(struct ebt_replace)-1))
290extern struct ebt_table *ebt_register_table(struct net *net, 290extern struct ebt_table *ebt_register_table(struct net *net,
291 const struct ebt_table *table); 291 const struct ebt_table *table);
292extern void ebt_unregister_table(struct ebt_table *table); 292extern void ebt_unregister_table(struct net *net, struct ebt_table *table);
293extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb, 293extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff *skb,
294 const struct net_device *in, const struct net_device *out, 294 const struct net_device *in, const struct net_device *out,
295 struct ebt_table *table); 295 struct ebt_table *table);
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index 27b3f5807305..8d1f273d350b 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -242,7 +242,7 @@ extern void ipt_init(void) __init;
242extern struct xt_table *ipt_register_table(struct net *net, 242extern struct xt_table *ipt_register_table(struct net *net,
243 const struct xt_table *table, 243 const struct xt_table *table,
244 const struct ipt_replace *repl); 244 const struct ipt_replace *repl);
245extern void ipt_unregister_table(struct xt_table *table); 245extern void ipt_unregister_table(struct net *net, struct xt_table *table);
246 246
247/* Standard entry. */ 247/* Standard entry. */
248struct ipt_standard { 248struct ipt_standard {
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index b31050d20ae4..d2952d2fa658 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -300,7 +300,7 @@ extern void ip6t_init(void) __init;
300extern struct xt_table *ip6t_register_table(struct net *net, 300extern struct xt_table *ip6t_register_table(struct net *net,
301 const struct xt_table *table, 301 const struct xt_table *table,
302 const struct ip6t_replace *repl); 302 const struct ip6t_replace *repl);
303extern void ip6t_unregister_table(struct xt_table *table); 303extern void ip6t_unregister_table(struct net *net, struct xt_table *table);
304extern unsigned int ip6t_do_table(struct sk_buff *skb, 304extern unsigned int ip6t_do_table(struct sk_buff *skb,
305 unsigned int hook, 305 unsigned int hook,
306 const struct net_device *in, 306 const struct net_device *in,
diff --git a/net/bridge/netfilter/ebtable_broute.c b/net/bridge/netfilter/ebtable_broute.c
index d32ab13e728c..ae3f106c3908 100644
--- a/net/bridge/netfilter/ebtable_broute.c
+++ b/net/bridge/netfilter/ebtable_broute.c
@@ -71,7 +71,7 @@ static int __net_init broute_net_init(struct net *net)
71 71
72static void __net_exit broute_net_exit(struct net *net) 72static void __net_exit broute_net_exit(struct net *net)
73{ 73{
74 ebt_unregister_table(net->xt.broute_table); 74 ebt_unregister_table(net, net->xt.broute_table);
75} 75}
76 76
77static struct pernet_operations broute_net_ops = { 77static struct pernet_operations broute_net_ops = {
diff --git a/net/bridge/netfilter/ebtable_filter.c b/net/bridge/netfilter/ebtable_filter.c
index 60b1a6ca7185..42e6bd094574 100644
--- a/net/bridge/netfilter/ebtable_filter.c
+++ b/net/bridge/netfilter/ebtable_filter.c
@@ -107,7 +107,7 @@ static int __net_init frame_filter_net_init(struct net *net)
107 107
108static void __net_exit frame_filter_net_exit(struct net *net) 108static void __net_exit frame_filter_net_exit(struct net *net)
109{ 109{
110 ebt_unregister_table(net->xt.frame_filter); 110 ebt_unregister_table(net, net->xt.frame_filter);
111} 111}
112 112
113static struct pernet_operations frame_filter_net_ops = { 113static struct pernet_operations frame_filter_net_ops = {
diff --git a/net/bridge/netfilter/ebtable_nat.c b/net/bridge/netfilter/ebtable_nat.c
index 4a98804203b0..6dc2f878ae05 100644
--- a/net/bridge/netfilter/ebtable_nat.c
+++ b/net/bridge/netfilter/ebtable_nat.c
@@ -107,7 +107,7 @@ static int __net_init frame_nat_net_init(struct net *net)
107 107
108static void __net_exit frame_nat_net_exit(struct net *net) 108static void __net_exit frame_nat_net_exit(struct net *net)
109{ 109{
110 ebt_unregister_table(net->xt.frame_nat); 110 ebt_unregister_table(net, net->xt.frame_nat);
111} 111}
112 112
113static struct pernet_operations frame_nat_net_ops = { 113static struct pernet_operations frame_nat_net_ops = {
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index c77bab986696..1aa0e4c1f52d 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -561,13 +561,14 @@ ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo,
561} 561}
562 562
563static inline int 563static inline int
564ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) 564ebt_cleanup_match(struct ebt_entry_match *m, struct net *net, unsigned int *i)
565{ 565{
566 struct xt_mtdtor_param par; 566 struct xt_mtdtor_param par;
567 567
568 if (i && (*i)-- == 0) 568 if (i && (*i)-- == 0)
569 return 1; 569 return 1;
570 570
571 par.net = net;
571 par.match = m->u.match; 572 par.match = m->u.match;
572 par.matchinfo = m->data; 573 par.matchinfo = m->data;
573 par.family = NFPROTO_BRIDGE; 574 par.family = NFPROTO_BRIDGE;
@@ -595,7 +596,7 @@ ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
595} 596}
596 597
597static inline int 598static inline int
598ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) 599ebt_cleanup_entry(struct ebt_entry *e, struct net *net, unsigned int *cnt)
599{ 600{
600 struct xt_tgdtor_param par; 601 struct xt_tgdtor_param par;
601 struct ebt_entry_target *t; 602 struct ebt_entry_target *t;
@@ -606,7 +607,7 @@ ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
606 if (cnt && (*cnt)-- == 0) 607 if (cnt && (*cnt)-- == 0)
607 return 1; 608 return 1;
608 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); 609 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
609 EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); 610 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, NULL);
610 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); 611 t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
611 612
612 par.target = t->u.target; 613 par.target = t->u.target;
@@ -731,7 +732,7 @@ ebt_check_entry(struct ebt_entry *e,
731cleanup_watchers: 732cleanup_watchers:
732 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j); 733 EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j);
733cleanup_matches: 734cleanup_matches:
734 EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i); 735 EBT_MATCH_ITERATE(e, ebt_cleanup_match, net, &i);
735 return ret; 736 return ret;
736} 737}
737 738
@@ -924,7 +925,7 @@ static int translate_table(struct net *net, char *name,
924 ebt_check_entry, net, newinfo, name, &i, cl_s, udc_cnt); 925 ebt_check_entry, net, newinfo, name, &i, cl_s, udc_cnt);
925 if (ret != 0) { 926 if (ret != 0) {
926 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 927 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
927 ebt_cleanup_entry, &i); 928 ebt_cleanup_entry, net, &i);
928 } 929 }
929 vfree(cl_s); 930 vfree(cl_s);
930 return ret; 931 return ret;
@@ -1074,7 +1075,7 @@ static int do_replace(struct net *net, void __user *user, unsigned int len)
1074 1075
1075 /* decrease module count and free resources */ 1076 /* decrease module count and free resources */
1076 EBT_ENTRY_ITERATE(table->entries, table->entries_size, 1077 EBT_ENTRY_ITERATE(table->entries, table->entries_size,
1077 ebt_cleanup_entry, NULL); 1078 ebt_cleanup_entry, net, NULL);
1078 1079
1079 vfree(table->entries); 1080 vfree(table->entries);
1080 if (table->chainstack) { 1081 if (table->chainstack) {
@@ -1091,7 +1092,7 @@ free_unlock:
1091 mutex_unlock(&ebt_mutex); 1092 mutex_unlock(&ebt_mutex);
1092free_iterate: 1093free_iterate:
1093 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, 1094 EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size,
1094 ebt_cleanup_entry, NULL); 1095 ebt_cleanup_entry, net, NULL);
1095free_counterstmp: 1096free_counterstmp:
1096 vfree(counterstmp); 1097 vfree(counterstmp);
1097 /* can be initialized in translate_table() */ 1098 /* can be initialized in translate_table() */
@@ -1208,7 +1209,7 @@ out:
1208 return ERR_PTR(ret); 1209 return ERR_PTR(ret);
1209} 1210}
1210 1211
1211void ebt_unregister_table(struct ebt_table *table) 1212void ebt_unregister_table(struct net *net, struct ebt_table *table)
1212{ 1213{
1213 int i; 1214 int i;
1214 1215
@@ -1220,7 +1221,7 @@ void ebt_unregister_table(struct ebt_table *table)
1220 list_del(&table->list); 1221 list_del(&table->list);
1221 mutex_unlock(&ebt_mutex); 1222 mutex_unlock(&ebt_mutex);
1222 EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size, 1223 EBT_ENTRY_ITERATE(table->private->entries, table->private->entries_size,
1223 ebt_cleanup_entry, NULL); 1224 ebt_cleanup_entry, net, NULL);
1224 if (table->private->nentries) 1225 if (table->private->nentries)
1225 module_put(table->me); 1226 module_put(table->me);
1226 vfree(table->private->entries); 1227 vfree(table->private->entries);
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index a069d72d9482..cfaba0e2e6fc 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -553,13 +553,14 @@ mark_source_chains(struct xt_table_info *newinfo,
553} 553}
554 554
555static int 555static int
556cleanup_match(struct ipt_entry_match *m, unsigned int *i) 556cleanup_match(struct ipt_entry_match *m, struct net *net, unsigned int *i)
557{ 557{
558 struct xt_mtdtor_param par; 558 struct xt_mtdtor_param par;
559 559
560 if (i && (*i)-- == 0) 560 if (i && (*i)-- == 0)
561 return 1; 561 return 1;
562 562
563 par.net = net;
563 par.match = m->u.kernel.match; 564 par.match = m->u.kernel.match;
564 par.matchinfo = m->data; 565 par.matchinfo = m->data;
565 par.family = NFPROTO_IPV4; 566 par.family = NFPROTO_IPV4;
@@ -705,7 +706,7 @@ find_check_entry(struct ipt_entry *e, struct net *net, const char *name,
705 err: 706 err:
706 module_put(t->u.kernel.target->me); 707 module_put(t->u.kernel.target->me);
707 cleanup_matches: 708 cleanup_matches:
708 IPT_MATCH_ITERATE(e, cleanup_match, &j); 709 IPT_MATCH_ITERATE(e, cleanup_match, net, &j);
709 return ret; 710 return ret;
710} 711}
711 712
@@ -775,7 +776,7 @@ check_entry_size_and_hooks(struct ipt_entry *e,
775} 776}
776 777
777static int 778static int
778cleanup_entry(struct ipt_entry *e, unsigned int *i) 779cleanup_entry(struct ipt_entry *e, struct net *net, unsigned int *i)
779{ 780{
780 struct xt_tgdtor_param par; 781 struct xt_tgdtor_param par;
781 struct ipt_entry_target *t; 782 struct ipt_entry_target *t;
@@ -784,7 +785,7 @@ cleanup_entry(struct ipt_entry *e, unsigned int *i)
784 return 1; 785 return 1;
785 786
786 /* Cleanup all matches */ 787 /* Cleanup all matches */
787 IPT_MATCH_ITERATE(e, cleanup_match, NULL); 788 IPT_MATCH_ITERATE(e, cleanup_match, net, NULL);
788 t = ipt_get_target(e); 789 t = ipt_get_target(e);
789 790
790 par.target = t->u.kernel.target; 791 par.target = t->u.kernel.target;
@@ -866,7 +867,7 @@ translate_table(struct net *net,
866 867
867 if (ret != 0) { 868 if (ret != 0) {
868 IPT_ENTRY_ITERATE(entry0, newinfo->size, 869 IPT_ENTRY_ITERATE(entry0, newinfo->size,
869 cleanup_entry, &i); 870 cleanup_entry, net, &i);
870 return ret; 871 return ret;
871 } 872 }
872 873
@@ -1260,7 +1261,7 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks,
1260 /* Decrease module usage counts and free resource */ 1261 /* Decrease module usage counts and free resource */
1261 loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()]; 1262 loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()];
1262 IPT_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry, 1263 IPT_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry,
1263 NULL); 1264 net, NULL);
1264 xt_free_table_info(oldinfo); 1265 xt_free_table_info(oldinfo);
1265 if (copy_to_user(counters_ptr, counters, 1266 if (copy_to_user(counters_ptr, counters,
1266 sizeof(struct xt_counters) * num_counters) != 0) 1267 sizeof(struct xt_counters) * num_counters) != 0)
@@ -1320,7 +1321,7 @@ do_replace(struct net *net, void __user *user, unsigned int len)
1320 return 0; 1321 return 0;
1321 1322
1322 free_newinfo_untrans: 1323 free_newinfo_untrans:
1323 IPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL); 1324 IPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, net, NULL);
1324 free_newinfo: 1325 free_newinfo:
1325 xt_free_table_info(newinfo); 1326 xt_free_table_info(newinfo);
1326 return ret; 1327 return ret;
@@ -1682,7 +1683,7 @@ compat_check_entry(struct ipt_entry *e, struct net *net, const char *name,
1682 return 0; 1683 return 0;
1683 1684
1684 cleanup_matches: 1685 cleanup_matches:
1685 IPT_MATCH_ITERATE(e, cleanup_match, &j); 1686 IPT_MATCH_ITERATE(e, cleanup_match, net, &j);
1686 return ret; 1687 return ret;
1687} 1688}
1688 1689
@@ -1782,7 +1783,7 @@ translate_compat_table(struct net *net,
1782 j -= i; 1783 j -= i;
1783 COMPAT_IPT_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i, 1784 COMPAT_IPT_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i,
1784 compat_release_entry, &j); 1785 compat_release_entry, &j);
1785 IPT_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, &i); 1786 IPT_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, net, &i);
1786 xt_free_table_info(newinfo); 1787 xt_free_table_info(newinfo);
1787 return ret; 1788 return ret;
1788 } 1789 }
@@ -1853,7 +1854,7 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len)
1853 return 0; 1854 return 0;
1854 1855
1855 free_newinfo_untrans: 1856 free_newinfo_untrans:
1856 IPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL); 1857 IPT_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, net, NULL);
1857 free_newinfo: 1858 free_newinfo:
1858 xt_free_table_info(newinfo); 1859 xt_free_table_info(newinfo);
1859 return ret; 1860 return ret;
@@ -2112,7 +2113,7 @@ out:
2112 return ERR_PTR(ret); 2113 return ERR_PTR(ret);
2113} 2114}
2114 2115
2115void ipt_unregister_table(struct xt_table *table) 2116void ipt_unregister_table(struct net *net, struct xt_table *table)
2116{ 2117{
2117 struct xt_table_info *private; 2118 struct xt_table_info *private;
2118 void *loc_cpu_entry; 2119 void *loc_cpu_entry;
@@ -2122,7 +2123,7 @@ void ipt_unregister_table(struct xt_table *table)
2122 2123
2123 /* Decrease module usage counts and free resources */ 2124 /* Decrease module usage counts and free resources */
2124 loc_cpu_entry = private->entries[raw_smp_processor_id()]; 2125 loc_cpu_entry = private->entries[raw_smp_processor_id()];
2125 IPT_ENTRY_ITERATE(loc_cpu_entry, private->size, cleanup_entry, NULL); 2126 IPT_ENTRY_ITERATE(loc_cpu_entry, private->size, cleanup_entry, net, NULL);
2126 if (private->number > private->initial_entries) 2127 if (private->number > private->initial_entries)
2127 module_put(table_owner); 2128 module_put(table_owner);
2128 xt_free_table_info(private); 2129 xt_free_table_info(private);
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index df566cbd68e5..dee90eb8aa47 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -138,7 +138,7 @@ static int __net_init iptable_filter_net_init(struct net *net)
138 138
139static void __net_exit iptable_filter_net_exit(struct net *net) 139static void __net_exit iptable_filter_net_exit(struct net *net)
140{ 140{
141 ipt_unregister_table(net->ipv4.iptable_filter); 141 ipt_unregister_table(net, net->ipv4.iptable_filter);
142} 142}
143 143
144static struct pernet_operations iptable_filter_net_ops = { 144static struct pernet_operations iptable_filter_net_ops = {
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index fae78c3076c4..e07bf242343a 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -208,7 +208,7 @@ static int __net_init iptable_mangle_net_init(struct net *net)
208 208
209static void __net_exit iptable_mangle_net_exit(struct net *net) 209static void __net_exit iptable_mangle_net_exit(struct net *net)
210{ 210{
211 ipt_unregister_table(net->ipv4.iptable_mangle); 211 ipt_unregister_table(net, net->ipv4.iptable_mangle);
212} 212}
213 213
214static struct pernet_operations iptable_mangle_net_ops = { 214static struct pernet_operations iptable_mangle_net_ops = {
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c
index 993edc23be09..40f2b9f611a2 100644
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -100,7 +100,7 @@ static int __net_init iptable_raw_net_init(struct net *net)
100 100
101static void __net_exit iptable_raw_net_exit(struct net *net) 101static void __net_exit iptable_raw_net_exit(struct net *net)
102{ 102{
103 ipt_unregister_table(net->ipv4.iptable_raw); 103 ipt_unregister_table(net, net->ipv4.iptable_raw);
104} 104}
105 105
106static struct pernet_operations iptable_raw_net_ops = { 106static struct pernet_operations iptable_raw_net_ops = {
diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c
index 3bd3d6388da5..7ce2366e4305 100644
--- a/net/ipv4/netfilter/iptable_security.c
+++ b/net/ipv4/netfilter/iptable_security.c
@@ -138,7 +138,7 @@ static int __net_init iptable_security_net_init(struct net *net)
138 138
139static void __net_exit iptable_security_net_exit(struct net *net) 139static void __net_exit iptable_security_net_exit(struct net *net)
140{ 140{
141 ipt_unregister_table(net->ipv4.iptable_security); 141 ipt_unregister_table(net, net->ipv4.iptable_security);
142} 142}
143 143
144static struct pernet_operations iptable_security_net_ops = { 144static struct pernet_operations iptable_security_net_ops = {
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index 9e81e0dfb4ec..85da34fdc755 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -195,7 +195,7 @@ static int __net_init nf_nat_rule_net_init(struct net *net)
195 195
196static void __net_exit nf_nat_rule_net_exit(struct net *net) 196static void __net_exit nf_nat_rule_net_exit(struct net *net)
197{ 197{
198 ipt_unregister_table(net->ipv4.nat_table); 198 ipt_unregister_table(net, net->ipv4.nat_table);
199} 199}
200 200
201static struct pernet_operations nf_nat_rule_net_ops = { 201static struct pernet_operations nf_nat_rule_net_ops = {
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index a825940a92ef..9f1d45f2ba8f 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -585,13 +585,14 @@ mark_source_chains(struct xt_table_info *newinfo,
585} 585}
586 586
587static int 587static int
588cleanup_match(struct ip6t_entry_match *m, unsigned int *i) 588cleanup_match(struct ip6t_entry_match *m, struct net *net, unsigned int *i)
589{ 589{
590 struct xt_mtdtor_param par; 590 struct xt_mtdtor_param par;
591 591
592 if (i && (*i)-- == 0) 592 if (i && (*i)-- == 0)
593 return 1; 593 return 1;
594 594
595 par.net = net;
595 par.match = m->u.kernel.match; 596 par.match = m->u.kernel.match;
596 par.matchinfo = m->data; 597 par.matchinfo = m->data;
597 par.family = NFPROTO_IPV6; 598 par.family = NFPROTO_IPV6;
@@ -737,7 +738,7 @@ find_check_entry(struct ip6t_entry *e, struct net *net, const char *name,
737 err: 738 err:
738 module_put(t->u.kernel.target->me); 739 module_put(t->u.kernel.target->me);
739 cleanup_matches: 740 cleanup_matches:
740 IP6T_MATCH_ITERATE(e, cleanup_match, &j); 741 IP6T_MATCH_ITERATE(e, cleanup_match, net, &j);
741 return ret; 742 return ret;
742} 743}
743 744
@@ -807,7 +808,7 @@ check_entry_size_and_hooks(struct ip6t_entry *e,
807} 808}
808 809
809static int 810static int
810cleanup_entry(struct ip6t_entry *e, unsigned int *i) 811cleanup_entry(struct ip6t_entry *e, struct net *net, unsigned int *i)
811{ 812{
812 struct xt_tgdtor_param par; 813 struct xt_tgdtor_param par;
813 struct ip6t_entry_target *t; 814 struct ip6t_entry_target *t;
@@ -816,7 +817,7 @@ cleanup_entry(struct ip6t_entry *e, unsigned int *i)
816 return 1; 817 return 1;
817 818
818 /* Cleanup all matches */ 819 /* Cleanup all matches */
819 IP6T_MATCH_ITERATE(e, cleanup_match, NULL); 820 IP6T_MATCH_ITERATE(e, cleanup_match, net, NULL);
820 t = ip6t_get_target(e); 821 t = ip6t_get_target(e);
821 822
822 par.target = t->u.kernel.target; 823 par.target = t->u.kernel.target;
@@ -898,7 +899,7 @@ translate_table(struct net *net,
898 899
899 if (ret != 0) { 900 if (ret != 0) {
900 IP6T_ENTRY_ITERATE(entry0, newinfo->size, 901 IP6T_ENTRY_ITERATE(entry0, newinfo->size,
901 cleanup_entry, &i); 902 cleanup_entry, net, &i);
902 return ret; 903 return ret;
903 } 904 }
904 905
@@ -1293,7 +1294,7 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks,
1293 /* Decrease module usage counts and free resource */ 1294 /* Decrease module usage counts and free resource */
1294 loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()]; 1295 loc_cpu_old_entry = oldinfo->entries[raw_smp_processor_id()];
1295 IP6T_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry, 1296 IP6T_ENTRY_ITERATE(loc_cpu_old_entry, oldinfo->size, cleanup_entry,
1296 NULL); 1297 net, NULL);
1297 xt_free_table_info(oldinfo); 1298 xt_free_table_info(oldinfo);
1298 if (copy_to_user(counters_ptr, counters, 1299 if (copy_to_user(counters_ptr, counters,
1299 sizeof(struct xt_counters) * num_counters) != 0) 1300 sizeof(struct xt_counters) * num_counters) != 0)
@@ -1353,7 +1354,7 @@ do_replace(struct net *net, void __user *user, unsigned int len)
1353 return 0; 1354 return 0;
1354 1355
1355 free_newinfo_untrans: 1356 free_newinfo_untrans:
1356 IP6T_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL); 1357 IP6T_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, net, NULL);
1357 free_newinfo: 1358 free_newinfo:
1358 xt_free_table_info(newinfo); 1359 xt_free_table_info(newinfo);
1359 return ret; 1360 return ret;
@@ -1692,14 +1693,15 @@ compat_copy_entry_from_user(struct compat_ip6t_entry *e, void **dstptr,
1692 return ret; 1693 return ret;
1693} 1694}
1694 1695
1695static int compat_check_entry(struct ip6t_entry *e, const char *name, 1696static int compat_check_entry(struct ip6t_entry *e, struct net *net,
1696 unsigned int *i) 1697 const char *name, unsigned int *i)
1697{ 1698{
1698 unsigned int j; 1699 unsigned int j;
1699 int ret; 1700 int ret;
1700 struct xt_mtchk_param mtpar; 1701 struct xt_mtchk_param mtpar;
1701 1702
1702 j = 0; 1703 j = 0;
1704 mtpar.net = net;
1703 mtpar.table = name; 1705 mtpar.table = name;
1704 mtpar.entryinfo = &e->ipv6; 1706 mtpar.entryinfo = &e->ipv6;
1705 mtpar.hook_mask = e->comefrom; 1707 mtpar.hook_mask = e->comefrom;
@@ -1716,12 +1718,13 @@ static int compat_check_entry(struct ip6t_entry *e, const char *name,
1716 return 0; 1718 return 0;
1717 1719
1718 cleanup_matches: 1720 cleanup_matches:
1719 IP6T_MATCH_ITERATE(e, cleanup_match, &j); 1721 IP6T_MATCH_ITERATE(e, cleanup_match, net, &j);
1720 return ret; 1722 return ret;
1721} 1723}
1722 1724
1723static int 1725static int
1724translate_compat_table(const char *name, 1726translate_compat_table(struct net *net,
1727 const char *name,
1725 unsigned int valid_hooks, 1728 unsigned int valid_hooks,
1726 struct xt_table_info **pinfo, 1729 struct xt_table_info **pinfo,
1727 void **pentry0, 1730 void **pentry0,
@@ -1810,12 +1813,12 @@ translate_compat_table(const char *name,
1810 1813
1811 i = 0; 1814 i = 0;
1812 ret = IP6T_ENTRY_ITERATE(entry1, newinfo->size, compat_check_entry, 1815 ret = IP6T_ENTRY_ITERATE(entry1, newinfo->size, compat_check_entry,
1813 name, &i); 1816 net, name, &i);
1814 if (ret) { 1817 if (ret) {
1815 j -= i; 1818 j -= i;
1816 COMPAT_IP6T_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i, 1819 COMPAT_IP6T_ENTRY_ITERATE_CONTINUE(entry0, newinfo->size, i,
1817 compat_release_entry, &j); 1820 compat_release_entry, &j);
1818 IP6T_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, &i); 1821 IP6T_ENTRY_ITERATE(entry1, newinfo->size, cleanup_entry, net, &i);
1819 xt_free_table_info(newinfo); 1822 xt_free_table_info(newinfo);
1820 return ret; 1823 return ret;
1821 } 1824 }
@@ -1870,7 +1873,7 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len)
1870 goto free_newinfo; 1873 goto free_newinfo;
1871 } 1874 }
1872 1875
1873 ret = translate_compat_table(tmp.name, tmp.valid_hooks, 1876 ret = translate_compat_table(net, tmp.name, tmp.valid_hooks,
1874 &newinfo, &loc_cpu_entry, tmp.size, 1877 &newinfo, &loc_cpu_entry, tmp.size,
1875 tmp.num_entries, tmp.hook_entry, 1878 tmp.num_entries, tmp.hook_entry,
1876 tmp.underflow); 1879 tmp.underflow);
@@ -1886,7 +1889,7 @@ compat_do_replace(struct net *net, void __user *user, unsigned int len)
1886 return 0; 1889 return 0;
1887 1890
1888 free_newinfo_untrans: 1891 free_newinfo_untrans:
1889 IP6T_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, NULL); 1892 IP6T_ENTRY_ITERATE(loc_cpu_entry, newinfo->size, cleanup_entry, net, NULL);
1890 free_newinfo: 1893 free_newinfo:
1891 xt_free_table_info(newinfo); 1894 xt_free_table_info(newinfo);
1892 return ret; 1895 return ret;
@@ -2144,7 +2147,7 @@ out:
2144 return ERR_PTR(ret); 2147 return ERR_PTR(ret);
2145} 2148}
2146 2149
2147void ip6t_unregister_table(struct xt_table *table) 2150void ip6t_unregister_table(struct net *net, struct xt_table *table)
2148{ 2151{
2149 struct xt_table_info *private; 2152 struct xt_table_info *private;
2150 void *loc_cpu_entry; 2153 void *loc_cpu_entry;
@@ -2154,7 +2157,7 @@ void ip6t_unregister_table(struct xt_table *table)
2154 2157
2155 /* Decrease module usage counts and free resources */ 2158 /* Decrease module usage counts and free resources */
2156 loc_cpu_entry = private->entries[raw_smp_processor_id()]; 2159 loc_cpu_entry = private->entries[raw_smp_processor_id()];
2157 IP6T_ENTRY_ITERATE(loc_cpu_entry, private->size, cleanup_entry, NULL); 2160 IP6T_ENTRY_ITERATE(loc_cpu_entry, private->size, cleanup_entry, net, NULL);
2158 if (private->number > private->initial_entries) 2161 if (private->number > private->initial_entries)
2159 module_put(table_owner); 2162 module_put(table_owner);
2160 xt_free_table_info(private); 2163 xt_free_table_info(private);
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
index ad378efd0eb8..33ddfe53e18d 100644
--- a/net/ipv6/netfilter/ip6table_filter.c
+++ b/net/ipv6/netfilter/ip6table_filter.c
@@ -131,7 +131,7 @@ static int __net_init ip6table_filter_net_init(struct net *net)
131 131
132static void __net_exit ip6table_filter_net_exit(struct net *net) 132static void __net_exit ip6table_filter_net_exit(struct net *net)
133{ 133{
134 ip6t_unregister_table(net->ipv6.ip6table_filter); 134 ip6t_unregister_table(net, net->ipv6.ip6table_filter);
135} 135}
136 136
137static struct pernet_operations ip6table_filter_net_ops = { 137static struct pernet_operations ip6table_filter_net_ops = {
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c
index a929c19d30e3..9bc483f000e5 100644
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -182,7 +182,7 @@ static int __net_init ip6table_mangle_net_init(struct net *net)
182 182
183static void __net_exit ip6table_mangle_net_exit(struct net *net) 183static void __net_exit ip6table_mangle_net_exit(struct net *net)
184{ 184{
185 ip6t_unregister_table(net->ipv6.ip6table_mangle); 185 ip6t_unregister_table(net, net->ipv6.ip6table_mangle);
186} 186}
187 187
188static struct pernet_operations ip6table_mangle_net_ops = { 188static struct pernet_operations ip6table_mangle_net_ops = {
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c
index ed1a1180f3b3..4c90b552e433 100644
--- a/net/ipv6/netfilter/ip6table_raw.c
+++ b/net/ipv6/netfilter/ip6table_raw.c
@@ -94,7 +94,7 @@ static int __net_init ip6table_raw_net_init(struct net *net)
94 94
95static void __net_exit ip6table_raw_net_exit(struct net *net) 95static void __net_exit ip6table_raw_net_exit(struct net *net)
96{ 96{
97 ip6t_unregister_table(net->ipv6.ip6table_raw); 97 ip6t_unregister_table(net, net->ipv6.ip6table_raw);
98} 98}
99 99
100static struct pernet_operations ip6table_raw_net_ops = { 100static struct pernet_operations ip6table_raw_net_ops = {
diff --git a/net/ipv6/netfilter/ip6table_security.c b/net/ipv6/netfilter/ip6table_security.c
index 41b444c60934..baa8d4ef3b0a 100644
--- a/net/ipv6/netfilter/ip6table_security.c
+++ b/net/ipv6/netfilter/ip6table_security.c
@@ -134,7 +134,7 @@ static int __net_init ip6table_security_net_init(struct net *net)
134 134
135static void __net_exit ip6table_security_net_exit(struct net *net) 135static void __net_exit ip6table_security_net_exit(struct net *net)
136{ 136{
137 ip6t_unregister_table(net->ipv6.ip6table_security); 137 ip6t_unregister_table(net, net->ipv6.ip6table_security);
138} 138}
139 139
140static struct pernet_operations ip6table_security_net_ops = { 140static struct pernet_operations ip6table_security_net_ops = {