diff options
-rw-r--r-- | net/ipv4/netfilter/arp_tables.c | 41 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 65 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 64 |
3 files changed, 78 insertions, 92 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 8cc56d26e937..03352fcba172 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c | |||
@@ -1828,22 +1828,23 @@ void arpt_unregister_table(struct xt_table *table) | |||
1828 | } | 1828 | } |
1829 | 1829 | ||
1830 | /* The built-in targets: standard (NULL) and error. */ | 1830 | /* The built-in targets: standard (NULL) and error. */ |
1831 | static struct xt_target arpt_standard_target __read_mostly = { | 1831 | static struct xt_target arpt_builtin_tg[] __read_mostly = { |
1832 | .name = ARPT_STANDARD_TARGET, | 1832 | { |
1833 | .targetsize = sizeof(int), | 1833 | .name = ARPT_STANDARD_TARGET, |
1834 | .family = NFPROTO_ARP, | 1834 | .targetsize = sizeof(int), |
1835 | .family = NFPROTO_ARP, | ||
1835 | #ifdef CONFIG_COMPAT | 1836 | #ifdef CONFIG_COMPAT |
1836 | .compatsize = sizeof(compat_int_t), | 1837 | .compatsize = sizeof(compat_int_t), |
1837 | .compat_from_user = compat_standard_from_user, | 1838 | .compat_from_user = compat_standard_from_user, |
1838 | .compat_to_user = compat_standard_to_user, | 1839 | .compat_to_user = compat_standard_to_user, |
1839 | #endif | 1840 | #endif |
1840 | }; | 1841 | }, |
1841 | 1842 | { | |
1842 | static struct xt_target arpt_error_target __read_mostly = { | 1843 | .name = ARPT_ERROR_TARGET, |
1843 | .name = ARPT_ERROR_TARGET, | 1844 | .target = arpt_error, |
1844 | .target = arpt_error, | 1845 | .targetsize = ARPT_FUNCTION_MAXNAMELEN, |
1845 | .targetsize = ARPT_FUNCTION_MAXNAMELEN, | 1846 | .family = NFPROTO_ARP, |
1846 | .family = NFPROTO_ARP, | 1847 | }, |
1847 | }; | 1848 | }; |
1848 | 1849 | ||
1849 | static struct nf_sockopt_ops arpt_sockopts = { | 1850 | static struct nf_sockopt_ops arpt_sockopts = { |
@@ -1887,12 +1888,9 @@ static int __init arp_tables_init(void) | |||
1887 | goto err1; | 1888 | goto err1; |
1888 | 1889 | ||
1889 | /* Noone else will be downing sem now, so we won't sleep */ | 1890 | /* Noone else will be downing sem now, so we won't sleep */ |
1890 | ret = xt_register_target(&arpt_standard_target); | 1891 | ret = xt_register_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg)); |
1891 | if (ret < 0) | 1892 | if (ret < 0) |
1892 | goto err2; | 1893 | goto err2; |
1893 | ret = xt_register_target(&arpt_error_target); | ||
1894 | if (ret < 0) | ||
1895 | goto err3; | ||
1896 | 1894 | ||
1897 | /* Register setsockopt */ | 1895 | /* Register setsockopt */ |
1898 | ret = nf_register_sockopt(&arpt_sockopts); | 1896 | ret = nf_register_sockopt(&arpt_sockopts); |
@@ -1903,9 +1901,7 @@ static int __init arp_tables_init(void) | |||
1903 | return 0; | 1901 | return 0; |
1904 | 1902 | ||
1905 | err4: | 1903 | err4: |
1906 | xt_unregister_target(&arpt_error_target); | 1904 | xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg)); |
1907 | err3: | ||
1908 | xt_unregister_target(&arpt_standard_target); | ||
1909 | err2: | 1905 | err2: |
1910 | unregister_pernet_subsys(&arp_tables_net_ops); | 1906 | unregister_pernet_subsys(&arp_tables_net_ops); |
1911 | err1: | 1907 | err1: |
@@ -1915,8 +1911,7 @@ err1: | |||
1915 | static void __exit arp_tables_fini(void) | 1911 | static void __exit arp_tables_fini(void) |
1916 | { | 1912 | { |
1917 | nf_unregister_sockopt(&arpt_sockopts); | 1913 | nf_unregister_sockopt(&arpt_sockopts); |
1918 | xt_unregister_target(&arpt_error_target); | 1914 | xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg)); |
1919 | xt_unregister_target(&arpt_standard_target); | ||
1920 | unregister_pernet_subsys(&arp_tables_net_ops); | 1915 | unregister_pernet_subsys(&arp_tables_net_ops); |
1921 | } | 1916 | } |
1922 | 1917 | ||
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 607f89f16b76..49b9e4fb5460 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
@@ -2172,23 +2172,23 @@ static int icmp_checkentry(const struct xt_mtchk_param *par) | |||
2172 | return (icmpinfo->invflags & ~IPT_ICMP_INV) ? -EINVAL : 0; | 2172 | return (icmpinfo->invflags & ~IPT_ICMP_INV) ? -EINVAL : 0; |
2173 | } | 2173 | } |
2174 | 2174 | ||
2175 | /* The built-in targets: standard (NULL) and error. */ | 2175 | static struct xt_target ipt_builtin_tg[] __read_mostly = { |
2176 | static struct xt_target ipt_standard_target __read_mostly = { | 2176 | { |
2177 | .name = IPT_STANDARD_TARGET, | 2177 | .name = IPT_STANDARD_TARGET, |
2178 | .targetsize = sizeof(int), | 2178 | .targetsize = sizeof(int), |
2179 | .family = NFPROTO_IPV4, | 2179 | .family = NFPROTO_IPV4, |
2180 | #ifdef CONFIG_COMPAT | 2180 | #ifdef CONFIG_COMPAT |
2181 | .compatsize = sizeof(compat_int_t), | 2181 | .compatsize = sizeof(compat_int_t), |
2182 | .compat_from_user = compat_standard_from_user, | 2182 | .compat_from_user = compat_standard_from_user, |
2183 | .compat_to_user = compat_standard_to_user, | 2183 | .compat_to_user = compat_standard_to_user, |
2184 | #endif | 2184 | #endif |
2185 | }; | 2185 | }, |
2186 | 2186 | { | |
2187 | static struct xt_target ipt_error_target __read_mostly = { | 2187 | .name = IPT_ERROR_TARGET, |
2188 | .name = IPT_ERROR_TARGET, | 2188 | .target = ipt_error, |
2189 | .target = ipt_error, | 2189 | .targetsize = IPT_FUNCTION_MAXNAMELEN, |
2190 | .targetsize = IPT_FUNCTION_MAXNAMELEN, | 2190 | .family = NFPROTO_IPV4, |
2191 | .family = NFPROTO_IPV4, | 2191 | }, |
2192 | }; | 2192 | }; |
2193 | 2193 | ||
2194 | static struct nf_sockopt_ops ipt_sockopts = { | 2194 | static struct nf_sockopt_ops ipt_sockopts = { |
@@ -2208,13 +2208,15 @@ static struct nf_sockopt_ops ipt_sockopts = { | |||
2208 | .owner = THIS_MODULE, | 2208 | .owner = THIS_MODULE, |
2209 | }; | 2209 | }; |
2210 | 2210 | ||
2211 | static struct xt_match icmp_matchstruct __read_mostly = { | 2211 | static struct xt_match ipt_builtin_mt[] __read_mostly = { |
2212 | .name = "icmp", | 2212 | { |
2213 | .match = icmp_match, | 2213 | .name = "icmp", |
2214 | .matchsize = sizeof(struct ipt_icmp), | 2214 | .match = icmp_match, |
2215 | .checkentry = icmp_checkentry, | 2215 | .matchsize = sizeof(struct ipt_icmp), |
2216 | .proto = IPPROTO_ICMP, | 2216 | .checkentry = icmp_checkentry, |
2217 | .family = NFPROTO_IPV4, | 2217 | .proto = IPPROTO_ICMP, |
2218 | .family = NFPROTO_IPV4, | ||
2219 | }, | ||
2218 | }; | 2220 | }; |
2219 | 2221 | ||
2220 | static int __net_init ip_tables_net_init(struct net *net) | 2222 | static int __net_init ip_tables_net_init(struct net *net) |
@@ -2241,13 +2243,10 @@ static int __init ip_tables_init(void) | |||
2241 | goto err1; | 2243 | goto err1; |
2242 | 2244 | ||
2243 | /* Noone else will be downing sem now, so we won't sleep */ | 2245 | /* Noone else will be downing sem now, so we won't sleep */ |
2244 | ret = xt_register_target(&ipt_standard_target); | 2246 | ret = xt_register_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg)); |
2245 | if (ret < 0) | 2247 | if (ret < 0) |
2246 | goto err2; | 2248 | goto err2; |
2247 | ret = xt_register_target(&ipt_error_target); | 2249 | ret = xt_register_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt)); |
2248 | if (ret < 0) | ||
2249 | goto err3; | ||
2250 | ret = xt_register_match(&icmp_matchstruct); | ||
2251 | if (ret < 0) | 2250 | if (ret < 0) |
2252 | goto err4; | 2251 | goto err4; |
2253 | 2252 | ||
@@ -2260,11 +2259,9 @@ static int __init ip_tables_init(void) | |||
2260 | return 0; | 2259 | return 0; |
2261 | 2260 | ||
2262 | err5: | 2261 | err5: |
2263 | xt_unregister_match(&icmp_matchstruct); | 2262 | xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt)); |
2264 | err4: | 2263 | err4: |
2265 | xt_unregister_target(&ipt_error_target); | 2264 | xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg)); |
2266 | err3: | ||
2267 | xt_unregister_target(&ipt_standard_target); | ||
2268 | err2: | 2265 | err2: |
2269 | unregister_pernet_subsys(&ip_tables_net_ops); | 2266 | unregister_pernet_subsys(&ip_tables_net_ops); |
2270 | err1: | 2267 | err1: |
@@ -2275,10 +2272,8 @@ static void __exit ip_tables_fini(void) | |||
2275 | { | 2272 | { |
2276 | nf_unregister_sockopt(&ipt_sockopts); | 2273 | nf_unregister_sockopt(&ipt_sockopts); |
2277 | 2274 | ||
2278 | xt_unregister_match(&icmp_matchstruct); | 2275 | xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt)); |
2279 | xt_unregister_target(&ipt_error_target); | 2276 | xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg)); |
2280 | xt_unregister_target(&ipt_standard_target); | ||
2281 | |||
2282 | unregister_pernet_subsys(&ip_tables_net_ops); | 2277 | unregister_pernet_subsys(&ip_tables_net_ops); |
2283 | } | 2278 | } |
2284 | 2279 | ||
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 557fac9689c0..56782336474f 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
@@ -2190,22 +2190,23 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par) | |||
2190 | } | 2190 | } |
2191 | 2191 | ||
2192 | /* The built-in targets: standard (NULL) and error. */ | 2192 | /* The built-in targets: standard (NULL) and error. */ |
2193 | static struct xt_target ip6t_standard_target __read_mostly = { | 2193 | static struct xt_target ip6t_builtin_tg[] __read_mostly = { |
2194 | .name = IP6T_STANDARD_TARGET, | 2194 | { |
2195 | .targetsize = sizeof(int), | 2195 | .name = IP6T_STANDARD_TARGET, |
2196 | .family = NFPROTO_IPV6, | 2196 | .targetsize = sizeof(int), |
2197 | .family = NFPROTO_IPV6, | ||
2197 | #ifdef CONFIG_COMPAT | 2198 | #ifdef CONFIG_COMPAT |
2198 | .compatsize = sizeof(compat_int_t), | 2199 | .compatsize = sizeof(compat_int_t), |
2199 | .compat_from_user = compat_standard_from_user, | 2200 | .compat_from_user = compat_standard_from_user, |
2200 | .compat_to_user = compat_standard_to_user, | 2201 | .compat_to_user = compat_standard_to_user, |
2201 | #endif | 2202 | #endif |
2202 | }; | 2203 | }, |
2203 | 2204 | { | |
2204 | static struct xt_target ip6t_error_target __read_mostly = { | 2205 | .name = IP6T_ERROR_TARGET, |
2205 | .name = IP6T_ERROR_TARGET, | 2206 | .target = ip6t_error, |
2206 | .target = ip6t_error, | 2207 | .targetsize = IP6T_FUNCTION_MAXNAMELEN, |
2207 | .targetsize = IP6T_FUNCTION_MAXNAMELEN, | 2208 | .family = NFPROTO_IPV6, |
2208 | .family = NFPROTO_IPV6, | 2209 | }, |
2209 | }; | 2210 | }; |
2210 | 2211 | ||
2211 | static struct nf_sockopt_ops ip6t_sockopts = { | 2212 | static struct nf_sockopt_ops ip6t_sockopts = { |
@@ -2225,13 +2226,15 @@ static struct nf_sockopt_ops ip6t_sockopts = { | |||
2225 | .owner = THIS_MODULE, | 2226 | .owner = THIS_MODULE, |
2226 | }; | 2227 | }; |
2227 | 2228 | ||
2228 | static struct xt_match icmp6_matchstruct __read_mostly = { | 2229 | static struct xt_match ip6t_builtin_mt[] __read_mostly = { |
2229 | .name = "icmp6", | 2230 | { |
2230 | .match = icmp6_match, | 2231 | .name = "icmp6", |
2231 | .matchsize = sizeof(struct ip6t_icmp), | 2232 | .match = icmp6_match, |
2232 | .checkentry = icmp6_checkentry, | 2233 | .matchsize = sizeof(struct ip6t_icmp), |
2233 | .proto = IPPROTO_ICMPV6, | 2234 | .checkentry = icmp6_checkentry, |
2234 | .family = NFPROTO_IPV6, | 2235 | .proto = IPPROTO_ICMPV6, |
2236 | .family = NFPROTO_IPV6, | ||
2237 | }, | ||
2235 | }; | 2238 | }; |
2236 | 2239 | ||
2237 | static int __net_init ip6_tables_net_init(struct net *net) | 2240 | static int __net_init ip6_tables_net_init(struct net *net) |
@@ -2258,13 +2261,10 @@ static int __init ip6_tables_init(void) | |||
2258 | goto err1; | 2261 | goto err1; |
2259 | 2262 | ||
2260 | /* Noone else will be downing sem now, so we won't sleep */ | 2263 | /* Noone else will be downing sem now, so we won't sleep */ |
2261 | ret = xt_register_target(&ip6t_standard_target); | 2264 | ret = xt_register_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg)); |
2262 | if (ret < 0) | 2265 | if (ret < 0) |
2263 | goto err2; | 2266 | goto err2; |
2264 | ret = xt_register_target(&ip6t_error_target); | 2267 | ret = xt_register_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt)); |
2265 | if (ret < 0) | ||
2266 | goto err3; | ||
2267 | ret = xt_register_match(&icmp6_matchstruct); | ||
2268 | if (ret < 0) | 2268 | if (ret < 0) |
2269 | goto err4; | 2269 | goto err4; |
2270 | 2270 | ||
@@ -2277,11 +2277,9 @@ static int __init ip6_tables_init(void) | |||
2277 | return 0; | 2277 | return 0; |
2278 | 2278 | ||
2279 | err5: | 2279 | err5: |
2280 | xt_unregister_match(&icmp6_matchstruct); | 2280 | xt_unregister_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt)); |
2281 | err4: | 2281 | err4: |
2282 | xt_unregister_target(&ip6t_error_target); | 2282 | xt_unregister_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg)); |
2283 | err3: | ||
2284 | xt_unregister_target(&ip6t_standard_target); | ||
2285 | err2: | 2283 | err2: |
2286 | unregister_pernet_subsys(&ip6_tables_net_ops); | 2284 | unregister_pernet_subsys(&ip6_tables_net_ops); |
2287 | err1: | 2285 | err1: |
@@ -2292,10 +2290,8 @@ static void __exit ip6_tables_fini(void) | |||
2292 | { | 2290 | { |
2293 | nf_unregister_sockopt(&ip6t_sockopts); | 2291 | nf_unregister_sockopt(&ip6t_sockopts); |
2294 | 2292 | ||
2295 | xt_unregister_match(&icmp6_matchstruct); | 2293 | xt_unregister_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt)); |
2296 | xt_unregister_target(&ip6t_error_target); | 2294 | xt_unregister_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg)); |
2297 | xt_unregister_target(&ip6t_standard_target); | ||
2298 | |||
2299 | unregister_pernet_subsys(&ip6_tables_net_ops); | 2295 | unregister_pernet_subsys(&ip6_tables_net_ops); |
2300 | } | 2296 | } |
2301 | 2297 | ||