aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/ipv4/netfilter/arp_tables.c41
-rw-r--r--net/ipv4/netfilter/ip_tables.c65
-rw-r--r--net/ipv6/netfilter/ip6_tables.c64
3 files changed, 78 insertions, 92 deletions
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 8cc56d26e937..03352fcba172 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -1828,22 +1828,23 @@ void arpt_unregister_table(struct xt_table *table)
1828} 1828}
1829 1829
1830/* The built-in targets: standard (NULL) and error. */ 1830/* The built-in targets: standard (NULL) and error. */
1831static struct xt_target arpt_standard_target __read_mostly = { 1831static struct xt_target arpt_builtin_tg[] __read_mostly = {
1832 .name = ARPT_STANDARD_TARGET, 1832 {
1833 .targetsize = sizeof(int), 1833 .name = ARPT_STANDARD_TARGET,
1834 .family = NFPROTO_ARP, 1834 .targetsize = sizeof(int),
1835 .family = NFPROTO_ARP,
1835#ifdef CONFIG_COMPAT 1836#ifdef CONFIG_COMPAT
1836 .compatsize = sizeof(compat_int_t), 1837 .compatsize = sizeof(compat_int_t),
1837 .compat_from_user = compat_standard_from_user, 1838 .compat_from_user = compat_standard_from_user,
1838 .compat_to_user = compat_standard_to_user, 1839 .compat_to_user = compat_standard_to_user,
1839#endif 1840#endif
1840}; 1841 },
1841 1842 {
1842static struct xt_target arpt_error_target __read_mostly = { 1843 .name = ARPT_ERROR_TARGET,
1843 .name = ARPT_ERROR_TARGET, 1844 .target = arpt_error,
1844 .target = arpt_error, 1845 .targetsize = ARPT_FUNCTION_MAXNAMELEN,
1845 .targetsize = ARPT_FUNCTION_MAXNAMELEN, 1846 .family = NFPROTO_ARP,
1846 .family = NFPROTO_ARP, 1847 },
1847}; 1848};
1848 1849
1849static struct nf_sockopt_ops arpt_sockopts = { 1850static struct nf_sockopt_ops arpt_sockopts = {
@@ -1887,12 +1888,9 @@ static int __init arp_tables_init(void)
1887 goto err1; 1888 goto err1;
1888 1889
1889 /* Noone else will be downing sem now, so we won't sleep */ 1890 /* Noone else will be downing sem now, so we won't sleep */
1890 ret = xt_register_target(&arpt_standard_target); 1891 ret = xt_register_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
1891 if (ret < 0) 1892 if (ret < 0)
1892 goto err2; 1893 goto err2;
1893 ret = xt_register_target(&arpt_error_target);
1894 if (ret < 0)
1895 goto err3;
1896 1894
1897 /* Register setsockopt */ 1895 /* Register setsockopt */
1898 ret = nf_register_sockopt(&arpt_sockopts); 1896 ret = nf_register_sockopt(&arpt_sockopts);
@@ -1903,9 +1901,7 @@ static int __init arp_tables_init(void)
1903 return 0; 1901 return 0;
1904 1902
1905err4: 1903err4:
1906 xt_unregister_target(&arpt_error_target); 1904 xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
1907err3:
1908 xt_unregister_target(&arpt_standard_target);
1909err2: 1905err2:
1910 unregister_pernet_subsys(&arp_tables_net_ops); 1906 unregister_pernet_subsys(&arp_tables_net_ops);
1911err1: 1907err1:
@@ -1915,8 +1911,7 @@ err1:
1915static void __exit arp_tables_fini(void) 1911static void __exit arp_tables_fini(void)
1916{ 1912{
1917 nf_unregister_sockopt(&arpt_sockopts); 1913 nf_unregister_sockopt(&arpt_sockopts);
1918 xt_unregister_target(&arpt_error_target); 1914 xt_unregister_targets(arpt_builtin_tg, ARRAY_SIZE(arpt_builtin_tg));
1919 xt_unregister_target(&arpt_standard_target);
1920 unregister_pernet_subsys(&arp_tables_net_ops); 1915 unregister_pernet_subsys(&arp_tables_net_ops);
1921} 1916}
1922 1917
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 607f89f16b76..49b9e4fb5460 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -2172,23 +2172,23 @@ static int icmp_checkentry(const struct xt_mtchk_param *par)
2172 return (icmpinfo->invflags & ~IPT_ICMP_INV) ? -EINVAL : 0; 2172 return (icmpinfo->invflags & ~IPT_ICMP_INV) ? -EINVAL : 0;
2173} 2173}
2174 2174
2175/* The built-in targets: standard (NULL) and error. */ 2175static struct xt_target ipt_builtin_tg[] __read_mostly = {
2176static struct xt_target ipt_standard_target __read_mostly = { 2176 {
2177 .name = IPT_STANDARD_TARGET, 2177 .name = IPT_STANDARD_TARGET,
2178 .targetsize = sizeof(int), 2178 .targetsize = sizeof(int),
2179 .family = NFPROTO_IPV4, 2179 .family = NFPROTO_IPV4,
2180#ifdef CONFIG_COMPAT 2180#ifdef CONFIG_COMPAT
2181 .compatsize = sizeof(compat_int_t), 2181 .compatsize = sizeof(compat_int_t),
2182 .compat_from_user = compat_standard_from_user, 2182 .compat_from_user = compat_standard_from_user,
2183 .compat_to_user = compat_standard_to_user, 2183 .compat_to_user = compat_standard_to_user,
2184#endif 2184#endif
2185}; 2185 },
2186 2186 {
2187static struct xt_target ipt_error_target __read_mostly = { 2187 .name = IPT_ERROR_TARGET,
2188 .name = IPT_ERROR_TARGET, 2188 .target = ipt_error,
2189 .target = ipt_error, 2189 .targetsize = IPT_FUNCTION_MAXNAMELEN,
2190 .targetsize = IPT_FUNCTION_MAXNAMELEN, 2190 .family = NFPROTO_IPV4,
2191 .family = NFPROTO_IPV4, 2191 },
2192}; 2192};
2193 2193
2194static struct nf_sockopt_ops ipt_sockopts = { 2194static struct nf_sockopt_ops ipt_sockopts = {
@@ -2208,13 +2208,15 @@ static struct nf_sockopt_ops ipt_sockopts = {
2208 .owner = THIS_MODULE, 2208 .owner = THIS_MODULE,
2209}; 2209};
2210 2210
2211static struct xt_match icmp_matchstruct __read_mostly = { 2211static struct xt_match ipt_builtin_mt[] __read_mostly = {
2212 .name = "icmp", 2212 {
2213 .match = icmp_match, 2213 .name = "icmp",
2214 .matchsize = sizeof(struct ipt_icmp), 2214 .match = icmp_match,
2215 .checkentry = icmp_checkentry, 2215 .matchsize = sizeof(struct ipt_icmp),
2216 .proto = IPPROTO_ICMP, 2216 .checkentry = icmp_checkentry,
2217 .family = NFPROTO_IPV4, 2217 .proto = IPPROTO_ICMP,
2218 .family = NFPROTO_IPV4,
2219 },
2218}; 2220};
2219 2221
2220static int __net_init ip_tables_net_init(struct net *net) 2222static int __net_init ip_tables_net_init(struct net *net)
@@ -2241,13 +2243,10 @@ static int __init ip_tables_init(void)
2241 goto err1; 2243 goto err1;
2242 2244
2243 /* Noone else will be downing sem now, so we won't sleep */ 2245 /* Noone else will be downing sem now, so we won't sleep */
2244 ret = xt_register_target(&ipt_standard_target); 2246 ret = xt_register_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg));
2245 if (ret < 0) 2247 if (ret < 0)
2246 goto err2; 2248 goto err2;
2247 ret = xt_register_target(&ipt_error_target); 2249 ret = xt_register_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt));
2248 if (ret < 0)
2249 goto err3;
2250 ret = xt_register_match(&icmp_matchstruct);
2251 if (ret < 0) 2250 if (ret < 0)
2252 goto err4; 2251 goto err4;
2253 2252
@@ -2260,11 +2259,9 @@ static int __init ip_tables_init(void)
2260 return 0; 2259 return 0;
2261 2260
2262err5: 2261err5:
2263 xt_unregister_match(&icmp_matchstruct); 2262 xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt));
2264err4: 2263err4:
2265 xt_unregister_target(&ipt_error_target); 2264 xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg));
2266err3:
2267 xt_unregister_target(&ipt_standard_target);
2268err2: 2265err2:
2269 unregister_pernet_subsys(&ip_tables_net_ops); 2266 unregister_pernet_subsys(&ip_tables_net_ops);
2270err1: 2267err1:
@@ -2275,10 +2272,8 @@ static void __exit ip_tables_fini(void)
2275{ 2272{
2276 nf_unregister_sockopt(&ipt_sockopts); 2273 nf_unregister_sockopt(&ipt_sockopts);
2277 2274
2278 xt_unregister_match(&icmp_matchstruct); 2275 xt_unregister_matches(ipt_builtin_mt, ARRAY_SIZE(ipt_builtin_mt));
2279 xt_unregister_target(&ipt_error_target); 2276 xt_unregister_targets(ipt_builtin_tg, ARRAY_SIZE(ipt_builtin_tg));
2280 xt_unregister_target(&ipt_standard_target);
2281
2282 unregister_pernet_subsys(&ip_tables_net_ops); 2277 unregister_pernet_subsys(&ip_tables_net_ops);
2283} 2278}
2284 2279
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 557fac9689c0..56782336474f 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -2190,22 +2190,23 @@ static int icmp6_checkentry(const struct xt_mtchk_param *par)
2190} 2190}
2191 2191
2192/* The built-in targets: standard (NULL) and error. */ 2192/* The built-in targets: standard (NULL) and error. */
2193static struct xt_target ip6t_standard_target __read_mostly = { 2193static struct xt_target ip6t_builtin_tg[] __read_mostly = {
2194 .name = IP6T_STANDARD_TARGET, 2194 {
2195 .targetsize = sizeof(int), 2195 .name = IP6T_STANDARD_TARGET,
2196 .family = NFPROTO_IPV6, 2196 .targetsize = sizeof(int),
2197 .family = NFPROTO_IPV6,
2197#ifdef CONFIG_COMPAT 2198#ifdef CONFIG_COMPAT
2198 .compatsize = sizeof(compat_int_t), 2199 .compatsize = sizeof(compat_int_t),
2199 .compat_from_user = compat_standard_from_user, 2200 .compat_from_user = compat_standard_from_user,
2200 .compat_to_user = compat_standard_to_user, 2201 .compat_to_user = compat_standard_to_user,
2201#endif 2202#endif
2202}; 2203 },
2203 2204 {
2204static struct xt_target ip6t_error_target __read_mostly = { 2205 .name = IP6T_ERROR_TARGET,
2205 .name = IP6T_ERROR_TARGET, 2206 .target = ip6t_error,
2206 .target = ip6t_error, 2207 .targetsize = IP6T_FUNCTION_MAXNAMELEN,
2207 .targetsize = IP6T_FUNCTION_MAXNAMELEN, 2208 .family = NFPROTO_IPV6,
2208 .family = NFPROTO_IPV6, 2209 },
2209}; 2210};
2210 2211
2211static struct nf_sockopt_ops ip6t_sockopts = { 2212static struct nf_sockopt_ops ip6t_sockopts = {
@@ -2225,13 +2226,15 @@ static struct nf_sockopt_ops ip6t_sockopts = {
2225 .owner = THIS_MODULE, 2226 .owner = THIS_MODULE,
2226}; 2227};
2227 2228
2228static struct xt_match icmp6_matchstruct __read_mostly = { 2229static struct xt_match ip6t_builtin_mt[] __read_mostly = {
2229 .name = "icmp6", 2230 {
2230 .match = icmp6_match, 2231 .name = "icmp6",
2231 .matchsize = sizeof(struct ip6t_icmp), 2232 .match = icmp6_match,
2232 .checkentry = icmp6_checkentry, 2233 .matchsize = sizeof(struct ip6t_icmp),
2233 .proto = IPPROTO_ICMPV6, 2234 .checkentry = icmp6_checkentry,
2234 .family = NFPROTO_IPV6, 2235 .proto = IPPROTO_ICMPV6,
2236 .family = NFPROTO_IPV6,
2237 },
2235}; 2238};
2236 2239
2237static int __net_init ip6_tables_net_init(struct net *net) 2240static int __net_init ip6_tables_net_init(struct net *net)
@@ -2258,13 +2261,10 @@ static int __init ip6_tables_init(void)
2258 goto err1; 2261 goto err1;
2259 2262
2260 /* Noone else will be downing sem now, so we won't sleep */ 2263 /* Noone else will be downing sem now, so we won't sleep */
2261 ret = xt_register_target(&ip6t_standard_target); 2264 ret = xt_register_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg));
2262 if (ret < 0) 2265 if (ret < 0)
2263 goto err2; 2266 goto err2;
2264 ret = xt_register_target(&ip6t_error_target); 2267 ret = xt_register_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt));
2265 if (ret < 0)
2266 goto err3;
2267 ret = xt_register_match(&icmp6_matchstruct);
2268 if (ret < 0) 2268 if (ret < 0)
2269 goto err4; 2269 goto err4;
2270 2270
@@ -2277,11 +2277,9 @@ static int __init ip6_tables_init(void)
2277 return 0; 2277 return 0;
2278 2278
2279err5: 2279err5:
2280 xt_unregister_match(&icmp6_matchstruct); 2280 xt_unregister_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt));
2281err4: 2281err4:
2282 xt_unregister_target(&ip6t_error_target); 2282 xt_unregister_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg));
2283err3:
2284 xt_unregister_target(&ip6t_standard_target);
2285err2: 2283err2:
2286 unregister_pernet_subsys(&ip6_tables_net_ops); 2284 unregister_pernet_subsys(&ip6_tables_net_ops);
2287err1: 2285err1:
@@ -2292,10 +2290,8 @@ static void __exit ip6_tables_fini(void)
2292{ 2290{
2293 nf_unregister_sockopt(&ip6t_sockopts); 2291 nf_unregister_sockopt(&ip6t_sockopts);
2294 2292
2295 xt_unregister_match(&icmp6_matchstruct); 2293 xt_unregister_matches(ip6t_builtin_mt, ARRAY_SIZE(ip6t_builtin_mt));
2296 xt_unregister_target(&ip6t_error_target); 2294 xt_unregister_targets(ip6t_builtin_tg, ARRAY_SIZE(ip6t_builtin_tg));
2297 xt_unregister_target(&ip6t_standard_target);
2298
2299 unregister_pernet_subsys(&ip6_tables_net_ops); 2295 unregister_pernet_subsys(&ip6_tables_net_ops);
2300} 2296}
2301 2297