diff options
| -rw-r--r-- | include/linux/netfilter/x_tables.h | 8 | ||||
| -rw-r--r-- | net/bridge/netfilter/ebtables.c | 20 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_tables.c | 10 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 10 | ||||
| -rw-r--r-- | net/netfilter/xt_connbytes.c | 4 | ||||
| -rw-r--r-- | net/netfilter/xt_connlimit.c | 7 | ||||
| -rw-r--r-- | net/netfilter/xt_connmark.c | 5 | ||||
| -rw-r--r-- | net/netfilter/xt_conntrack.c | 5 | ||||
| -rw-r--r-- | net/netfilter/xt_hashlimit.c | 9 | ||||
| -rw-r--r-- | net/netfilter/xt_helper.c | 4 | ||||
| -rw-r--r-- | net/netfilter/xt_rateest.c | 5 | ||||
| -rw-r--r-- | net/netfilter/xt_recent.c | 4 | ||||
| -rw-r--r-- | net/netfilter/xt_state.c | 4 | ||||
| -rw-r--r-- | net/netfilter/xt_string.c | 4 |
14 files changed, 56 insertions, 43 deletions
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h index 763a704ce83f..c79c88380149 100644 --- a/include/linux/netfilter/x_tables.h +++ b/include/linux/netfilter/x_tables.h | |||
| @@ -212,6 +212,12 @@ struct xt_mtchk_param { | |||
| 212 | unsigned int hook_mask; | 212 | unsigned int hook_mask; |
| 213 | }; | 213 | }; |
| 214 | 214 | ||
| 215 | /* Match destructor parameters */ | ||
| 216 | struct xt_mtdtor_param { | ||
| 217 | const struct xt_match *match; | ||
| 218 | void *matchinfo; | ||
| 219 | }; | ||
| 220 | |||
| 215 | struct xt_match | 221 | struct xt_match |
| 216 | { | 222 | { |
| 217 | struct list_head list; | 223 | struct list_head list; |
| @@ -230,7 +236,7 @@ struct xt_match | |||
| 230 | bool (*checkentry)(const struct xt_mtchk_param *); | 236 | bool (*checkentry)(const struct xt_mtchk_param *); |
| 231 | 237 | ||
| 232 | /* Called when entry of this type deleted. */ | 238 | /* Called when entry of this type deleted. */ |
| 233 | void (*destroy)(const struct xt_match *match, void *matchinfo); | 239 | void (*destroy)(const struct xt_mtdtor_param *); |
| 234 | 240 | ||
| 235 | /* Called when userspace align differs from kernel space one */ | 241 | /* Called when userspace align differs from kernel space one */ |
| 236 | void (*compat_from_user)(void *dst, void *src); | 242 | void (*compat_from_user)(void *dst, void *src); |
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 5ce37b2f5b84..0320b5203624 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c | |||
| @@ -558,12 +558,16 @@ ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo, | |||
| 558 | static inline int | 558 | static inline int |
| 559 | ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) | 559 | ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) |
| 560 | { | 560 | { |
| 561 | struct xt_mtdtor_param par; | ||
| 562 | |||
| 561 | if (i && (*i)-- == 0) | 563 | if (i && (*i)-- == 0) |
| 562 | return 1; | 564 | return 1; |
| 563 | if (m->u.match->destroy) | ||
| 564 | m->u.match->destroy(m->u.match, m->data); | ||
| 565 | module_put(m->u.match->me); | ||
| 566 | 565 | ||
| 566 | par.match = m->u.match; | ||
| 567 | par.matchinfo = m->data; | ||
| 568 | if (par.match->destroy != NULL) | ||
| 569 | par.match->destroy(&par); | ||
| 570 | module_put(par.match->me); | ||
| 567 | return 0; | 571 | return 0; |
| 568 | } | 572 | } |
| 569 | 573 | ||
| @@ -609,7 +613,7 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, | |||
| 609 | unsigned int i, j, hook = 0, hookmask = 0; | 613 | unsigned int i, j, hook = 0, hookmask = 0; |
| 610 | size_t gap; | 614 | size_t gap; |
| 611 | int ret; | 615 | int ret; |
| 612 | struct xt_mtchk_param par; | 616 | struct xt_mtchk_param mtpar; |
| 613 | 617 | ||
| 614 | /* don't mess with the struct ebt_entries */ | 618 | /* don't mess with the struct ebt_entries */ |
| 615 | if (e->bitmask == 0) | 619 | if (e->bitmask == 0) |
| @@ -651,10 +655,10 @@ ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, | |||
| 651 | } | 655 | } |
| 652 | i = 0; | 656 | i = 0; |
| 653 | 657 | ||
| 654 | par.table = name; | 658 | mtpar.table = name; |
| 655 | par.entryinfo = e; | 659 | mtpar.entryinfo = e; |
| 656 | par.hook_mask = hookmask; | 660 | mtpar.hook_mask = hookmask; |
| 657 | ret = EBT_MATCH_ITERATE(e, ebt_check_match, &par, &i); | 661 | ret = EBT_MATCH_ITERATE(e, ebt_check_match, &mtpar, &i); |
| 658 | if (ret != 0) | 662 | if (ret != 0) |
| 659 | goto cleanup_matches; | 663 | goto cleanup_matches; |
| 660 | j = 0; | 664 | j = 0; |
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 4147298a6a81..12ad4d5c55d6 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c | |||
| @@ -576,12 +576,16 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
| 576 | static int | 576 | static int |
| 577 | cleanup_match(struct ipt_entry_match *m, unsigned int *i) | 577 | cleanup_match(struct ipt_entry_match *m, unsigned int *i) |
| 578 | { | 578 | { |
| 579 | struct xt_mtdtor_param par; | ||
| 580 | |||
| 579 | if (i && (*i)-- == 0) | 581 | if (i && (*i)-- == 0) |
| 580 | return 1; | 582 | return 1; |
| 581 | 583 | ||
| 582 | if (m->u.kernel.match->destroy) | 584 | par.match = m->u.kernel.match; |
| 583 | m->u.kernel.match->destroy(m->u.kernel.match, m->data); | 585 | par.matchinfo = m->data; |
| 584 | module_put(m->u.kernel.match->me); | 586 | if (par.match->destroy != NULL) |
| 587 | par.match->destroy(&par); | ||
| 588 | module_put(par.match->me); | ||
| 585 | return 0; | 589 | return 0; |
| 586 | } | 590 | } |
| 587 | 591 | ||
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 9c843e3777bc..891358e89a2b 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -599,12 +599,16 @@ mark_source_chains(struct xt_table_info *newinfo, | |||
| 599 | static int | 599 | static int |
| 600 | cleanup_match(struct ip6t_entry_match *m, unsigned int *i) | 600 | cleanup_match(struct ip6t_entry_match *m, unsigned int *i) |
| 601 | { | 601 | { |
| 602 | struct xt_mtdtor_param par; | ||
| 603 | |||
| 602 | if (i && (*i)-- == 0) | 604 | if (i && (*i)-- == 0) |
| 603 | return 1; | 605 | return 1; |
| 604 | 606 | ||
| 605 | if (m->u.kernel.match->destroy) | 607 | par.match = m->u.kernel.match; |
| 606 | m->u.kernel.match->destroy(m->u.kernel.match, m->data); | 608 | par.matchinfo = m->data; |
| 607 | module_put(m->u.kernel.match->me); | 609 | if (par.match->destroy != NULL) |
| 610 | par.match->destroy(&par); | ||
| 611 | module_put(par.match->me); | ||
| 608 | return 0; | 612 | return 0; |
| 609 | } | 613 | } |
| 610 | 614 | ||
diff --git a/net/netfilter/xt_connbytes.c b/net/netfilter/xt_connbytes.c index 43a36c728e56..5bf4aa08b0fd 100644 --- a/net/netfilter/xt_connbytes.c +++ b/net/netfilter/xt_connbytes.c | |||
| @@ -115,9 +115,9 @@ static bool connbytes_mt_check(const struct xt_mtchk_param *par) | |||
| 115 | return true; | 115 | return true; |
| 116 | } | 116 | } |
| 117 | 117 | ||
| 118 | static void connbytes_mt_destroy(const struct xt_match *match, void *matchinfo) | 118 | static void connbytes_mt_destroy(const struct xt_mtdtor_param *par) |
| 119 | { | 119 | { |
| 120 | nf_ct_l3proto_module_put(match->family); | 120 | nf_ct_l3proto_module_put(par->match->family); |
| 121 | } | 121 | } |
| 122 | 122 | ||
| 123 | static struct xt_match connbytes_mt_reg[] __read_mostly = { | 123 | static struct xt_match connbytes_mt_reg[] __read_mostly = { |
diff --git a/net/netfilter/xt_connlimit.c b/net/netfilter/xt_connlimit.c index 1361e9919cf2..bfb3ee6c7129 100644 --- a/net/netfilter/xt_connlimit.c +++ b/net/netfilter/xt_connlimit.c | |||
| @@ -246,16 +246,15 @@ static bool connlimit_mt_check(const struct xt_mtchk_param *par) | |||
| 246 | return true; | 246 | return true; |
| 247 | } | 247 | } |
| 248 | 248 | ||
| 249 | static void | 249 | static void connlimit_mt_destroy(const struct xt_mtdtor_param *par) |
| 250 | connlimit_mt_destroy(const struct xt_match *match, void *matchinfo) | ||
| 251 | { | 250 | { |
| 252 | const struct xt_connlimit_info *info = matchinfo; | 251 | const struct xt_connlimit_info *info = par->matchinfo; |
| 253 | struct xt_connlimit_conn *conn; | 252 | struct xt_connlimit_conn *conn; |
| 254 | struct xt_connlimit_conn *tmp; | 253 | struct xt_connlimit_conn *tmp; |
| 255 | struct list_head *hash = info->data->iphash; | 254 | struct list_head *hash = info->data->iphash; |
| 256 | unsigned int i; | 255 | unsigned int i; |
| 257 | 256 | ||
| 258 | nf_ct_l3proto_module_put(match->family); | 257 | nf_ct_l3proto_module_put(par->match->family); |
| 259 | 258 | ||
| 260 | for (i = 0; i < ARRAY_SIZE(info->data->iphash); ++i) { | 259 | for (i = 0; i < ARRAY_SIZE(info->data->iphash); ++i) { |
| 261 | list_for_each_entry_safe(conn, tmp, &hash[i], list) { | 260 | list_for_each_entry_safe(conn, tmp, &hash[i], list) { |
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c index b935b7888a90..c708577ea1bf 100644 --- a/net/netfilter/xt_connmark.c +++ b/net/netfilter/xt_connmark.c | |||
| @@ -87,10 +87,9 @@ static bool connmark_mt_check(const struct xt_mtchk_param *par) | |||
| 87 | return true; | 87 | return true; |
| 88 | } | 88 | } |
| 89 | 89 | ||
| 90 | static void | 90 | static void connmark_mt_destroy(const struct xt_mtdtor_param *par) |
| 91 | connmark_mt_destroy(const struct xt_match *match, void *matchinfo) | ||
| 92 | { | 91 | { |
| 93 | nf_ct_l3proto_module_put(match->family); | 92 | nf_ct_l3proto_module_put(par->match->family); |
| 94 | } | 93 | } |
| 95 | 94 | ||
| 96 | #ifdef CONFIG_COMPAT | 95 | #ifdef CONFIG_COMPAT |
diff --git a/net/netfilter/xt_conntrack.c b/net/netfilter/xt_conntrack.c index f04c46a02ce0..5cd58d7fcb1c 100644 --- a/net/netfilter/xt_conntrack.c +++ b/net/netfilter/xt_conntrack.c | |||
| @@ -288,10 +288,9 @@ static bool conntrack_mt_check(const struct xt_mtchk_param *par) | |||
| 288 | return true; | 288 | return true; |
| 289 | } | 289 | } |
| 290 | 290 | ||
| 291 | static void | 291 | static void conntrack_mt_destroy(const struct xt_mtdtor_param *par) |
| 292 | conntrack_mt_destroy(const struct xt_match *match, void *matchinfo) | ||
| 293 | { | 292 | { |
| 294 | nf_ct_l3proto_module_put(match->family); | 293 | nf_ct_l3proto_module_put(par->match->family); |
| 295 | } | 294 | } |
| 296 | 295 | ||
| 297 | #ifdef CONFIG_COMPAT | 296 | #ifdef CONFIG_COMPAT |
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index 2f73820e46d7..6fc4292d46e6 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c | |||
| @@ -748,17 +748,16 @@ static bool hashlimit_mt_check(const struct xt_mtchk_param *par) | |||
| 748 | } | 748 | } |
| 749 | 749 | ||
| 750 | static void | 750 | static void |
| 751 | hashlimit_mt_destroy_v0(const struct xt_match *match, void *matchinfo) | 751 | hashlimit_mt_destroy_v0(const struct xt_mtdtor_param *par) |
| 752 | { | 752 | { |
| 753 | const struct xt_hashlimit_info *r = matchinfo; | 753 | const struct xt_hashlimit_info *r = par->matchinfo; |
| 754 | 754 | ||
| 755 | htable_put(r->hinfo); | 755 | htable_put(r->hinfo); |
| 756 | } | 756 | } |
| 757 | 757 | ||
| 758 | static void | 758 | static void hashlimit_mt_destroy(const struct xt_mtdtor_param *par) |
| 759 | hashlimit_mt_destroy(const struct xt_match *match, void *matchinfo) | ||
| 760 | { | 759 | { |
| 761 | const struct xt_hashlimit_mtinfo1 *info = matchinfo; | 760 | const struct xt_hashlimit_mtinfo1 *info = par->matchinfo; |
| 762 | 761 | ||
| 763 | htable_put(info->hinfo); | 762 | htable_put(info->hinfo); |
| 764 | } | 763 | } |
diff --git a/net/netfilter/xt_helper.c b/net/netfilter/xt_helper.c index 86d3c332fcb8..280c984349f3 100644 --- a/net/netfilter/xt_helper.c +++ b/net/netfilter/xt_helper.c | |||
| @@ -67,9 +67,9 @@ static bool helper_mt_check(const struct xt_mtchk_param *par) | |||
| 67 | return true; | 67 | return true; |
| 68 | } | 68 | } |
| 69 | 69 | ||
| 70 | static void helper_mt_destroy(const struct xt_match *match, void *matchinfo) | 70 | static void helper_mt_destroy(const struct xt_mtdtor_param *par) |
| 71 | { | 71 | { |
| 72 | nf_ct_l3proto_module_put(match->family); | 72 | nf_ct_l3proto_module_put(par->match->family); |
| 73 | } | 73 | } |
| 74 | 74 | ||
| 75 | static struct xt_match helper_mt_reg[] __read_mostly = { | 75 | static struct xt_match helper_mt_reg[] __read_mostly = { |
diff --git a/net/netfilter/xt_rateest.c b/net/netfilter/xt_rateest.c index 4b05ce168a78..220a1d588ee0 100644 --- a/net/netfilter/xt_rateest.c +++ b/net/netfilter/xt_rateest.c | |||
| @@ -117,10 +117,9 @@ err1: | |||
| 117 | return false; | 117 | return false; |
| 118 | } | 118 | } |
| 119 | 119 | ||
| 120 | static void xt_rateest_mt_destroy(const struct xt_match *match, | 120 | static void xt_rateest_mt_destroy(const struct xt_mtdtor_param *par) |
| 121 | void *matchinfo) | ||
| 122 | { | 121 | { |
| 123 | struct xt_rateest_match_info *info = matchinfo; | 122 | struct xt_rateest_match_info *info = par->matchinfo; |
| 124 | 123 | ||
| 125 | xt_rateest_put(info->est1); | 124 | xt_rateest_put(info->est1); |
| 126 | if (info->est2) | 125 | if (info->est2) |
diff --git a/net/netfilter/xt_recent.c b/net/netfilter/xt_recent.c index a512b49f3fe4..4ebd4ca9a991 100644 --- a/net/netfilter/xt_recent.c +++ b/net/netfilter/xt_recent.c | |||
| @@ -349,9 +349,9 @@ out: | |||
| 349 | return ret; | 349 | return ret; |
| 350 | } | 350 | } |
| 351 | 351 | ||
| 352 | static void recent_mt_destroy(const struct xt_match *match, void *matchinfo) | 352 | static void recent_mt_destroy(const struct xt_mtdtor_param *par) |
| 353 | { | 353 | { |
| 354 | const struct xt_recent_mtinfo *info = matchinfo; | 354 | const struct xt_recent_mtinfo *info = par->matchinfo; |
| 355 | struct recent_table *t; | 355 | struct recent_table *t; |
| 356 | 356 | ||
| 357 | mutex_lock(&recent_mutex); | 357 | mutex_lock(&recent_mutex); |
diff --git a/net/netfilter/xt_state.c b/net/netfilter/xt_state.c index 88b1235519d7..4c946cbd731f 100644 --- a/net/netfilter/xt_state.c +++ b/net/netfilter/xt_state.c | |||
| @@ -47,9 +47,9 @@ static bool state_mt_check(const struct xt_mtchk_param *par) | |||
| 47 | return true; | 47 | return true; |
| 48 | } | 48 | } |
| 49 | 49 | ||
| 50 | static void state_mt_destroy(const struct xt_match *match, void *matchinfo) | 50 | static void state_mt_destroy(const struct xt_mtdtor_param *par) |
| 51 | { | 51 | { |
| 52 | nf_ct_l3proto_module_put(match->family); | 52 | nf_ct_l3proto_module_put(par->match->family); |
| 53 | } | 53 | } |
| 54 | 54 | ||
| 55 | static struct xt_match state_mt_reg[] __read_mostly = { | 55 | static struct xt_match state_mt_reg[] __read_mostly = { |
diff --git a/net/netfilter/xt_string.c b/net/netfilter/xt_string.c index c9407aa78f73..b4d774111311 100644 --- a/net/netfilter/xt_string.c +++ b/net/netfilter/xt_string.c | |||
| @@ -70,9 +70,9 @@ static bool string_mt_check(const struct xt_mtchk_param *par) | |||
| 70 | return true; | 70 | return true; |
| 71 | } | 71 | } |
| 72 | 72 | ||
| 73 | static void string_mt_destroy(const struct xt_match *match, void *matchinfo) | 73 | static void string_mt_destroy(const struct xt_mtdtor_param *par) |
| 74 | { | 74 | { |
| 75 | textsearch_destroy(STRING_TEXT_PRIV(matchinfo)->config); | 75 | textsearch_destroy(STRING_TEXT_PRIV(par->matchinfo)->config); |
| 76 | } | 76 | } |
| 77 | 77 | ||
| 78 | static struct xt_match xt_string_mt_reg[] __read_mostly = { | 78 | static struct xt_match xt_string_mt_reg[] __read_mostly = { |