diff options
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 24 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_filter.c | 17 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_mangle.c | 17 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6table_raw.c | 15 |
4 files changed, 40 insertions, 33 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 1aac3ef39414..b89f133f41d0 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c | |||
| @@ -2074,7 +2074,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) | |||
| 2074 | return ret; | 2074 | return ret; |
| 2075 | } | 2075 | } |
| 2076 | 2076 | ||
| 2077 | int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl) | 2077 | struct xt_table *ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl) |
| 2078 | { | 2078 | { |
| 2079 | int ret; | 2079 | int ret; |
| 2080 | struct xt_table_info *newinfo; | 2080 | struct xt_table_info *newinfo; |
| @@ -2084,8 +2084,10 @@ int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl) | |||
| 2084 | struct xt_table *new_table; | 2084 | struct xt_table *new_table; |
| 2085 | 2085 | ||
| 2086 | newinfo = xt_alloc_table_info(repl->size); | 2086 | newinfo = xt_alloc_table_info(repl->size); |
| 2087 | if (!newinfo) | 2087 | if (!newinfo) { |
| 2088 | return -ENOMEM; | 2088 | ret = -ENOMEM; |
| 2089 | goto out; | ||
| 2090 | } | ||
| 2089 | 2091 | ||
| 2090 | /* choose the copy on our node/cpu, but dont care about preemption */ | 2092 | /* choose the copy on our node/cpu, but dont care about preemption */ |
| 2091 | loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; | 2093 | loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; |
| @@ -2096,18 +2098,20 @@ int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl) | |||
| 2096 | repl->num_entries, | 2098 | repl->num_entries, |
| 2097 | repl->hook_entry, | 2099 | repl->hook_entry, |
| 2098 | repl->underflow); | 2100 | repl->underflow); |
| 2099 | if (ret != 0) { | 2101 | if (ret != 0) |
| 2100 | xt_free_table_info(newinfo); | 2102 | goto out_free; |
| 2101 | return ret; | ||
| 2102 | } | ||
| 2103 | 2103 | ||
| 2104 | new_table = xt_register_table(&init_net, table, &bootstrap, newinfo); | 2104 | new_table = xt_register_table(&init_net, table, &bootstrap, newinfo); |
| 2105 | if (IS_ERR(new_table)) { | 2105 | if (IS_ERR(new_table)) { |
| 2106 | xt_free_table_info(newinfo); | 2106 | ret = PTR_ERR(new_table); |
| 2107 | return PTR_ERR(new_table); | 2107 | goto out_free; |
| 2108 | } | 2108 | } |
| 2109 | return new_table; | ||
| 2109 | 2110 | ||
| 2110 | return 0; | 2111 | out_free: |
| 2112 | xt_free_table_info(newinfo); | ||
| 2113 | out: | ||
| 2114 | return ERR_PTR(ret); | ||
| 2111 | } | 2115 | } |
| 2112 | 2116 | ||
| 2113 | void ip6t_unregister_table(struct xt_table *table) | 2117 | void ip6t_unregister_table(struct xt_table *table) |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index 87d38d08aad0..bffd67f32359 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
| @@ -51,13 +51,14 @@ static struct | |||
| 51 | .term = IP6T_ERROR_INIT, /* ERROR */ | 51 | .term = IP6T_ERROR_INIT, /* ERROR */ |
| 52 | }; | 52 | }; |
| 53 | 53 | ||
| 54 | static struct xt_table packet_filter = { | 54 | static struct xt_table __packet_filter = { |
| 55 | .name = "filter", | 55 | .name = "filter", |
| 56 | .valid_hooks = FILTER_VALID_HOOKS, | 56 | .valid_hooks = FILTER_VALID_HOOKS, |
| 57 | .lock = RW_LOCK_UNLOCKED, | 57 | .lock = RW_LOCK_UNLOCKED, |
| 58 | .me = THIS_MODULE, | 58 | .me = THIS_MODULE, |
| 59 | .af = AF_INET6, | 59 | .af = AF_INET6, |
| 60 | }; | 60 | }; |
| 61 | static struct xt_table *packet_filter; | ||
| 61 | 62 | ||
| 62 | /* The work comes in here from netfilter.c. */ | 63 | /* The work comes in here from netfilter.c. */ |
| 63 | static unsigned int | 64 | static unsigned int |
| @@ -67,7 +68,7 @@ ip6t_hook(unsigned int hook, | |||
| 67 | const struct net_device *out, | 68 | const struct net_device *out, |
| 68 | int (*okfn)(struct sk_buff *)) | 69 | int (*okfn)(struct sk_buff *)) |
| 69 | { | 70 | { |
| 70 | return ip6t_do_table(skb, hook, in, out, &packet_filter); | 71 | return ip6t_do_table(skb, hook, in, out, packet_filter); |
| 71 | } | 72 | } |
| 72 | 73 | ||
| 73 | static unsigned int | 74 | static unsigned int |
| @@ -87,7 +88,7 @@ ip6t_local_out_hook(unsigned int hook, | |||
| 87 | } | 88 | } |
| 88 | #endif | 89 | #endif |
| 89 | 90 | ||
| 90 | return ip6t_do_table(skb, hook, in, out, &packet_filter); | 91 | return ip6t_do_table(skb, hook, in, out, packet_filter); |
| 91 | } | 92 | } |
| 92 | 93 | ||
| 93 | static struct nf_hook_ops ip6t_ops[] __read_mostly = { | 94 | static struct nf_hook_ops ip6t_ops[] __read_mostly = { |
| @@ -131,9 +132,9 @@ static int __init ip6table_filter_init(void) | |||
| 131 | initial_table.entries[1].target.verdict = -forward - 1; | 132 | initial_table.entries[1].target.verdict = -forward - 1; |
| 132 | 133 | ||
| 133 | /* Register table */ | 134 | /* Register table */ |
| 134 | ret = ip6t_register_table(&packet_filter, &initial_table.repl); | 135 | packet_filter = ip6t_register_table(&__packet_filter, &initial_table.repl); |
| 135 | if (ret < 0) | 136 | if (IS_ERR(packet_filter)) |
| 136 | return ret; | 137 | return PTR_ERR(packet_filter); |
| 137 | 138 | ||
| 138 | /* Register hooks */ | 139 | /* Register hooks */ |
| 139 | ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); | 140 | ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); |
| @@ -143,14 +144,14 @@ static int __init ip6table_filter_init(void) | |||
| 143 | return ret; | 144 | return ret; |
| 144 | 145 | ||
| 145 | cleanup_table: | 146 | cleanup_table: |
| 146 | ip6t_unregister_table(&packet_filter); | 147 | ip6t_unregister_table(packet_filter); |
| 147 | return ret; | 148 | return ret; |
| 148 | } | 149 | } |
| 149 | 150 | ||
| 150 | static void __exit ip6table_filter_fini(void) | 151 | static void __exit ip6table_filter_fini(void) |
| 151 | { | 152 | { |
| 152 | nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); | 153 | nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); |
| 153 | ip6t_unregister_table(&packet_filter); | 154 | ip6t_unregister_table(packet_filter); |
| 154 | } | 155 | } |
| 155 | 156 | ||
| 156 | module_init(ip6table_filter_init); | 157 | module_init(ip6table_filter_init); |
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index d6082600bc5d..63d334df3b40 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
| @@ -57,13 +57,14 @@ static struct | |||
| 57 | .term = IP6T_ERROR_INIT, /* ERROR */ | 57 | .term = IP6T_ERROR_INIT, /* ERROR */ |
| 58 | }; | 58 | }; |
| 59 | 59 | ||
| 60 | static struct xt_table packet_mangler = { | 60 | static struct xt_table __packet_mangler = { |
| 61 | .name = "mangle", | 61 | .name = "mangle", |
| 62 | .valid_hooks = MANGLE_VALID_HOOKS, | 62 | .valid_hooks = MANGLE_VALID_HOOKS, |
| 63 | .lock = RW_LOCK_UNLOCKED, | 63 | .lock = RW_LOCK_UNLOCKED, |
| 64 | .me = THIS_MODULE, | 64 | .me = THIS_MODULE, |
| 65 | .af = AF_INET6, | 65 | .af = AF_INET6, |
| 66 | }; | 66 | }; |
| 67 | static struct xt_table *packet_mangler; | ||
| 67 | 68 | ||
| 68 | /* The work comes in here from netfilter.c. */ | 69 | /* The work comes in here from netfilter.c. */ |
| 69 | static unsigned int | 70 | static unsigned int |
| @@ -73,7 +74,7 @@ ip6t_route_hook(unsigned int hook, | |||
| 73 | const struct net_device *out, | 74 | const struct net_device *out, |
| 74 | int (*okfn)(struct sk_buff *)) | 75 | int (*okfn)(struct sk_buff *)) |
| 75 | { | 76 | { |
| 76 | return ip6t_do_table(skb, hook, in, out, &packet_mangler); | 77 | return ip6t_do_table(skb, hook, in, out, packet_mangler); |
| 77 | } | 78 | } |
| 78 | 79 | ||
| 79 | static unsigned int | 80 | static unsigned int |
| @@ -108,7 +109,7 @@ ip6t_local_hook(unsigned int hook, | |||
| 108 | /* flowlabel and prio (includes version, which shouldn't change either */ | 109 | /* flowlabel and prio (includes version, which shouldn't change either */ |
| 109 | flowlabel = *((u_int32_t *)ipv6_hdr(skb)); | 110 | flowlabel = *((u_int32_t *)ipv6_hdr(skb)); |
| 110 | 111 | ||
| 111 | ret = ip6t_do_table(skb, hook, in, out, &packet_mangler); | 112 | ret = ip6t_do_table(skb, hook, in, out, packet_mangler); |
| 112 | 113 | ||
| 113 | if (ret != NF_DROP && ret != NF_STOLEN | 114 | if (ret != NF_DROP && ret != NF_STOLEN |
| 114 | && (memcmp(&ipv6_hdr(skb)->saddr, &saddr, sizeof(saddr)) | 115 | && (memcmp(&ipv6_hdr(skb)->saddr, &saddr, sizeof(saddr)) |
| @@ -163,9 +164,9 @@ static int __init ip6table_mangle_init(void) | |||
| 163 | int ret; | 164 | int ret; |
| 164 | 165 | ||
| 165 | /* Register table */ | 166 | /* Register table */ |
| 166 | ret = ip6t_register_table(&packet_mangler, &initial_table.repl); | 167 | packet_mangler = ip6t_register_table(&__packet_mangler, &initial_table.repl); |
| 167 | if (ret < 0) | 168 | if (IS_ERR(packet_mangler)) |
| 168 | return ret; | 169 | return PTR_ERR(packet_mangler); |
| 169 | 170 | ||
| 170 | /* Register hooks */ | 171 | /* Register hooks */ |
| 171 | ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); | 172 | ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); |
| @@ -175,14 +176,14 @@ static int __init ip6table_mangle_init(void) | |||
| 175 | return ret; | 176 | return ret; |
| 176 | 177 | ||
| 177 | cleanup_table: | 178 | cleanup_table: |
| 178 | ip6t_unregister_table(&packet_mangler); | 179 | ip6t_unregister_table(packet_mangler); |
| 179 | return ret; | 180 | return ret; |
| 180 | } | 181 | } |
| 181 | 182 | ||
| 182 | static void __exit ip6table_mangle_fini(void) | 183 | static void __exit ip6table_mangle_fini(void) |
| 183 | { | 184 | { |
| 184 | nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); | 185 | nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); |
| 185 | ip6t_unregister_table(&packet_mangler); | 186 | ip6t_unregister_table(packet_mangler); |
| 186 | } | 187 | } |
| 187 | 188 | ||
| 188 | module_init(ip6table_mangle_init); | 189 | module_init(ip6table_mangle_init); |
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index eccbaaa104af..7f55b236440e 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c | |||
| @@ -35,13 +35,14 @@ static struct | |||
| 35 | .term = IP6T_ERROR_INIT, /* ERROR */ | 35 | .term = IP6T_ERROR_INIT, /* ERROR */ |
| 36 | }; | 36 | }; |
| 37 | 37 | ||
| 38 | static struct xt_table packet_raw = { | 38 | static struct xt_table __packet_raw = { |
| 39 | .name = "raw", | 39 | .name = "raw", |
| 40 | .valid_hooks = RAW_VALID_HOOKS, | 40 | .valid_hooks = RAW_VALID_HOOKS, |
| 41 | .lock = RW_LOCK_UNLOCKED, | 41 | .lock = RW_LOCK_UNLOCKED, |
| 42 | .me = THIS_MODULE, | 42 | .me = THIS_MODULE, |
| 43 | .af = AF_INET6, | 43 | .af = AF_INET6, |
| 44 | }; | 44 | }; |
| 45 | static struct xt_table *packet_raw; | ||
| 45 | 46 | ||
| 46 | /* The work comes in here from netfilter.c. */ | 47 | /* The work comes in here from netfilter.c. */ |
| 47 | static unsigned int | 48 | static unsigned int |
| @@ -51,7 +52,7 @@ ip6t_hook(unsigned int hook, | |||
| 51 | const struct net_device *out, | 52 | const struct net_device *out, |
| 52 | int (*okfn)(struct sk_buff *)) | 53 | int (*okfn)(struct sk_buff *)) |
| 53 | { | 54 | { |
| 54 | return ip6t_do_table(skb, hook, in, out, &packet_raw); | 55 | return ip6t_do_table(skb, hook, in, out, packet_raw); |
| 55 | } | 56 | } |
| 56 | 57 | ||
| 57 | static struct nf_hook_ops ip6t_ops[] __read_mostly = { | 58 | static struct nf_hook_ops ip6t_ops[] __read_mostly = { |
| @@ -76,9 +77,9 @@ static int __init ip6table_raw_init(void) | |||
| 76 | int ret; | 77 | int ret; |
| 77 | 78 | ||
| 78 | /* Register table */ | 79 | /* Register table */ |
| 79 | ret = ip6t_register_table(&packet_raw, &initial_table.repl); | 80 | packet_raw = ip6t_register_table(&__packet_raw, &initial_table.repl); |
| 80 | if (ret < 0) | 81 | if (IS_ERR(packet_raw)) |
| 81 | return ret; | 82 | return PTR_ERR(packet_raw); |
| 82 | 83 | ||
| 83 | /* Register hooks */ | 84 | /* Register hooks */ |
| 84 | ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); | 85 | ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); |
| @@ -88,14 +89,14 @@ static int __init ip6table_raw_init(void) | |||
| 88 | return ret; | 89 | return ret; |
| 89 | 90 | ||
| 90 | cleanup_table: | 91 | cleanup_table: |
| 91 | ip6t_unregister_table(&packet_raw); | 92 | ip6t_unregister_table(packet_raw); |
| 92 | return ret; | 93 | return ret; |
| 93 | } | 94 | } |
| 94 | 95 | ||
| 95 | static void __exit ip6table_raw_fini(void) | 96 | static void __exit ip6table_raw_fini(void) |
| 96 | { | 97 | { |
| 97 | nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); | 98 | nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); |
| 98 | ip6t_unregister_table(&packet_raw); | 99 | ip6t_unregister_table(packet_raw); |
| 99 | } | 100 | } |
| 100 | 101 | ||
| 101 | module_init(ip6table_raw_init); | 102 | module_init(ip6table_raw_init); |