netfilter: xtables: prepare for on-demand hook register (a67dd266) · Commits · e / devices / android_kernel_fairphone_FP5

include/linux/netfilter_arp/arp_tables.h

+5 −4

Original line number	Original line	Diff line number	Diff line
	@@ -48,10 +48,11 @@ struct arpt_error {
	}		}

	extern void arpt_alloc_initial_table(const struct xt_table );		extern void arpt_alloc_initial_table(const struct xt_table );
	extern struct xt_table arpt_register_table(struct net net,		int arpt_register_table(struct net net, const struct xt_table table,
	const struct xt_table *table,		const struct arpt_replace *repl,
	const struct arpt_replace *repl);		const struct nf_hook_ops ops, struct xt_table *res);
	extern void arpt_unregister_table(struct xt_table *table);		void arpt_unregister_table(struct net net, struct xt_table table,
			const struct nf_hook_ops *ops);
	extern unsigned int arpt_do_table(struct sk_buff *skb,		extern unsigned int arpt_do_table(struct sk_buff *skb,
	const struct nf_hook_state *state,		const struct nf_hook_state *state,
	struct xt_table *table);		struct xt_table *table);

include/linux/netfilter_ipv4/ip_tables.h

+5 −4

Original line number	Original line	Diff line number	Diff line
	@@ -24,10 +24,11 @@

	extern void ipt_init(void) __init;		extern void ipt_init(void) __init;

	extern struct xt_table ipt_register_table(struct net net,		int ipt_register_table(struct net net, const struct xt_table table,
	const struct xt_table *table,		const struct ipt_replace *repl,
	const struct ipt_replace *repl);		const struct nf_hook_ops ops, struct xt_table *res);
	extern void ipt_unregister_table(struct net net, struct xt_table table);		void ipt_unregister_table(struct net net, struct xt_table table,
			const struct nf_hook_ops *ops);

	/* Standard entry. */		/* Standard entry. */
	struct ipt_standard {		struct ipt_standard {

include/linux/netfilter_ipv6/ip6_tables.h

+5 −4

Original line number	Original line	Diff line number	Diff line
	@@ -25,10 +25,11 @@
	extern void ip6t_init(void) __init;		extern void ip6t_init(void) __init;

	extern void ip6t_alloc_initial_table(const struct xt_table );		extern void ip6t_alloc_initial_table(const struct xt_table );
	extern struct xt_table ip6t_register_table(struct net net,		int ip6t_register_table(struct net net, const struct xt_table table,
	const struct xt_table *table,		const struct ip6t_replace *repl,
	const struct ip6t_replace *repl);		const struct nf_hook_ops ops, struct xt_table *res);
	extern void ip6t_unregister_table(struct net net, struct xt_table table);		void ip6t_unregister_table(struct net net, struct xt_table table,
			const struct nf_hook_ops *ops);
	extern unsigned int ip6t_do_table(struct sk_buff *skb,		extern unsigned int ip6t_do_table(struct sk_buff *skb,
	const struct nf_hook_state *state,		const struct nf_hook_state *state,
	struct xt_table *table);		struct xt_table *table);

net/ipv4/netfilter/arp_tables.c

+14 −11

Original line number	Original line	Diff line number	Diff line
	@@ -1780,9 +1780,11 @@ static int do_arpt_get_ctl(struct sock sk, int cmd, void __user user, int *len
	return ret;		return ret;
	}		}

	struct xt_table arpt_register_table(struct net net,		int arpt_register_table(struct net *net,
	const struct xt_table *table,		const struct xt_table *table,
	const struct arpt_replace *repl)		const struct arpt_replace *repl,
			const struct nf_hook_ops *ops,
			struct xt_table **res)
	{		{
	int ret;		int ret;
	struct xt_table_info *newinfo;		struct xt_table_info *newinfo;
	@@ -1791,10 +1793,8 @@ struct xt_table arpt_register_table(struct net net,
	struct xt_table *new_table;		struct xt_table *new_table;

	newinfo = xt_alloc_table_info(repl->size);		newinfo = xt_alloc_table_info(repl->size);
	if (!newinfo) {		if (!newinfo)
	ret = -ENOMEM;		return -ENOMEM;
	goto out;
	}

	loc_cpu_entry = newinfo->entries;		loc_cpu_entry = newinfo->entries;
	memcpy(loc_cpu_entry, repl->entries, repl->size);		memcpy(loc_cpu_entry, repl->entries, repl->size);
	@@ -1809,15 +1809,18 @@ struct xt_table arpt_register_table(struct net net,
	ret = PTR_ERR(new_table);		ret = PTR_ERR(new_table);
	goto out_free;		goto out_free;
	}		}
	return new_table;
			WRITE_ONCE(*res, new_table);

			return ret;

	out_free:		out_free:
	xt_free_table_info(newinfo);		xt_free_table_info(newinfo);
	out:		return ret;
	return ERR_PTR(ret);
	}		}

	void arpt_unregister_table(struct xt_table *table)		void arpt_unregister_table(struct net net, struct xt_table table,
			const struct nf_hook_ops *ops)
	{		{
	struct xt_table_info *private;		struct xt_table_info *private;
	void *loc_cpu_entry;		void *loc_cpu_entry;

net/ipv4/netfilter/arptable_filter.c

+6 −5

Original line number	Original line	Diff line number	Diff line
	@@ -38,19 +38,20 @@ static struct nf_hook_ops *arpfilter_ops __read_mostly;
	static int __net_init arptable_filter_net_init(struct net *net)		static int __net_init arptable_filter_net_init(struct net *net)
	{		{
	struct arpt_replace *repl;		struct arpt_replace *repl;
			int err;

	repl = arpt_alloc_initial_table(&packet_filter);		repl = arpt_alloc_initial_table(&packet_filter);
	if (repl == NULL)		if (repl == NULL)
	return -ENOMEM;		return -ENOMEM;
	net->ipv4.arptable_filter =		err = arpt_register_table(net, &packet_filter, repl, arpfilter_ops,
	arpt_register_table(net, &packet_filter, repl);		&net->ipv4.arptable_filter);
	kfree(repl);		kfree(repl);
	return PTR_ERR_OR_ZERO(net->ipv4.arptable_filter);		return err;
	}		}

	static void __net_exit arptable_filter_net_exit(struct net *net)		static void __net_exit arptable_filter_net_exit(struct net *net)
	{		{
	arpt_unregister_table(net->ipv4.arptable_filter);		arpt_unregister_table(net, net->ipv4.arptable_filter, arpfilter_ops);
	}		}

	static struct pernet_operations arptable_filter_net_ops = {		static struct pernet_operations arptable_filter_net_ops = {