Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 88ce65a7 authored Jan 09, 2014 by Patrick McHardy Committed by Pablo Neira Ayuso Jan 09, 2014

netfilter: nf_tables: add missing module references to chain types



In some cases we neither take a reference to the AF info nor to the
chain type, allowing the module to be unloaded while in use.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent baae3e62

net/bridge/netfilter/nf_tables_bridge.c

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -72,6 +72,7 @@ static struct nf_chain_type filter_bridge = {
	.family = NFPROTO_BRIDGE,		.family = NFPROTO_BRIDGE,
	.name = "filter",		.name = "filter",
	.type = NFT_CHAIN_T_DEFAULT,		.type = NFT_CHAIN_T_DEFAULT,
			.me = THIS_MODULE,
	.hook_mask = (1 << NF_BR_LOCAL_IN) \|		.hook_mask = (1 << NF_BR_LOCAL_IN) \|
	(1 << NF_BR_FORWARD) \|		(1 << NF_BR_FORWARD) \|
	(1 << NF_BR_LOCAL_OUT),		(1 << NF_BR_LOCAL_OUT),

net/ipv4/netfilter/nf_tables_arp.c

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -72,6 +72,7 @@ static struct nf_chain_type filter_arp = {
	.family = NFPROTO_ARP,		.family = NFPROTO_ARP,
	.name = "filter",		.name = "filter",
	.type = NFT_CHAIN_T_DEFAULT,		.type = NFT_CHAIN_T_DEFAULT,
			.me = THIS_MODULE,
	.hook_mask = (1 << NF_ARP_IN) \|		.hook_mask = (1 << NF_ARP_IN) \|
	(1 << NF_ARP_OUT) \|		(1 << NF_ARP_OUT) \|
	(1 << NF_ARP_FORWARD),		(1 << NF_ARP_FORWARD),

net/ipv4/netfilter/nf_tables_ipv4.c

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -95,6 +95,7 @@ static struct nf_chain_type filter_ipv4 = {
	.family = NFPROTO_IPV4,		.family = NFPROTO_IPV4,
	.name = "filter",		.name = "filter",
	.type = NFT_CHAIN_T_DEFAULT,		.type = NFT_CHAIN_T_DEFAULT,
			.me = THIS_MODULE,
	.hook_mask = (1 << NF_INET_LOCAL_IN) \|		.hook_mask = (1 << NF_INET_LOCAL_IN) \|
	(1 << NF_INET_LOCAL_OUT) \|		(1 << NF_INET_LOCAL_OUT) \|
	(1 << NF_INET_FORWARD) \|		(1 << NF_INET_FORWARD) \|

net/ipv6/netfilter/nf_tables_ipv6.c

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -94,6 +94,7 @@ static struct nf_chain_type filter_ipv6 = {
	.family = NFPROTO_IPV6,		.family = NFPROTO_IPV6,
	.name = "filter",		.name = "filter",
	.type = NFT_CHAIN_T_DEFAULT,		.type = NFT_CHAIN_T_DEFAULT,
			.me = THIS_MODULE,
	.hook_mask = (1 << NF_INET_LOCAL_IN) \|		.hook_mask = (1 << NF_INET_LOCAL_IN) \|
	(1 << NF_INET_LOCAL_OUT) \|		(1 << NF_INET_LOCAL_OUT) \|
	(1 << NF_INET_FORWARD) \|		(1 << NF_INET_FORWARD) \|

net/netfilter/nf_tables_inet.c

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -70,6 +70,7 @@ static struct nf_chain_type filter_inet = {
	.family = NFPROTO_INET,		.family = NFPROTO_INET,
	.name = "filter",		.name = "filter",
	.type = NFT_CHAIN_T_DEFAULT,		.type = NFT_CHAIN_T_DEFAULT,
			.me = THIS_MODULE,
	.hook_mask = (1 << NF_INET_LOCAL_IN) \|		.hook_mask = (1 << NF_INET_LOCAL_IN) \|
	(1 << NF_INET_LOCAL_OUT) \|		(1 << NF_INET_LOCAL_OUT) \|
	(1 << NF_INET_FORWARD) \|		(1 << NF_INET_FORWARD) \|