Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 44d34e72 authored by Alexey Dobriyan's avatar Alexey Dobriyan Committed by David S. Miller
Browse files

[NETFILTER]: x_tables: return new table from {arp,ip,ip6}t_register_table() 



Typical table module registers xt_table structure (i.e. packet_filter)
and link it to list during it. We can't use one template for it because
corresponding list_head will become corrupted. We also can't unregister
with template because it wasn't changed at all and thus doesn't know in
which list it is.

So, we duplicate template at the very first step of table registration.
Table modules will save it for use during unregistration time and actual
filtering.

Do it at once to not screw bisection.

P.S.: renaming i.e. packet_filter => __packet_filter is temporary until
      full netnsization of table modules is done.

Signed-off-by: default avatarAlexey Dobriyan <adobriyan@sw.ru>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 8d870052

include/linux/netfilter_arp/arp_tables.h

+2 −2
Original line number Diff line number Diff line
@@ -271,7 +271,7 @@ struct arpt_error 
 	xt_register_target(tgt); })

#define arpt_unregister_target(tgt) xt_unregister_target(tgt)



extern int arpt_register_table(struct arpt_table *table,

extern struct arpt_table *arpt_register_table(struct arpt_table *table,

					      const struct arpt_replace *repl);

extern void arpt_unregister_table(struct arpt_table *table);

extern unsigned int arpt_do_table(struct sk_buff *skb,

include/linux/netfilter_ipv4/ip_tables.h

+3 −2
Original line number Diff line number Diff line
@@ -244,7 +244,8 @@ ipt_get_target(struct ipt_entry *e) 
#include <linux/init.h>

extern void ipt_init(void) __init;



extern int ipt_register_table(struct xt_table *table,

extern struct xt_table *ipt_register_table(struct net *net,

					   struct xt_table *table,

					   const struct ipt_replace *repl);

extern void ipt_unregister_table(struct xt_table *table);

include/linux/netfilter_ipv6/ip6_tables.h

+2 −2
Original line number Diff line number Diff line
@@ -305,7 +305,7 @@ ip6t_get_target(struct ip6t_entry *e) 
#include <linux/init.h>

extern void ip6t_init(void) __init;



extern int ip6t_register_table(struct xt_table *table,

extern struct xt_table *ip6t_register_table(struct xt_table *table,

					    const struct ip6t_replace *repl);

extern void ip6t_unregister_table(struct xt_table *table);

extern unsigned int ip6t_do_table(struct sk_buff *skb,

net/ipv4/netfilter/arp_tables.c

+12 −10
Original line number Diff line number Diff line
@@ -1719,7 +1719,7 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len 
	return ret;

}



int arpt_register_table(struct arpt_table *table,

struct arpt_table *arpt_register_table(struct arpt_table *table,

				       const struct arpt_replace *repl)

{

	int ret;
@@ -1732,7 +1732,7 @@ int arpt_register_table(struct arpt_table *table, 
	newinfo = xt_alloc_table_info(repl->size);

	if (!newinfo) {

		ret = -ENOMEM;

		return ret;

		goto out;

	}



	/* choose the copy on our node/cpu */
@@ -1746,18 +1746,20 @@ int arpt_register_table(struct arpt_table *table, 
			      repl->underflow);



	duprintf("arpt_register_table: translate table gives %d\n", ret);

	if (ret != 0) {

		xt_free_table_info(newinfo);

		return ret;

	}

	if (ret != 0)

		goto out_free;



	new_table = xt_register_table(&init_net, table, &bootstrap, newinfo);

	if (IS_ERR(new_table)) {

		xt_free_table_info(newinfo);

		return PTR_ERR(new_table);

		ret = PTR_ERR(new_table);

		goto out_free;

	}

	return new_table;



	return 0;

out_free:

	xt_free_table_info(newinfo);

out:

	return ERR_PTR(ret);

}



void arpt_unregister_table(struct arpt_table *table)

net/ipv4/netfilter/arptable_filter.c

+8 −7
Original line number Diff line number Diff line
@@ -45,7 +45,7 @@ static struct 
	.term = ARPT_ERROR_INIT,

};



static struct arpt_table packet_filter = {

static struct arpt_table __packet_filter = {

	.name		= "filter",

	.valid_hooks	= FILTER_VALID_HOOKS,

	.lock		= RW_LOCK_UNLOCKED,
@@ -53,6 +53,7 @@ static struct arpt_table packet_filter = { 
	.me		= THIS_MODULE,

	.af		= NF_ARP,

};

static struct arpt_table *packet_filter;



/* The work comes in here from netfilter.c */

static unsigned int arpt_hook(unsigned int hook,
@@ -61,7 +62,7 @@ static unsigned int arpt_hook(unsigned int hook, 
			      const struct net_device *out,

			      int (*okfn)(struct sk_buff *))

{

	return arpt_do_table(skb, hook, in, out, &packet_filter);

	return arpt_do_table(skb, hook, in, out, packet_filter);

}



static struct nf_hook_ops arpt_ops[] __read_mostly = {
@@ -90,9 +91,9 @@ static int __init arptable_filter_init(void) 
	int ret;



	/* Register table */

	ret = arpt_register_table(&packet_filter, &initial_table.repl);

	if (ret < 0)

		return ret;

	packet_filter = arpt_register_table(&__packet_filter, &initial_table.repl);

	if (IS_ERR(packet_filter))

		return PTR_ERR(packet_filter);



	ret = nf_register_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));

	if (ret < 0)
@@ -100,14 +101,14 @@ static int __init arptable_filter_init(void) 
	return ret;



cleanup_table:

	arpt_unregister_table(&packet_filter);

	arpt_unregister_table(packet_filter);

	return ret;

}



static void __exit arptable_filter_fini(void)

{

	nf_unregister_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));

	arpt_unregister_table(&packet_filter);

	arpt_unregister_table(packet_filter);

}



module_init(arptable_filter_init);