netfilter: xtables: generate initial table on-demand (e3eaa991) · Commits · e / devices / android_kernel_teracube_emerald

include/linux/netfilter_arp/arp_tables.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -258,6 +258,7 @@ struct arpt_error {
		.target.errorname = "ERROR", \
		}

		extern void arpt_alloc_initial_table(const struct xt_table );
		extern struct xt_table arpt_register_table(struct net net,
		const struct xt_table *table,
		const struct arpt_replace *repl);

include/linux/netfilter_ipv4/ip_tables.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -282,6 +282,7 @@ struct ipt_error {
		.target.errorname = "ERROR", \
		}

		extern void ipt_alloc_initial_table(const struct xt_table );
		extern unsigned int ipt_do_table(struct sk_buff *skb,
		unsigned int hook,
		const struct net_device *in,

include/linux/netfilter_ipv6/ip6_tables.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -297,6 +297,7 @@ ip6t_get_target(struct ip6t_entry *e)
		#include <linux/init.h>
		extern void ip6t_init(void) __init;

		extern void ip6t_alloc_initial_table(const struct xt_table );
		extern struct xt_table ip6t_register_table(struct net net,
		const struct xt_table *table,
		const struct ip6t_replace *repl);

net/ipv4/netfilter/arp_tables.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -27,6 +27,7 @@

		#include <linux/netfilter/x_tables.h>
		#include <linux/netfilter_arp/arp_tables.h>
		#include "../../netfilter/xt_repldata.h"

		MODULE_LICENSE("GPL");
		MODULE_AUTHOR("David S. Miller <davem@redhat.com>");
		@@ -58,6 +59,12 @@ do { \
		#define ARP_NF_ASSERT(x)
		#endif

		void arpt_alloc_initial_table(const struct xt_table info)
		{
		return xt_alloc_initial_table(arpt, ARPT);
		}
		EXPORT_SYMBOL_GPL(arpt_alloc_initial_table);

		static inline int arp_devaddr_compare(const struct arpt_devaddr_info *ap,
		const char *hdr_addr, int len)
		{

net/ipv4/netfilter/arptable_filter.c

+8 −32

Original line number	Diff line number	Diff line
		@@ -6,6 +6,7 @@
		*/

		#include <linux/module.h>
		#include <linux/netfilter/x_tables.h>
		#include <linux/netfilter_arp/arp_tables.h>

		MODULE_LICENSE("GPL");
		@@ -15,36 +16,6 @@ MODULE_DESCRIPTION("arptables filter table");
		#define FILTER_VALID_HOOKS ((1 << NF_ARP_IN) \| (1 << NF_ARP_OUT) \| \
		(1 << NF_ARP_FORWARD))

		static const struct
		{
		struct arpt_replace repl;
		struct arpt_standard entries[3];
		struct arpt_error term;
		} initial_table __net_initdata = {
		.repl = {
		.name = "filter",
		.valid_hooks = FILTER_VALID_HOOKS,
		.num_entries = 4,
		.size = sizeof(struct arpt_standard) * 3 + sizeof(struct arpt_error),
		.hook_entry = {
		[NF_ARP_IN] = 0,
		[NF_ARP_OUT] = sizeof(struct arpt_standard),
		[NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard),
		},
		.underflow = {
		[NF_ARP_IN] = 0,
		[NF_ARP_OUT] = sizeof(struct arpt_standard),
		[NF_ARP_FORWARD] = 2 * sizeof(struct arpt_standard),
		},
		},
		.entries = {
		ARPT_STANDARD_INIT(NF_ACCEPT), /* ARP_IN */
		ARPT_STANDARD_INIT(NF_ACCEPT), /* ARP_OUT */
		ARPT_STANDARD_INIT(NF_ACCEPT), /* ARP_FORWARD */
		},
		.term = ARPT_ERROR_INIT,
		};

		static const struct xt_table packet_filter = {
		.name = "filter",
		.valid_hooks = FILTER_VALID_HOOKS,
		@@ -68,9 +39,14 @@ static struct nf_hook_ops *arpfilter_ops __read_mostly;

		static int __net_init arptable_filter_net_init(struct net *net)
		{
		/* Register table */
		struct arpt_replace *repl;

		repl = arpt_alloc_initial_table(&packet_filter);
		if (repl == NULL)
		return -ENOMEM;
		net->ipv4.arptable_filter =
		arpt_register_table(net, &packet_filter, &initial_table.repl);
		arpt_register_table(net, &packet_filter, repl);
		kfree(repl);
		if (IS_ERR(net->ipv4.arptable_filter))
		return PTR_ERR(net->ipv4.arptable_filter);
		return 0;