tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c.
Using new helpers ip6t_unregister_table_pre_exit() and
ip6t_unregister_table_exit().
Fixes: b9e69e127397 ("netfilter: xtables: don't hook tables by default")
Signed-off-by: David Wilder <dwilder@us.ibm.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
authored by
David Wilder
and committed by
Pablo Neira Ayuso
5f027bc7
57ea5f18
+44
-6
+9
-1
net/ipv6/netfilter/ip6table_filter.c
+9
-1
net/ipv6/netfilter/ip6table_filter.c
···
73
73
return 0;
74
74
}
75
75
76
+
static void __net_exit ip6table_filter_net_pre_exit(struct net *net)
77
+
{
78
+
if (net->ipv6.ip6table_filter)
79
+
ip6t_unregister_table_pre_exit(net, net->ipv6.ip6table_filter,
80
+
filter_ops);
81
+
}
82
+
76
83
static void __net_exit ip6table_filter_net_exit(struct net *net)
77
84
{
78
85
if (!net->ipv6.ip6table_filter)
79
86
return;
80
-
ip6t_unregister_table(net, net->ipv6.ip6table_filter, filter_ops);
87
+
ip6t_unregister_table_exit(net, net->ipv6.ip6table_filter);
81
88
net->ipv6.ip6table_filter = NULL;
82
89
}
83
90
84
91
static struct pernet_operations ip6table_filter_net_ops = {
85
92
.init = ip6table_filter_net_init,
93
+
.pre_exit = ip6table_filter_net_pre_exit,
86
94
.exit = ip6table_filter_net_exit,
87
95
};
88
96
+9
-1
net/ipv6/netfilter/ip6table_mangle.c
+9
-1
net/ipv6/netfilter/ip6table_mangle.c
···
93
93
return ret;
94
94
}
95
95
96
+
static void __net_exit ip6table_mangle_net_pre_exit(struct net *net)
97
+
{
98
+
if (net->ipv6.ip6table_mangle)
99
+
ip6t_unregister_table_pre_exit(net, net->ipv6.ip6table_mangle,
100
+
mangle_ops);
101
+
}
102
+
96
103
static void __net_exit ip6table_mangle_net_exit(struct net *net)
97
104
{
98
105
if (!net->ipv6.ip6table_mangle)
99
106
return;
100
107
101
-
ip6t_unregister_table(net, net->ipv6.ip6table_mangle, mangle_ops);
108
+
ip6t_unregister_table_exit(net, net->ipv6.ip6table_mangle);
102
109
net->ipv6.ip6table_mangle = NULL;
103
110
}
104
111
105
112
static struct pernet_operations ip6table_mangle_net_ops = {
113
+
.pre_exit = ip6table_mangle_net_pre_exit,
106
114
.exit = ip6table_mangle_net_exit,
107
115
};
108
116
+8
-2
net/ipv6/netfilter/ip6table_nat.c
+8
-2
net/ipv6/netfilter/ip6table_nat.c
···
114
114
return ret;
115
115
}
116
116
117
+
static void __net_exit ip6table_nat_net_pre_exit(struct net *net)
118
+
{
119
+
if (net->ipv6.ip6table_nat)
120
+
ip6t_nat_unregister_lookups(net);
121
+
}
122
+
117
123
static void __net_exit ip6table_nat_net_exit(struct net *net)
118
124
{
119
125
if (!net->ipv6.ip6table_nat)
120
126
return;
121
-
ip6t_nat_unregister_lookups(net);
122
-
ip6t_unregister_table(net, net->ipv6.ip6table_nat, NULL);
127
+
ip6t_unregister_table_exit(net, net->ipv6.ip6table_nat);
123
128
net->ipv6.ip6table_nat = NULL;
124
129
}
125
130
126
131
static struct pernet_operations ip6table_nat_net_ops = {
132
+
.pre_exit = ip6table_nat_net_pre_exit,
127
133
.exit = ip6table_nat_net_exit,
128
134
};
129
135
+9
-1
net/ipv6/netfilter/ip6table_raw.c
+9
-1
net/ipv6/netfilter/ip6table_raw.c
···
66
66
return ret;
67
67
}
68
68
69
+
static void __net_exit ip6table_raw_net_pre_exit(struct net *net)
70
+
{
71
+
if (net->ipv6.ip6table_raw)
72
+
ip6t_unregister_table_pre_exit(net, net->ipv6.ip6table_raw,
73
+
rawtable_ops);
74
+
}
75
+
69
76
static void __net_exit ip6table_raw_net_exit(struct net *net)
70
77
{
71
78
if (!net->ipv6.ip6table_raw)
72
79
return;
73
-
ip6t_unregister_table(net, net->ipv6.ip6table_raw, rawtable_ops);
80
+
ip6t_unregister_table_exit(net, net->ipv6.ip6table_raw);
74
81
net->ipv6.ip6table_raw = NULL;
75
82
}
76
83
77
84
static struct pernet_operations ip6table_raw_net_ops = {
85
+
.pre_exit = ip6table_raw_net_pre_exit,
78
86
.exit = ip6table_raw_net_exit,
79
87
};
80
88
+9
-1
net/ipv6/netfilter/ip6table_security.c
+9
-1
net/ipv6/netfilter/ip6table_security.c
···
61
61
return ret;
62
62
}
63
63
64
+
static void __net_exit ip6table_security_net_pre_exit(struct net *net)
65
+
{
66
+
if (net->ipv6.ip6table_security)
67
+
ip6t_unregister_table_pre_exit(net, net->ipv6.ip6table_security,
68
+
sectbl_ops);
69
+
}
70
+
64
71
static void __net_exit ip6table_security_net_exit(struct net *net)
65
72
{
66
73
if (!net->ipv6.ip6table_security)
67
74
return;
68
-
ip6t_unregister_table(net, net->ipv6.ip6table_security, sectbl_ops);
75
+
ip6t_unregister_table_exit(net, net->ipv6.ip6table_security);
69
76
net->ipv6.ip6table_security = NULL;
70
77
}
71
78
72
79
static struct pernet_operations ip6table_security_net_ops = {
80
+
.pre_exit = ip6table_security_net_pre_exit,
73
81
.exit = ip6table_security_net_exit,
74
82
};
75
83