tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter: xtables: move extension arguments into compound structure (6/6)
This patch does this for target extensions' destroy functions.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
authored by
Jan Engelhardt
and committed by
Patrick McHardy
a2df1648
af5d6dc2
+57
-32
+7
-1
include/linux/netfilter/x_tables.h
+7
-1
include/linux/netfilter/x_tables.h
···
251
251
unsigned int hook_mask;
252
252
};
253
253
254
+
/* Target destructor parameters */
255
+
struct xt_tgdtor_param {
256
+
const struct xt_target *target;
257
+
void *targinfo;
258
+
};
259
+
254
260
struct xt_match
255
261
{
256
262
struct list_head list;
···
317
311
bool (*checkentry)(const struct xt_tgchk_param *);
318
312
319
313
/* Called when entry of this type deleted. */
320
-
void (*destroy)(const struct xt_target *target, void *targinfo);
314
+
void (*destroy)(const struct xt_tgdtor_param *);
321
315
322
316
/* Called when userspace align differs from kernel space one */
323
317
void (*compat_from_user)(void *dst, void *src);
+13
-6
net/bridge/netfilter/ebtables.c
+13
-6
net/bridge/netfilter/ebtables.c
···
581
581
static inline int
582
582
ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i)
583
583
{
584
+
struct xt_tgdtor_param par;
585
+
584
586
if (i && (*i)-- == 0)
585
587
return 1;
586
-
if (w->u.watcher->destroy)
587
-
w->u.watcher->destroy(w->u.watcher, w->data);
588
-
module_put(w->u.watcher->me);
589
588
589
+
par.target = w->u.watcher;
590
+
par.targinfo = w->data;
591
+
if (par.target->destroy != NULL)
592
+
par.target->destroy(&par);
593
+
module_put(par.target->me);
590
594
return 0;
591
595
}
592
596
593
597
static inline int
594
598
ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt)
595
599
{
600
+
struct xt_tgdtor_param par;
596
601
struct ebt_entry_target *t;
597
602
598
603
if (e->bitmask == 0)
···
608
603
EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL);
609
604
EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL);
610
605
t = (struct ebt_entry_target *)(((char *)e) + e->target_offset);
611
-
if (t->u.target->destroy)
612
-
t->u.target->destroy(t->u.target, t->data);
613
-
module_put(t->u.target->me);
614
606
607
+
par.target = t->u.target;
608
+
par.targinfo = t->data;
609
+
if (par.target->destroy != NULL)
610
+
par.target->destroy(&par);
611
+
module_put(par.target->me);
615
612
return 0;
616
613
}
617
614
+6
-3
net/ipv4/netfilter/arp_tables.c
+6
-3
net/ipv4/netfilter/arp_tables.c
···
557
557
558
558
static inline int cleanup_entry(struct arpt_entry *e, unsigned int *i)
559
559
{
560
+
struct xt_tgdtor_param par;
560
561
struct arpt_entry_target *t;
561
562
562
563
if (i && (*i)-- == 0)
563
564
return 1;
564
565
565
566
t = arpt_get_target(e);
566
-
if (t->u.kernel.target->destroy)
567
-
t->u.kernel.target->destroy(t->u.kernel.target, t->data);
568
-
module_put(t->u.kernel.target->me);
567
+
par.target = t->u.kernel.target;
568
+
par.targinfo = t->data;
569
+
if (par.target->destroy != NULL)
570
+
par.target->destroy(&par);
571
+
module_put(par.target->me);
569
572
return 0;
570
573
}
571
574
+7
-3
net/ipv4/netfilter/ip_tables.c
+7
-3
net/ipv4/netfilter/ip_tables.c
···
768
768
static int
769
769
cleanup_entry(struct ipt_entry *e, unsigned int *i)
770
770
{
771
+
struct xt_tgdtor_param par;
771
772
struct ipt_entry_target *t;
772
773
773
774
if (i && (*i)-- == 0)
···
777
776
/* Cleanup all matches */
778
777
IPT_MATCH_ITERATE(e, cleanup_match, NULL);
779
778
t = ipt_get_target(e);
780
-
if (t->u.kernel.target->destroy)
781
-
t->u.kernel.target->destroy(t->u.kernel.target, t->data);
782
-
module_put(t->u.kernel.target->me);
779
+
780
+
par.target = t->u.kernel.target;
781
+
par.targinfo = t->data;
782
+
if (par.target->destroy != NULL)
783
+
par.target->destroy(&par);
784
+
module_put(par.target->me);
783
785
return 0;
784
786
}
785
787
+3
-3
net/ipv4/netfilter/ipt_CLUSTERIP.c
+3
-3
net/ipv4/netfilter/ipt_CLUSTERIP.c
···
411
411
}
412
412
413
413
/* drop reference count of cluster config when rule is deleted */
414
-
static void clusterip_tg_destroy(const struct xt_target *target, void *targinfo)
414
+
static void clusterip_tg_destroy(const struct xt_tgdtor_param *par)
415
415
{
416
-
const struct ipt_clusterip_tgt_info *cipinfo = targinfo;
416
+
const struct ipt_clusterip_tgt_info *cipinfo = par->targinfo;
417
417
418
418
/* if no more entries are referencing the config, remove it
419
419
* from the list and destroy the proc entry */
···
421
421
422
422
clusterip_config_put(cipinfo->config);
423
423
424
-
nf_ct_l3proto_module_put(target->family);
424
+
nf_ct_l3proto_module_put(par->target->family);
425
425
}
426
426
427
427
#ifdef CONFIG_COMPAT
+7
-3
net/ipv6/netfilter/ip6_tables.c
+7
-3
net/ipv6/netfilter/ip6_tables.c
···
793
793
static int
794
794
cleanup_entry(struct ip6t_entry *e, unsigned int *i)
795
795
{
796
+
struct xt_tgdtor_param par;
796
797
struct ip6t_entry_target *t;
797
798
798
799
if (i && (*i)-- == 0)
···
802
801
/* Cleanup all matches */
803
802
IP6T_MATCH_ITERATE(e, cleanup_match, NULL);
804
803
t = ip6t_get_target(e);
805
-
if (t->u.kernel.target->destroy)
806
-
t->u.kernel.target->destroy(t->u.kernel.target, t->data);
807
-
module_put(t->u.kernel.target->me);
804
+
805
+
par.target = t->u.kernel.target;
806
+
par.targinfo = t->data;
807
+
if (par.target->destroy != NULL)
808
+
par.target->destroy(&par);
809
+
module_put(par.target->me);
808
810
return 0;
809
811
}
810
812
+2
-3
net/netfilter/xt_CONNMARK.c
+2
-3
net/netfilter/xt_CONNMARK.c
···
146
146
return true;
147
147
}
148
148
149
-
static void
150
-
connmark_tg_destroy(const struct xt_target *target, void *targinfo)
149
+
static void connmark_tg_destroy(const struct xt_tgdtor_param *par)
151
150
{
152
-
nf_ct_l3proto_module_put(target->family);
151
+
nf_ct_l3proto_module_put(par->target->family);
153
152
}
154
153
155
154
#ifdef CONFIG_COMPAT
+2
-3
net/netfilter/xt_CONNSECMARK.c
+2
-3
net/netfilter/xt_CONNSECMARK.c
···
114
114
return true;
115
115
}
116
116
117
-
static void
118
-
connsecmark_tg_destroy(const struct xt_target *target, void *targinfo)
117
+
static void connsecmark_tg_destroy(const struct xt_tgdtor_param *par)
119
118
{
120
-
nf_ct_l3proto_module_put(target->family);
119
+
nf_ct_l3proto_module_put(par->target->family);
121
120
}
122
121
123
122
static struct xt_target connsecmark_tg_reg[] __read_mostly = {
+2
-3
net/netfilter/xt_RATEEST.c
+2
-3
net/netfilter/xt_RATEEST.c
···
139
139
return false;
140
140
}
141
141
142
-
static void xt_rateest_tg_destroy(const struct xt_target *target,
143
-
void *targinfo)
142
+
static void xt_rateest_tg_destroy(const struct xt_tgdtor_param *par)
144
143
{
145
-
struct xt_rateest_target_info *info = targinfo;
144
+
struct xt_rateest_target_info *info = par->targinfo;
146
145
147
146
xt_rateest_put(info->est);
148
147
}
+1
-1
net/netfilter/xt_SECMARK.c
+1
-1
net/netfilter/xt_SECMARK.c
+7
-3
net/sched/act_ipt.c
+7
-3
net/sched/act_ipt.c
···
67
67
68
68
static void ipt_destroy_target(struct ipt_entry_target *t)
69
69
{
70
-
if (t->u.kernel.target->destroy)
71
-
t->u.kernel.target->destroy(t->u.kernel.target, t->data);
72
-
module_put(t->u.kernel.target->me);
70
+
struct xt_tgdtor_param par = {
71
+
.target = t->u.kernel.target,
72
+
.targinfo = t->data,
73
+
};
74
+
if (par.target->destroy != NULL)
75
+
par.target->destroy(&par);
76
+
module_put(par.target->me);
73
77
}
74
78
75
79
static int tcf_ipt_release(struct tcf_ipt *ipt, int bind)