netfilter: x_tables: set module owner for icmp(6) matches

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

nft_compat relies on xt_request_find_match to increment
refcount of the module that provides the match/target.

The (builtin) icmp matches did't set the module owner so it
was possible to rmmod ip(6)tables while icmp extensions were still in use.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by

Pablo Neira Ayuso 7 years ago d376bef9 d461e3da

2 changed files

expand all

net

ipv4

netfilter

ip_tables.c

ipv6

netfilter

ip6_tables.c

net/ipv4/netfilter/ip_tables.c

··· 1898 1898 .checkentry = icmp_checkentry, 1899 1899 .proto = IPPROTO_ICMP, 1900 1900 .family = NFPROTO_IPV4, 1901 + .me = THIS_MODULE, 1901 1902 }, 1902 1903 }; 1903 1904

net/ipv6/netfilter/ip6_tables.c

··· 1909 1909 .checkentry = icmp6_checkentry, 1910 1910 .proto = IPPROTO_ICMPV6, 1911 1911 .family = NFPROTO_IPV6, 1912 + .me = THIS_MODULE, 1912 1913 }, 1913 1914 }; 1914 1915