xt_register_target(tgt); })
#define arpt_unregister_target(tgt) xt_unregister_target(tgt)
-extern int arpt_register_table(struct arpt_table *table,
- const struct arpt_replace *repl);
+extern struct arpt_table *arpt_register_table(struct arpt_table *table,
+ const struct arpt_replace *repl);
extern void arpt_unregister_table(struct arpt_table *table);
extern unsigned int arpt_do_table(struct sk_buff *skb,
unsigned int hook,
#include <linux/init.h>
extern void ipt_init(void) __init;
-extern int ipt_register_table(struct xt_table *table,
- const struct ipt_replace *repl);
+extern struct xt_table *ipt_register_table(struct net *net,
+ struct xt_table *table,
+ const struct ipt_replace *repl);
extern void ipt_unregister_table(struct xt_table *table);
/* Standard entry. */
#include <linux/init.h>
extern void ip6t_init(void) __init;
-extern int ip6t_register_table(struct xt_table *table,
- const struct ip6t_replace *repl);
+extern struct xt_table *ip6t_register_table(struct xt_table *table,
+ const struct ip6t_replace *repl);
extern void ip6t_unregister_table(struct xt_table *table);
extern unsigned int ip6t_do_table(struct sk_buff *skb,
unsigned int hook,
return ret;
}
-int arpt_register_table(struct arpt_table *table,
- const struct arpt_replace *repl)
+struct arpt_table *arpt_register_table(struct arpt_table *table,
+ const struct arpt_replace *repl)
{
int ret;
struct xt_table_info *newinfo;
newinfo = xt_alloc_table_info(repl->size);
if (!newinfo) {
ret = -ENOMEM;
- return ret;
+ goto out;
}
/* choose the copy on our node/cpu */
repl->underflow);
duprintf("arpt_register_table: translate table gives %d\n", ret);
- if (ret != 0) {
- xt_free_table_info(newinfo);
- return ret;
- }
+ if (ret != 0)
+ goto out_free;
new_table = xt_register_table(&init_net, table, &bootstrap, newinfo);
if (IS_ERR(new_table)) {
- xt_free_table_info(newinfo);
- return PTR_ERR(new_table);
+ ret = PTR_ERR(new_table);
+ goto out_free;
}
+ return new_table;
- return 0;
+out_free:
+ xt_free_table_info(newinfo);
+out:
+ return ERR_PTR(ret);
}
void arpt_unregister_table(struct arpt_table *table)
.term = ARPT_ERROR_INIT,
};
-static struct arpt_table packet_filter = {
+static struct arpt_table __packet_filter = {
.name = "filter",
.valid_hooks = FILTER_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = NF_ARP,
};
+static struct arpt_table *packet_filter;
/* The work comes in here from netfilter.c */
static unsigned int arpt_hook(unsigned int hook,
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return arpt_do_table(skb, hook, in, out, &packet_filter);
+ return arpt_do_table(skb, hook, in, out, packet_filter);
}
static struct nf_hook_ops arpt_ops[] __read_mostly = {
int ret;
/* Register table */
- ret = arpt_register_table(&packet_filter, &initial_table.repl);
- if (ret < 0)
- return ret;
+ packet_filter = arpt_register_table(&__packet_filter, &initial_table.repl);
+ if (IS_ERR(packet_filter))
+ return PTR_ERR(packet_filter);
ret = nf_register_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));
if (ret < 0)
return ret;
cleanup_table:
- arpt_unregister_table(&packet_filter);
+ arpt_unregister_table(packet_filter);
return ret;
}
static void __exit arptable_filter_fini(void)
{
nf_unregister_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));
- arpt_unregister_table(&packet_filter);
+ arpt_unregister_table(packet_filter);
}
module_init(arptable_filter_init);
return ret;
}
-int ipt_register_table(struct xt_table *table, const struct ipt_replace *repl)
+struct xt_table *ipt_register_table(struct net *net, struct xt_table *table,
+ const struct ipt_replace *repl)
{
int ret;
struct xt_table_info *newinfo;
struct xt_table *new_table;
newinfo = xt_alloc_table_info(repl->size);
- if (!newinfo)
- return -ENOMEM;
+ if (!newinfo) {
+ ret = -ENOMEM;
+ goto out;
+ }
/* choose the copy on our node/cpu, but dont care about preemption */
loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
repl->num_entries,
repl->hook_entry,
repl->underflow);
- if (ret != 0) {
- xt_free_table_info(newinfo);
- return ret;
- }
+ if (ret != 0)
+ goto out_free;
- new_table = xt_register_table(&init_net, table, &bootstrap, newinfo);
+ new_table = xt_register_table(net, table, &bootstrap, newinfo);
if (IS_ERR(new_table)) {
- xt_free_table_info(newinfo);
- return PTR_ERR(new_table);
+ ret = PTR_ERR(new_table);
+ goto out_free;
}
- return 0;
+ return new_table;
+
+out_free:
+ xt_free_table_info(newinfo);
+out:
+ return ERR_PTR(ret);
}
void ipt_unregister_table(struct xt_table *table)
.term = IPT_ERROR_INIT, /* ERROR */
};
-static struct xt_table packet_filter = {
+static struct xt_table __packet_filter = {
.name = "filter",
.valid_hooks = FILTER_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET,
};
+static struct xt_table *packet_filter;
/* The work comes in here from netfilter.c. */
static unsigned int
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ipt_do_table(skb, hook, in, out, &packet_filter);
+ return ipt_do_table(skb, hook, in, out, packet_filter);
}
static unsigned int
return NF_ACCEPT;
}
- return ipt_do_table(skb, hook, in, out, &packet_filter);
+ return ipt_do_table(skb, hook, in, out, packet_filter);
}
static struct nf_hook_ops ipt_ops[] __read_mostly = {
initial_table.entries[1].target.verdict = -forward - 1;
/* Register table */
- ret = ipt_register_table(&packet_filter, &initial_table.repl);
- if (ret < 0)
- return ret;
+ packet_filter = ipt_register_table(&init_net, &__packet_filter,
+ &initial_table.repl);
+ if (IS_ERR(packet_filter))
+ return PTR_ERR(packet_filter);
/* Register hooks */
ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
return ret;
cleanup_table:
- ipt_unregister_table(&packet_filter);
+ ipt_unregister_table(packet_filter);
return ret;
}
static void __exit iptable_filter_fini(void)
{
nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
- ipt_unregister_table(&packet_filter);
+ ipt_unregister_table(packet_filter);
}
module_init(iptable_filter_init);
.term = IPT_ERROR_INIT, /* ERROR */
};
-static struct xt_table packet_mangler = {
+static struct xt_table __packet_mangler = {
.name = "mangle",
.valid_hooks = MANGLE_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET,
};
+static struct xt_table *packet_mangler;
/* The work comes in here from netfilter.c. */
static unsigned int
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ipt_do_table(skb, hook, in, out, &packet_mangler);
+ return ipt_do_table(skb, hook, in, out, packet_mangler);
}
static unsigned int
daddr = iph->daddr;
tos = iph->tos;
- ret = ipt_do_table(skb, hook, in, out, &packet_mangler);
+ ret = ipt_do_table(skb, hook, in, out, packet_mangler);
/* Reroute for ANY change. */
if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) {
iph = ip_hdr(skb);
int ret;
/* Register table */
- ret = ipt_register_table(&packet_mangler, &initial_table.repl);
- if (ret < 0)
- return ret;
+ packet_mangler = ipt_register_table(&init_net, &__packet_mangler,
+ &initial_table.repl);
+ if (IS_ERR(packet_mangler))
+ return PTR_ERR(packet_mangler);
/* Register hooks */
ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
return ret;
cleanup_table:
- ipt_unregister_table(&packet_mangler);
+ ipt_unregister_table(packet_mangler);
return ret;
}
static void __exit iptable_mangle_fini(void)
{
nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
- ipt_unregister_table(&packet_mangler);
+ ipt_unregister_table(packet_mangler);
}
module_init(iptable_mangle_init);
.term = IPT_ERROR_INIT, /* ERROR */
};
-static struct xt_table packet_raw = {
+static struct xt_table __packet_raw = {
.name = "raw",
.valid_hooks = RAW_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET,
};
+static struct xt_table *packet_raw;
/* The work comes in here from netfilter.c. */
static unsigned int
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ipt_do_table(skb, hook, in, out, &packet_raw);
+ return ipt_do_table(skb, hook, in, out, packet_raw);
}
static unsigned int
"packet.\n");
return NF_ACCEPT;
}
- return ipt_do_table(skb, hook, in, out, &packet_raw);
+ return ipt_do_table(skb, hook, in, out, packet_raw);
}
/* 'raw' is the very first table. */
int ret;
/* Register table */
- ret = ipt_register_table(&packet_raw, &initial_table.repl);
- if (ret < 0)
- return ret;
+ packet_raw = ipt_register_table(&init_net, &__packet_raw,
+ &initial_table.repl);
+ if (IS_ERR(packet_raw))
+ return PTR_ERR(packet_raw);
/* Register hooks */
ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
return ret;
cleanup_table:
- ipt_unregister_table(&packet_raw);
+ ipt_unregister_table(packet_raw);
return ret;
}
static void __exit iptable_raw_fini(void)
{
nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
- ipt_unregister_table(&packet_raw);
+ ipt_unregister_table(packet_raw);
}
module_init(iptable_raw_init);
.term = IPT_ERROR_INIT, /* ERROR */
};
-static struct xt_table nat_table = {
+static struct xt_table __nat_table = {
.name = "nat",
.valid_hooks = NAT_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET,
};
+static struct xt_table *nat_table;
/* Source NAT */
static unsigned int ipt_snat_target(struct sk_buff *skb,
{
int ret;
- ret = ipt_do_table(skb, hooknum, in, out, &nat_table);
+ ret = ipt_do_table(skb, hooknum, in, out, nat_table);
if (ret == NF_ACCEPT) {
if (!nf_nat_initialized(ct, HOOK2MANIP(hooknum)))
{
int ret;
- ret = ipt_register_table(&nat_table, &nat_initial_table.repl);
- if (ret != 0)
- return ret;
+ nat_table = ipt_register_table(&init_net, &__nat_table,
+ &nat_initial_table.repl);
+ if (IS_ERR(nat_table))
+ return PTR_ERR(nat_table);
ret = xt_register_target(&ipt_snat_reg);
if (ret != 0)
goto unregister_table;
unregister_snat:
xt_unregister_target(&ipt_snat_reg);
unregister_table:
- ipt_unregister_table(&nat_table);
+ ipt_unregister_table(nat_table);
return ret;
}
{
xt_unregister_target(&ipt_dnat_reg);
xt_unregister_target(&ipt_snat_reg);
- ipt_unregister_table(&nat_table);
+ ipt_unregister_table(nat_table);
}
return ret;
}
-int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl)
+struct xt_table *ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl)
{
int ret;
struct xt_table_info *newinfo;
struct xt_table *new_table;
newinfo = xt_alloc_table_info(repl->size);
- if (!newinfo)
- return -ENOMEM;
+ if (!newinfo) {
+ ret = -ENOMEM;
+ goto out;
+ }
/* choose the copy on our node/cpu, but dont care about preemption */
loc_cpu_entry = newinfo->entries[raw_smp_processor_id()];
repl->num_entries,
repl->hook_entry,
repl->underflow);
- if (ret != 0) {
- xt_free_table_info(newinfo);
- return ret;
- }
+ if (ret != 0)
+ goto out_free;
new_table = xt_register_table(&init_net, table, &bootstrap, newinfo);
if (IS_ERR(new_table)) {
- xt_free_table_info(newinfo);
- return PTR_ERR(new_table);
+ ret = PTR_ERR(new_table);
+ goto out_free;
}
+ return new_table;
- return 0;
+out_free:
+ xt_free_table_info(newinfo);
+out:
+ return ERR_PTR(ret);
}
void ip6t_unregister_table(struct xt_table *table)
.term = IP6T_ERROR_INIT, /* ERROR */
};
-static struct xt_table packet_filter = {
+static struct xt_table __packet_filter = {
.name = "filter",
.valid_hooks = FILTER_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET6,
};
+static struct xt_table *packet_filter;
/* The work comes in here from netfilter.c. */
static unsigned int
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ip6t_do_table(skb, hook, in, out, &packet_filter);
+ return ip6t_do_table(skb, hook, in, out, packet_filter);
}
static unsigned int
}
#endif
- return ip6t_do_table(skb, hook, in, out, &packet_filter);
+ return ip6t_do_table(skb, hook, in, out, packet_filter);
}
static struct nf_hook_ops ip6t_ops[] __read_mostly = {
initial_table.entries[1].target.verdict = -forward - 1;
/* Register table */
- ret = ip6t_register_table(&packet_filter, &initial_table.repl);
- if (ret < 0)
- return ret;
+ packet_filter = ip6t_register_table(&__packet_filter, &initial_table.repl);
+ if (IS_ERR(packet_filter))
+ return PTR_ERR(packet_filter);
/* Register hooks */
ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
return ret;
cleanup_table:
- ip6t_unregister_table(&packet_filter);
+ ip6t_unregister_table(packet_filter);
return ret;
}
static void __exit ip6table_filter_fini(void)
{
nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
- ip6t_unregister_table(&packet_filter);
+ ip6t_unregister_table(packet_filter);
}
module_init(ip6table_filter_init);
.term = IP6T_ERROR_INIT, /* ERROR */
};
-static struct xt_table packet_mangler = {
+static struct xt_table __packet_mangler = {
.name = "mangle",
.valid_hooks = MANGLE_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET6,
};
+static struct xt_table *packet_mangler;
/* The work comes in here from netfilter.c. */
static unsigned int
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ip6t_do_table(skb, hook, in, out, &packet_mangler);
+ return ip6t_do_table(skb, hook, in, out, packet_mangler);
}
static unsigned int
/* flowlabel and prio (includes version, which shouldn't change either */
flowlabel = *((u_int32_t *)ipv6_hdr(skb));
- ret = ip6t_do_table(skb, hook, in, out, &packet_mangler);
+ ret = ip6t_do_table(skb, hook, in, out, packet_mangler);
if (ret != NF_DROP && ret != NF_STOLEN
&& (memcmp(&ipv6_hdr(skb)->saddr, &saddr, sizeof(saddr))
int ret;
/* Register table */
- ret = ip6t_register_table(&packet_mangler, &initial_table.repl);
- if (ret < 0)
- return ret;
+ packet_mangler = ip6t_register_table(&__packet_mangler, &initial_table.repl);
+ if (IS_ERR(packet_mangler))
+ return PTR_ERR(packet_mangler);
/* Register hooks */
ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
return ret;
cleanup_table:
- ip6t_unregister_table(&packet_mangler);
+ ip6t_unregister_table(packet_mangler);
return ret;
}
static void __exit ip6table_mangle_fini(void)
{
nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
- ip6t_unregister_table(&packet_mangler);
+ ip6t_unregister_table(packet_mangler);
}
module_init(ip6table_mangle_init);
.term = IP6T_ERROR_INIT, /* ERROR */
};
-static struct xt_table packet_raw = {
+static struct xt_table __packet_raw = {
.name = "raw",
.valid_hooks = RAW_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
.me = THIS_MODULE,
.af = AF_INET6,
};
+static struct xt_table *packet_raw;
/* The work comes in here from netfilter.c. */
static unsigned int
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ip6t_do_table(skb, hook, in, out, &packet_raw);
+ return ip6t_do_table(skb, hook, in, out, packet_raw);
}
static struct nf_hook_ops ip6t_ops[] __read_mostly = {
int ret;
/* Register table */
- ret = ip6t_register_table(&packet_raw, &initial_table.repl);
- if (ret < 0)
- return ret;
+ packet_raw = ip6t_register_table(&__packet_raw, &initial_table.repl);
+ if (IS_ERR(packet_raw))
+ return PTR_ERR(packet_raw);
/* Register hooks */
ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
return ret;
cleanup_table:
- ip6t_unregister_table(&packet_raw);
+ ip6t_unregister_table(packet_raw);
return ret;
}
static void __exit ip6table_raw_fini(void)
{
nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
- ip6t_unregister_table(&packet_raw);
+ ip6t_unregister_table(packet_raw);
}
module_init(ip6table_raw_init);
struct xt_table_info *private;
struct xt_table *t;
+ /* Don't add one object to multiple lists. */
+ table = kmemdup(table, sizeof(struct xt_table), GFP_KERNEL);
+ if (!table) {
+ ret = -ENOMEM;
+ goto out;
+ }
+
ret = mutex_lock_interruptible(&xt[table->af].mutex);
if (ret != 0)
- goto out;
+ goto out_free;
/* Don't autoload: we'd eat our tail... */
list_for_each_entry(t, &net->xt.tables[table->af], list) {
unlock:
mutex_unlock(&xt[table->af].mutex);
+out_free:
+ kfree(table);
out:
return ERR_PTR(ret);
}
private = table->private;
list_del(&table->list);
mutex_unlock(&xt[table->af].mutex);
+ kfree(table);
return private;
}
projects / GitHub / LineageOS / android_kernel_samsung_universal7580.git / commitdiff