Commit 5f027bc7 authored by David Wilder's avatar David Wilder Committed by Pablo Neira Ayuso

netfilter: ip6tables: Add a .pre_exit hook in all ip6table_foo.c.

Using new helpers ip6t_unregister_table_pre_exit() and
ip6t_unregister_table_exit().

Fixes: b9e69e12 ("netfilter: xtables: don't hook tables by default")
Signed-off-by: default avatarDavid Wilder <dwilder@us.ibm.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 57ea5f18
...@@ -73,16 +73,24 @@ static int __net_init ip6table_filter_net_init(struct net *net) ...@@ -73,16 +73,24 @@ static int __net_init ip6table_filter_net_init(struct net *net)
return 0; return 0;
} }
static void __net_exit ip6table_filter_net_pre_exit(struct net *net)
{
if (net->ipv6.ip6table_filter)
ip6t_unregister_table_pre_exit(net, net->ipv6.ip6table_filter,
filter_ops);
}
static void __net_exit ip6table_filter_net_exit(struct net *net) static void __net_exit ip6table_filter_net_exit(struct net *net)
{ {
if (!net->ipv6.ip6table_filter) if (!net->ipv6.ip6table_filter)
return; return;
ip6t_unregister_table(net, net->ipv6.ip6table_filter, filter_ops); ip6t_unregister_table_exit(net, net->ipv6.ip6table_filter);
net->ipv6.ip6table_filter = NULL; net->ipv6.ip6table_filter = NULL;
} }
static struct pernet_operations ip6table_filter_net_ops = { static struct pernet_operations ip6table_filter_net_ops = {
.init = ip6table_filter_net_init, .init = ip6table_filter_net_init,
.pre_exit = ip6table_filter_net_pre_exit,
.exit = ip6table_filter_net_exit, .exit = ip6table_filter_net_exit,
}; };
......
...@@ -93,16 +93,24 @@ static int __net_init ip6table_mangle_table_init(struct net *net) ...@@ -93,16 +93,24 @@ static int __net_init ip6table_mangle_table_init(struct net *net)
return ret; return ret;
} }
static void __net_exit ip6table_mangle_net_pre_exit(struct net *net)
{
if (net->ipv6.ip6table_mangle)
ip6t_unregister_table_pre_exit(net, net->ipv6.ip6table_mangle,
mangle_ops);
}
static void __net_exit ip6table_mangle_net_exit(struct net *net) static void __net_exit ip6table_mangle_net_exit(struct net *net)
{ {
if (!net->ipv6.ip6table_mangle) if (!net->ipv6.ip6table_mangle)
return; return;
ip6t_unregister_table(net, net->ipv6.ip6table_mangle, mangle_ops); ip6t_unregister_table_exit(net, net->ipv6.ip6table_mangle);
net->ipv6.ip6table_mangle = NULL; net->ipv6.ip6table_mangle = NULL;
} }
static struct pernet_operations ip6table_mangle_net_ops = { static struct pernet_operations ip6table_mangle_net_ops = {
.pre_exit = ip6table_mangle_net_pre_exit,
.exit = ip6table_mangle_net_exit, .exit = ip6table_mangle_net_exit,
}; };
......
...@@ -114,16 +114,22 @@ static int __net_init ip6table_nat_table_init(struct net *net) ...@@ -114,16 +114,22 @@ static int __net_init ip6table_nat_table_init(struct net *net)
return ret; return ret;
} }
static void __net_exit ip6table_nat_net_pre_exit(struct net *net)
{
if (net->ipv6.ip6table_nat)
ip6t_nat_unregister_lookups(net);
}
static void __net_exit ip6table_nat_net_exit(struct net *net) static void __net_exit ip6table_nat_net_exit(struct net *net)
{ {
if (!net->ipv6.ip6table_nat) if (!net->ipv6.ip6table_nat)
return; return;
ip6t_nat_unregister_lookups(net); ip6t_unregister_table_exit(net, net->ipv6.ip6table_nat);
ip6t_unregister_table(net, net->ipv6.ip6table_nat, NULL);
net->ipv6.ip6table_nat = NULL; net->ipv6.ip6table_nat = NULL;
} }
static struct pernet_operations ip6table_nat_net_ops = { static struct pernet_operations ip6table_nat_net_ops = {
.pre_exit = ip6table_nat_net_pre_exit,
.exit = ip6table_nat_net_exit, .exit = ip6table_nat_net_exit,
}; };
......
...@@ -66,15 +66,23 @@ static int __net_init ip6table_raw_table_init(struct net *net) ...@@ -66,15 +66,23 @@ static int __net_init ip6table_raw_table_init(struct net *net)
return ret; return ret;
} }
static void __net_exit ip6table_raw_net_pre_exit(struct net *net)
{
if (net->ipv6.ip6table_raw)
ip6t_unregister_table_pre_exit(net, net->ipv6.ip6table_raw,
rawtable_ops);
}
static void __net_exit ip6table_raw_net_exit(struct net *net) static void __net_exit ip6table_raw_net_exit(struct net *net)
{ {
if (!net->ipv6.ip6table_raw) if (!net->ipv6.ip6table_raw)
return; return;
ip6t_unregister_table(net, net->ipv6.ip6table_raw, rawtable_ops); ip6t_unregister_table_exit(net, net->ipv6.ip6table_raw);
net->ipv6.ip6table_raw = NULL; net->ipv6.ip6table_raw = NULL;
} }
static struct pernet_operations ip6table_raw_net_ops = { static struct pernet_operations ip6table_raw_net_ops = {
.pre_exit = ip6table_raw_net_pre_exit,
.exit = ip6table_raw_net_exit, .exit = ip6table_raw_net_exit,
}; };
......
...@@ -61,15 +61,23 @@ static int __net_init ip6table_security_table_init(struct net *net) ...@@ -61,15 +61,23 @@ static int __net_init ip6table_security_table_init(struct net *net)
return ret; return ret;
} }
static void __net_exit ip6table_security_net_pre_exit(struct net *net)
{
if (net->ipv6.ip6table_security)
ip6t_unregister_table_pre_exit(net, net->ipv6.ip6table_security,
sectbl_ops);
}
static void __net_exit ip6table_security_net_exit(struct net *net) static void __net_exit ip6table_security_net_exit(struct net *net)
{ {
if (!net->ipv6.ip6table_security) if (!net->ipv6.ip6table_security)
return; return;
ip6t_unregister_table(net, net->ipv6.ip6table_security, sectbl_ops); ip6t_unregister_table_exit(net, net->ipv6.ip6table_security);
net->ipv6.ip6table_security = NULL; net->ipv6.ip6table_security = NULL;
} }
static struct pernet_operations ip6table_security_net_ops = { static struct pernet_operations ip6table_security_net_ops = {
.pre_exit = ip6table_security_net_pre_exit,
.exit = ip6table_security_net_exit, .exit = ip6table_security_net_exit,
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment