Commit cf4cbc61 authored by David Wilder's avatar David Wilder Committed by Pablo Neira Ayuso

netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c.

Using new helpers ipt_unregister_table_pre_exit() and
ipt_unregister_table_exit().

Fixes: b9e69e12 ("netfilter: xtables: don't hook tables by default")
Signed-off-by: default avatarDavid Wilder <dwilder@us.ibm.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 1cbf9098
...@@ -72,16 +72,24 @@ static int __net_init iptable_filter_net_init(struct net *net) ...@@ -72,16 +72,24 @@ static int __net_init iptable_filter_net_init(struct net *net)
return 0; return 0;
} }
static void __net_exit iptable_filter_net_pre_exit(struct net *net)
{
if (net->ipv4.iptable_filter)
ipt_unregister_table_pre_exit(net, net->ipv4.iptable_filter,
filter_ops);
}
static void __net_exit iptable_filter_net_exit(struct net *net) static void __net_exit iptable_filter_net_exit(struct net *net)
{ {
if (!net->ipv4.iptable_filter) if (!net->ipv4.iptable_filter)
return; return;
ipt_unregister_table(net, net->ipv4.iptable_filter, filter_ops); ipt_unregister_table_exit(net, net->ipv4.iptable_filter);
net->ipv4.iptable_filter = NULL; net->ipv4.iptable_filter = NULL;
} }
static struct pernet_operations iptable_filter_net_ops = { static struct pernet_operations iptable_filter_net_ops = {
.init = iptable_filter_net_init, .init = iptable_filter_net_init,
.pre_exit = iptable_filter_net_pre_exit,
.exit = iptable_filter_net_exit, .exit = iptable_filter_net_exit,
}; };
......
...@@ -100,15 +100,23 @@ static int __net_init iptable_mangle_table_init(struct net *net) ...@@ -100,15 +100,23 @@ static int __net_init iptable_mangle_table_init(struct net *net)
return ret; return ret;
} }
static void __net_exit iptable_mangle_net_pre_exit(struct net *net)
{
if (net->ipv4.iptable_mangle)
ipt_unregister_table_pre_exit(net, net->ipv4.iptable_mangle,
mangle_ops);
}
static void __net_exit iptable_mangle_net_exit(struct net *net) static void __net_exit iptable_mangle_net_exit(struct net *net)
{ {
if (!net->ipv4.iptable_mangle) if (!net->ipv4.iptable_mangle)
return; return;
ipt_unregister_table(net, net->ipv4.iptable_mangle, mangle_ops); ipt_unregister_table_exit(net, net->ipv4.iptable_mangle);
net->ipv4.iptable_mangle = NULL; net->ipv4.iptable_mangle = NULL;
} }
static struct pernet_operations iptable_mangle_net_ops = { static struct pernet_operations iptable_mangle_net_ops = {
.pre_exit = iptable_mangle_net_pre_exit,
.exit = iptable_mangle_net_exit, .exit = iptable_mangle_net_exit,
}; };
......
...@@ -113,16 +113,22 @@ static int __net_init iptable_nat_table_init(struct net *net) ...@@ -113,16 +113,22 @@ static int __net_init iptable_nat_table_init(struct net *net)
return ret; return ret;
} }
static void __net_exit iptable_nat_net_pre_exit(struct net *net)
{
if (net->ipv4.nat_table)
ipt_nat_unregister_lookups(net);
}
static void __net_exit iptable_nat_net_exit(struct net *net) static void __net_exit iptable_nat_net_exit(struct net *net)
{ {
if (!net->ipv4.nat_table) if (!net->ipv4.nat_table)
return; return;
ipt_nat_unregister_lookups(net); ipt_unregister_table_exit(net, net->ipv4.nat_table);
ipt_unregister_table(net, net->ipv4.nat_table, NULL);
net->ipv4.nat_table = NULL; net->ipv4.nat_table = NULL;
} }
static struct pernet_operations iptable_nat_net_ops = { static struct pernet_operations iptable_nat_net_ops = {
.pre_exit = iptable_nat_net_pre_exit,
.exit = iptable_nat_net_exit, .exit = iptable_nat_net_exit,
}; };
......
...@@ -67,15 +67,23 @@ static int __net_init iptable_raw_table_init(struct net *net) ...@@ -67,15 +67,23 @@ static int __net_init iptable_raw_table_init(struct net *net)
return ret; return ret;
} }
static void __net_exit iptable_raw_net_pre_exit(struct net *net)
{
if (net->ipv4.iptable_raw)
ipt_unregister_table_pre_exit(net, net->ipv4.iptable_raw,
rawtable_ops);
}
static void __net_exit iptable_raw_net_exit(struct net *net) static void __net_exit iptable_raw_net_exit(struct net *net)
{ {
if (!net->ipv4.iptable_raw) if (!net->ipv4.iptable_raw)
return; return;
ipt_unregister_table(net, net->ipv4.iptable_raw, rawtable_ops); ipt_unregister_table_exit(net, net->ipv4.iptable_raw);
net->ipv4.iptable_raw = NULL; net->ipv4.iptable_raw = NULL;
} }
static struct pernet_operations iptable_raw_net_ops = { static struct pernet_operations iptable_raw_net_ops = {
.pre_exit = iptable_raw_net_pre_exit,
.exit = iptable_raw_net_exit, .exit = iptable_raw_net_exit,
}; };
......
...@@ -62,16 +62,23 @@ static int __net_init iptable_security_table_init(struct net *net) ...@@ -62,16 +62,23 @@ static int __net_init iptable_security_table_init(struct net *net)
return ret; return ret;
} }
static void __net_exit iptable_security_net_pre_exit(struct net *net)
{
if (net->ipv4.iptable_security)
ipt_unregister_table_pre_exit(net, net->ipv4.iptable_security,
sectbl_ops);
}
static void __net_exit iptable_security_net_exit(struct net *net) static void __net_exit iptable_security_net_exit(struct net *net)
{ {
if (!net->ipv4.iptable_security) if (!net->ipv4.iptable_security)
return; return;
ipt_unregister_table_exit(net, net->ipv4.iptable_security);
ipt_unregister_table(net, net->ipv4.iptable_security, sectbl_ops);
net->ipv4.iptable_security = NULL; net->ipv4.iptable_security = NULL;
} }
static struct pernet_operations iptable_security_net_ops = { static struct pernet_operations iptable_security_net_ops = {
.pre_exit = iptable_security_net_pre_exit,
.exit = iptable_security_net_exit, .exit = iptable_security_net_exit,
}; };
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment