netfilter: iptables: Add a .pre_exit hook in all iptable_foo.c.
Using new helpers ipt_unregister_table_pre_exit() and
ipt_unregister_table_exit().
Fixes: b9e69e1273
("netfilter: xtables: don't hook tables by default")
Signed-off-by: David Wilder <dwilder@us.ibm.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
1cbf90985f
commit
cf4cbc610b
@ -72,16 +72,24 @@ static int __net_init iptable_filter_net_init(struct net *net)
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void __net_exit iptable_filter_net_pre_exit(struct net *net)
|
||||
{
|
||||
if (net->ipv4.iptable_filter)
|
||||
ipt_unregister_table_pre_exit(net, net->ipv4.iptable_filter,
|
||||
filter_ops);
|
||||
}
|
||||
|
||||
static void __net_exit iptable_filter_net_exit(struct net *net)
|
||||
{
|
||||
if (!net->ipv4.iptable_filter)
|
||||
return;
|
||||
ipt_unregister_table(net, net->ipv4.iptable_filter, filter_ops);
|
||||
ipt_unregister_table_exit(net, net->ipv4.iptable_filter);
|
||||
net->ipv4.iptable_filter = NULL;
|
||||
}
|
||||
|
||||
static struct pernet_operations iptable_filter_net_ops = {
|
||||
.init = iptable_filter_net_init,
|
||||
.pre_exit = iptable_filter_net_pre_exit,
|
||||
.exit = iptable_filter_net_exit,
|
||||
};
|
||||
|
||||
|
@ -100,15 +100,23 @@ static int __net_init iptable_mangle_table_init(struct net *net)
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void __net_exit iptable_mangle_net_pre_exit(struct net *net)
|
||||
{
|
||||
if (net->ipv4.iptable_mangle)
|
||||
ipt_unregister_table_pre_exit(net, net->ipv4.iptable_mangle,
|
||||
mangle_ops);
|
||||
}
|
||||
|
||||
static void __net_exit iptable_mangle_net_exit(struct net *net)
|
||||
{
|
||||
if (!net->ipv4.iptable_mangle)
|
||||
return;
|
||||
ipt_unregister_table(net, net->ipv4.iptable_mangle, mangle_ops);
|
||||
ipt_unregister_table_exit(net, net->ipv4.iptable_mangle);
|
||||
net->ipv4.iptable_mangle = NULL;
|
||||
}
|
||||
|
||||
static struct pernet_operations iptable_mangle_net_ops = {
|
||||
.pre_exit = iptable_mangle_net_pre_exit,
|
||||
.exit = iptable_mangle_net_exit,
|
||||
};
|
||||
|
||||
|
@ -113,16 +113,22 @@ static int __net_init iptable_nat_table_init(struct net *net)
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void __net_exit iptable_nat_net_pre_exit(struct net *net)
|
||||
{
|
||||
if (net->ipv4.nat_table)
|
||||
ipt_nat_unregister_lookups(net);
|
||||
}
|
||||
|
||||
static void __net_exit iptable_nat_net_exit(struct net *net)
|
||||
{
|
||||
if (!net->ipv4.nat_table)
|
||||
return;
|
||||
ipt_nat_unregister_lookups(net);
|
||||
ipt_unregister_table(net, net->ipv4.nat_table, NULL);
|
||||
ipt_unregister_table_exit(net, net->ipv4.nat_table);
|
||||
net->ipv4.nat_table = NULL;
|
||||
}
|
||||
|
||||
static struct pernet_operations iptable_nat_net_ops = {
|
||||
.pre_exit = iptable_nat_net_pre_exit,
|
||||
.exit = iptable_nat_net_exit,
|
||||
};
|
||||
|
||||
|
@ -67,15 +67,23 @@ static int __net_init iptable_raw_table_init(struct net *net)
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void __net_exit iptable_raw_net_pre_exit(struct net *net)
|
||||
{
|
||||
if (net->ipv4.iptable_raw)
|
||||
ipt_unregister_table_pre_exit(net, net->ipv4.iptable_raw,
|
||||
rawtable_ops);
|
||||
}
|
||||
|
||||
static void __net_exit iptable_raw_net_exit(struct net *net)
|
||||
{
|
||||
if (!net->ipv4.iptable_raw)
|
||||
return;
|
||||
ipt_unregister_table(net, net->ipv4.iptable_raw, rawtable_ops);
|
||||
ipt_unregister_table_exit(net, net->ipv4.iptable_raw);
|
||||
net->ipv4.iptable_raw = NULL;
|
||||
}
|
||||
|
||||
static struct pernet_operations iptable_raw_net_ops = {
|
||||
.pre_exit = iptable_raw_net_pre_exit,
|
||||
.exit = iptable_raw_net_exit,
|
||||
};
|
||||
|
||||
|
@ -62,16 +62,23 @@ static int __net_init iptable_security_table_init(struct net *net)
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void __net_exit iptable_security_net_pre_exit(struct net *net)
|
||||
{
|
||||
if (net->ipv4.iptable_security)
|
||||
ipt_unregister_table_pre_exit(net, net->ipv4.iptable_security,
|
||||
sectbl_ops);
|
||||
}
|
||||
|
||||
static void __net_exit iptable_security_net_exit(struct net *net)
|
||||
{
|
||||
if (!net->ipv4.iptable_security)
|
||||
return;
|
||||
|
||||
ipt_unregister_table(net, net->ipv4.iptable_security, sectbl_ops);
|
||||
ipt_unregister_table_exit(net, net->ipv4.iptable_security);
|
||||
net->ipv4.iptable_security = NULL;
|
||||
}
|
||||
|
||||
static struct pernet_operations iptable_security_net_ops = {
|
||||
.pre_exit = iptable_security_net_pre_exit,
|
||||
.exit = iptable_security_net_exit,
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user