netfilter: ip6_tables: pass table pointer via nf_hook_ops

[sfrench/cifs-2.6.git] / net / ipv6 / netfilter / ip6_tables.c

diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 11c80da12ee38583d120a023e71716584b2ebcb5..e763716ffa258874f82fc89a0d8c3edcb5320ada 100644 (file)
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -1725,10 +1725,11 @@ static void __ip6t_unregister_table(struct net *net, struct xt_table *table)
 
 int ip6t_register_table(struct net *net, const struct xt_table *table,
                        const struct ip6t_replace *repl,
-                       const struct nf_hook_ops *ops,
-                       struct xt_table **res)
+                       const struct nf_hook_ops *template_ops)
 {
-       int ret;
+       struct nf_hook_ops *ops;
+       unsigned int num_ops;
+       int ret, i;
        struct xt_table_info *newinfo;
        struct xt_table_info bootstrap = {0};
        void *loc_cpu_entry;
@@ -1742,40 +1743,54 @@ int ip6t_register_table(struct net *net, const struct xt_table *table,
        memcpy(loc_cpu_entry, repl->entries, repl->size);
 
        ret = translate_table(net, newinfo, loc_cpu_entry, repl);
-       if (ret != 0)
-               goto out_free;
+       if (ret != 0) {
+               xt_free_table_info(newinfo);
+               return ret;
+       }
 
        new_table = xt_register_table(net, table, &bootstrap, newinfo);
        if (IS_ERR(new_table)) {
-               ret = PTR_ERR(new_table);
-               goto out_free;
+               xt_free_table_info(newinfo);
+               return PTR_ERR(new_table);
        }
 
-       /* set res now, will see skbs right after nf_register_net_hooks */
-       WRITE_ONCE(*res, new_table);
-       if (!ops)
+       if (!template_ops)
                return 0;
 
-       ret = nf_register_net_hooks(net, ops, hweight32(table->valid_hooks));
-       if (ret != 0) {
-               __ip6t_unregister_table(net, new_table);
-               *res = NULL;
+       num_ops = hweight32(table->valid_hooks);
+       if (num_ops == 0) {
+               ret = -EINVAL;
+               goto out_free;
        }
 
+       ops = kmemdup(template_ops, sizeof(*ops) * num_ops, GFP_KERNEL);
+       if (!ops) {
+               ret = -ENOMEM;
+               goto out_free;
+       }
+
+       for (i = 0; i < num_ops; i++)
+               ops[i].priv = new_table;
+
+       new_table->ops = ops;
+
+       ret = nf_register_net_hooks(net, ops, num_ops);
+       if (ret != 0)
+               goto out_free;
+
        return ret;
 
 out_free:
-       xt_free_table_info(newinfo);
+       __ip6t_unregister_table(net, new_table);
        return ret;
 }
 
-void ip6t_unregister_table_pre_exit(struct net *net, const char *name,
-                                   const struct nf_hook_ops *ops)
+void ip6t_unregister_table_pre_exit(struct net *net, const char *name)
 {
        struct xt_table *table = xt_find_table(net, NFPROTO_IPV6, name);
 
        if (table)
-               nf_unregister_net_hooks(net, ops, hweight32(table->valid_hooks));
+               nf_unregister_net_hooks(net, table->ops, hweight32(table->valid_hooks));
 }
 
 void ip6t_unregister_table_exit(struct net *net, const char *name)