diff options
author | David Wilder <dwilder@us.ibm.com> | 2020-06-22 10:10:13 -0700 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-06-25 00:50:31 +0200 |
commit | 57ea5f18882a3d7cf6135fa8c949a37c89395837 (patch) | |
tree | ff378c1e49efa8e4841348c6c32e8e2e6d834bfc /include/linux | |
parent | cf4cbc610bfa29a88cd71ca638a890f8c565a22e (diff) | |
download | linux-57ea5f18882a3d7cf6135fa8c949a37c89395837.tar.bz2 |
netfilter: ip6tables: Split ip6t_unregister_table() into pre_exit and exit helpers.
The pre_exit will un-register the underlying hook and .exit will do
the table freeing. The netns core does an unconditional synchronize_rcu
after the pre_exit hooks insuring no packets are in flight that have
picked up the pointer before completing the un-register.
Fixes: b9e69e127397 ("netfilter: xtables: don't hook tables by default")
Signed-off-by: David Wilder <dwilder@us.ibm.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/netfilter_ipv6/ip6_tables.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h index 8225f7821a29..1547d5f9ae06 100644 --- a/include/linux/netfilter_ipv6/ip6_tables.h +++ b/include/linux/netfilter_ipv6/ip6_tables.h @@ -29,6 +29,9 @@ int ip6t_register_table(struct net *net, const struct xt_table *table, const struct nf_hook_ops *ops, struct xt_table **res); void ip6t_unregister_table(struct net *net, struct xt_table *table, const struct nf_hook_ops *ops); +void ip6t_unregister_table_pre_exit(struct net *net, struct xt_table *table, + const struct nf_hook_ops *ops); +void ip6t_unregister_table_exit(struct net *net, struct xt_table *table); extern unsigned int ip6t_do_table(struct sk_buff *skb, const struct nf_hook_state *state, struct xt_table *table); |