diff options
Diffstat (limited to 'net/ipv6/netfilter')
-rw-r--r-- | net/ipv6/netfilter/ip6_tables.c | 24 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_filter.c | 17 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_mangle.c | 17 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_raw.c | 15 |
4 files changed, 40 insertions, 33 deletions
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 1aac3ef39414..b89f133f41d0 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -2074,7 +2074,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) return ret; } -int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl) +struct xt_table *ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl) { int ret; struct xt_table_info *newinfo; @@ -2084,8 +2084,10 @@ int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl) struct xt_table *new_table; newinfo = xt_alloc_table_info(repl->size); - if (!newinfo) - return -ENOMEM; + if (!newinfo) { + ret = -ENOMEM; + goto out; + } /* choose the copy on our node/cpu, but dont care about preemption */ loc_cpu_entry = newinfo->entries[raw_smp_processor_id()]; @@ -2096,18 +2098,20 @@ int ip6t_register_table(struct xt_table *table, const struct ip6t_replace *repl) repl->num_entries, repl->hook_entry, repl->underflow); - if (ret != 0) { - xt_free_table_info(newinfo); - return ret; - } + if (ret != 0) + goto out_free; new_table = xt_register_table(&init_net, table, &bootstrap, newinfo); if (IS_ERR(new_table)) { - xt_free_table_info(newinfo); - return PTR_ERR(new_table); + ret = PTR_ERR(new_table); + goto out_free; } + return new_table; - return 0; +out_free: + xt_free_table_info(newinfo); +out: + return ERR_PTR(ret); } void ip6t_unregister_table(struct xt_table *table) diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index 87d38d08aad0..bffd67f32359 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c @@ -51,13 +51,14 @@ static struct .term = IP6T_ERROR_INIT, /* ERROR */ }; -static struct xt_table packet_filter = { +static struct xt_table __packet_filter = { .name = "filter", .valid_hooks = FILTER_VALID_HOOKS, .lock = RW_LOCK_UNLOCKED, .me = THIS_MODULE, .af = AF_INET6, }; +static struct xt_table *packet_filter; /* The work comes in here from netfilter.c. */ static unsigned int @@ -67,7 +68,7 @@ ip6t_hook(unsigned int hook, const struct net_device *out, int (*okfn)(struct sk_buff *)) { - return ip6t_do_table(skb, hook, in, out, &packet_filter); + return ip6t_do_table(skb, hook, in, out, packet_filter); } static unsigned int @@ -87,7 +88,7 @@ ip6t_local_out_hook(unsigned int hook, } #endif - return ip6t_do_table(skb, hook, in, out, &packet_filter); + return ip6t_do_table(skb, hook, in, out, packet_filter); } static struct nf_hook_ops ip6t_ops[] __read_mostly = { @@ -131,9 +132,9 @@ static int __init ip6table_filter_init(void) initial_table.entries[1].target.verdict = -forward - 1; /* Register table */ - ret = ip6t_register_table(&packet_filter, &initial_table.repl); - if (ret < 0) - return ret; + packet_filter = ip6t_register_table(&__packet_filter, &initial_table.repl); + if (IS_ERR(packet_filter)) + return PTR_ERR(packet_filter); /* Register hooks */ ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); @@ -143,14 +144,14 @@ static int __init ip6table_filter_init(void) return ret; cleanup_table: - ip6t_unregister_table(&packet_filter); + ip6t_unregister_table(packet_filter); return ret; } static void __exit ip6table_filter_fini(void) { nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); - ip6t_unregister_table(&packet_filter); + ip6t_unregister_table(packet_filter); } module_init(ip6table_filter_init); diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index d6082600bc5d..63d334df3b40 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c @@ -57,13 +57,14 @@ static struct .term = IP6T_ERROR_INIT, /* ERROR */ }; -static struct xt_table packet_mangler = { +static struct xt_table __packet_mangler = { .name = "mangle", .valid_hooks = MANGLE_VALID_HOOKS, .lock = RW_LOCK_UNLOCKED, .me = THIS_MODULE, .af = AF_INET6, }; +static struct xt_table *packet_mangler; /* The work comes in here from netfilter.c. */ static unsigned int @@ -73,7 +74,7 @@ ip6t_route_hook(unsigned int hook, const struct net_device *out, int (*okfn)(struct sk_buff *)) { - return ip6t_do_table(skb, hook, in, out, &packet_mangler); + return ip6t_do_table(skb, hook, in, out, packet_mangler); } static unsigned int @@ -108,7 +109,7 @@ ip6t_local_hook(unsigned int hook, /* flowlabel and prio (includes version, which shouldn't change either */ flowlabel = *((u_int32_t *)ipv6_hdr(skb)); - ret = ip6t_do_table(skb, hook, in, out, &packet_mangler); + ret = ip6t_do_table(skb, hook, in, out, packet_mangler); if (ret != NF_DROP && ret != NF_STOLEN && (memcmp(&ipv6_hdr(skb)->saddr, &saddr, sizeof(saddr)) @@ -163,9 +164,9 @@ static int __init ip6table_mangle_init(void) int ret; /* Register table */ - ret = ip6t_register_table(&packet_mangler, &initial_table.repl); - if (ret < 0) - return ret; + packet_mangler = ip6t_register_table(&__packet_mangler, &initial_table.repl); + if (IS_ERR(packet_mangler)) + return PTR_ERR(packet_mangler); /* Register hooks */ ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); @@ -175,14 +176,14 @@ static int __init ip6table_mangle_init(void) return ret; cleanup_table: - ip6t_unregister_table(&packet_mangler); + ip6t_unregister_table(packet_mangler); return ret; } static void __exit ip6table_mangle_fini(void) { nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); - ip6t_unregister_table(&packet_mangler); + ip6t_unregister_table(packet_mangler); } module_init(ip6table_mangle_init); diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index eccbaaa104af..7f55b236440e 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c @@ -35,13 +35,14 @@ static struct .term = IP6T_ERROR_INIT, /* ERROR */ }; -static struct xt_table packet_raw = { +static struct xt_table __packet_raw = { .name = "raw", .valid_hooks = RAW_VALID_HOOKS, .lock = RW_LOCK_UNLOCKED, .me = THIS_MODULE, .af = AF_INET6, }; +static struct xt_table *packet_raw; /* The work comes in here from netfilter.c. */ static unsigned int @@ -51,7 +52,7 @@ ip6t_hook(unsigned int hook, const struct net_device *out, int (*okfn)(struct sk_buff *)) { - return ip6t_do_table(skb, hook, in, out, &packet_raw); + return ip6t_do_table(skb, hook, in, out, packet_raw); } static struct nf_hook_ops ip6t_ops[] __read_mostly = { @@ -76,9 +77,9 @@ static int __init ip6table_raw_init(void) int ret; /* Register table */ - ret = ip6t_register_table(&packet_raw, &initial_table.repl); - if (ret < 0) - return ret; + packet_raw = ip6t_register_table(&__packet_raw, &initial_table.repl); + if (IS_ERR(packet_raw)) + return PTR_ERR(packet_raw); /* Register hooks */ ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); @@ -88,14 +89,14 @@ static int __init ip6table_raw_init(void) return ret; cleanup_table: - ip6t_unregister_table(&packet_raw); + ip6t_unregister_table(packet_raw); return ret; } static void __exit ip6table_raw_fini(void) { nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); - ip6t_unregister_table(&packet_raw); + ip6t_unregister_table(packet_raw); } module_init(ip6table_raw_init); |