diff options
| author |   David Wilder <dwilder@us.ibm.com> | 2020-06-22 10:10:11 -0700 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2020-06-25 00:50:31 +0200 |
| commit | 1cbf90985f7448f1b0dd630e17ee1070f7d58665 (patch) | |
| tree | 8d473cea2adc595d306a104ff64db2d53cdb3881 /include | |
| parent | netfilter: Add MODULE_DESCRIPTION entries to kernel modules (diff) | |
| download | wireguard-linux-1cbf90985f7448f1b0dd630e17ee1070f7d58665.tar.xz wireguard-linux-1cbf90985f7448f1b0dd630e17ee1070f7d58665.zip | |
netfilter: iptables: Split ipt_unregister_table() into pre_exit and exit helpers.
The pre_exit will un-register the underlying hook and .exit will do the
table freeing. The netns core does an unconditional synchronize_rcu after
the pre_exit hooks insuring no packets are in flight that have picked up
the pointer before completing the un-register.
Fixes: b9e69e127397 ("netfilter: xtables: don't hook tables by default")
Signed-off-by: David Wilder <dwilder@us.ibm.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/netfilter_ipv4/ip_tables.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h index b394bd4f68a3..c4676d6feeff 100644 --- a/include/linux/netfilter_ipv4/ip_tables.h +++ b/include/linux/netfilter_ipv4/ip_tables.h @@ -25,6 +25,12 @@ int ipt_register_table(struct net *net, const struct xt_table *table, const struct ipt_replace *repl, const struct nf_hook_ops *ops, struct xt_table **res); + +void ipt_unregister_table_pre_exit(struct net *net, struct xt_table *table, + const struct nf_hook_ops *ops); + +void ipt_unregister_table_exit(struct net *net, struct xt_table *table); + void ipt_unregister_table(struct net *net, struct xt_table *table, const struct nf_hook_ops *ops); |