|
|
@@ -23,6 +23,20 @@
|
|
|
#include <linux/netfilter_arp/arp_tables.h>
|
|
|
#include <net/netfilter/nf_tables.h>
|
|
|
|
|
|
+struct nft_xt {
|
|
|
+ struct list_head head;
|
|
|
+ struct nft_expr_ops ops;
|
|
|
+ unsigned int refcnt;
|
|
|
+};
|
|
|
+
|
|
|
+static void nft_xt_put(struct nft_xt *xt)
|
|
|
+{
|
|
|
+ if (--xt->refcnt == 0) {
|
|
|
+ list_del(&xt->head);
|
|
|
+ kfree(xt);
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
static int nft_compat_chain_validate_dependency(const char *tablename,
|
|
|
const struct nft_chain *chain)
|
|
|
{
|
|
|
@@ -260,6 +274,7 @@ nft_target_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)
|
|
|
if (par.target->destroy != NULL)
|
|
|
par.target->destroy(&par);
|
|
|
|
|
|
+ nft_xt_put(container_of(expr->ops, struct nft_xt, ops));
|
|
|
module_put(target->me);
|
|
|
}
|
|
|
|
|
|
@@ -442,6 +457,7 @@ nft_match_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr)
|
|
|
if (par.match->destroy != NULL)
|
|
|
par.match->destroy(&par);
|
|
|
|
|
|
+ nft_xt_put(container_of(expr->ops, struct nft_xt, ops));
|
|
|
module_put(match->me);
|
|
|
}
|
|
|
|
|
|
@@ -612,11 +628,6 @@ static const struct nfnetlink_subsystem nfnl_compat_subsys = {
|
|
|
|
|
|
static LIST_HEAD(nft_match_list);
|
|
|
|
|
|
-struct nft_xt {
|
|
|
- struct list_head head;
|
|
|
- struct nft_expr_ops ops;
|
|
|
-};
|
|
|
-
|
|
|
static struct nft_expr_type nft_match_type;
|
|
|
|
|
|
static bool nft_match_cmp(const struct xt_match *match,
|
|
|
@@ -653,6 +664,7 @@ nft_match_select_ops(const struct nft_ctx *ctx,
|
|
|
if (!try_module_get(match->me))
|
|
|
return ERR_PTR(-ENOENT);
|
|
|
|
|
|
+ nft_match->refcnt++;
|
|
|
return &nft_match->ops;
|
|
|
}
|
|
|
}
|
|
|
@@ -673,6 +685,7 @@ nft_match_select_ops(const struct nft_ctx *ctx,
|
|
|
goto err;
|
|
|
}
|
|
|
|
|
|
+ nft_match->refcnt = 1;
|
|
|
nft_match->ops.type = &nft_match_type;
|
|
|
nft_match->ops.size = NFT_EXPR_SIZE(XT_ALIGN(match->matchsize));
|
|
|
nft_match->ops.eval = nft_match_eval;
|
|
|
@@ -690,14 +703,6 @@ err:
|
|
|
return ERR_PTR(err);
|
|
|
}
|
|
|
|
|
|
-static void nft_match_release(void)
|
|
|
-{
|
|
|
- struct nft_xt *nft_match, *tmp;
|
|
|
-
|
|
|
- list_for_each_entry_safe(nft_match, tmp, &nft_match_list, head)
|
|
|
- kfree(nft_match);
|
|
|
-}
|
|
|
-
|
|
|
static struct nft_expr_type nft_match_type __read_mostly = {
|
|
|
.name = "match",
|
|
|
.select_ops = nft_match_select_ops,
|
|
|
@@ -744,6 +749,7 @@ nft_target_select_ops(const struct nft_ctx *ctx,
|
|
|
if (!try_module_get(target->me))
|
|
|
return ERR_PTR(-ENOENT);
|
|
|
|
|
|
+ nft_target->refcnt++;
|
|
|
return &nft_target->ops;
|
|
|
}
|
|
|
}
|
|
|
@@ -764,6 +770,7 @@ nft_target_select_ops(const struct nft_ctx *ctx,
|
|
|
goto err;
|
|
|
}
|
|
|
|
|
|
+ nft_target->refcnt = 1;
|
|
|
nft_target->ops.type = &nft_target_type;
|
|
|
nft_target->ops.size = NFT_EXPR_SIZE(XT_ALIGN(target->targetsize));
|
|
|
nft_target->ops.init = nft_target_init;
|
|
|
@@ -785,14 +792,6 @@ err:
|
|
|
return ERR_PTR(err);
|
|
|
}
|
|
|
|
|
|
-static void nft_target_release(void)
|
|
|
-{
|
|
|
- struct nft_xt *nft_target, *tmp;
|
|
|
-
|
|
|
- list_for_each_entry_safe(nft_target, tmp, &nft_target_list, head)
|
|
|
- kfree(nft_target);
|
|
|
-}
|
|
|
-
|
|
|
static struct nft_expr_type nft_target_type __read_mostly = {
|
|
|
.name = "target",
|
|
|
.select_ops = nft_target_select_ops,
|
|
|
@@ -835,8 +834,6 @@ static void __exit nft_compat_module_exit(void)
|
|
|
nfnetlink_subsys_unregister(&nfnl_compat_subsys);
|
|
|
nft_unregister_expr(&nft_target_type);
|
|
|
nft_unregister_expr(&nft_match_type);
|
|
|
- nft_match_release();
|
|
|
- nft_target_release();
|
|
|
}
|
|
|
|
|
|
MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_NFT_COMPAT);
|
Liping Zhang