OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

netfilter: exit_net cleanup check added 

Be sure that lists initialized in net_init hook was return to initial
state.

Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Vasily Averin 2017-11-12 14:32:37 +03:00 committed by Pablo Neira Ayuso
parent 07dc8bc9a6
commit 613d0776d3
5 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
net/ipv4/netfilter/ipt_CLUSTERIP.c
View File

@ -819,6 +819,7 @@ static void clusterip_net_exit(struct net *net)
cn->procdir = NULL; cn->procdir = NULL;
#endif #endif
nf_unregister_net_hook(net, &cip_arp_ops); nf_unregister_net_hook(net, &cip_arp_ops);
WARN_ON_ONCE(!list_empty(&cn->configs));
} }
static struct pernet_operations clusterip_net_ops = { static struct pernet_operations clusterip_net_ops = {

7
net/netfilter/nf_tables_api.c
View File

@ -5847,6 +5847,12 @@ static int __net_init nf_tables_init_net(struct net *net)
return 0; return 0;
} }
static void __net_exit nf_tables_exit_net(struct net *net)
{
WARN_ON_ONCE(!list_empty(&net->nft.af_info));
WARN_ON_ONCE(!list_empty(&net->nft.commit_list));
}
int __nft_release_basechain(struct nft_ctx *ctx) int __nft_release_basechain(struct nft_ctx *ctx)
{ {
struct nft_rule *rule, *nr; struct nft_rule *rule, *nr;
@ -5917,6 +5923,7 @@ static void __nft_release_afinfo(struct net *net, struct nft_af_info *afi)
static struct pernet_operations nf_tables_net_ops = { static struct pernet_operations nf_tables_net_ops = {
.init = nf_tables_init_net, .init = nf_tables_init_net,
.exit = nf_tables_exit_net,
}; };
static int __init nf_tables_module_init(void) static int __init nf_tables_module_init(void)

5
net/netfilter/nfnetlink_log.c
View File

@ -1093,10 +1093,15 @@ static int __net_init nfnl_log_net_init(struct net *net)
static void __net_exit nfnl_log_net_exit(struct net *net) static void __net_exit nfnl_log_net_exit(struct net *net)
{ {
struct nfnl_log_net *log = nfnl_log_pernet(net);
unsigned int i;
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
remove_proc_entry("nfnetlink_log", net->nf.proc_netfilter); remove_proc_entry("nfnetlink_log", net->nf.proc_netfilter);
#endif #endif
nf_log_unset(net, &nfulnl_logger); nf_log_unset(net, &nfulnl_logger);
for (i = 0; i < INSTANCE_BUCKETS; i++)
WARN_ON_ONCE(!hlist_empty(&log->instance_table[i]));
} }
static struct pernet_operations nfnl_log_net_ops = { static struct pernet_operations nfnl_log_net_ops = {

5
net/netfilter/nfnetlink_queue.c
View File

@ -1512,10 +1512,15 @@ static int __net_init nfnl_queue_net_init(struct net *net)
static void __net_exit nfnl_queue_net_exit(struct net *net) static void __net_exit nfnl_queue_net_exit(struct net *net)
{ {
struct nfnl_queue_net *q = nfnl_queue_pernet(net);
unsigned int i;
nf_unregister_queue_handler(net); nf_unregister_queue_handler(net);
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
remove_proc_entry("nfnetlink_queue", net->nf.proc_netfilter); remove_proc_entry("nfnetlink_queue", net->nf.proc_netfilter);
#endif #endif
for (i = 0; i < INSTANCE_BUCKETS; i++)
WARN_ON_ONCE(!hlist_empty(&q->instance_table[i]));
} }
static void nfnl_queue_net_exit_batch(struct list_head *net_exit_list) static void nfnl_queue_net_exit_batch(struct list_head *net_exit_list)

9
net/netfilter/x_tables.c
View File

@ -1729,8 +1729,17 @@ static int __net_init xt_net_init(struct net *net)
return 0; return 0;
} }
static void __net_exit xt_net_exit(struct net *net)
{
int i;
for (i = 0; i < NFPROTO_NUMPROTO; i++)
WARN_ON_ONCE(!list_empty(&net->xt.tables[i]));
}
static struct pernet_operations xt_net_ops = { static struct pernet_operations xt_net_ops = {
.init = xt_net_init, .init = xt_net_init,
.exit = xt_net_exit,
}; };
static int __init xt_init(void) static int __init xt_init(void)