git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Wed, 21 Apr 2021 07:51:02 +0000 (09:51 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 26 Apr 2021 01:20:46 +0000 (03:20 +0200)
commit	a4e251b638e4e99d3f8538138c8fda221fbdccb1
tree	0dbfa5b8ff65e103877f3f21c203e36c58f62ccb	tree \| snapshot
parent	4964d1a0b2ba1538751b25bdd486c88b40f439e7	commit \| diff

netfilter: iptables: unregister the tables by name

xtables stores the xt_table structs in the struct net. This isn't
needed anymore, the structures could be passed via the netfilter hook
'private' pointer to the hook functions, which would allow us to remove
those pointers from struct net.

As a first step, reduce the number of accesses to the
net->ipv4.ip6table_{raw,filter,...} pointers.
This allows the tables to get unregistered by name instead of having to
pass the raw address.

The xt_table structure cane looked up by name+address family instead.

This patch is useless as-is (the backends still have the raw pointer
address), but it lowers the bar to remove those.

It also allows to put the 'was table registered in the first place' check
into ip_tables.c rather than have it in each table sub module.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/linux/netfilter_ipv4/ip_tables.h		diff \| blob \| history
net/ipv4/netfilter/ip_tables.c		diff \| blob \| history
net/ipv4/netfilter/iptable_filter.c		diff \| blob \| history
net/ipv4/netfilter/iptable_mangle.c		diff \| blob \| history
net/ipv4/netfilter/iptable_nat.c		diff \| blob \| history
net/ipv4/netfilter/iptable_raw.c		diff \| blob \| history
net/ipv4/netfilter/iptable_security.c		diff \| blob \| history