diff options
| author | Krzysztof Piotr Oledzki <ole@ans.pl> | 2008-08-06 02:35:44 -0700 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-08-06 02:35:44 -0700 |
| commit | 9714be7da8b32f36d2468fe08ff603b6402df8cf (patch) | |
| tree | 56bb581898846b695eb9b1cd20556bb619924251 | |
| parent | 1ca615fb816ba85dc765209a9b58ab82cc99bce0 (diff) | |
netfilter: fix two recent sysctl problems
Starting with 9043476f726802f4b00c96d0c4f418dde48d1304 ("[PATCH]
sanitize proc_sysctl") we have two netfilter releated problems:
- WARNING: at kernel/sysctl.c:1966 unregister_sysctl_table+0xcc/0x103(),
caused by wrong order of ini/fini calls
- net.netfilter is duplicated and has truncated set of records
Thanks to very useful guidelines from Al Viro, this patch fixes both
of them.
Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/netfilter/nf_conntrack_core.c | 6 | ||||
| -rw-r--r-- | net/netfilter/nf_conntrack_standalone.c | 28 |
2 files changed, 20 insertions, 14 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index c519d090bdb9..9d1830da8e84 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -1032,10 +1032,10 @@ void nf_conntrack_cleanup(void) nf_ct_free_hashtable(nf_conntrack_hash, nf_conntrack_vmalloc, nf_conntrack_htable_size); - nf_conntrack_proto_fini(); - nf_conntrack_helper_fini(); - nf_conntrack_expect_fini(); nf_conntrack_acct_fini(); + nf_conntrack_expect_fini(); + nf_conntrack_helper_fini(); + nf_conntrack_proto_fini(); } struct hlist_head *nf_ct_alloc_hashtable(unsigned int *sizep, int *vmalloced) diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c index 869ef9349d0f..8509db14670b 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -324,6 +324,7 @@ static int log_invalid_proto_min = 0; static int log_invalid_proto_max = 255; static struct ctl_table_header *nf_ct_sysctl_header; +static struct ctl_table_header *nf_ct_netfilter_header; static ctl_table nf_ct_sysctl_table[] = { { @@ -384,12 +385,6 @@ static ctl_table nf_ct_sysctl_table[] = { static ctl_table nf_ct_netfilter_table[] = { { - .ctl_name = NET_NETFILTER, - .procname = "netfilter", - .mode = 0555, - .child = nf_ct_sysctl_table, - }, - { .ctl_name = NET_NF_CONNTRACK_MAX, .procname = "nf_conntrack_max", .data = &nf_conntrack_max, @@ -409,18 +404,29 @@ EXPORT_SYMBOL_GPL(nf_ct_log_invalid); static int nf_conntrack_standalone_init_sysctl(void) { - nf_ct_sysctl_header = + nf_ct_netfilter_header = register_sysctl_paths(nf_ct_path, nf_ct_netfilter_table); - if (nf_ct_sysctl_header == NULL) { - printk("nf_conntrack: can't register to sysctl.\n"); - return -ENOMEM; - } + if (!nf_ct_netfilter_header) + goto out; + + nf_ct_sysctl_header = + register_sysctl_paths(nf_net_netfilter_sysctl_path, + nf_ct_sysctl_table); + if (!nf_ct_sysctl_header) + goto out_unregister_netfilter; + return 0; +out_unregister_netfilter: + unregister_sysctl_table(nf_ct_netfilter_header); +out: + printk("nf_conntrack: can't register to sysctl.\n"); + return -ENOMEM; } static void nf_conntrack_standalone_fini_sysctl(void) { + unregister_sysctl_table(nf_ct_netfilter_header); unregister_sysctl_table(nf_ct_sysctl_header); } #else |