netfilter: xtables: prepare for on-demand hook register

[deliverable/linux.git] / net / ipv4 / netfilter / ip_tables.c

diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index b99affad6ba1f4939e10f676a06f92cd27c32add..1eb4fe5b47028690b28c16098c573f5742a05447 100644 (file)
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -2062,9 +2062,9 @@ do_ipt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
        return ret;
 }
 
-struct xt_table *ipt_register_table(struct net *net,
-                                   const struct xt_table *table,
-                                   const struct ipt_replace *repl)
+int ipt_register_table(struct net *net, const struct xt_table *table,
+                      const struct ipt_replace *repl,
+                      const struct nf_hook_ops *ops, struct xt_table **res)
 {
        int ret;
        struct xt_table_info *newinfo;
@@ -2073,10 +2073,8 @@ struct xt_table *ipt_register_table(struct net *net,
        struct xt_table *new_table;
 
        newinfo = xt_alloc_table_info(repl->size);
-       if (!newinfo) {
-               ret = -ENOMEM;
-               goto out;
-       }
+       if (!newinfo)
+               return -ENOMEM;
 
        loc_cpu_entry = newinfo->entries;
        memcpy(loc_cpu_entry, repl->entries, repl->size);
@@ -2091,15 +2089,16 @@ struct xt_table *ipt_register_table(struct net *net,
                goto out_free;
        }
 
-       return new_table;
+       WRITE_ONCE(*res, new_table);
+       return ret;
 
 out_free:
        xt_free_table_info(newinfo);
-out:
-       return ERR_PTR(ret);
+       return ret;
 }
 
-void ipt_unregister_table(struct net *net, struct xt_table *table)
+void ipt_unregister_table(struct net *net, struct xt_table *table,
+                         const struct nf_hook_ops *ops)
 {
        struct xt_table_info *private;
        void *loc_cpu_entry;