netfilter: nf_qeueue: Drop queue entries on nf_unregister_hook

[firefly-linux-kernel-4.4.55.git] / net / netfilter / nfnetlink_queue_core.c

diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
index e26a46ef19ba1ce6d6dfadba67c4dfe6e4a4fd6c..685cc6a17163ffaf1c7649d726f98c5118066fdd 100644 (file)
--- a/net/netfilter/nfnetlink_queue_core.c
+++ b/net/netfilter/nfnetlink_queue_core.c
@@ -850,6 +850,27 @@ static struct notifier_block nfqnl_dev_notifier = {
        .notifier_call  = nfqnl_rcv_dev_event,
 };
 
+static int nf_hook_cmp(struct nf_queue_entry *entry, unsigned long ops_ptr)
+{
+       return entry->elem == (struct nf_hook_ops *)ops_ptr;
+}
+
+static void nfqnl_nf_hook_drop(struct net *net, struct nf_hook_ops *hook)
+{
+       struct nfnl_queue_net *q = nfnl_queue_pernet(net);
+       int i;
+
+       rcu_read_lock();
+       for (i = 0; i < INSTANCE_BUCKETS; i++) {
+               struct nfqnl_instance *inst;
+               struct hlist_head *head = &q->instance_table[i];
+
+               hlist_for_each_entry_rcu(inst, head, hlist)
+                       nfqnl_flush(inst, nf_hook_cmp, (unsigned long)hook);
+       }
+       rcu_read_unlock();
+}
+
 static int
 nfqnl_rcv_nl_event(struct notifier_block *this,
                   unsigned long event, void *ptr)
@@ -1057,7 +1078,8 @@ static const struct nla_policy nfqa_cfg_policy[NFQA_CFG_MAX+1] = {
 };
 
 static const struct nf_queue_handler nfqh = {
-       .outfn  = &nfqnl_enqueue_packet,
+       .outfn          = &nfqnl_enqueue_packet,
+       .nf_hook_drop   = &nfqnl_nf_hook_drop,
 };
 
 static int