linux/net/ipv4/netfilter
Pablo Neira Ayuso df05ef874b netfilter: nf_tables: release objects on netns destruction
We have to release the existing objects on netns removal otherwise we
leak them. Chains are unregistered in first place to make sure no
packets are walking on our rules and sets anymore.

The object release happens by when we unregister the family via
nft_release_afinfo() which is called from nft_unregister_afinfo() from
the corresponding __net_exit path in every family.

Reported-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-12-28 18:34:35 +01:00
..
arp_tables.c net ipv4: use preferred log methods 2015-11-18 13:37:20 -05:00
arpt_mangle.c netfilter: arpt_mangle: fix return values of checkentry 2011-02-01 16:03:46 +01:00
arptable_filter.c netfilter: Pass priv instead of nf_hook_ops to netfilter hooks 2015-09-18 22:00:16 +02:00
ip_tables.c netfilter: ipv4: code indentation 2015-10-16 19:19:15 +02:00
ipt_ah.c netfilter: ipv4: whitespace around operators 2015-10-16 19:19:23 +02:00
ipt_CLUSTERIP.c netfilter: ipv4: whitespace around operators 2015-10-16 19:19:23 +02:00
ipt_ECN.c net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-17 21:33:06 -07:00
ipt_MASQUERADE.c netfilter: nf_nat: generalize IPv4 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
ipt_REJECT.c ipv4: Push struct net down into nf_send_reset 2015-09-29 20:21:31 +02:00
ipt_rpfilter.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-10-24 06:54:12 -07:00
ipt_SYNPROXY.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-10-17 14:28:03 +02:00
iptable_filter.c netfilter: Pass priv instead of nf_hook_ops to netfilter hooks 2015-09-18 22:00:16 +02:00
iptable_mangle.c ipv4: Pass struct net into ip_route_me_harder 2015-09-29 20:21:32 +02:00
iptable_nat.c netfilter: remove hook owner refcounting 2015-10-16 18:21:39 +02:00
iptable_raw.c netfilter: Pass priv instead of nf_hook_ops to netfilter hooks 2015-09-18 22:00:16 +02:00
iptable_security.c netfilter: ipv4: code indentation 2015-10-16 19:19:15 +02:00
Kconfig netfilter: nf_dup: add missing dependencies with NF_CONNTRACK 2015-12-10 18:17:06 +01:00
Makefile netfilter: nf_tables: add nft_dup expression 2015-08-07 11:49:49 +02:00
nf_conntrack_l3proto_ipv4_compat.c netfilter: Remove uses of seq_<foo> return values 2015-03-18 10:51:35 +01:00
nf_conntrack_l3proto_ipv4.c net ipv4: use preferred log methods 2015-11-18 13:37:20 -05:00
nf_conntrack_proto_icmp.c netfilter: nf_conntrack: Add a struct net parameter to l4_pkt_to_tuple 2015-09-18 22:00:04 +02:00
nf_defrag_ipv4.c ipv4: use sk_fullsock() in ipv4_conntrack_defrag() 2015-11-05 14:36:09 -05:00
nf_dup_ipv4.c ipv4, ipv6: Pass net into ip_local_out and ip6_local_out 2015-10-08 04:27:02 -07:00
nf_log_arp.c netfilter: Use LOGLEVEL_<FOO> defines 2015-03-25 12:09:39 +01:00
nf_log_ipv4.c netfilter: Use LOGLEVEL_<FOO> defines 2015-03-25 12:09:39 +01:00
nf_nat_h323.c netfilter: nf_nat_h323: fix crash in nf_ct_unlink_expect_report() 2014-02-05 17:46:05 +01:00
nf_nat_l3proto_ipv4.c net: Eliminate NETIF_F_GEN_CSUM and NETIF_F_V[46]_CSUM 2015-12-15 16:50:20 -05:00
nf_nat_masquerade_ipv4.c netfilter: nf_nat: generalize IPv4 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
nf_nat_pptp.c netfilter: Fix removal of GRE expectation entries created by PPTP 2015-11-09 13:32:14 +01:00
nf_nat_proto_gre.c netfilter: use IS_ENABLED() macro 2014-06-30 11:38:03 +02:00
nf_nat_proto_icmp.c net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-17 21:33:06 -07:00
nf_nat_snmp_basic.c net ipv4: use preferred log methods 2015-11-18 13:37:20 -05:00
nf_reject_ipv4.c netfilter: remove duplicate include 2015-11-23 17:54:43 +01:00
nf_tables_arp.c netfilter: nf_tables: release objects on netns destruction 2015-12-28 18:34:35 +01:00
nf_tables_ipv4.c netfilter: nf_tables: release objects on netns destruction 2015-12-28 18:34:35 +01:00
nft_chain_nat_ipv4.c netfilter: Pass priv instead of nf_hook_ops to netfilter hooks 2015-09-18 22:00:16 +02:00
nft_chain_route_ipv4.c ipv4: Pass struct net into ip_route_me_harder 2015-09-29 20:21:32 +02:00
nft_dup_ipv4.c netfilter: Pass net to nf_dup_ipv4 and nf_dup_ipv6 2015-09-18 21:59:11 +02:00
nft_masq_ipv4.c netfilter: nf_tables: kill nft_pktinfo.ops 2015-09-18 21:58:01 +02:00
nft_redir_ipv4.c netfilter: nf_tables: kill nft_pktinfo.ops 2015-09-18 21:58:01 +02:00
nft_reject_ipv4.c ipv4: Push struct net down into nf_send_reset 2015-09-29 20:21:31 +02:00