--- /usr/src/266/include/linux/netfilter.h 2004-05-09 22:32:37.000000000 -0400 +++ /usr/src/266-mod/include/linux/netfilter.h 2004-06-04 10:21:20.000000000 -0400 @@ -171,6 +171,12 @@ struct nf_info *info, unsigned int verdict); +extern inline struct ipt_target * +ipt_find_target_lock(const char *name, int *error, struct semaphore *mutex); +extern inline struct ip6t_target * +ip6t_find_target_lock(const char *name, int *error, struct semaphore *mutex); +extern inline struct arpt_target * +arpt_find_target_lock(const char *name, int *error, struct semaphore *mutex); extern void (*ip_ct_attach)(struct sk_buff *, struct nf_ct_info *); #ifdef CONFIG_NETFILTER_DEBUG --- /usr/src/266/include/linux/netfilter_ipv4/ip_tables.h 2004-05-09 22:32:37.000000000 -0400 +++ /usr/src/266-mod/include/linux/netfilter_ipv4/ip_tables.h 2004-06-04 10:21:20.000000000 -0400 @@ -283,6 +283,8 @@ struct ipt_entry entrytable[0]; }; +extern struct semaphore ipt_mutex; + /* Standard return verdict, or do jump. */ #define IPT_STANDARD_TARGET "" /* Error verdict. */ @@ -334,6 +336,7 @@ /* * Main firewall chains definitions and global var's definitions. */ +static DECLARE_MUTEX(ipt_mutex); #ifdef __KERNEL__ #include @@ -406,6 +409,11 @@ struct module *me; }; +extern struct ipt_target * +ipt_find_target_lock(const char *name, int *error, struct semaphore *mutex); +extern struct arpt_target * +arpt_find_target_lock(const char *name, int *error, struct semaphore *mutex); + extern int ipt_register_target(struct ipt_target *target); extern void ipt_unregister_target(struct ipt_target *target); --- /usr/src/266/net/ipv4/netfilter/ip_tables.c 2004-05-09 22:32:26.000000000 -0400 +++ /usr/src/266-mod/net/ipv4/netfilter/ip_tables.c 2004-06-04 10:21:20.000000000 -0400 @@ -61,9 +61,6 @@ #endif #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) -/* Mutex protects lists (only traversed in user context). */ -static DECLARE_MUTEX(ipt_mutex); - /* Must have mutex */ #define ASSERT_READ_LOCK(x) IP_NF_ASSERT(down_trylock(&ipt_mutex) != 0) #define ASSERT_WRITE_LOCK(x) IP_NF_ASSERT(down_trylock(&ipt_mutex) != 0) @@ -418,7 +415,7 @@ { void *ret; -#if 0 +#if 0 duprintf("find_inlist: searching for `%s' in %s.\n", name, head == &ipt_target ? "ipt_target" : head == &ipt_match ? "ipt_match" @@ -461,7 +458,7 @@ #endif static inline struct ipt_table * -find_table_lock(const char *name, int *error, struct semaphore *mutex) +ipt_find_table_lock(const char *name, int *error, struct semaphore *mutex) { return find_inlist_lock(&ipt_tables, name, "iptable_", error, mutex); } @@ -472,8 +469,8 @@ return find_inlist_lock(&ipt_match, name, "ipt_", error, mutex); } -static inline struct ipt_target * -find_target_lock(const char *name, int *error, struct semaphore *mutex) +struct ipt_target * +ipt_find_target_lock(const char *name, int *error, struct semaphore *mutex) { return find_inlist_lock(&ipt_target, name, "ipt_", error, mutex); } @@ -688,7 +685,7 @@ goto cleanup_matches; t = ipt_get_target(e); - target = find_target_lock(t->u.user.name, &ret, &ipt_mutex); + target = ipt_find_target_lock(t->u.user.name, &ret, &ipt_mutex); if (!target) { duprintf("check_entry: `%s' not found\n", t->u.user.name); goto cleanup_matches; @@ -1025,7 +1022,7 @@ int ret; struct ipt_table *t; - t = find_table_lock(entries->name, &ret, &ipt_mutex); + t = ipt_find_table_lock(entries->name, &ret, &ipt_mutex); if (t) { duprintf("t->private->number = %u\n", t->private->number); @@ -1092,7 +1089,7 @@ duprintf("ip_tables: Translated table\n"); - t = find_table_lock(tmp.name, &ret, &ipt_mutex); + t = ipt_find_table_lock(tmp.name, &ret, &ipt_mutex); if (!t) goto free_newinfo_counters_untrans; @@ -1195,7 +1192,7 @@ goto free; } - t = find_table_lock(tmp.name, &ret, &ipt_mutex); + t = ipt_find_table_lock(tmp.name, &ret, &ipt_mutex); if (!t) goto free; @@ -1270,7 +1267,7 @@ break; } name[IPT_TABLE_MAXNAMELEN-1] = '\0'; - t = find_table_lock(name, &ret, &ipt_mutex); + t = ipt_find_table_lock(name, &ret, &ipt_mutex); if (t) { struct ipt_getinfo info; @@ -1855,6 +1852,7 @@ EXPORT_SYMBOL(ipt_do_table); EXPORT_SYMBOL(ipt_register_target); EXPORT_SYMBOL(ipt_unregister_target); +EXPORT_SYMBOL(ipt_find_target_lock); module_init(init); module_exit(fini); --- /usr/src/266/include/linux/netfilter_arp.h 2004-05-09 22:32:00.000000000 -0400 +++ /usr/src/266-mod/include/linux/netfilter_arp.h 2004-06-04 10:21:20.000000000 -0400 @@ -17,4 +17,5 @@ #define NF_ARP_FORWARD 2 #define NF_ARP_NUMHOOKS 3 +static DECLARE_MUTEX(arpt_mutex); #endif /* __LINUX_ARP_NETFILTER_H */ --- /usr/src/266/net/ipv4/netfilter/arp_tables.c 2004-05-09 22:33:12.000000000 -0400 +++ /usr/src/266-mod/net/ipv4/netfilter/arp_tables.c 2004-06-04 10:21:20.000000000 -0400 @@ -56,7 +56,6 @@ #endif #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) -static DECLARE_MUTEX(arpt_mutex); #define ASSERT_READ_LOCK(x) ARP_NF_ASSERT(down_trylock(&arpt_mutex) != 0) #define ASSERT_WRITE_LOCK(x) ARP_NF_ASSERT(down_trylock(&arpt_mutex) != 0) @@ -388,12 +387,12 @@ } #endif -static inline struct arpt_table *find_table_lock(const char *name, int *error, struct semaphore *mutex) +static inline struct arpt_table *arpt_find_table_lock(const char *name, int *error, struct semaphore *mutex) { return find_inlist_lock(&arpt_tables, name, "arptable_", error, mutex); } -static inline struct arpt_target *find_target_lock(const char *name, int *error, struct semaphore *mutex) +struct arpt_target *arpt_find_target_lock(const char *name, int *error, struct semaphore *mutex) { return find_inlist_lock(&arpt_target, name, "arpt_", error, mutex); } @@ -543,7 +542,7 @@ } t = arpt_get_target(e); - target = find_target_lock(t->u.user.name, &ret, &arpt_mutex); + target = arpt_find_target_lock(t->u.user.name, &ret, &arpt_mutex); if (!target) { duprintf("check_entry: `%s' not found\n", t->u.user.name); goto out; @@ -843,7 +842,7 @@ int ret; struct arpt_table *t; - t = find_table_lock(entries->name, &ret, &arpt_mutex); + t = arpt_find_table_lock(entries->name, &ret, &arpt_mutex); if (t) { duprintf("t->private->number = %u\n", t->private->number); @@ -909,7 +908,7 @@ duprintf("arp_tables: Translated table\n"); - t = find_table_lock(tmp.name, &ret, &arpt_mutex); + t = arpt_find_table_lock(tmp.name, &ret, &arpt_mutex); if (!t) goto free_newinfo_counters_untrans; @@ -1002,7 +1001,7 @@ goto free; } - t = find_table_lock(tmp.name, &ret, &arpt_mutex); + t = arpt_find_table_lock(tmp.name, &ret, &arpt_mutex); if (!t) goto free; @@ -1075,7 +1074,7 @@ break; } name[ARPT_TABLE_MAXNAMELEN-1] = '\0'; - t = find_table_lock(name, &ret, &arpt_mutex); + t = arpt_find_table_lock(name, &ret, &arpt_mutex); if (t) { struct arpt_getinfo info; @@ -1323,6 +1322,7 @@ EXPORT_SYMBOL(arpt_register_table); EXPORT_SYMBOL(arpt_unregister_table); EXPORT_SYMBOL(arpt_do_table); +EXPORT_SYMBOL(arpt_find_target_lock); EXPORT_SYMBOL(arpt_register_target); EXPORT_SYMBOL(arpt_unregister_target); --- /usr/src/266/include/linux/netfilter_ipv6/ip6_tables.h 2004-05-09 22:33:20.000000000 -0400 +++ /usr/src/266-mod/include/linux/netfilter_ipv6/ip6_tables.h 2004-06-04 10:21:20.000000000 -0400 @@ -106,6 +106,8 @@ u_int64_t pcnt, bcnt; /* Packet and byte counters */ }; +static DECLARE_MUTEX(ip6t_mutex); + /* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */ #define IP6T_F_PROTO 0x01 /* Set if rule cares about upper protocols */ --- /usr/src/266/net/ipv6/netfilter/ip6_tables.c 2004-05-09 22:33:19.000000000 -0400 +++ /usr/src/266-mod/net/ipv6/netfilter/ip6_tables.c 2004-06-04 10:21:20.000000000 -0400 @@ -66,8 +66,6 @@ #endif #define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) -/* Mutex protects lists (only traversed in user context). */ -static DECLARE_MUTEX(ip6t_mutex); /* Must have mutex */ #define ASSERT_READ_LOCK(x) IP_NF_ASSERT(down_trylock(&ip6t_mutex) != 0) @@ -544,7 +542,7 @@ #endif static inline struct ip6t_table * -find_table_lock(const char *name, int *error, struct semaphore *mutex) +ip6t_find_table_lock(const char *name, int *error, struct semaphore *mutex) { return find_inlist_lock(&ip6t_tables, name, "ip6table_", error, mutex); } @@ -555,8 +553,8 @@ return find_inlist_lock(&ip6t_match, name, "ip6t_", error, mutex); } -static inline struct ip6t_target * -find_target_lock(const char *name, int *error, struct semaphore *mutex) +struct ip6t_target * +ip6t_find_target_lock(const char *name, int *error, struct semaphore *mutex) { return find_inlist_lock(&ip6t_target, name, "ip6t_", error, mutex); } @@ -771,7 +769,7 @@ goto cleanup_matches; t = ip6t_get_target(e); - target = find_target_lock(t->u.user.name, &ret, &ip6t_mutex); + target = ip6t_find_target_lock(t->u.user.name, &ret, &ip6t_mutex); if (!target) { duprintf("check_entry: `%s' not found\n", t->u.user.name); goto cleanup_matches; @@ -1111,7 +1109,7 @@ int ret; struct ip6t_table *t; - t = find_table_lock(entries->name, &ret, &ip6t_mutex); + t = ip6t_find_table_lock(entries->name, &ret, &ip6t_mutex); if (t) { duprintf("t->private->number = %u\n", t->private->number); @@ -1174,7 +1172,7 @@ duprintf("ip_tables: Translated table\n"); - t = find_table_lock(tmp.name, &ret, &ip6t_mutex); + t = ip6t_find_table_lock(tmp.name, &ret, &ip6t_mutex); if (!t) goto free_newinfo_counters_untrans; @@ -1276,7 +1274,7 @@ goto free; } - t = find_table_lock(tmp.name, &ret, &ip6t_mutex); + t = ip6t_find_table_lock(tmp.name, &ret, &ip6t_mutex); if (!t) goto free; @@ -1351,7 +1349,7 @@ break; } name[IP6T_TABLE_MAXNAMELEN-1] = '\0'; - t = find_table_lock(name, &ret, &ip6t_mutex); + t = ip6t_find_table_lock(name, &ret, &ip6t_mutex); if (t) { struct ip6t_getinfo info; @@ -1964,6 +1962,7 @@ EXPORT_SYMBOL(ip6t_register_table); EXPORT_SYMBOL(ip6t_unregister_table); EXPORT_SYMBOL(ip6t_do_table); +EXPORT_SYMBOL(ip6t_find_target_lock); EXPORT_SYMBOL(ip6t_register_match); EXPORT_SYMBOL(ip6t_unregister_match); EXPORT_SYMBOL(ip6t_register_target);