static int synproxy_tg6_check(const struct xt_tgchk_param *par) { struct synproxy_net *snet = synproxy_pernet(par->net); const struct ip6t_entry *e = par->entryinfo; int err; if (!(e->ipv6.flags & IP6T_F_PROTO) || e->ipv6.proto != IPPROTO_TCP || e->ipv6.invflags & XT_INV_PROTO) return -EINVAL; err = nf_ct_netns_get(par->net, par->family); if (err) return err; if (snet->hook_ref6 == 0) { err = nf_register_net_hooks(par->net, ipv6_synproxy_ops, ARRAY_SIZE(ipv6_synproxy_ops)); if (err) { nf_ct_netns_put(par->net, par->family); return err; } } snet->hook_ref6++; return err; }
static void nft_nat_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr) { const struct nft_nat *priv = nft_expr_priv(expr); nf_ct_netns_put(ctx->net, priv->family); }
static void synproxy_tg6_destroy(const struct xt_tgdtor_param *par) { struct synproxy_net *snet = synproxy_pernet(par->net); snet->hook_ref6--; if (snet->hook_ref6 == 0) nf_unregister_net_hooks(par->net, ipv6_synproxy_ops, ARRAY_SIZE(ipv6_synproxy_ops)); nf_ct_netns_put(par->net, par->family); }
int nf_ct_netns_get(struct net *net, u8 nfproto) { int err; if (nfproto == NFPROTO_INET) { err = nf_ct_netns_do_get(net, NFPROTO_IPV4); if (err < 0) goto err1; err = nf_ct_netns_do_get(net, NFPROTO_IPV6); if (err < 0) goto err2; } else { err = nf_ct_netns_do_get(net, nfproto); if (err < 0) goto err1; } return 0; err2: nf_ct_netns_put(net, NFPROTO_IPV4); err1: return err; }
static void nft_redir_ipv6_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr) { nf_ct_netns_put(ctx->net, NFPROTO_IPV6); }
static void nft_connlimit_do_destroy(const struct nft_ctx *ctx, struct nft_connlimit *priv) { nf_ct_netns_put(ctx->net, ctx->family); nf_conncount_cache_free(&priv->hhead); }
static void netmap_tg_destroy(const struct xt_tgdtor_param *par) { nf_ct_netns_put(par->net, par->family); }
static void state_mt_destroy(const struct xt_mtdtor_param *par) { nf_ct_netns_put(par->net, par->family); }
static void synproxy_tg6_destroy(const struct xt_tgdtor_param *par) { nf_ct_netns_put(par->net, par->family); }
static void nft_masq_ipv4_destroy(const struct nft_ctx *ctx, const struct nft_expr *expr) { nf_ct_netns_put(ctx->net, NFPROTO_IPV4); }
static void masquerade_tg6_destroy(const struct xt_tgdtor_param *par) { nf_ct_netns_put(par->net, par->family); }