Merge tag 'nfsd-5.13-1' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux

[linux-2.6-microblaze.git] / net / netfilter / nft_tproxy.c

diff --git a/net/netfilter/nft_tproxy.c b/net/netfilter/nft_tproxy.c
index 43a5a78..accef67 100644 (file)
--- a/net/netfilter/nft_tproxy.c
+++ b/net/netfilter/nft_tproxy.c
@@ -263,6 +263,29 @@ static int nft_tproxy_init(const struct nft_ctx *ctx,
        return 0;
 }
 
+static void nft_tproxy_destroy(const struct nft_ctx *ctx,
+                              const struct nft_expr *expr)
+{
+       const struct nft_tproxy *priv = nft_expr_priv(expr);
+
+       switch (priv->family) {
+       case NFPROTO_IPV4:
+               nf_defrag_ipv4_disable(ctx->net);
+               break;
+#if IS_ENABLED(CONFIG_NF_TABLES_IPV6)
+       case NFPROTO_IPV6:
+               nf_defrag_ipv6_disable(ctx->net);
+               break;
+#endif
+       case NFPROTO_UNSPEC:
+               nf_defrag_ipv4_disable(ctx->net);
+#if IS_ENABLED(CONFIG_NF_TABLES_IPV6)
+               nf_defrag_ipv6_disable(ctx->net);
+#endif
+               break;
+       }
+}
+
 static int nft_tproxy_dump(struct sk_buff *skb,
                           const struct nft_expr *expr)
 {
@@ -288,6 +311,7 @@ static const struct nft_expr_ops nft_tproxy_ops = {
        .size           = NFT_EXPR_SIZE(sizeof(struct nft_tproxy)),
        .eval           = nft_tproxy_eval,
        .init           = nft_tproxy_init,
+       .destroy        = nft_tproxy_destroy,
        .dump           = nft_tproxy_dump,
 };