Merge tag 'landlock_v34' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris...

[linux-2.6-microblaze.git] / net / netfilter / xt_socket.c
diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c

index 5f97398..5e6459e 100644 (file)
--- a/net/netfilter/xt_socket.c
+++ b/net/netfilter/xt_socket.c
@@ -216,6 +216,14 @@ static int socket_mt_v3_check(const struct xt_mtchk_param *par)
         return 0;
  }
  
+static void socket_mt_destroy(const struct xt_mtdtor_param *par)
+{
+       if (par->family == NFPROTO_IPV4)
+               nf_defrag_ipv4_disable(par->net);
+       else if (par->family == NFPROTO_IPV6)
+               nf_defrag_ipv4_disable(par->net);
+}
+
  static struct xt_match socket_mt_reg[] __read_mostly = {
         {
                 .name           = "socket",
@@ -231,6 +239,7 @@ static struct xt_match socket_mt_reg[] __read_mostly = {
                 .revision       = 1,
                 .family         = NFPROTO_IPV4,
                 .match          = socket_mt4_v1_v2_v3,
+               .destroy        = socket_mt_destroy,
                 .checkentry     = socket_mt_v1_check,
                 .matchsize      = sizeof(struct xt_socket_mtinfo1),
                 .hooks          = (1 << NF_INET_PRE_ROUTING) |
@@ -245,6 +254,7 @@ static struct xt_match socket_mt_reg[] __read_mostly = {
                 .match          = socket_mt6_v1_v2_v3,
                 .checkentry     = socket_mt_v1_check,
                 .matchsize      = sizeof(struct xt_socket_mtinfo1),
+               .destroy        = socket_mt_destroy,
                 .hooks          = (1 << NF_INET_PRE_ROUTING) |
                                   (1 << NF_INET_LOCAL_IN),
                 .me             = THIS_MODULE,
@@ -256,6 +266,7 @@ static struct xt_match socket_mt_reg[] __read_mostly = {
                 .family         = NFPROTO_IPV4,
                 .match          = socket_mt4_v1_v2_v3,
                 .checkentry     = socket_mt_v2_check,
+               .destroy        = socket_mt_destroy,
                 .matchsize      = sizeof(struct xt_socket_mtinfo1),
                 .hooks          = (1 << NF_INET_PRE_ROUTING) |
                                   (1 << NF_INET_LOCAL_IN),
@@ -268,6 +279,7 @@ static struct xt_match socket_mt_reg[] __read_mostly = {
                 .family         = NFPROTO_IPV6,
                 .match          = socket_mt6_v1_v2_v3,
                 .checkentry     = socket_mt_v2_check,
+               .destroy        = socket_mt_destroy,
                 .matchsize      = sizeof(struct xt_socket_mtinfo1),
                 .hooks          = (1 << NF_INET_PRE_ROUTING) |
                                   (1 << NF_INET_LOCAL_IN),
@@ -280,6 +292,7 @@ static struct xt_match socket_mt_reg[] __read_mostly = {
                 .family         = NFPROTO_IPV4,
                 .match          = socket_mt4_v1_v2_v3,
                 .checkentry     = socket_mt_v3_check,
+               .destroy        = socket_mt_destroy,
                 .matchsize      = sizeof(struct xt_socket_mtinfo1),
                 .hooks          = (1 << NF_INET_PRE_ROUTING) |
                                   (1 << NF_INET_LOCAL_IN),
@@ -292,6 +305,7 @@ static struct xt_match socket_mt_reg[] __read_mostly = {
                 .family         = NFPROTO_IPV6,
                 .match          = socket_mt6_v1_v2_v3,
                 .checkentry     = socket_mt_v3_check,
+               .destroy        = socket_mt_destroy,
                 .matchsize      = sizeof(struct xt_socket_mtinfo1),
                 .hooks          = (1 << NF_INET_PRE_ROUTING) |
                                   (1 << NF_INET_LOCAL_IN),