From f68772ed678376f52dbb2e20c9f982e6d8b3407b Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Wed, 21 Apr 2021 09:51:05 +0200 Subject: netfilter: x_tables: remove paranoia tests No need for these. There is only one caller, the xtables core, when the table is registered for the first time with a particular network namespace. After ->table_init() call, the table is linked into the tables[af] list, so next call to that function will skip the ->table_init(). Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- net/ipv4/netfilter/arptable_filter.c | 3 --- net/ipv4/netfilter/iptable_filter.c | 3 --- net/ipv4/netfilter/iptable_mangle.c | 3 --- net/ipv4/netfilter/iptable_nat.c | 3 --- net/ipv4/netfilter/iptable_raw.c | 3 --- net/ipv4/netfilter/iptable_security.c | 3 --- 6 files changed, 18 deletions(-) (limited to 'net/ipv4') diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c index c121e13dc78c..924f096a6d89 100644 --- a/net/ipv4/netfilter/arptable_filter.c +++ b/net/ipv4/netfilter/arptable_filter.c @@ -44,9 +44,6 @@ static int __net_init arptable_filter_table_init(struct net *net) struct arpt_replace *repl; int err; - if (net->ipv4.arptable_filter) - return 0; - repl = arpt_alloc_initial_table(&packet_filter); if (repl == NULL) return -ENOMEM; diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index a39998c7977f..84573fa78d1e 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c @@ -48,9 +48,6 @@ static int __net_init iptable_filter_table_init(struct net *net) struct ipt_replace *repl; int err; - if (net->ipv4.iptable_filter) - return 0; - repl = ipt_alloc_initial_table(&packet_filter); if (repl == NULL) return -ENOMEM; diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index 7d1713e22553..98e9e9053d85 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c @@ -88,9 +88,6 @@ static int __net_init iptable_mangle_table_init(struct net *net) struct ipt_replace *repl; int ret; - if (net->ipv4.iptable_mangle) - return 0; - repl = ipt_alloc_initial_table(&packet_mangler); if (repl == NULL) return -ENOMEM; diff --git a/net/ipv4/netfilter/iptable_nat.c b/net/ipv4/netfilter/iptable_nat.c index 16bf3009642e..f4afd28ccc06 100644 --- a/net/ipv4/netfilter/iptable_nat.c +++ b/net/ipv4/netfilter/iptable_nat.c @@ -90,9 +90,6 @@ static int __net_init iptable_nat_table_init(struct net *net) struct ipt_replace *repl; int ret; - if (net->ipv4.nat_table) - return 0; - repl = ipt_alloc_initial_table(&nf_nat_ipv4_table); if (repl == NULL) return -ENOMEM; diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index a1f556464b93..18776f5a4055 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c @@ -55,9 +55,6 @@ static int __net_init iptable_raw_table_init(struct net *net) if (raw_before_defrag) table = &packet_raw_before_defrag; - if (net->ipv4.iptable_raw) - return 0; - repl = ipt_alloc_initial_table(table); if (repl == NULL) return -ENOMEM; diff --git a/net/ipv4/netfilter/iptable_security.c b/net/ipv4/netfilter/iptable_security.c index 33eded4f9080..3df92fb394c5 100644 --- a/net/ipv4/netfilter/iptable_security.c +++ b/net/ipv4/netfilter/iptable_security.c @@ -50,9 +50,6 @@ static int __net_init iptable_security_table_init(struct net *net) struct ipt_replace *repl; int ret; - if (net->ipv4.iptable_security) - return 0; - repl = ipt_alloc_initial_table(&security_table); if (repl == NULL) return -ENOMEM; -- cgit v1.2.3-58-ga151