diff --git a/extensions/libxt_geoip.c b/extensions/libxt_geoip.c index 8ac73be..82e3375 100644 --- a/extensions/libxt_geoip.c +++ b/extensions/libxt_geoip.c @@ -53,12 +53,6 @@ static struct option geoip_opts[] = { { 0 }, }; -/* NOT IMPLEMENTED YET -static void geoip_free(struct geoip_info *oldmem) -{ -} -*/ - struct geoip_index { u_int16_t cc; u_int32_t offset; @@ -250,9 +244,6 @@ geoip_parse(int c, char **argv, int invert, unsigned int *flags, info->count = parse_geoip_cc(argv[optind-1], info->cc, info->mem); info->flags = *flags; - info->refcount = NULL; - //info->fini = &geoip_free; - return 1; } diff --git a/extensions/xt_geoip.c b/extensions/xt_geoip.c index 22106bc..61084db 100644 --- a/extensions/xt_geoip.c +++ b/extensions/xt_geoip.c @@ -150,24 +150,6 @@ static bool xt_geoip_mt_checkentry(const char *tablename, struct geoip_info *node; u_int8_t i; - /* FIXME: Call a function to free userspace allocated memory. - * As Martin J. said; this match might eat lot of memory - * if commited with iptables-restore --noflush - void (*gfree)(struct geoip_info *oldmem); - gfree = info->fini; - */ - - /* If info->refcount isn't NULL, then - * it means that checkentry() already - * initialized this entry. Increase a - * refcount to prevent destroy() of - * this entry. */ - if (info->refcount != NULL) { - atomic_inc((atomic_t *)info->refcount); - return 1; - } - - for (i = 0; i < info->count; i++) { if ((node = find_node(info->cc[i])) != NULL) @@ -180,15 +162,6 @@ static bool xt_geoip_mt_checkentry(const char *tablename, return 0; } - /* Free userspace allocated memory for that country. - * FIXME: It's a bit odd to call this function everytime - * we process a country. Would be nice to call - * it once after all countries've been processed. - * - SJ - * *not implemented for now* - gfree(info->mem[i]); - */ - /* Overwrite the now-useless pointer info->mem[i] with * a pointer to the node's kernelspace structure. * This avoids searching for a node in the match() and @@ -197,18 +170,6 @@ static bool xt_geoip_mt_checkentry(const char *tablename, info->mem[i] = node; } - /* We allocate some memory and give info->refcount a pointer - * to this memory. This prevents checkentry() from increasing a refcount - * different from the one used by destroy(). - * For explanation, see http://www.mail-archive.com/netfilter-devel@lists.samba.org/msg00625.html - */ - info->refcount = kmalloc(sizeof(u_int8_t), GFP_KERNEL); - if (info->refcount == NULL) { - printk(KERN_ERR "xt_geoip: failed to allocate `refcount' memory\n"); - return 0; - } - *(info->refcount) = 1; - return 1; } @@ -219,20 +180,6 @@ static void xt_geoip_mt_destroy(const struct xt_match *matcn, struct geoip_info *node; /* this keeps the code sexy */ u_int8_t i; - /* Decrease the previously increased refcount in checkentry() - * If it's equal to 1, we know this entry is just moving - * but not removed. We simply return to avoid useless destroy() - * proce ssing. - */ - atomic_dec((atomic_t *)info->refcount); - if (*info->refcount) - return; - - /* Don't leak my memory, you idiot. - * Bug found with nfsim.. the netfilter's best - * friend. --peejix */ - kfree(info->refcount); - /* This entry has been removed from the table so * decrease the refcount of all countries it is * using. diff --git a/extensions/xt_geoip.h b/extensions/xt_geoip.h index 52adc83..8169f6d 100644 --- a/extensions/xt_geoip.h +++ b/extensions/xt_geoip.h @@ -40,11 +40,6 @@ struct xt_geoip_match_info { /* Used internally by the kernel */ struct geoip_info *mem[XT_GEOIP_MAX]; - u_int8_t *refcount; - - /* not implemented yet: - void *fini; - */ }; #define COUNTRY(cc) (cc >> 8), (cc & 0x00FF)