Commit 964ddaa1 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller

[NETFILTER]: Clean up hook registration

Clean up hook registration by makeing use of the new mass registration and
unregistration helpers.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 972d1cb1
...@@ -181,33 +181,26 @@ static struct nf_hook_ops arpt_ops[] = { ...@@ -181,33 +181,26 @@ static struct nf_hook_ops arpt_ops[] = {
static int __init arptable_filter_init(void) static int __init arptable_filter_init(void)
{ {
int ret, i; int ret;
/* Register table */ /* Register table */
ret = arpt_register_table(&packet_filter, &initial_table.repl); ret = arpt_register_table(&packet_filter, &initial_table.repl);
if (ret < 0) if (ret < 0)
return ret; return ret;
for (i = 0; i < ARRAY_SIZE(arpt_ops); i++) ret = nf_register_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));
if ((ret = nf_register_hook(&arpt_ops[i])) < 0) if (ret < 0)
goto cleanup_hooks; goto cleanup_table;
return ret; return ret;
cleanup_hooks: cleanup_table:
while (--i >= 0)
nf_unregister_hook(&arpt_ops[i]);
arpt_unregister_table(&packet_filter); arpt_unregister_table(&packet_filter);
return ret; return ret;
} }
static void __exit arptable_filter_fini(void) static void __exit arptable_filter_fini(void)
{ {
unsigned int i; nf_unregister_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));
for (i = 0; i < ARRAY_SIZE(arpt_ops); i++)
nf_unregister_hook(&arpt_ops[i]);
arpt_unregister_table(&packet_filter); arpt_unregister_table(&packet_filter);
} }
......
...@@ -469,70 +469,63 @@ static unsigned int ip_conntrack_local(unsigned int hooknum, ...@@ -469,70 +469,63 @@ static unsigned int ip_conntrack_local(unsigned int hooknum,
/* Connection tracking may drop packets, but never alters them, so /* Connection tracking may drop packets, but never alters them, so
make it the first hook. */ make it the first hook. */
static struct nf_hook_ops ip_conntrack_defrag_ops = { static struct nf_hook_ops ip_conntrack_ops[] = {
.hook = ip_conntrack_defrag, {
.owner = THIS_MODULE, .hook = ip_conntrack_defrag,
.pf = PF_INET, .owner = THIS_MODULE,
.hooknum = NF_IP_PRE_ROUTING, .pf = PF_INET,
.priority = NF_IP_PRI_CONNTRACK_DEFRAG, .hooknum = NF_IP_PRE_ROUTING,
}; .priority = NF_IP_PRI_CONNTRACK_DEFRAG,
},
static struct nf_hook_ops ip_conntrack_in_ops = { {
.hook = ip_conntrack_in, .hook = ip_conntrack_in,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = PF_INET,
.hooknum = NF_IP_PRE_ROUTING, .hooknum = NF_IP_PRE_ROUTING,
.priority = NF_IP_PRI_CONNTRACK, .priority = NF_IP_PRI_CONNTRACK,
}; },
{
static struct nf_hook_ops ip_conntrack_defrag_local_out_ops = { .hook = ip_conntrack_defrag,
.hook = ip_conntrack_defrag, .owner = THIS_MODULE,
.owner = THIS_MODULE, .pf = PF_INET,
.pf = PF_INET, .hooknum = NF_IP_LOCAL_OUT,
.hooknum = NF_IP_LOCAL_OUT, .priority = NF_IP_PRI_CONNTRACK_DEFRAG,
.priority = NF_IP_PRI_CONNTRACK_DEFRAG, },
}; {
.hook = ip_conntrack_local,
static struct nf_hook_ops ip_conntrack_local_out_ops = { .owner = THIS_MODULE,
.hook = ip_conntrack_local, .pf = PF_INET,
.owner = THIS_MODULE, .hooknum = NF_IP_LOCAL_OUT,
.pf = PF_INET, .priority = NF_IP_PRI_CONNTRACK,
.hooknum = NF_IP_LOCAL_OUT, },
.priority = NF_IP_PRI_CONNTRACK, {
}; .hook = ip_conntrack_help,
.owner = THIS_MODULE,
/* helpers */ .pf = PF_INET,
static struct nf_hook_ops ip_conntrack_helper_out_ops = { .hooknum = NF_IP_POST_ROUTING,
.hook = ip_conntrack_help, .priority = NF_IP_PRI_CONNTRACK_HELPER,
.owner = THIS_MODULE, },
.pf = PF_INET, {
.hooknum = NF_IP_POST_ROUTING, .hook = ip_conntrack_help,
.priority = NF_IP_PRI_CONNTRACK_HELPER, .owner = THIS_MODULE,
}; .pf = PF_INET,
.hooknum = NF_IP_LOCAL_IN,
static struct nf_hook_ops ip_conntrack_helper_in_ops = { .priority = NF_IP_PRI_CONNTRACK_HELPER,
.hook = ip_conntrack_help, },
.owner = THIS_MODULE, {
.pf = PF_INET, .hook = ip_confirm,
.hooknum = NF_IP_LOCAL_IN, .owner = THIS_MODULE,
.priority = NF_IP_PRI_CONNTRACK_HELPER, .pf = PF_INET,
}; .hooknum = NF_IP_POST_ROUTING,
.priority = NF_IP_PRI_CONNTRACK_CONFIRM,
/* Refragmenter; last chance. */ },
static struct nf_hook_ops ip_conntrack_out_ops = { {
.hook = ip_confirm, .hook = ip_confirm,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = PF_INET,
.hooknum = NF_IP_POST_ROUTING, .hooknum = NF_IP_LOCAL_IN,
.priority = NF_IP_PRI_CONNTRACK_CONFIRM, .priority = NF_IP_PRI_CONNTRACK_CONFIRM,
}; },
static struct nf_hook_ops ip_conntrack_local_in_ops = {
.hook = ip_confirm,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_LOCAL_IN,
.priority = NF_IP_PRI_CONNTRACK_CONFIRM,
}; };
/* Sysctl support */ /* Sysctl support */
...@@ -813,52 +806,17 @@ static int init_or_cleanup(int init) ...@@ -813,52 +806,17 @@ static int init_or_cleanup(int init)
proc_stat->owner = THIS_MODULE; proc_stat->owner = THIS_MODULE;
#endif #endif
ret = nf_register_hook(&ip_conntrack_defrag_ops); ret = nf_register_hooks(ip_conntrack_ops, ARRAY_SIZE(ip_conntrack_ops));
if (ret < 0) { if (ret < 0) {
printk("ip_conntrack: can't register pre-routing defrag hook.\n"); printk("ip_conntrack: can't register hooks.\n");
goto cleanup_proc_stat; goto cleanup_proc_stat;
} }
ret = nf_register_hook(&ip_conntrack_defrag_local_out_ops);
if (ret < 0) {
printk("ip_conntrack: can't register local_out defrag hook.\n");
goto cleanup_defragops;
}
ret = nf_register_hook(&ip_conntrack_in_ops);
if (ret < 0) {
printk("ip_conntrack: can't register pre-routing hook.\n");
goto cleanup_defraglocalops;
}
ret = nf_register_hook(&ip_conntrack_local_out_ops);
if (ret < 0) {
printk("ip_conntrack: can't register local out hook.\n");
goto cleanup_inops;
}
ret = nf_register_hook(&ip_conntrack_helper_in_ops);
if (ret < 0) {
printk("ip_conntrack: can't register local in helper hook.\n");
goto cleanup_inandlocalops;
}
ret = nf_register_hook(&ip_conntrack_helper_out_ops);
if (ret < 0) {
printk("ip_conntrack: can't register postrouting helper hook.\n");
goto cleanup_helperinops;
}
ret = nf_register_hook(&ip_conntrack_out_ops);
if (ret < 0) {
printk("ip_conntrack: can't register post-routing hook.\n");
goto cleanup_helperoutops;
}
ret = nf_register_hook(&ip_conntrack_local_in_ops);
if (ret < 0) {
printk("ip_conntrack: can't register local in hook.\n");
goto cleanup_inoutandlocalops;
}
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
ip_ct_sysctl_header = register_sysctl_table(ip_ct_net_table, 0); ip_ct_sysctl_header = register_sysctl_table(ip_ct_net_table, 0);
if (ip_ct_sysctl_header == NULL) { if (ip_ct_sysctl_header == NULL) {
printk("ip_conntrack: can't register to sysctl.\n"); printk("ip_conntrack: can't register to sysctl.\n");
ret = -ENOMEM; ret = -ENOMEM;
goto cleanup_localinops; goto cleanup_hooks;
} }
#endif #endif
...@@ -868,23 +826,9 @@ static int init_or_cleanup(int init) ...@@ -868,23 +826,9 @@ static int init_or_cleanup(int init)
synchronize_net(); synchronize_net();
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
unregister_sysctl_table(ip_ct_sysctl_header); unregister_sysctl_table(ip_ct_sysctl_header);
cleanup_localinops: cleanup_hooks:
#endif #endif
nf_unregister_hook(&ip_conntrack_local_in_ops); nf_unregister_hooks(ip_conntrack_ops, ARRAY_SIZE(ip_conntrack_ops));
cleanup_inoutandlocalops:
nf_unregister_hook(&ip_conntrack_out_ops);
cleanup_helperoutops:
nf_unregister_hook(&ip_conntrack_helper_out_ops);
cleanup_helperinops:
nf_unregister_hook(&ip_conntrack_helper_in_ops);
cleanup_inandlocalops:
nf_unregister_hook(&ip_conntrack_local_out_ops);
cleanup_inops:
nf_unregister_hook(&ip_conntrack_in_ops);
cleanup_defraglocalops:
nf_unregister_hook(&ip_conntrack_defrag_local_out_ops);
cleanup_defragops:
nf_unregister_hook(&ip_conntrack_defrag_ops);
cleanup_proc_stat: cleanup_proc_stat:
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
remove_proc_entry("ip_conntrack", proc_net_stat); remove_proc_entry("ip_conntrack", proc_net_stat);
......
...@@ -299,61 +299,57 @@ ip_nat_adjust(unsigned int hooknum, ...@@ -299,61 +299,57 @@ ip_nat_adjust(unsigned int hooknum,
/* We must be after connection tracking and before packet filtering. */ /* We must be after connection tracking and before packet filtering. */
/* Before packet filtering, change destination */ static struct nf_hook_ops ip_nat_ops[] = {
static struct nf_hook_ops ip_nat_in_ops = { /* Before packet filtering, change destination */
.hook = ip_nat_in, {
.owner = THIS_MODULE, .hook = ip_nat_in,
.pf = PF_INET, .owner = THIS_MODULE,
.hooknum = NF_IP_PRE_ROUTING, .pf = PF_INET,
.priority = NF_IP_PRI_NAT_DST, .hooknum = NF_IP_PRE_ROUTING,
.priority = NF_IP_PRI_NAT_DST,
},
/* After packet filtering, change source */
{
.hook = ip_nat_out,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_POST_ROUTING,
.priority = NF_IP_PRI_NAT_SRC,
},
/* After conntrack, adjust sequence number */
{
.hook = ip_nat_adjust,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_POST_ROUTING,
.priority = NF_IP_PRI_NAT_SEQ_ADJUST,
},
/* Before packet filtering, change destination */
{
.hook = ip_nat_local_fn,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_LOCAL_OUT,
.priority = NF_IP_PRI_NAT_DST,
},
/* After packet filtering, change source */
{
.hook = ip_nat_fn,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_LOCAL_IN,
.priority = NF_IP_PRI_NAT_SRC,
},
/* After conntrack, adjust sequence number */
{
.hook = ip_nat_adjust,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_LOCAL_IN,
.priority = NF_IP_PRI_NAT_SEQ_ADJUST,
},
}; };
/* After packet filtering, change source */
static struct nf_hook_ops ip_nat_out_ops = {
.hook = ip_nat_out,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_POST_ROUTING,
.priority = NF_IP_PRI_NAT_SRC,
};
/* After conntrack, adjust sequence number */
static struct nf_hook_ops ip_nat_adjust_out_ops = {
.hook = ip_nat_adjust,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_POST_ROUTING,
.priority = NF_IP_PRI_NAT_SEQ_ADJUST,
};
/* Before packet filtering, change destination */
static struct nf_hook_ops ip_nat_local_out_ops = {
.hook = ip_nat_local_fn,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_LOCAL_OUT,
.priority = NF_IP_PRI_NAT_DST,
};
/* After packet filtering, change source for reply packets of LOCAL_OUT DNAT */
static struct nf_hook_ops ip_nat_local_in_ops = {
.hook = ip_nat_fn,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_LOCAL_IN,
.priority = NF_IP_PRI_NAT_SRC,
};
/* After conntrack, adjust sequence number */
static struct nf_hook_ops ip_nat_adjust_in_ops = {
.hook = ip_nat_adjust,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_LOCAL_IN,
.priority = NF_IP_PRI_NAT_SEQ_ADJUST,
};
static int init_or_cleanup(int init) static int init_or_cleanup(int init)
{ {
int ret = 0; int ret = 0;
...@@ -371,50 +367,15 @@ static int init_or_cleanup(int init) ...@@ -371,50 +367,15 @@ static int init_or_cleanup(int init)
printk("ip_nat_init: can't setup rules.\n"); printk("ip_nat_init: can't setup rules.\n");
goto cleanup_decode_session; goto cleanup_decode_session;
} }
ret = nf_register_hook(&ip_nat_in_ops); ret = nf_register_hooks(ip_nat_ops, ARRAY_SIZE(ip_nat_ops));
if (ret < 0) { if (ret < 0) {
printk("ip_nat_init: can't register in hook.\n"); printk("ip_nat_init: can't register hooks.\n");
goto cleanup_rule_init; goto cleanup_rule_init;
} }
ret = nf_register_hook(&ip_nat_out_ops);
if (ret < 0) {
printk("ip_nat_init: can't register out hook.\n");
goto cleanup_inops;
}
ret = nf_register_hook(&ip_nat_adjust_in_ops);
if (ret < 0) {
printk("ip_nat_init: can't register adjust in hook.\n");
goto cleanup_outops;
}
ret = nf_register_hook(&ip_nat_adjust_out_ops);
if (ret < 0) {
printk("ip_nat_init: can't register adjust out hook.\n");
goto cleanup_adjustin_ops;
}
ret = nf_register_hook(&ip_nat_local_out_ops);
if (ret < 0) {
printk("ip_nat_init: can't register local out hook.\n");
goto cleanup_adjustout_ops;
}
ret = nf_register_hook(&ip_nat_local_in_ops);
if (ret < 0) {
printk("ip_nat_init: can't register local in hook.\n");
goto cleanup_localoutops;
}
return ret; return ret;
cleanup: cleanup:
nf_unregister_hook(&ip_nat_local_in_ops); nf_unregister_hooks(ip_nat_ops, ARRAY_SIZE(ip_nat_ops));
cleanup_localoutops:
nf_unregister_hook(&ip_nat_local_out_ops);
cleanup_adjustout_ops:
nf_unregister_hook(&ip_nat_adjust_out_ops);
cleanup_adjustin_ops:
nf_unregister_hook(&ip_nat_adjust_in_ops);
cleanup_outops:
nf_unregister_hook(&ip_nat_out_ops);
cleanup_inops:
nf_unregister_hook(&ip_nat_in_ops);
cleanup_rule_init: cleanup_rule_init:
ip_nat_rule_cleanup(); ip_nat_rule_cleanup();
cleanup_decode_session: cleanup_decode_session:
......
...@@ -157,37 +157,20 @@ static int __init iptable_filter_init(void) ...@@ -157,37 +157,20 @@ static int __init iptable_filter_init(void)
return ret; return ret;
/* Register hooks */ /* Register hooks */
ret = nf_register_hook(&ipt_ops[0]); ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
if (ret < 0) if (ret < 0)
goto cleanup_table; goto cleanup_table;
ret = nf_register_hook(&ipt_ops[1]);
if (ret < 0)
goto cleanup_hook0;
ret = nf_register_hook(&ipt_ops[2]);
if (ret < 0)
goto cleanup_hook1;
return ret; return ret;
cleanup_hook1:
nf_unregister_hook(&ipt_ops[1]);
cleanup_hook0:
nf_unregister_hook(&ipt_ops[0]);
cleanup_table: cleanup_table:
ipt_unregister_table(&packet_filter); ipt_unregister_table(&packet_filter);
return ret; return ret;
} }
static void __exit iptable_filter_fini(void) static void __exit iptable_filter_fini(void)
{ {
unsigned int i; nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++)
nf_unregister_hook(&ipt_ops[i]);
ipt_unregister_table(&packet_filter); ipt_unregister_table(&packet_filter);
} }
......
...@@ -211,49 +211,20 @@ static int __init iptable_mangle_init(void) ...@@ -211,49 +211,20 @@ static int __init iptable_mangle_init(void)
return ret; return ret;
/* Register hooks */ /* Register hooks */
ret = nf_register_hook(&ipt_ops[0]); ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
if (ret < 0) if (ret < 0)
goto cleanup_table; goto cleanup_table;
ret = nf_register_hook(&ipt_ops[1]);
if (ret < 0)
goto cleanup_hook0;
ret = nf_register_hook(&ipt_ops[2]);
if (ret < 0)
goto cleanup_hook1;
ret = nf_register_hook(&ipt_ops[3]);
if (ret < 0)
goto cleanup_hook2;
ret = nf_register_hook(&ipt_ops[4]);
if (ret < 0)
goto cleanup_hook3;
return ret; return ret;
cleanup_hook3:
nf_unregister_hook(&ipt_ops[3]);
cleanup_hook2:
nf_unregister_hook(&ipt_ops[2]);
cleanup_hook1:
nf_unregister_hook(&ipt_ops[1]);
cleanup_hook0:
nf_unregister_hook(&ipt_ops[0]);
cleanup_table: cleanup_table:
ipt_unregister_table(&packet_mangler); ipt_unregister_table(&packet_mangler);
return ret; return ret;
} }
static void __exit iptable_mangle_fini(void) static void __exit iptable_mangle_fini(void)
{ {
unsigned int i; nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++)
nf_unregister_hook(&ipt_ops[i]);
ipt_unregister_table(&packet_mangler); ipt_unregister_table(&packet_mangler);
} }
......
...@@ -101,18 +101,18 @@ ipt_hook(unsigned int hook, ...@@ -101,18 +101,18 @@ ipt_hook(unsigned int hook,
/* 'raw' is the very first table. */ /* 'raw' is the very first table. */
static struct nf_hook_ops ipt_ops[] = { static struct nf_hook_ops ipt_ops[] = {
{ {
.hook = ipt_hook, .hook = ipt_hook,
.pf = PF_INET, .pf = PF_INET,
.hooknum = NF_IP_PRE_ROUTING, .hooknum = NF_IP_PRE_ROUTING,
.priority = NF_IP_PRI_RAW, .priority = NF_IP_PRI_RAW,
.owner = THIS_MODULE, .owner = THIS_MODULE,
}, },
{ {
.hook = ipt_hook, .hook = ipt_hook,
.pf = PF_INET, .pf = PF_INET,
.hooknum = NF_IP_LOCAL_OUT, .hooknum = NF_IP_LOCAL_OUT,
.priority = NF_IP_PRI_RAW, .priority = NF_IP_PRI_RAW,
.owner = THIS_MODULE, .owner = THIS_MODULE,
}, },
}; };
...@@ -126,31 +126,20 @@ static int __init iptable_raw_init(void) ...@@ -126,31 +126,20 @@ static int __init iptable_raw_init(void)
return ret; return ret;
/* Register hooks */ /* Register hooks */
ret = nf_register_hook(&ipt_ops[0]); ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
if (ret < 0) if (ret < 0)
goto cleanup_table; goto cleanup_table;
ret = nf_register_hook(&ipt_ops[1]);
if (ret < 0)
goto cleanup_hook0;
return ret; return ret;
cleanup_hook0:
nf_unregister_hook(&ipt_ops[0]);
cleanup_table: cleanup_table:
ipt_unregister_table(&packet_raw); ipt_unregister_table(&packet_raw);
return ret; return ret;
} }
static void __exit iptable_raw_fini(void) static void __exit iptable_raw_fini(void)
{ {
unsigned int i; nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++)
nf_unregister_hook(&ipt_ops[i]);
ipt_unregister_table(&packet_raw); ipt_unregister_table(&packet_raw);
} }
......
...@@ -210,71 +210,63 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum, ...@@ -210,71 +210,63 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum,
/* Connection tracking may drop packets, but never alters them, so /* Connection tracking may drop packets, but never alters them, so
make it the first hook. */ make it the first hook. */
static struct nf_hook_ops ipv4_conntrack_defrag_ops = { static struct nf_hook_ops ipv4_conntrack_ops[] = {
.hook = ipv4_conntrack_defrag, {
.owner = THIS_MODULE, .hook = ipv4_conntrack_defrag,
.pf = PF_INET, .owner = THIS_MODULE,
.hooknum = NF_IP_PRE_ROUTING, .pf = PF_INET,
.priority = NF_IP_PRI_CONNTRACK_DEFRAG, .hooknum = NF_IP_PRE_ROUTING,
}; .priority = NF_IP_PRI_CONNTRACK_DEFRAG,
},
static struct nf_hook_ops ipv4_conntrack_in_ops = { {
.hook = ipv4_conntrack_in, .hook = ipv4_conntrack_in,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = PF_INET,
.hooknum = NF_IP_PRE_ROUTING, .hooknum = NF_IP_PRE_ROUTING,
.priority = NF_IP_PRI_CONNTRACK, .priority = NF_IP_PRI_CONNTRACK,
}; },
{
static struct nf_hook_ops ipv4_conntrack_defrag_local_out_ops = { .hook = ipv4_conntrack_defrag,
.hook = ipv4_conntrack_defrag, .owner = THIS_MODULE,
.owner = THIS_MODULE, .pf = PF_INET,
.pf = PF_INET, .hooknum = NF_IP_LOCAL_OUT,
.hooknum = NF_IP_LOCAL_OUT, .priority = NF_IP_PRI_CONNTRACK_DEFRAG,
.priority = NF_IP_PRI_CONNTRACK_DEFRAG, },
}; {
.hook = ipv4_conntrack_local,
static struct nf_hook_ops ipv4_conntrack_local_out_ops = { .owner = THIS_MODULE,
.hook = ipv4_conntrack_local, .pf = PF_INET,
.owner = THIS_MODULE, .hooknum = NF_IP_LOCAL_OUT,
.pf = PF_INET, .priority = NF_IP_PRI_CONNTRACK,
.hooknum = NF_IP_LOCAL_OUT, },
.priority = NF_IP_PRI_CONNTRACK, {
}; .hook = ipv4_conntrack_help,
.owner = THIS_MODULE,
/* helpers */ .pf = PF_INET,
static struct nf_hook_ops ipv4_conntrack_helper_out_ops = { .hooknum = NF_IP_POST_ROUTING,
.hook = ipv4_conntrack_help, .priority = NF_IP_PRI_CONNTRACK_HELPER,
.owner = THIS_MODULE, },
.pf = PF_INET, {
.hooknum = NF_IP_POST_ROUTING, .hook = ipv4_conntrack_help,
.priority = NF_IP_PRI_CONNTRACK_HELPER, .owner = THIS_MODULE,
}; .pf = PF_INET,
.hooknum = NF_IP_LOCAL_IN,
static struct nf_hook_ops ipv4_conntrack_helper_in_ops = { .priority = NF_IP_PRI_CONNTRACK_HELPER,
.hook = ipv4_conntrack_help, },
.owner = THIS_MODULE, {
.pf = PF_INET, .hook = ipv4_confirm,
.hooknum = NF_IP_LOCAL_IN, .owner = THIS_MODULE,
.priority = NF_IP_PRI_CONNTRACK_HELPER, .pf = PF_INET,
}; .hooknum = NF_IP_POST_ROUTING,
.priority = NF_IP_PRI_CONNTRACK_CONFIRM,
},
/* Refragmenter; last chance. */ {
static struct nf_hook_ops ipv4_conntrack_out_ops = { .hook = ipv4_confirm,
.hook = ipv4_confirm, .owner = THIS_MODULE,
.owner = THIS_MODULE, .pf = PF_INET,
.pf = PF_INET, .hooknum = NF_IP_LOCAL_IN,
.hooknum = NF_IP_POST_ROUTING, .priority = NF_IP_PRI_CONNTRACK_CONFIRM,
.priority = NF_IP_PRI_CONNTRACK_CONFIRM, },
};
static struct nf_hook_ops ipv4_conntrack_local_in_ops = {
.hook = ipv4_confirm,
.owner = THIS_MODULE,
.pf = PF_INET,
.hooknum = NF_IP_LOCAL_IN,
.priority = NF_IP_PRI_CONNTRACK_CONFIRM,
}; };
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
...@@ -476,59 +468,18 @@ static int init_or_cleanup(int init) ...@@ -476,59 +468,18 @@ static int init_or_cleanup(int init)
goto cleanup_icmp; goto cleanup_icmp;
} }
ret = nf_register_hook(&ipv4_conntrack_defrag_ops); ret = nf_register_hooks(ipv4_conntrack_ops,
ARRAY_SIZE(ipv4_conntrack_ops));
if (ret < 0) { if (ret < 0) {
printk("nf_conntrack_ipv4: can't register pre-routing defrag hook.\n"); printk("nf_conntrack_ipv4: can't register hooks.\n");
goto cleanup_ipv4; goto cleanup_ipv4;
} }
ret = nf_register_hook(&ipv4_conntrack_defrag_local_out_ops);
if (ret < 0) {
printk("nf_conntrack_ipv4: can't register local_out defrag hook.\n");
goto cleanup_defragops;
}
ret = nf_register_hook(&ipv4_conntrack_in_ops);
if (ret < 0) {
printk("nf_conntrack_ipv4: can't register pre-routing hook.\n");
goto cleanup_defraglocalops;
}
ret = nf_register_hook(&ipv4_conntrack_local_out_ops);
if (ret < 0) {
printk("nf_conntrack_ipv4: can't register local out hook.\n");
goto cleanup_inops;
}
ret = nf_register_hook(&ipv4_conntrack_helper_in_ops);
if (ret < 0) {
printk("nf_conntrack_ipv4: can't register local helper hook.\n");
goto cleanup_inandlocalops;
}
ret = nf_register_hook(&ipv4_conntrack_helper_out_ops);
if (ret < 0) {
printk("nf_conntrack_ipv4: can't register postrouting helper hook.\n");
goto cleanup_helperinops;
}
ret = nf_register_hook(&ipv4_conntrack_out_ops);
if (ret < 0) {
printk("nf_conntrack_ipv4: can't register post-routing hook.\n");
goto cleanup_helperoutops;
}
ret = nf_register_hook(&ipv4_conntrack_local_in_ops);
if (ret < 0) {
printk("nf_conntrack_ipv4: can't register local in hook.\n");
goto cleanup_inoutandlocalops;
}
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
nf_ct_ipv4_sysctl_header = register_sysctl_table(nf_ct_net_table, 0); nf_ct_ipv4_sysctl_header = register_sysctl_table(nf_ct_net_table, 0);
if (nf_ct_ipv4_sysctl_header == NULL) { if (nf_ct_ipv4_sysctl_header == NULL) {
printk("nf_conntrack: can't register to sysctl.\n"); printk("nf_conntrack: can't register to sysctl.\n");
ret = -ENOMEM; ret = -ENOMEM;
goto cleanup_localinops; goto cleanup_hooks;
} }
#endif #endif
return ret; return ret;
...@@ -537,23 +488,9 @@ static int init_or_cleanup(int init) ...@@ -537,23 +488,9 @@ static int init_or_cleanup(int init)
synchronize_net(); synchronize_net();
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
unregister_sysctl_table(nf_ct_ipv4_sysctl_header); unregister_sysctl_table(nf_ct_ipv4_sysctl_header);
cleanup_localinops: cleanup_hooks:
#endif #endif
nf_unregister_hook(&ipv4_conntrack_local_in_ops); nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops));
cleanup_inoutandlocalops:
nf_unregister_hook(&ipv4_conntrack_out_ops);
cleanup_helperoutops:
nf_unregister_hook(&ipv4_conntrack_helper_out_ops);
cleanup_helperinops:
nf_unregister_hook(&ipv4_conntrack_helper_in_ops);
cleanup_inandlocalops:
nf_unregister_hook(&ipv4_conntrack_local_out_ops);
cleanup_inops:
nf_unregister_hook(&ipv4_conntrack_in_ops);
cleanup_defraglocalops:
nf_unregister_hook(&ipv4_conntrack_defrag_local_out_ops);
cleanup_defragops:
nf_unregister_hook(&ipv4_conntrack_defrag_ops);
cleanup_ipv4: cleanup_ipv4:
nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4); nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4);
cleanup_icmp: cleanup_icmp:
......
...@@ -177,37 +177,20 @@ static int __init ip6table_filter_init(void) ...@@ -177,37 +177,20 @@ static int __init ip6table_filter_init(void)
return ret; return ret;
/* Register hooks */ /* Register hooks */
ret = nf_register_hook(&ip6t_ops[0]); ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
if (ret < 0) if (ret < 0)
goto cleanup_table; goto cleanup_table;
ret = nf_register_hook(&ip6t_ops[1]);
if (ret < 0)
goto cleanup_hook0;
ret = nf_register_hook(&ip6t_ops[2]);
if (ret < 0)
goto cleanup_hook1;
return ret; return ret;
cleanup_hook1:
nf_unregister_hook(&ip6t_ops[1]);
cleanup_hook0:
nf_unregister_hook(&ip6t_ops[0]);
cleanup_table: cleanup_table:
ip6t_unregister_table(&packet_filter); ip6t_unregister_table(&packet_filter);
return ret; return ret;
} }
static void __exit ip6table_filter_fini(void) static void __exit ip6table_filter_fini(void)
{ {
unsigned int i; nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++)
nf_unregister_hook(&ip6t_ops[i]);
ip6t_unregister_table(&packet_filter); ip6t_unregister_table(&packet_filter);
} }
......
...@@ -238,49 +238,20 @@ static int __init ip6table_mangle_init(void) ...@@ -238,49 +238,20 @@ static int __init ip6table_mangle_init(void)
return ret; return ret;
/* Register hooks */ /* Register hooks */
ret = nf_register_hook(&ip6t_ops[0]); ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
if (ret < 0) if (ret < 0)
goto cleanup_table; goto cleanup_table;
ret = nf_register_hook(&ip6t_ops[1]);
if (ret < 0)
goto cleanup_hook0;
ret = nf_register_hook(&ip6t_ops[2]);
if (ret < 0)
goto cleanup_hook1;
ret = nf_register_hook(&ip6t_ops[3]);
if (ret < 0)
goto cleanup_hook2;
ret = nf_register_hook(&ip6t_ops[4]);
if (ret < 0)
goto cleanup_hook3;
return ret; return ret;
cleanup_hook3:
nf_unregister_hook(&ip6t_ops[3]);
cleanup_hook2:
nf_unregister_hook(&ip6t_ops[2]);
cleanup_hook1:
nf_unregister_hook(&ip6t_ops[1]);
cleanup_hook0:
nf_unregister_hook(&ip6t_ops[0]);
cleanup_table: cleanup_table:
ip6t_unregister_table(&packet_mangler); ip6t_unregister_table(&packet_mangler);
return ret; return ret;
} }
static void __exit ip6table_mangle_fini(void) static void __exit ip6table_mangle_fini(void)
{ {
unsigned int i; nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++)
nf_unregister_hook(&ip6t_ops[i]);
ip6t_unregister_table(&packet_mangler); ip6t_unregister_table(&packet_mangler);
} }
......
...@@ -152,31 +152,20 @@ static int __init ip6table_raw_init(void) ...@@ -152,31 +152,20 @@ static int __init ip6table_raw_init(void)
return ret; return ret;
/* Register hooks */ /* Register hooks */
ret = nf_register_hook(&ip6t_ops[0]); ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
if (ret < 0) if (ret < 0)
goto cleanup_table; goto cleanup_table;
ret = nf_register_hook(&ip6t_ops[1]);
if (ret < 0)
goto cleanup_hook0;
return ret; return ret;
cleanup_hook0:
nf_unregister_hook(&ip6t_ops[0]);
cleanup_table: cleanup_table:
ip6t_unregister_table(&packet_raw); ip6t_unregister_table(&packet_raw);
return ret; return ret;
} }
static void __exit ip6table_raw_fini(void) static void __exit ip6table_raw_fini(void)
{ {
unsigned int i; nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++)
nf_unregister_hook(&ip6t_ops[i]);
ip6t_unregister_table(&packet_raw); ip6t_unregister_table(&packet_raw);
} }
......
...@@ -286,55 +286,49 @@ static unsigned int ipv6_conntrack_local(unsigned int hooknum, ...@@ -286,55 +286,49 @@ static unsigned int ipv6_conntrack_local(unsigned int hooknum,
return ipv6_conntrack_in(hooknum, pskb, in, out, okfn); return ipv6_conntrack_in(hooknum, pskb, in, out, okfn);
} }
/* Connection tracking may drop packets, but never alters them, so static struct nf_hook_ops ipv6_conntrack_ops[] = {
make it the first hook. */ {
static struct nf_hook_ops ipv6_conntrack_defrag_ops = { .hook = ipv6_defrag,
.hook = ipv6_defrag, .owner = THIS_MODULE,
.owner = THIS_MODULE, .pf = PF_INET6,
.pf = PF_INET6, .hooknum = NF_IP6_PRE_ROUTING,
.hooknum = NF_IP6_PRE_ROUTING, .priority = NF_IP6_PRI_CONNTRACK_DEFRAG,
.priority = NF_IP6_PRI_CONNTRACK_DEFRAG, },
}; {
.hook = ipv6_conntrack_in,
static struct nf_hook_ops ipv6_conntrack_in_ops = { .owner = THIS_MODULE,
.hook = ipv6_conntrack_in, .pf = PF_INET6,
.owner = THIS_MODULE, .hooknum = NF_IP6_PRE_ROUTING,
.pf = PF_INET6, .priority = NF_IP6_PRI_CONNTRACK,
.hooknum = NF_IP6_PRE_ROUTING, },
.priority = NF_IP6_PRI_CONNTRACK, {
}; .hook = ipv6_conntrack_local,
.owner = THIS_MODULE,
static struct nf_hook_ops ipv6_conntrack_local_out_ops = { .pf = PF_INET6,
.hook = ipv6_conntrack_local, .hooknum = NF_IP6_LOCAL_OUT,
.owner = THIS_MODULE, .priority = NF_IP6_PRI_CONNTRACK,
.pf = PF_INET6, },
.hooknum = NF_IP6_LOCAL_OUT, {
.priority = NF_IP6_PRI_CONNTRACK, .hook = ipv6_defrag,
}; .owner = THIS_MODULE,
.pf = PF_INET6,
static struct nf_hook_ops ipv6_conntrack_defrag_local_out_ops = { .hooknum = NF_IP6_LOCAL_OUT,
.hook = ipv6_defrag, .priority = NF_IP6_PRI_CONNTRACK_DEFRAG,
.owner = THIS_MODULE, },
.pf = PF_INET6, {
.hooknum = NF_IP6_LOCAL_OUT, .hook = ipv6_confirm,
.priority = NF_IP6_PRI_CONNTRACK_DEFRAG, .owner = THIS_MODULE,
}; .pf = PF_INET6,
.hooknum = NF_IP6_POST_ROUTING,
/* Refragmenter; last chance. */ .priority = NF_IP6_PRI_LAST,
static struct nf_hook_ops ipv6_conntrack_out_ops = { },
.hook = ipv6_confirm, {
.owner = THIS_MODULE, .hook = ipv6_confirm,
.pf = PF_INET6, .owner = THIS_MODULE,
.hooknum = NF_IP6_POST_ROUTING, .pf = PF_INET6,
.priority = NF_IP6_PRI_LAST, .hooknum = NF_IP6_LOCAL_IN,
}; .priority = NF_IP6_PRI_LAST-1,
},
static struct nf_hook_ops ipv6_conntrack_local_in_ops = {
.hook = ipv6_confirm,
.owner = THIS_MODULE,
.pf = PF_INET6,
.hooknum = NF_IP6_LOCAL_IN,
.priority = NF_IP6_PRI_LAST-1,
}; };
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
...@@ -505,50 +499,19 @@ static int init_or_cleanup(int init) ...@@ -505,50 +499,19 @@ static int init_or_cleanup(int init)
goto cleanup_icmpv6; goto cleanup_icmpv6;
} }
ret = nf_register_hook(&ipv6_conntrack_defrag_ops); ret = nf_register_hooks(ipv6_conntrack_ops,
ARRAY_SIZE(ipv6_conntrack_ops));
if (ret < 0) { if (ret < 0) {
printk("nf_conntrack_ipv6: can't register pre-routing defrag " printk("nf_conntrack_ipv6: can't register pre-routing defrag "
"hook.\n"); "hook.\n");
goto cleanup_ipv6; goto cleanup_ipv6;
} }
ret = nf_register_hook(&ipv6_conntrack_defrag_local_out_ops);
if (ret < 0) {
printk("nf_conntrack_ipv6: can't register local_out defrag "
"hook.\n");
goto cleanup_defragops;
}
ret = nf_register_hook(&ipv6_conntrack_in_ops);
if (ret < 0) {
printk("nf_conntrack_ipv6: can't register pre-routing hook.\n");
goto cleanup_defraglocalops;
}
ret = nf_register_hook(&ipv6_conntrack_local_out_ops);
if (ret < 0) {
printk("nf_conntrack_ipv6: can't register local out hook.\n");
goto cleanup_inops;
}
ret = nf_register_hook(&ipv6_conntrack_out_ops);
if (ret < 0) {
printk("nf_conntrack_ipv6: can't register post-routing hook.\n");
goto cleanup_inandlocalops;
}
ret = nf_register_hook(&ipv6_conntrack_local_in_ops);
if (ret < 0) {
printk("nf_conntrack_ipv6: can't register local in hook.\n");
goto cleanup_inoutandlocalops;
}
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
nf_ct_ipv6_sysctl_header = register_sysctl_table(nf_ct_net_table, 0); nf_ct_ipv6_sysctl_header = register_sysctl_table(nf_ct_net_table, 0);
if (nf_ct_ipv6_sysctl_header == NULL) { if (nf_ct_ipv6_sysctl_header == NULL) {
printk("nf_conntrack: can't register to sysctl.\n"); printk("nf_conntrack: can't register to sysctl.\n");
ret = -ENOMEM; ret = -ENOMEM;
goto cleanup_localinops; goto cleanup_hooks;
} }
#endif #endif
return ret; return ret;
...@@ -557,19 +520,9 @@ static int init_or_cleanup(int init) ...@@ -557,19 +520,9 @@ static int init_or_cleanup(int init)
synchronize_net(); synchronize_net();
#ifdef CONFIG_SYSCTL #ifdef CONFIG_SYSCTL
unregister_sysctl_table(nf_ct_ipv6_sysctl_header); unregister_sysctl_table(nf_ct_ipv6_sysctl_header);
cleanup_localinops: cleanup_hooks:
#endif #endif
nf_unregister_hook(&ipv6_conntrack_local_in_ops); nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops));
cleanup_inoutandlocalops:
nf_unregister_hook(&ipv6_conntrack_out_ops);
cleanup_inandlocalops:
nf_unregister_hook(&ipv6_conntrack_local_out_ops);
cleanup_inops:
nf_unregister_hook(&ipv6_conntrack_in_ops);
cleanup_defraglocalops:
nf_unregister_hook(&ipv6_conntrack_defrag_local_out_ops);
cleanup_defragops:
nf_unregister_hook(&ipv6_conntrack_defrag_ops);
cleanup_ipv6: cleanup_ipv6:
nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv6); nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv6);
cleanup_icmpv6: cleanup_icmpv6:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment