diff options
| author | Jan Engelhardt <jengelh@medozas.de> | 2009-06-17 07:57:48 -0400 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@medozas.de> | 2010-02-10 11:13:33 -0500 |
| commit | 2b95efe7f6bb750256a702cc32d33b0cb2cd8223 (patch) | |
| tree | 49ab6f0eb13fe524211f94db29c19827529f49a5 /net/ipv4/netfilter/iptable_raw.c | |
| parent | 2b21e051472fdb4680076278b2ccf63ebc1cc3bc (diff) | |
netfilter: xtables: use xt_table for hook instantiation
The respective xt_table structures already have most of the metadata
needed for hook setup. Add a 'priority' field to struct xt_table so
that xt_hook_link() can be called with a reduced number of arguments.
So should we be having more tables in the future, it comes at no
static cost (only runtime, as before) - space saved:
6807373->6806555.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'net/ipv4/netfilter/iptable_raw.c')
| -rw-r--r-- | net/ipv4/netfilter/iptable_raw.c | 27 |
1 files changed, 7 insertions, 20 deletions
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index d16e43777c3..62a99154f14 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c | |||
| @@ -41,6 +41,7 @@ static const struct xt_table packet_raw = { | |||
| 41 | .valid_hooks = RAW_VALID_HOOKS, | 41 | .valid_hooks = RAW_VALID_HOOKS, |
| 42 | .me = THIS_MODULE, | 42 | .me = THIS_MODULE, |
| 43 | .af = NFPROTO_IPV4, | 43 | .af = NFPROTO_IPV4, |
| 44 | .priority = NF_IP_PRI_RAW, | ||
| 44 | }; | 45 | }; |
| 45 | 46 | ||
| 46 | /* The work comes in here from netfilter.c. */ | 47 | /* The work comes in here from netfilter.c. */ |
| @@ -61,23 +62,7 @@ iptable_raw_hook(unsigned int hook, struct sk_buff *skb, | |||
| 61 | return ipt_do_table(skb, hook, in, out, net->ipv4.iptable_raw); | 62 | return ipt_do_table(skb, hook, in, out, net->ipv4.iptable_raw); |
| 62 | } | 63 | } |
| 63 | 64 | ||
| 64 | /* 'raw' is the very first table. */ | 65 | static struct nf_hook_ops *rawtable_ops __read_mostly; |
| 65 | static struct nf_hook_ops ipt_ops[] __read_mostly = { | ||
| 66 | { | ||
| 67 | .hook = iptable_raw_hook, | ||
| 68 | .pf = NFPROTO_IPV4, | ||
| 69 | .hooknum = NF_INET_PRE_ROUTING, | ||
| 70 | .priority = NF_IP_PRI_RAW, | ||
| 71 | .owner = THIS_MODULE, | ||
| 72 | }, | ||
| 73 | { | ||
| 74 | .hook = iptable_raw_hook, | ||
| 75 | .pf = NFPROTO_IPV4, | ||
| 76 | .hooknum = NF_INET_LOCAL_OUT, | ||
| 77 | .priority = NF_IP_PRI_RAW, | ||
| 78 | .owner = THIS_MODULE, | ||
| 79 | }, | ||
| 80 | }; | ||
| 81 | 66 | ||
| 82 | static int __net_init iptable_raw_net_init(struct net *net) | 67 | static int __net_init iptable_raw_net_init(struct net *net) |
| 83 | { | 68 | { |
| @@ -108,9 +93,11 @@ static int __init iptable_raw_init(void) | |||
| 108 | return ret; | 93 | return ret; |
| 109 | 94 | ||
| 110 | /* Register hooks */ | 95 | /* Register hooks */ |
| 111 | ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); | 96 | rawtable_ops = xt_hook_link(&packet_raw, iptable_raw_hook); |
| 112 | if (ret < 0) | 97 | if (IS_ERR(rawtable_ops)) { |
| 98 | ret = PTR_ERR(rawtable_ops); | ||
| 113 | goto cleanup_table; | 99 | goto cleanup_table; |
| 100 | } | ||
| 114 | 101 | ||
| 115 | return ret; | 102 | return ret; |
| 116 | 103 | ||
| @@ -121,7 +108,7 @@ static int __init iptable_raw_init(void) | |||
| 121 | 108 | ||
| 122 | static void __exit iptable_raw_fini(void) | 109 | static void __exit iptable_raw_fini(void) |
| 123 | { | 110 | { |
| 124 | nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); | 111 | xt_hook_unlink(&packet_raw, rawtable_ops); |
| 125 | unregister_pernet_subsys(&iptable_raw_net_ops); | 112 | unregister_pernet_subsys(&iptable_raw_net_ops); |
| 126 | } | 113 | } |
| 127 | 114 | ||