diff options
| author | Patrick McHardy <kaber@trash.net> | 2014-01-09 13:42:38 -0500 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-01-09 14:17:15 -0500 |
| commit | fa2c1de0bbd98985f7f930205de97ae0d3e86c16 (patch) | |
| tree | f9f8eec3da27c7934a2241bf05e5054a9767eddf | |
| parent | 2a37d755b885995443f11cdcaf1f9d4b5f246eab (diff) | |
netfilter: nf_tables: minor nf_chain_type cleanups
Minor nf_chain_type cleanups:
- reorder struct to plug a hoe
- rename struct module member to "owner" for consistency
- rename nf_hookfn array to "hooks" for consistency
- reorder initializers for better readability
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | include/net/netfilter/nf_tables.h | 22 | ||||
| -rw-r--r-- | net/bridge/netfilter/nf_tables_bridge.c | 4 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_tables_arp.c | 4 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_tables_ipv4.c | 4 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nft_chain_nat_ipv4.c | 6 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nft_chain_route_ipv4.c | 6 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nf_tables_ipv6.c | 4 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nft_chain_nat_ipv6.c | 6 | ||||
| -rw-r--r-- | net/ipv6/netfilter/nft_chain_route_ipv6.c | 6 | ||||
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 12 | ||||
| -rw-r--r-- | net/netfilter/nf_tables_inet.c | 4 |
11 files changed, 44 insertions, 34 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index d3f70530a59a..342236550ef9 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h | |||
| @@ -498,13 +498,23 @@ struct nft_af_info { | |||
| 498 | int nft_register_afinfo(struct net *, struct nft_af_info *); | 498 | int nft_register_afinfo(struct net *, struct nft_af_info *); |
| 499 | void nft_unregister_afinfo(struct nft_af_info *); | 499 | void nft_unregister_afinfo(struct nft_af_info *); |
| 500 | 500 | ||
| 501 | /** | ||
| 502 | * struct nf_chain_type - nf_tables chain type info | ||
| 503 | * | ||
| 504 | * @name: name of the type | ||
| 505 | * @type: numeric identifier | ||
| 506 | * @family: address family | ||
| 507 | * @owner: module owner | ||
| 508 | * @hook_mask: mask of valid hooks | ||
| 509 | * @hooks: hookfn overrides | ||
| 510 | */ | ||
| 501 | struct nf_chain_type { | 511 | struct nf_chain_type { |
| 502 | unsigned int hook_mask; | 512 | const char *name; |
| 503 | const char *name; | 513 | enum nft_chain_type type; |
| 504 | enum nft_chain_type type; | 514 | int family; |
| 505 | nf_hookfn *fn[NF_MAX_HOOKS]; | 515 | struct module *owner; |
| 506 | struct module *me; | 516 | unsigned int hook_mask; |
| 507 | int family; | 517 | nf_hookfn *hooks[NF_MAX_HOOKS]; |
| 508 | }; | 518 | }; |
| 509 | 519 | ||
| 510 | int nft_register_chain_type(const struct nf_chain_type *); | 520 | int nft_register_chain_type(const struct nf_chain_type *); |
diff --git a/net/bridge/netfilter/nf_tables_bridge.c b/net/bridge/netfilter/nf_tables_bridge.c index 283658d21825..c83fab5f8736 100644 --- a/net/bridge/netfilter/nf_tables_bridge.c +++ b/net/bridge/netfilter/nf_tables_bridge.c | |||
| @@ -69,10 +69,10 @@ static struct pernet_operations nf_tables_bridge_net_ops = { | |||
| 69 | }; | 69 | }; |
| 70 | 70 | ||
| 71 | static const struct nf_chain_type filter_bridge = { | 71 | static const struct nf_chain_type filter_bridge = { |
| 72 | .family = NFPROTO_BRIDGE, | ||
| 73 | .name = "filter", | 72 | .name = "filter", |
| 74 | .type = NFT_CHAIN_T_DEFAULT, | 73 | .type = NFT_CHAIN_T_DEFAULT, |
| 75 | .me = THIS_MODULE, | 74 | .family = NFPROTO_BRIDGE, |
| 75 | .owner = THIS_MODULE, | ||
| 76 | .hook_mask = (1 << NF_BR_LOCAL_IN) | | 76 | .hook_mask = (1 << NF_BR_LOCAL_IN) | |
| 77 | (1 << NF_BR_FORWARD) | | 77 | (1 << NF_BR_FORWARD) | |
| 78 | (1 << NF_BR_LOCAL_OUT), | 78 | (1 << NF_BR_LOCAL_OUT), |
diff --git a/net/ipv4/netfilter/nf_tables_arp.c b/net/ipv4/netfilter/nf_tables_arp.c index 8af01a5e8f98..b90d16c332ab 100644 --- a/net/ipv4/netfilter/nf_tables_arp.c +++ b/net/ipv4/netfilter/nf_tables_arp.c | |||
| @@ -69,10 +69,10 @@ static struct pernet_operations nf_tables_arp_net_ops = { | |||
| 69 | }; | 69 | }; |
| 70 | 70 | ||
| 71 | static const struct nf_chain_type filter_arp = { | 71 | static const struct nf_chain_type filter_arp = { |
| 72 | .family = NFPROTO_ARP, | ||
| 73 | .name = "filter", | 72 | .name = "filter", |
| 74 | .type = NFT_CHAIN_T_DEFAULT, | 73 | .type = NFT_CHAIN_T_DEFAULT, |
| 75 | .me = THIS_MODULE, | 74 | .family = NFPROTO_ARP, |
| 75 | .owner = THIS_MODULE, | ||
| 76 | .hook_mask = (1 << NF_ARP_IN) | | 76 | .hook_mask = (1 << NF_ARP_IN) | |
| 77 | (1 << NF_ARP_OUT) | | 77 | (1 << NF_ARP_OUT) | |
| 78 | (1 << NF_ARP_FORWARD), | 78 | (1 << NF_ARP_FORWARD), |
diff --git a/net/ipv4/netfilter/nf_tables_ipv4.c b/net/ipv4/netfilter/nf_tables_ipv4.c index cec7805de3e3..66679fd4b022 100644 --- a/net/ipv4/netfilter/nf_tables_ipv4.c +++ b/net/ipv4/netfilter/nf_tables_ipv4.c | |||
| @@ -92,10 +92,10 @@ static struct pernet_operations nf_tables_ipv4_net_ops = { | |||
| 92 | }; | 92 | }; |
| 93 | 93 | ||
| 94 | static const struct nf_chain_type filter_ipv4 = { | 94 | static const struct nf_chain_type filter_ipv4 = { |
| 95 | .family = NFPROTO_IPV4, | ||
| 96 | .name = "filter", | 95 | .name = "filter", |
| 97 | .type = NFT_CHAIN_T_DEFAULT, | 96 | .type = NFT_CHAIN_T_DEFAULT, |
| 98 | .me = THIS_MODULE, | 97 | .family = NFPROTO_IPV4, |
| 98 | .owner = THIS_MODULE, | ||
| 99 | .hook_mask = (1 << NF_INET_LOCAL_IN) | | 99 | .hook_mask = (1 << NF_INET_LOCAL_IN) | |
| 100 | (1 << NF_INET_LOCAL_OUT) | | 100 | (1 << NF_INET_LOCAL_OUT) | |
| 101 | (1 << NF_INET_FORWARD) | | 101 | (1 << NF_INET_FORWARD) | |
diff --git a/net/ipv4/netfilter/nft_chain_nat_ipv4.c b/net/ipv4/netfilter/nft_chain_nat_ipv4.c index 9e535c2c2cd2..208d60afaaa0 100644 --- a/net/ipv4/netfilter/nft_chain_nat_ipv4.c +++ b/net/ipv4/netfilter/nft_chain_nat_ipv4.c | |||
| @@ -165,20 +165,20 @@ static unsigned int nf_nat_output(const struct nf_hook_ops *ops, | |||
| 165 | } | 165 | } |
| 166 | 166 | ||
| 167 | static const struct nf_chain_type nft_chain_nat_ipv4 = { | 167 | static const struct nf_chain_type nft_chain_nat_ipv4 = { |
| 168 | .family = NFPROTO_IPV4, | ||
| 169 | .name = "nat", | 168 | .name = "nat", |
| 170 | .type = NFT_CHAIN_T_NAT, | 169 | .type = NFT_CHAIN_T_NAT, |
| 170 | .family = NFPROTO_IPV4, | ||
| 171 | .owner = THIS_MODULE, | ||
| 171 | .hook_mask = (1 << NF_INET_PRE_ROUTING) | | 172 | .hook_mask = (1 << NF_INET_PRE_ROUTING) | |
| 172 | (1 << NF_INET_POST_ROUTING) | | 173 | (1 << NF_INET_POST_ROUTING) | |
| 173 | (1 << NF_INET_LOCAL_OUT) | | 174 | (1 << NF_INET_LOCAL_OUT) | |
| 174 | (1 << NF_INET_LOCAL_IN), | 175 | (1 << NF_INET_LOCAL_IN), |
| 175 | .fn = { | 176 | .hooks = { |
| 176 | [NF_INET_PRE_ROUTING] = nf_nat_prerouting, | 177 | [NF_INET_PRE_ROUTING] = nf_nat_prerouting, |
| 177 | [NF_INET_POST_ROUTING] = nf_nat_postrouting, | 178 | [NF_INET_POST_ROUTING] = nf_nat_postrouting, |
| 178 | [NF_INET_LOCAL_OUT] = nf_nat_output, | 179 | [NF_INET_LOCAL_OUT] = nf_nat_output, |
| 179 | [NF_INET_LOCAL_IN] = nf_nat_fn, | 180 | [NF_INET_LOCAL_IN] = nf_nat_fn, |
| 180 | }, | 181 | }, |
| 181 | .me = THIS_MODULE, | ||
| 182 | }; | 182 | }; |
| 183 | 183 | ||
| 184 | static int __init nft_chain_nat_init(void) | 184 | static int __init nft_chain_nat_init(void) |
diff --git a/net/ipv4/netfilter/nft_chain_route_ipv4.c b/net/ipv4/netfilter/nft_chain_route_ipv4.c index 2dd2eeaad15f..67db1bbde1c8 100644 --- a/net/ipv4/netfilter/nft_chain_route_ipv4.c +++ b/net/ipv4/netfilter/nft_chain_route_ipv4.c | |||
| @@ -62,14 +62,14 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops, | |||
| 62 | } | 62 | } |
| 63 | 63 | ||
| 64 | static const struct nf_chain_type nft_chain_route_ipv4 = { | 64 | static const struct nf_chain_type nft_chain_route_ipv4 = { |
| 65 | .family = NFPROTO_IPV4, | ||
| 66 | .name = "route", | 65 | .name = "route", |
| 67 | .type = NFT_CHAIN_T_ROUTE, | 66 | .type = NFT_CHAIN_T_ROUTE, |
| 67 | .family = NFPROTO_IPV4, | ||
| 68 | .owner = THIS_MODULE, | ||
| 68 | .hook_mask = (1 << NF_INET_LOCAL_OUT), | 69 | .hook_mask = (1 << NF_INET_LOCAL_OUT), |
| 69 | .fn = { | 70 | .hooks = { |
| 70 | [NF_INET_LOCAL_OUT] = nf_route_table_hook, | 71 | [NF_INET_LOCAL_OUT] = nf_route_table_hook, |
| 71 | }, | 72 | }, |
| 72 | .me = THIS_MODULE, | ||
| 73 | }; | 73 | }; |
| 74 | 74 | ||
| 75 | static int __init nft_chain_route_init(void) | 75 | static int __init nft_chain_route_init(void) |
diff --git a/net/ipv6/netfilter/nf_tables_ipv6.c b/net/ipv6/netfilter/nf_tables_ipv6.c index 758a32b0e2ff..859fca0432ff 100644 --- a/net/ipv6/netfilter/nf_tables_ipv6.c +++ b/net/ipv6/netfilter/nf_tables_ipv6.c | |||
| @@ -91,10 +91,10 @@ static struct pernet_operations nf_tables_ipv6_net_ops = { | |||
| 91 | }; | 91 | }; |
| 92 | 92 | ||
| 93 | static const struct nf_chain_type filter_ipv6 = { | 93 | static const struct nf_chain_type filter_ipv6 = { |
| 94 | .family = NFPROTO_IPV6, | ||
| 95 | .name = "filter", | 94 | .name = "filter", |
| 96 | .type = NFT_CHAIN_T_DEFAULT, | 95 | .type = NFT_CHAIN_T_DEFAULT, |
| 97 | .me = THIS_MODULE, | 96 | .family = NFPROTO_IPV6, |
| 97 | .owner = THIS_MODULE, | ||
| 98 | .hook_mask = (1 << NF_INET_LOCAL_IN) | | 98 | .hook_mask = (1 << NF_INET_LOCAL_IN) | |
| 99 | (1 << NF_INET_LOCAL_OUT) | | 99 | (1 << NF_INET_LOCAL_OUT) | |
| 100 | (1 << NF_INET_FORWARD) | | 100 | (1 << NF_INET_FORWARD) | |
diff --git a/net/ipv6/netfilter/nft_chain_nat_ipv6.c b/net/ipv6/netfilter/nft_chain_nat_ipv6.c index efd1d57a610a..9ed60ab833f5 100644 --- a/net/ipv6/netfilter/nft_chain_nat_ipv6.c +++ b/net/ipv6/netfilter/nft_chain_nat_ipv6.c | |||
| @@ -171,20 +171,20 @@ static unsigned int nf_nat_ipv6_output(const struct nf_hook_ops *ops, | |||
| 171 | } | 171 | } |
| 172 | 172 | ||
| 173 | static const struct nf_chain_type nft_chain_nat_ipv6 = { | 173 | static const struct nf_chain_type nft_chain_nat_ipv6 = { |
| 174 | .family = NFPROTO_IPV6, | ||
| 175 | .name = "nat", | 174 | .name = "nat", |
| 176 | .type = NFT_CHAIN_T_NAT, | 175 | .type = NFT_CHAIN_T_NAT, |
| 176 | .family = NFPROTO_IPV6, | ||
| 177 | .owner = THIS_MODULE, | ||
| 177 | .hook_mask = (1 << NF_INET_PRE_ROUTING) | | 178 | .hook_mask = (1 << NF_INET_PRE_ROUTING) | |
| 178 | (1 << NF_INET_POST_ROUTING) | | 179 | (1 << NF_INET_POST_ROUTING) | |
| 179 | (1 << NF_INET_LOCAL_OUT) | | 180 | (1 << NF_INET_LOCAL_OUT) | |
| 180 | (1 << NF_INET_LOCAL_IN), | 181 | (1 << NF_INET_LOCAL_IN), |
| 181 | .fn = { | 182 | .hooks = { |
| 182 | [NF_INET_PRE_ROUTING] = nf_nat_ipv6_prerouting, | 183 | [NF_INET_PRE_ROUTING] = nf_nat_ipv6_prerouting, |
| 183 | [NF_INET_POST_ROUTING] = nf_nat_ipv6_postrouting, | 184 | [NF_INET_POST_ROUTING] = nf_nat_ipv6_postrouting, |
| 184 | [NF_INET_LOCAL_OUT] = nf_nat_ipv6_output, | 185 | [NF_INET_LOCAL_OUT] = nf_nat_ipv6_output, |
| 185 | [NF_INET_LOCAL_IN] = nf_nat_ipv6_fn, | 186 | [NF_INET_LOCAL_IN] = nf_nat_ipv6_fn, |
| 186 | }, | 187 | }, |
| 187 | .me = THIS_MODULE, | ||
| 188 | }; | 188 | }; |
| 189 | 189 | ||
| 190 | static int __init nft_chain_nat_ipv6_init(void) | 190 | static int __init nft_chain_nat_ipv6_init(void) |
diff --git a/net/ipv6/netfilter/nft_chain_route_ipv6.c b/net/ipv6/netfilter/nft_chain_route_ipv6.c index 3620f8851eba..b2b7effa896b 100644 --- a/net/ipv6/netfilter/nft_chain_route_ipv6.c +++ b/net/ipv6/netfilter/nft_chain_route_ipv6.c | |||
| @@ -60,14 +60,14 @@ static unsigned int nf_route_table_hook(const struct nf_hook_ops *ops, | |||
| 60 | } | 60 | } |
| 61 | 61 | ||
| 62 | static const struct nf_chain_type nft_chain_route_ipv6 = { | 62 | static const struct nf_chain_type nft_chain_route_ipv6 = { |
| 63 | .family = NFPROTO_IPV6, | ||
| 64 | .name = "route", | 63 | .name = "route", |
| 65 | .type = NFT_CHAIN_T_ROUTE, | 64 | .type = NFT_CHAIN_T_ROUTE, |
| 65 | .family = NFPROTO_IPV6, | ||
| 66 | .owner = THIS_MODULE, | ||
| 66 | .hook_mask = (1 << NF_INET_LOCAL_OUT), | 67 | .hook_mask = (1 << NF_INET_LOCAL_OUT), |
| 67 | .fn = { | 68 | .hooks = { |
| 68 | [NF_INET_LOCAL_OUT] = nf_route_table_hook, | 69 | [NF_INET_LOCAL_OUT] = nf_route_table_hook, |
| 69 | }, | 70 | }, |
| 70 | .me = THIS_MODULE, | ||
| 71 | }; | 71 | }; |
| 72 | 72 | ||
| 73 | static int __init nft_chain_route_init(void) | 73 | static int __init nft_chain_route_init(void) |
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index acdd9d68d52f..c8ca3b8762b4 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c | |||
| @@ -929,9 +929,9 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, | |||
| 929 | 929 | ||
| 930 | if (!(type->hook_mask & (1 << hooknum))) | 930 | if (!(type->hook_mask & (1 << hooknum))) |
| 931 | return -EOPNOTSUPP; | 931 | return -EOPNOTSUPP; |
| 932 | if (!try_module_get(type->me)) | 932 | if (!try_module_get(type->owner)) |
| 933 | return -ENOENT; | 933 | return -ENOENT; |
| 934 | hookfn = type->fn[hooknum]; | 934 | hookfn = type->hooks[hooknum]; |
| 935 | 935 | ||
| 936 | basechain = kzalloc(sizeof(*basechain), GFP_KERNEL); | 936 | basechain = kzalloc(sizeof(*basechain), GFP_KERNEL); |
| 937 | if (basechain == NULL) | 937 | if (basechain == NULL) |
| @@ -941,7 +941,7 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, | |||
| 941 | err = nf_tables_counters(basechain, | 941 | err = nf_tables_counters(basechain, |
| 942 | nla[NFTA_CHAIN_COUNTERS]); | 942 | nla[NFTA_CHAIN_COUNTERS]); |
| 943 | if (err < 0) { | 943 | if (err < 0) { |
| 944 | module_put(type->me); | 944 | module_put(type->owner); |
| 945 | kfree(basechain); | 945 | kfree(basechain); |
| 946 | return err; | 946 | return err; |
| 947 | } | 947 | } |
| @@ -950,7 +950,7 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, | |||
| 950 | 950 | ||
| 951 | newstats = alloc_percpu(struct nft_stats); | 951 | newstats = alloc_percpu(struct nft_stats); |
| 952 | if (newstats == NULL) { | 952 | if (newstats == NULL) { |
| 953 | module_put(type->me); | 953 | module_put(type->owner); |
| 954 | kfree(basechain); | 954 | kfree(basechain); |
| 955 | return -ENOMEM; | 955 | return -ENOMEM; |
| 956 | } | 956 | } |
| @@ -992,7 +992,7 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, | |||
| 992 | chain->flags & NFT_BASE_CHAIN) { | 992 | chain->flags & NFT_BASE_CHAIN) { |
| 993 | err = nf_register_hooks(nft_base_chain(chain)->ops, afi->nops); | 993 | err = nf_register_hooks(nft_base_chain(chain)->ops, afi->nops); |
| 994 | if (err < 0) { | 994 | if (err < 0) { |
| 995 | module_put(basechain->type->me); | 995 | module_put(basechain->type->owner); |
| 996 | free_percpu(basechain->stats); | 996 | free_percpu(basechain->stats); |
| 997 | kfree(basechain); | 997 | kfree(basechain); |
| 998 | return err; | 998 | return err; |
| @@ -1013,7 +1013,7 @@ static void nf_tables_rcu_chain_destroy(struct rcu_head *head) | |||
| 1013 | BUG_ON(chain->use > 0); | 1013 | BUG_ON(chain->use > 0); |
| 1014 | 1014 | ||
| 1015 | if (chain->flags & NFT_BASE_CHAIN) { | 1015 | if (chain->flags & NFT_BASE_CHAIN) { |
| 1016 | module_put(nft_base_chain(chain)->type->me); | 1016 | module_put(nft_base_chain(chain)->type->owner); |
| 1017 | free_percpu(nft_base_chain(chain)->stats); | 1017 | free_percpu(nft_base_chain(chain)->stats); |
| 1018 | kfree(nft_base_chain(chain)); | 1018 | kfree(nft_base_chain(chain)); |
| 1019 | } else | 1019 | } else |
diff --git a/net/netfilter/nf_tables_inet.c b/net/netfilter/nf_tables_inet.c index ee29ba2829d0..84478de179ea 100644 --- a/net/netfilter/nf_tables_inet.c +++ b/net/netfilter/nf_tables_inet.c | |||
| @@ -67,10 +67,10 @@ static struct pernet_operations nf_tables_inet_net_ops = { | |||
| 67 | }; | 67 | }; |
| 68 | 68 | ||
| 69 | static const struct nf_chain_type filter_inet = { | 69 | static const struct nf_chain_type filter_inet = { |
| 70 | .family = NFPROTO_INET, | ||
| 71 | .name = "filter", | 70 | .name = "filter", |
| 72 | .type = NFT_CHAIN_T_DEFAULT, | 71 | .type = NFT_CHAIN_T_DEFAULT, |
| 73 | .me = THIS_MODULE, | 72 | .family = NFPROTO_INET, |
| 73 | .owner = THIS_MODULE, | ||
| 74 | .hook_mask = (1 << NF_INET_LOCAL_IN) | | 74 | .hook_mask = (1 << NF_INET_LOCAL_IN) | |
| 75 | (1 << NF_INET_LOCAL_OUT) | | 75 | (1 << NF_INET_LOCAL_OUT) | |
| 76 | (1 << NF_INET_FORWARD) | | 76 | (1 << NF_INET_FORWARD) | |