[NETFILTER]: Introduce NF_INET_ hook values

The IPv4 and IPv6 hook values are identical, yet some code tries to figure out the "correct" value by looking at the address family. Introduce NF_INET_* values for both IPv4 and IPv6. The old values are kept in a #ifndef __KERNEL__ section for userspace compatibility. Signed-off-by: Patrick McHardy <kaber@trash.net> Acked-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Patrick McHardy <kaber@trash.net> 2007-11-19 21:53:30 -0500
committer: David S. Miller <davem@davemloft.net> 2008-01-28 17:53:55 -0500
commit: 6e23ae2a48750bda407a4a58f52a4865d7308bf5 (patch)
tree: 633fd60b2a42bf6fdb86564f0c05a6d52d8dc92b /net/ipv4/ipvs
parent: 1bf06cd2e338fd6fc29169d30eaf0df982338285 (diff)
2 files changed, 10 insertions, 10 deletions
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 8fba20256f52..30e8f7571529 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -481,7 +481,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
 /*
- *      It is hooked before NF_IP_PRI_NAT_SRC at the NF_IP_POST_ROUTING
+ *      It is hooked before NF_IP_PRI_NAT_SRC at the NF_INET_POST_ROUTING
 *      chain, and is used for VS/NAT.
 *      It detects packets for VS/NAT connections and sends the packets
 *      immediately. This can avoid that iptable_nat mangles the packets
@@ -679,7 +679,7 @@ static inline int is_tcp_reset(const struct sk_buff *skb)
 }
 /*
- *      It is hooked at the NF_IP_FORWARD chain, used only for VS/NAT.
+ *      It is hooked at the NF_INET_FORWARD chain, used only for VS/NAT.
 *      Check if outgoing packet belongs to the established ip_vs_conn,
 *      rewrite addresses of the packet and send it on its way...
 */
@@ -814,7 +814,7 @@ ip_vs_in_icmp(struct sk_buff *skb, int *related, unsigned int hooknum)
        /* reassemble IP fragments */
        if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) {
-                if (ip_vs_gather_frags(skb, hooknum == NF_IP_LOCAL_IN ?
+                if (ip_vs_gather_frags(skb, hooknum == NF_INET_LOCAL_IN ?
                                            IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD))
                        return NF_STOLEN;
        }
@@ -1003,12 +1003,12 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb,
 /*
- *      It is hooked at the NF_IP_FORWARD chain, in order to catch ICMP
+ *      It is hooked at the NF_INET_FORWARD chain, in order to catch ICMP
 *      related packets destined for 0.0.0.0/0.
 *      When fwmark-based virtual service is used, such as transparent
 *      cache cluster, TCP packets can be marked and routed to ip_vs_in,
 *      but ICMP destined for 0.0.0.0/0 cannot not be easily marked and
- *      sent to ip_vs_in_icmp. So, catch them at the NF_IP_FORWARD chain
+ *      sent to ip_vs_in_icmp. So, catch them at the NF_INET_FORWARD chain
 *      and send them to ip_vs_in_icmp.
 */
 static unsigned int
@@ -1032,7 +1032,7 @@ static struct nf_hook_ops ip_vs_in_ops = {
        .hook           = ip_vs_in,
        .owner          = THIS_MODULE,
        .pf             = PF_INET,
-        .hooknum        = NF_IP_LOCAL_IN,
+        .hooknum        = NF_INET_LOCAL_IN,
        .priority       = 100,
 };
@@ -1041,7 +1041,7 @@ static struct nf_hook_ops ip_vs_out_ops = {
        .hook           = ip_vs_out,
        .owner          = THIS_MODULE,
        .pf             = PF_INET,
-        .hooknum        = NF_IP_FORWARD,
+        .hooknum        = NF_INET_FORWARD,
        .priority       = 100,
 };
@@ -1051,7 +1051,7 @@ static struct nf_hook_ops ip_vs_forward_icmp_ops = {
        .hook           = ip_vs_forward_icmp,
        .owner          = THIS_MODULE,
        .pf             = PF_INET,
-        .hooknum        = NF_IP_FORWARD,
+        .hooknum        = NF_INET_FORWARD,
        .priority       = 99,
 };
@@ -1060,7 +1060,7 @@ static struct nf_hook_ops ip_vs_post_routing_ops = {
        .hook           = ip_vs_post_routing,
        .owner          = THIS_MODULE,
        .pf             = PF_INET,
-        .hooknum        = NF_IP_POST_ROUTING,
+        .hooknum        = NF_INET_POST_ROUTING,
        .priority       = NF_IP_PRI_NAT_SRC-1,
 };
diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c
index 66775ad9e328..1e96bf82a0b5 100644
--- a/net/ipv4/ipvs/ip_vs_xmit.c
+++ b/net/ipv4/ipvs/ip_vs_xmit.c
@@ -129,7 +129,7 @@ ip_vs_dst_reset(struct ip_vs_dest *dest)
 do {                                                    \
        (skb)->ipvs_property = 1;                       \
        skb_forward_csum(skb);                          \
-        NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL,  \
+        NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, (skb), NULL,        \
                (rt)->u.dst.dev, dst_output);           \
 } while (0)
author	Patrick McHardy <kaber@trash.net>	2007-11-19 21:53:30 -0500
committer	David S. Miller <davem@davemloft.net>	2008-01-28 17:53:55 -0500
commit	6e23ae2a48750bda407a4a58f52a4865d7308bf5 (patch)
tree	633fd60b2a42bf6fdb86564f0c05a6d52d8dc92b /net/ipv4/ipvs
parent	1bf06cd2e338fd6fc29169d30eaf0df982338285 (diff)

diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c index 8fba20256f52..30e8f7571529 100644 --- a/net/ipv4/ipvs/ip_vs_core.c +++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -481,7 +481,7 @@ int ip_vs_leave(struct ip_vs_service svc, struct sk_buff skb,
481		481
482		482
483	/*	483	/*
484	* It is hooked before NF_IP_PRI_NAT_SRC at the NF_IP_POST_ROUTING	484	* It is hooked before NF_IP_PRI_NAT_SRC at the NF_INET_POST_ROUTING
485	* chain, and is used for VS/NAT.	485	* chain, and is used for VS/NAT.
486	* It detects packets for VS/NAT connections and sends the packets	486	* It detects packets for VS/NAT connections and sends the packets
487	* immediately. This can avoid that iptable_nat mangles the packets	487	* immediately. This can avoid that iptable_nat mangles the packets
@@ -679,7 +679,7 @@ static inline int is_tcp_reset(const struct sk_buff *skb)
679	}	679	}
680		680
681	/*	681	/*
682	* It is hooked at the NF_IP_FORWARD chain, used only for VS/NAT.	682	* It is hooked at the NF_INET_FORWARD chain, used only for VS/NAT.
683	* Check if outgoing packet belongs to the established ip_vs_conn,	683	* Check if outgoing packet belongs to the established ip_vs_conn,
684	* rewrite addresses of the packet and send it on its way...	684	* rewrite addresses of the packet and send it on its way...
685	*/	685	*/
@@ -814,7 +814,7 @@ ip_vs_in_icmp(struct sk_buff skb, int related, unsigned int hooknum)
814		814
815	/* reassemble IP fragments */	815	/* reassemble IP fragments */
816	if (ip_hdr(skb)->frag_off & htons(IP_MF \| IP_OFFSET)) {	816	if (ip_hdr(skb)->frag_off & htons(IP_MF \| IP_OFFSET)) {
817	if (ip_vs_gather_frags(skb, hooknum == NF_IP_LOCAL_IN ?	817	if (ip_vs_gather_frags(skb, hooknum == NF_INET_LOCAL_IN ?
818	IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD))	818	IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD))
819	return NF_STOLEN;	819	return NF_STOLEN;
820	}	820	}
@@ -1003,12 +1003,12 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb,
1003		1003
1004		1004
1005	/*	1005	/*
1006	* It is hooked at the NF_IP_FORWARD chain, in order to catch ICMP	1006	* It is hooked at the NF_INET_FORWARD chain, in order to catch ICMP
1007	* related packets destined for 0.0.0.0/0.	1007	* related packets destined for 0.0.0.0/0.
1008	* When fwmark-based virtual service is used, such as transparent	1008	* When fwmark-based virtual service is used, such as transparent
1009	* cache cluster, TCP packets can be marked and routed to ip_vs_in,	1009	* cache cluster, TCP packets can be marked and routed to ip_vs_in,
1010	* but ICMP destined for 0.0.0.0/0 cannot not be easily marked and	1010	* but ICMP destined for 0.0.0.0/0 cannot not be easily marked and
1011	* sent to ip_vs_in_icmp. So, catch them at the NF_IP_FORWARD chain	1011	* sent to ip_vs_in_icmp. So, catch them at the NF_INET_FORWARD chain
1012	* and send them to ip_vs_in_icmp.	1012	* and send them to ip_vs_in_icmp.
1013	*/	1013	*/
1014	static unsigned int	1014	static unsigned int
@@ -1032,7 +1032,7 @@ static struct nf_hook_ops ip_vs_in_ops = {
1032	.hook = ip_vs_in,	1032	.hook = ip_vs_in,
1033	.owner = THIS_MODULE,	1033	.owner = THIS_MODULE,
1034	.pf = PF_INET,	1034	.pf = PF_INET,
1035	.hooknum = NF_IP_LOCAL_IN,	1035	.hooknum = NF_INET_LOCAL_IN,
1036	.priority = 100,	1036	.priority = 100,
1037	};	1037	};
1038		1038
@@ -1041,7 +1041,7 @@ static struct nf_hook_ops ip_vs_out_ops = {
1041	.hook = ip_vs_out,	1041	.hook = ip_vs_out,
1042	.owner = THIS_MODULE,	1042	.owner = THIS_MODULE,
1043	.pf = PF_INET,	1043	.pf = PF_INET,
1044	.hooknum = NF_IP_FORWARD,	1044	.hooknum = NF_INET_FORWARD,
1045	.priority = 100,	1045	.priority = 100,
1046	};	1046	};
1047		1047
@@ -1051,7 +1051,7 @@ static struct nf_hook_ops ip_vs_forward_icmp_ops = {
1051	.hook = ip_vs_forward_icmp,	1051	.hook = ip_vs_forward_icmp,
1052	.owner = THIS_MODULE,	1052	.owner = THIS_MODULE,
1053	.pf = PF_INET,	1053	.pf = PF_INET,
1054	.hooknum = NF_IP_FORWARD,	1054	.hooknum = NF_INET_FORWARD,
1055	.priority = 99,	1055	.priority = 99,
1056	};	1056	};
1057		1057
@@ -1060,7 +1060,7 @@ static struct nf_hook_ops ip_vs_post_routing_ops = {
1060	.hook = ip_vs_post_routing,	1060	.hook = ip_vs_post_routing,
1061	.owner = THIS_MODULE,	1061	.owner = THIS_MODULE,
1062	.pf = PF_INET,	1062	.pf = PF_INET,
1063	.hooknum = NF_IP_POST_ROUTING,	1063	.hooknum = NF_INET_POST_ROUTING,
1064	.priority = NF_IP_PRI_NAT_SRC-1,	1064	.priority = NF_IP_PRI_NAT_SRC-1,
1065	};	1065	};
1066		1066


diff --git a/net/ipv4/ipvs/ip_vs_xmit.c b/net/ipv4/ipvs/ip_vs_xmit.c index 66775ad9e328..1e96bf82a0b5 100644 --- a/net/ipv4/ipvs/ip_vs_xmit.c +++ b/net/ipv4/ipvs/ip_vs_xmit.c
@@ -129,7 +129,7 @@ ip_vs_dst_reset(struct ip_vs_dest *dest)
129	do { \	129	do { \
130	(skb)->ipvs_property = 1; \	130	(skb)->ipvs_property = 1; \
131	skb_forward_csum(skb); \	131	skb_forward_csum(skb); \
132	NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, (skb), NULL, \	132	NF_HOOK(PF_INET, NF_INET_LOCAL_OUT, (skb), NULL, \
133	(rt)->u.dst.dev, dst_output); \	133	(rt)->u.dst.dev, dst_output); \
134	} while (0)	134	} while (0)
135		135