aboutsummaryrefslogtreecommitdiffstats
path: root/net/ipv4
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-12-05 04:22:43 -0500
committerDavid S. Miller <davem@davemloft.net>2008-01-28 17:56:06 -0500
commit41c5b317036fcb593d14b4dfd12e3318faf3af8a (patch)
treeafb68078c92947371d7723bc97c8026808f88a27 /net/ipv4
parent279c2c74b6a26fbd8c3dc100a59c3ac0ff7559fa (diff)
[NETFILTER]: Use nf_register_hooks for multiple registrations
Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r--net/ipv4/ipvs/ip_vs_core.c104
1 files changed, 39 insertions, 65 deletions
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 30e8f7571529..f5ba606f0549 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -1025,43 +1025,42 @@ ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff *skb,
1025} 1025}
1026 1026
1027 1027
1028/* After packet filtering, forward packet through VS/DR, VS/TUN, 1028static struct nf_hook_ops ip_vs_ops[] = {
1029 or VS/NAT(change destination), so that filtering rules can be 1029 /* After packet filtering, forward packet through VS/DR, VS/TUN,
1030 applied to IPVS. */ 1030 * or VS/NAT(change destination), so that filtering rules can be
1031static struct nf_hook_ops ip_vs_in_ops = { 1031 * applied to IPVS. */
1032 .hook = ip_vs_in, 1032 {
1033 .owner = THIS_MODULE, 1033 .hook = ip_vs_in,
1034 .pf = PF_INET, 1034 .owner = THIS_MODULE,
1035 .hooknum = NF_INET_LOCAL_IN, 1035 .pf = PF_INET,
1036 .priority = 100, 1036 .hooknum = NF_INET_LOCAL_IN,
1037}; 1037 .priority = 100,
1038 1038 },
1039/* After packet filtering, change source only for VS/NAT */ 1039 /* After packet filtering, change source only for VS/NAT */
1040static struct nf_hook_ops ip_vs_out_ops = { 1040 {
1041 .hook = ip_vs_out, 1041 .hook = ip_vs_out,
1042 .owner = THIS_MODULE, 1042 .owner = THIS_MODULE,
1043 .pf = PF_INET, 1043 .pf = PF_INET,
1044 .hooknum = NF_INET_FORWARD, 1044 .hooknum = NF_INET_FORWARD,
1045 .priority = 100, 1045 .priority = 100,
1046}; 1046 },
1047 1047 /* After packet filtering (but before ip_vs_out_icmp), catch icmp
1048/* After packet filtering (but before ip_vs_out_icmp), catch icmp 1048 * destined for 0.0.0.0/0, which is for incoming IPVS connections */
1049 destined for 0.0.0.0/0, which is for incoming IPVS connections */ 1049 {
1050static struct nf_hook_ops ip_vs_forward_icmp_ops = { 1050 .hook = ip_vs_forward_icmp,
1051 .hook = ip_vs_forward_icmp, 1051 .owner = THIS_MODULE,
1052 .owner = THIS_MODULE, 1052 .pf = PF_INET,
1053 .pf = PF_INET, 1053 .hooknum = NF_INET_FORWARD,
1054 .hooknum = NF_INET_FORWARD, 1054 .priority = 99,
1055 .priority = 99, 1055 },
1056}; 1056 /* Before the netfilter connection tracking, exit from POST_ROUTING */
1057 1057 {
1058/* Before the netfilter connection tracking, exit from POST_ROUTING */ 1058 .hook = ip_vs_post_routing,
1059static struct nf_hook_ops ip_vs_post_routing_ops = { 1059 .owner = THIS_MODULE,
1060 .hook = ip_vs_post_routing, 1060 .pf = PF_INET,
1061 .owner = THIS_MODULE, 1061 .hooknum = NF_INET_POST_ROUTING,
1062 .pf = PF_INET, 1062 .priority = NF_IP_PRI_NAT_SRC-1,
1063 .hooknum = NF_INET_POST_ROUTING, 1063 },
1064 .priority = NF_IP_PRI_NAT_SRC-1,
1065}; 1064};
1066 1065
1067 1066
@@ -1092,37 +1091,15 @@ static int __init ip_vs_init(void)
1092 goto cleanup_app; 1091 goto cleanup_app;
1093 } 1092 }
1094 1093
1095 ret = nf_register_hook(&ip_vs_in_ops); 1094 ret = nf_register_hooks(ip_vs_ops, ARRAY_SIZE(ip_vs_ops));
1096 if (ret < 0) { 1095 if (ret < 0) {
1097 IP_VS_ERR("can't register in hook.\n"); 1096 IP_VS_ERR("can't register hooks.\n");
1098 goto cleanup_conn; 1097 goto cleanup_conn;
1099 } 1098 }
1100 1099
1101 ret = nf_register_hook(&ip_vs_out_ops);
1102 if (ret < 0) {
1103 IP_VS_ERR("can't register out hook.\n");
1104 goto cleanup_inops;
1105 }
1106 ret = nf_register_hook(&ip_vs_post_routing_ops);
1107 if (ret < 0) {
1108 IP_VS_ERR("can't register post_routing hook.\n");
1109 goto cleanup_outops;
1110 }
1111 ret = nf_register_hook(&ip_vs_forward_icmp_ops);
1112 if (ret < 0) {
1113 IP_VS_ERR("can't register forward_icmp hook.\n");
1114 goto cleanup_postroutingops;
1115 }
1116
1117 IP_VS_INFO("ipvs loaded.\n"); 1100 IP_VS_INFO("ipvs loaded.\n");
1118 return ret; 1101 return ret;
1119 1102
1120 cleanup_postroutingops:
1121 nf_unregister_hook(&ip_vs_post_routing_ops);
1122 cleanup_outops:
1123 nf_unregister_hook(&ip_vs_out_ops);
1124 cleanup_inops:
1125 nf_unregister_hook(&ip_vs_in_ops);
1126 cleanup_conn: 1103 cleanup_conn:
1127 ip_vs_conn_cleanup(); 1104 ip_vs_conn_cleanup();
1128 cleanup_app: 1105 cleanup_app:
@@ -1136,10 +1113,7 @@ static int __init ip_vs_init(void)
1136 1113
1137static void __exit ip_vs_cleanup(void) 1114static void __exit ip_vs_cleanup(void)
1138{ 1115{
1139 nf_unregister_hook(&ip_vs_forward_icmp_ops); 1116 nf_unregister_hooks(ip_vs_ops, ARRAY_SIZE(ip_vs_ops));
1140 nf_unregister_hook(&ip_vs_post_routing_ops);
1141 nf_unregister_hook(&ip_vs_out_ops);
1142 nf_unregister_hook(&ip_vs_in_ops);
1143 ip_vs_conn_cleanup(); 1117 ip_vs_conn_cleanup();
1144 ip_vs_app_cleanup(); 1118 ip_vs_app_cleanup();
1145 ip_vs_protocol_cleanup(); 1119 ip_vs_protocol_cleanup();