diff options
author | Patrick McHardy <kaber@trash.net> | 2007-12-05 04:22:43 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-01-28 17:56:06 -0500 |
commit | 41c5b317036fcb593d14b4dfd12e3318faf3af8a (patch) | |
tree | afb68078c92947371d7723bc97c8026808f88a27 /net/ipv4 | |
parent | 279c2c74b6a26fbd8c3dc100a59c3ac0ff7559fa (diff) |
[NETFILTER]: Use nf_register_hooks for multiple registrations
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/ipvs/ip_vs_core.c | 104 |
1 files changed, 39 insertions, 65 deletions
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c index 30e8f7571529..f5ba606f0549 100644 --- a/net/ipv4/ipvs/ip_vs_core.c +++ b/net/ipv4/ipvs/ip_vs_core.c | |||
@@ -1025,43 +1025,42 @@ ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff *skb, | |||
1025 | } | 1025 | } |
1026 | 1026 | ||
1027 | 1027 | ||
1028 | /* After packet filtering, forward packet through VS/DR, VS/TUN, | 1028 | static struct nf_hook_ops ip_vs_ops[] = { |
1029 | or VS/NAT(change destination), so that filtering rules can be | 1029 | /* After packet filtering, forward packet through VS/DR, VS/TUN, |
1030 | applied to IPVS. */ | 1030 | * or VS/NAT(change destination), so that filtering rules can be |
1031 | static struct nf_hook_ops ip_vs_in_ops = { | 1031 | * applied to IPVS. */ |
1032 | .hook = ip_vs_in, | 1032 | { |
1033 | .owner = THIS_MODULE, | 1033 | .hook = ip_vs_in, |
1034 | .pf = PF_INET, | 1034 | .owner = THIS_MODULE, |
1035 | .hooknum = NF_INET_LOCAL_IN, | 1035 | .pf = PF_INET, |
1036 | .priority = 100, | 1036 | .hooknum = NF_INET_LOCAL_IN, |
1037 | }; | 1037 | .priority = 100, |
1038 | 1038 | }, | |
1039 | /* After packet filtering, change source only for VS/NAT */ | 1039 | /* After packet filtering, change source only for VS/NAT */ |
1040 | static struct nf_hook_ops ip_vs_out_ops = { | 1040 | { |
1041 | .hook = ip_vs_out, | 1041 | .hook = ip_vs_out, |
1042 | .owner = THIS_MODULE, | 1042 | .owner = THIS_MODULE, |
1043 | .pf = PF_INET, | 1043 | .pf = PF_INET, |
1044 | .hooknum = NF_INET_FORWARD, | 1044 | .hooknum = NF_INET_FORWARD, |
1045 | .priority = 100, | 1045 | .priority = 100, |
1046 | }; | 1046 | }, |
1047 | 1047 | /* After packet filtering (but before ip_vs_out_icmp), catch icmp | |
1048 | /* After packet filtering (but before ip_vs_out_icmp), catch icmp | 1048 | * destined for 0.0.0.0/0, which is for incoming IPVS connections */ |
1049 | destined for 0.0.0.0/0, which is for incoming IPVS connections */ | 1049 | { |
1050 | static struct nf_hook_ops ip_vs_forward_icmp_ops = { | 1050 | .hook = ip_vs_forward_icmp, |
1051 | .hook = ip_vs_forward_icmp, | 1051 | .owner = THIS_MODULE, |
1052 | .owner = THIS_MODULE, | 1052 | .pf = PF_INET, |
1053 | .pf = PF_INET, | 1053 | .hooknum = NF_INET_FORWARD, |
1054 | .hooknum = NF_INET_FORWARD, | 1054 | .priority = 99, |
1055 | .priority = 99, | 1055 | }, |
1056 | }; | 1056 | /* Before the netfilter connection tracking, exit from POST_ROUTING */ |
1057 | 1057 | { | |
1058 | /* Before the netfilter connection tracking, exit from POST_ROUTING */ | 1058 | .hook = ip_vs_post_routing, |
1059 | static struct nf_hook_ops ip_vs_post_routing_ops = { | 1059 | .owner = THIS_MODULE, |
1060 | .hook = ip_vs_post_routing, | 1060 | .pf = PF_INET, |
1061 | .owner = THIS_MODULE, | 1061 | .hooknum = NF_INET_POST_ROUTING, |
1062 | .pf = PF_INET, | 1062 | .priority = NF_IP_PRI_NAT_SRC-1, |
1063 | .hooknum = NF_INET_POST_ROUTING, | 1063 | }, |
1064 | .priority = NF_IP_PRI_NAT_SRC-1, | ||
1065 | }; | 1064 | }; |
1066 | 1065 | ||
1067 | 1066 | ||
@@ -1092,37 +1091,15 @@ static int __init ip_vs_init(void) | |||
1092 | goto cleanup_app; | 1091 | goto cleanup_app; |
1093 | } | 1092 | } |
1094 | 1093 | ||
1095 | ret = nf_register_hook(&ip_vs_in_ops); | 1094 | ret = nf_register_hooks(ip_vs_ops, ARRAY_SIZE(ip_vs_ops)); |
1096 | if (ret < 0) { | 1095 | if (ret < 0) { |
1097 | IP_VS_ERR("can't register in hook.\n"); | 1096 | IP_VS_ERR("can't register hooks.\n"); |
1098 | goto cleanup_conn; | 1097 | goto cleanup_conn; |
1099 | } | 1098 | } |
1100 | 1099 | ||
1101 | ret = nf_register_hook(&ip_vs_out_ops); | ||
1102 | if (ret < 0) { | ||
1103 | IP_VS_ERR("can't register out hook.\n"); | ||
1104 | goto cleanup_inops; | ||
1105 | } | ||
1106 | ret = nf_register_hook(&ip_vs_post_routing_ops); | ||
1107 | if (ret < 0) { | ||
1108 | IP_VS_ERR("can't register post_routing hook.\n"); | ||
1109 | goto cleanup_outops; | ||
1110 | } | ||
1111 | ret = nf_register_hook(&ip_vs_forward_icmp_ops); | ||
1112 | if (ret < 0) { | ||
1113 | IP_VS_ERR("can't register forward_icmp hook.\n"); | ||
1114 | goto cleanup_postroutingops; | ||
1115 | } | ||
1116 | |||
1117 | IP_VS_INFO("ipvs loaded.\n"); | 1100 | IP_VS_INFO("ipvs loaded.\n"); |
1118 | return ret; | 1101 | return ret; |
1119 | 1102 | ||
1120 | cleanup_postroutingops: | ||
1121 | nf_unregister_hook(&ip_vs_post_routing_ops); | ||
1122 | cleanup_outops: | ||
1123 | nf_unregister_hook(&ip_vs_out_ops); | ||
1124 | cleanup_inops: | ||
1125 | nf_unregister_hook(&ip_vs_in_ops); | ||
1126 | cleanup_conn: | 1103 | cleanup_conn: |
1127 | ip_vs_conn_cleanup(); | 1104 | ip_vs_conn_cleanup(); |
1128 | cleanup_app: | 1105 | cleanup_app: |
@@ -1136,10 +1113,7 @@ static int __init ip_vs_init(void) | |||
1136 | 1113 | ||
1137 | static void __exit ip_vs_cleanup(void) | 1114 | static void __exit ip_vs_cleanup(void) |
1138 | { | 1115 | { |
1139 | nf_unregister_hook(&ip_vs_forward_icmp_ops); | 1116 | nf_unregister_hooks(ip_vs_ops, ARRAY_SIZE(ip_vs_ops)); |
1140 | nf_unregister_hook(&ip_vs_post_routing_ops); | ||
1141 | nf_unregister_hook(&ip_vs_out_ops); | ||
1142 | nf_unregister_hook(&ip_vs_in_ops); | ||
1143 | ip_vs_conn_cleanup(); | 1117 | ip_vs_conn_cleanup(); |
1144 | ip_vs_app_cleanup(); | 1118 | ip_vs_app_cleanup(); |
1145 | ip_vs_protocol_cleanup(); | 1119 | ip_vs_protocol_cleanup(); |