diff options
| author | Patrick McHardy <kaber@trash.net> | 2006-04-06 17:09:49 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2006-04-10 01:25:33 -0400 |
| commit | 964ddaa10de8f3aeed12bc2a30726514ff309e64 (patch) | |
| tree | 4cda0dcd4d5ec2bf8f06cd4375be4251e96c6a16 /net/ipv4 | |
| parent | 972d1cb1427946f4980240363aac4e73fb375290 (diff) | |
[NETFILTER]: Clean up hook registration
Clean up hook registration by makeing use of the new mass registration and
unregistration helpers.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/arptable_filter.c | 19 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_conntrack_standalone.c | 180 | ||||
| -rw-r--r-- | net/ipv4/netfilter/ip_nat_standalone.c | 143 | ||||
| -rw-r--r-- | net/ipv4/netfilter/iptable_filter.c | 21 | ||||
| -rw-r--r-- | net/ipv4/netfilter/iptable_mangle.c | 33 | ||||
| -rw-r--r-- | net/ipv4/netfilter/iptable_raw.c | 35 | ||||
| -rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 189 |
7 files changed, 199 insertions, 421 deletions
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c index d0d379c7df9a..d7c472faa53b 100644 --- a/net/ipv4/netfilter/arptable_filter.c +++ b/net/ipv4/netfilter/arptable_filter.c | |||
| @@ -181,33 +181,26 @@ static struct nf_hook_ops arpt_ops[] = { | |||
| 181 | 181 | ||
| 182 | static int __init arptable_filter_init(void) | 182 | static int __init arptable_filter_init(void) |
| 183 | { | 183 | { |
| 184 | int ret, i; | 184 | int ret; |
| 185 | 185 | ||
| 186 | /* Register table */ | 186 | /* Register table */ |
| 187 | ret = arpt_register_table(&packet_filter, &initial_table.repl); | 187 | ret = arpt_register_table(&packet_filter, &initial_table.repl); |
| 188 | if (ret < 0) | 188 | if (ret < 0) |
| 189 | return ret; | 189 | return ret; |
| 190 | 190 | ||
| 191 | for (i = 0; i < ARRAY_SIZE(arpt_ops); i++) | 191 | ret = nf_register_hooks(arpt_ops, ARRAY_SIZE(arpt_ops)); |
| 192 | if ((ret = nf_register_hook(&arpt_ops[i])) < 0) | 192 | if (ret < 0) |
| 193 | goto cleanup_hooks; | 193 | goto cleanup_table; |
| 194 | return ret; | 194 | return ret; |
| 195 | 195 | ||
| 196 | cleanup_hooks: | 196 | cleanup_table: |
| 197 | while (--i >= 0) | ||
| 198 | nf_unregister_hook(&arpt_ops[i]); | ||
| 199 | |||
| 200 | arpt_unregister_table(&packet_filter); | 197 | arpt_unregister_table(&packet_filter); |
| 201 | return ret; | 198 | return ret; |
| 202 | } | 199 | } |
| 203 | 200 | ||
| 204 | static void __exit arptable_filter_fini(void) | 201 | static void __exit arptable_filter_fini(void) |
| 205 | { | 202 | { |
| 206 | unsigned int i; | 203 | nf_unregister_hooks(arpt_ops, ARRAY_SIZE(arpt_ops)); |
| 207 | |||
| 208 | for (i = 0; i < ARRAY_SIZE(arpt_ops); i++) | ||
| 209 | nf_unregister_hook(&arpt_ops[i]); | ||
| 210 | |||
| 211 | arpt_unregister_table(&packet_filter); | 204 | arpt_unregister_table(&packet_filter); |
| 212 | } | 205 | } |
| 213 | 206 | ||
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c index 52076026db36..adc1a0f66409 100644 --- a/net/ipv4/netfilter/ip_conntrack_standalone.c +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c | |||
| @@ -469,70 +469,63 @@ static unsigned int ip_conntrack_local(unsigned int hooknum, | |||
| 469 | 469 | ||
| 470 | /* Connection tracking may drop packets, but never alters them, so | 470 | /* Connection tracking may drop packets, but never alters them, so |
| 471 | make it the first hook. */ | 471 | make it the first hook. */ |
| 472 | static struct nf_hook_ops ip_conntrack_defrag_ops = { | 472 | static struct nf_hook_ops ip_conntrack_ops[] = { |
| 473 | .hook = ip_conntrack_defrag, | 473 | { |
| 474 | .owner = THIS_MODULE, | 474 | .hook = ip_conntrack_defrag, |
| 475 | .pf = PF_INET, | 475 | .owner = THIS_MODULE, |
| 476 | .hooknum = NF_IP_PRE_ROUTING, | 476 | .pf = PF_INET, |
| 477 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, | 477 | .hooknum = NF_IP_PRE_ROUTING, |
| 478 | }; | 478 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, |
| 479 | 479 | }, | |
| 480 | static struct nf_hook_ops ip_conntrack_in_ops = { | 480 | { |
| 481 | .hook = ip_conntrack_in, | 481 | .hook = ip_conntrack_in, |
| 482 | .owner = THIS_MODULE, | 482 | .owner = THIS_MODULE, |
| 483 | .pf = PF_INET, | 483 | .pf = PF_INET, |
| 484 | .hooknum = NF_IP_PRE_ROUTING, | 484 | .hooknum = NF_IP_PRE_ROUTING, |
| 485 | .priority = NF_IP_PRI_CONNTRACK, | 485 | .priority = NF_IP_PRI_CONNTRACK, |
| 486 | }; | 486 | }, |
| 487 | 487 | { | |
| 488 | static struct nf_hook_ops ip_conntrack_defrag_local_out_ops = { | 488 | .hook = ip_conntrack_defrag, |
| 489 | .hook = ip_conntrack_defrag, | 489 | .owner = THIS_MODULE, |
| 490 | .owner = THIS_MODULE, | 490 | .pf = PF_INET, |
| 491 | .pf = PF_INET, | 491 | .hooknum = NF_IP_LOCAL_OUT, |
| 492 | .hooknum = NF_IP_LOCAL_OUT, | 492 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, |
| 493 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, | 493 | }, |
| 494 | }; | 494 | { |
| 495 | 495 | .hook = ip_conntrack_local, | |
| 496 | static struct nf_hook_ops ip_conntrack_local_out_ops = { | 496 | .owner = THIS_MODULE, |
| 497 | .hook = ip_conntrack_local, | 497 | .pf = PF_INET, |
| 498 | .owner = THIS_MODULE, | 498 | .hooknum = NF_IP_LOCAL_OUT, |
| 499 | .pf = PF_INET, | 499 | .priority = NF_IP_PRI_CONNTRACK, |
| 500 | .hooknum = NF_IP_LOCAL_OUT, | 500 | }, |
| 501 | .priority = NF_IP_PRI_CONNTRACK, | 501 | { |
| 502 | }; | 502 | .hook = ip_conntrack_help, |
| 503 | 503 | .owner = THIS_MODULE, | |
| 504 | /* helpers */ | 504 | .pf = PF_INET, |
| 505 | static struct nf_hook_ops ip_conntrack_helper_out_ops = { | 505 | .hooknum = NF_IP_POST_ROUTING, |
| 506 | .hook = ip_conntrack_help, | 506 | .priority = NF_IP_PRI_CONNTRACK_HELPER, |
| 507 | .owner = THIS_MODULE, | 507 | }, |
| 508 | .pf = PF_INET, | 508 | { |
| 509 | .hooknum = NF_IP_POST_ROUTING, | 509 | .hook = ip_conntrack_help, |
| 510 | .priority = NF_IP_PRI_CONNTRACK_HELPER, | 510 | .owner = THIS_MODULE, |
| 511 | }; | 511 | .pf = PF_INET, |
| 512 | 512 | .hooknum = NF_IP_LOCAL_IN, | |
| 513 | static struct nf_hook_ops ip_conntrack_helper_in_ops = { | 513 | .priority = NF_IP_PRI_CONNTRACK_HELPER, |
| 514 | .hook = ip_conntrack_help, | 514 | }, |
| 515 | .owner = THIS_MODULE, | 515 | { |
| 516 | .pf = PF_INET, | 516 | .hook = ip_confirm, |
| 517 | .hooknum = NF_IP_LOCAL_IN, | 517 | .owner = THIS_MODULE, |
| 518 | .priority = NF_IP_PRI_CONNTRACK_HELPER, | 518 | .pf = PF_INET, |
| 519 | }; | 519 | .hooknum = NF_IP_POST_ROUTING, |
| 520 | 520 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | |
| 521 | /* Refragmenter; last chance. */ | 521 | }, |
| 522 | static struct nf_hook_ops ip_conntrack_out_ops = { | 522 | { |
| 523 | .hook = ip_confirm, | 523 | .hook = ip_confirm, |
| 524 | .owner = THIS_MODULE, | 524 | .owner = THIS_MODULE, |
| 525 | .pf = PF_INET, | 525 | .pf = PF_INET, |
| 526 | .hooknum = NF_IP_POST_ROUTING, | 526 | .hooknum = NF_IP_LOCAL_IN, |
| 527 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | 527 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, |
| 528 | }; | 528 | }, |
| 529 | |||
| 530 | static struct nf_hook_ops ip_conntrack_local_in_ops = { | ||
| 531 | .hook = ip_confirm, | ||
| 532 | .owner = THIS_MODULE, | ||
| 533 | .pf = PF_INET, | ||
| 534 | .hooknum = NF_IP_LOCAL_IN, | ||
| 535 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | ||
| 536 | }; | 529 | }; |
| 537 | 530 | ||
| 538 | /* Sysctl support */ | 531 | /* Sysctl support */ |
| @@ -813,52 +806,17 @@ static int init_or_cleanup(int init) | |||
| 813 | proc_stat->owner = THIS_MODULE; | 806 | proc_stat->owner = THIS_MODULE; |
| 814 | #endif | 807 | #endif |
| 815 | 808 | ||
| 816 | ret = nf_register_hook(&ip_conntrack_defrag_ops); | 809 | ret = nf_register_hooks(ip_conntrack_ops, ARRAY_SIZE(ip_conntrack_ops)); |
| 817 | if (ret < 0) { | 810 | if (ret < 0) { |
| 818 | printk("ip_conntrack: can't register pre-routing defrag hook.\n"); | 811 | printk("ip_conntrack: can't register hooks.\n"); |
| 819 | goto cleanup_proc_stat; | 812 | goto cleanup_proc_stat; |
| 820 | } | 813 | } |
| 821 | ret = nf_register_hook(&ip_conntrack_defrag_local_out_ops); | ||
| 822 | if (ret < 0) { | ||
| 823 | printk("ip_conntrack: can't register local_out defrag hook.\n"); | ||
| 824 | goto cleanup_defragops; | ||
| 825 | } | ||
| 826 | ret = nf_register_hook(&ip_conntrack_in_ops); | ||
| 827 | if (ret < 0) { | ||
| 828 | printk("ip_conntrack: can't register pre-routing hook.\n"); | ||
| 829 | goto cleanup_defraglocalops; | ||
| 830 | } | ||
| 831 | ret = nf_register_hook(&ip_conntrack_local_out_ops); | ||
| 832 | if (ret < 0) { | ||
| 833 | printk("ip_conntrack: can't register local out hook.\n"); | ||
| 834 | goto cleanup_inops; | ||
| 835 | } | ||
| 836 | ret = nf_register_hook(&ip_conntrack_helper_in_ops); | ||
| 837 | if (ret < 0) { | ||
| 838 | printk("ip_conntrack: can't register local in helper hook.\n"); | ||
| 839 | goto cleanup_inandlocalops; | ||
| 840 | } | ||
| 841 | ret = nf_register_hook(&ip_conntrack_helper_out_ops); | ||
| 842 | if (ret < 0) { | ||
| 843 | printk("ip_conntrack: can't register postrouting helper hook.\n"); | ||
| 844 | goto cleanup_helperinops; | ||
| 845 | } | ||
| 846 | ret = nf_register_hook(&ip_conntrack_out_ops); | ||
| 847 | if (ret < 0) { | ||
| 848 | printk("ip_conntrack: can't register post-routing hook.\n"); | ||
| 849 | goto cleanup_helperoutops; | ||
| 850 | } | ||
| 851 | ret = nf_register_hook(&ip_conntrack_local_in_ops); | ||
| 852 | if (ret < 0) { | ||
| 853 | printk("ip_conntrack: can't register local in hook.\n"); | ||
| 854 | goto cleanup_inoutandlocalops; | ||
| 855 | } | ||
| 856 | #ifdef CONFIG_SYSCTL | 814 | #ifdef CONFIG_SYSCTL |
| 857 | ip_ct_sysctl_header = register_sysctl_table(ip_ct_net_table, 0); | 815 | ip_ct_sysctl_header = register_sysctl_table(ip_ct_net_table, 0); |
| 858 | if (ip_ct_sysctl_header == NULL) { | 816 | if (ip_ct_sysctl_header == NULL) { |
| 859 | printk("ip_conntrack: can't register to sysctl.\n"); | 817 | printk("ip_conntrack: can't register to sysctl.\n"); |
| 860 | ret = -ENOMEM; | 818 | ret = -ENOMEM; |
| 861 | goto cleanup_localinops; | 819 | goto cleanup_hooks; |
| 862 | } | 820 | } |
| 863 | #endif | 821 | #endif |
| 864 | 822 | ||
| @@ -868,23 +826,9 @@ static int init_or_cleanup(int init) | |||
| 868 | synchronize_net(); | 826 | synchronize_net(); |
| 869 | #ifdef CONFIG_SYSCTL | 827 | #ifdef CONFIG_SYSCTL |
| 870 | unregister_sysctl_table(ip_ct_sysctl_header); | 828 | unregister_sysctl_table(ip_ct_sysctl_header); |
| 871 | cleanup_localinops: | 829 | cleanup_hooks: |
| 872 | #endif | 830 | #endif |
| 873 | nf_unregister_hook(&ip_conntrack_local_in_ops); | 831 | nf_unregister_hooks(ip_conntrack_ops, ARRAY_SIZE(ip_conntrack_ops)); |
| 874 | cleanup_inoutandlocalops: | ||
| 875 | nf_unregister_hook(&ip_conntrack_out_ops); | ||
| 876 | cleanup_helperoutops: | ||
| 877 | nf_unregister_hook(&ip_conntrack_helper_out_ops); | ||
| 878 | cleanup_helperinops: | ||
| 879 | nf_unregister_hook(&ip_conntrack_helper_in_ops); | ||
| 880 | cleanup_inandlocalops: | ||
| 881 | nf_unregister_hook(&ip_conntrack_local_out_ops); | ||
| 882 | cleanup_inops: | ||
| 883 | nf_unregister_hook(&ip_conntrack_in_ops); | ||
| 884 | cleanup_defraglocalops: | ||
| 885 | nf_unregister_hook(&ip_conntrack_defrag_local_out_ops); | ||
| 886 | cleanup_defragops: | ||
| 887 | nf_unregister_hook(&ip_conntrack_defrag_ops); | ||
| 888 | cleanup_proc_stat: | 832 | cleanup_proc_stat: |
| 889 | #ifdef CONFIG_PROC_FS | 833 | #ifdef CONFIG_PROC_FS |
| 890 | remove_proc_entry("ip_conntrack", proc_net_stat); | 834 | remove_proc_entry("ip_conntrack", proc_net_stat); |
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c index 3505b0de2e04..5f02f439b07e 100644 --- a/net/ipv4/netfilter/ip_nat_standalone.c +++ b/net/ipv4/netfilter/ip_nat_standalone.c | |||
| @@ -299,61 +299,57 @@ ip_nat_adjust(unsigned int hooknum, | |||
| 299 | 299 | ||
| 300 | /* We must be after connection tracking and before packet filtering. */ | 300 | /* We must be after connection tracking and before packet filtering. */ |
| 301 | 301 | ||
| 302 | /* Before packet filtering, change destination */ | 302 | static struct nf_hook_ops ip_nat_ops[] = { |
| 303 | static struct nf_hook_ops ip_nat_in_ops = { | 303 | /* Before packet filtering, change destination */ |
| 304 | .hook = ip_nat_in, | 304 | { |
| 305 | .owner = THIS_MODULE, | 305 | .hook = ip_nat_in, |
| 306 | .pf = PF_INET, | 306 | .owner = THIS_MODULE, |
| 307 | .hooknum = NF_IP_PRE_ROUTING, | 307 | .pf = PF_INET, |
| 308 | .priority = NF_IP_PRI_NAT_DST, | 308 | .hooknum = NF_IP_PRE_ROUTING, |
| 309 | .priority = NF_IP_PRI_NAT_DST, | ||
| 310 | }, | ||
| 311 | /* After packet filtering, change source */ | ||
| 312 | { | ||
| 313 | .hook = ip_nat_out, | ||
| 314 | .owner = THIS_MODULE, | ||
| 315 | .pf = PF_INET, | ||
| 316 | .hooknum = NF_IP_POST_ROUTING, | ||
| 317 | .priority = NF_IP_PRI_NAT_SRC, | ||
| 318 | }, | ||
| 319 | /* After conntrack, adjust sequence number */ | ||
| 320 | { | ||
| 321 | .hook = ip_nat_adjust, | ||
| 322 | .owner = THIS_MODULE, | ||
| 323 | .pf = PF_INET, | ||
| 324 | .hooknum = NF_IP_POST_ROUTING, | ||
| 325 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, | ||
| 326 | }, | ||
| 327 | /* Before packet filtering, change destination */ | ||
| 328 | { | ||
| 329 | .hook = ip_nat_local_fn, | ||
| 330 | .owner = THIS_MODULE, | ||
| 331 | .pf = PF_INET, | ||
| 332 | .hooknum = NF_IP_LOCAL_OUT, | ||
| 333 | .priority = NF_IP_PRI_NAT_DST, | ||
| 334 | }, | ||
| 335 | /* After packet filtering, change source */ | ||
| 336 | { | ||
| 337 | .hook = ip_nat_fn, | ||
| 338 | .owner = THIS_MODULE, | ||
| 339 | .pf = PF_INET, | ||
| 340 | .hooknum = NF_IP_LOCAL_IN, | ||
| 341 | .priority = NF_IP_PRI_NAT_SRC, | ||
| 342 | }, | ||
| 343 | /* After conntrack, adjust sequence number */ | ||
| 344 | { | ||
| 345 | .hook = ip_nat_adjust, | ||
| 346 | .owner = THIS_MODULE, | ||
| 347 | .pf = PF_INET, | ||
| 348 | .hooknum = NF_IP_LOCAL_IN, | ||
| 349 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, | ||
| 350 | }, | ||
| 309 | }; | 351 | }; |
| 310 | 352 | ||
| 311 | /* After packet filtering, change source */ | ||
| 312 | static struct nf_hook_ops ip_nat_out_ops = { | ||
| 313 | .hook = ip_nat_out, | ||
| 314 | .owner = THIS_MODULE, | ||
| 315 | .pf = PF_INET, | ||
| 316 | .hooknum = NF_IP_POST_ROUTING, | ||
| 317 | .priority = NF_IP_PRI_NAT_SRC, | ||
| 318 | }; | ||
| 319 | |||
| 320 | /* After conntrack, adjust sequence number */ | ||
| 321 | static struct nf_hook_ops ip_nat_adjust_out_ops = { | ||
| 322 | .hook = ip_nat_adjust, | ||
| 323 | .owner = THIS_MODULE, | ||
| 324 | .pf = PF_INET, | ||
| 325 | .hooknum = NF_IP_POST_ROUTING, | ||
| 326 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, | ||
| 327 | }; | ||
| 328 | |||
| 329 | /* Before packet filtering, change destination */ | ||
| 330 | static struct nf_hook_ops ip_nat_local_out_ops = { | ||
| 331 | .hook = ip_nat_local_fn, | ||
| 332 | .owner = THIS_MODULE, | ||
| 333 | .pf = PF_INET, | ||
| 334 | .hooknum = NF_IP_LOCAL_OUT, | ||
| 335 | .priority = NF_IP_PRI_NAT_DST, | ||
| 336 | }; | ||
| 337 | |||
| 338 | /* After packet filtering, change source for reply packets of LOCAL_OUT DNAT */ | ||
| 339 | static struct nf_hook_ops ip_nat_local_in_ops = { | ||
| 340 | .hook = ip_nat_fn, | ||
| 341 | .owner = THIS_MODULE, | ||
| 342 | .pf = PF_INET, | ||
| 343 | .hooknum = NF_IP_LOCAL_IN, | ||
| 344 | .priority = NF_IP_PRI_NAT_SRC, | ||
| 345 | }; | ||
| 346 | |||
| 347 | /* After conntrack, adjust sequence number */ | ||
| 348 | static struct nf_hook_ops ip_nat_adjust_in_ops = { | ||
| 349 | .hook = ip_nat_adjust, | ||
| 350 | .owner = THIS_MODULE, | ||
| 351 | .pf = PF_INET, | ||
| 352 | .hooknum = NF_IP_LOCAL_IN, | ||
| 353 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, | ||
| 354 | }; | ||
| 355 | |||
| 356 | |||
| 357 | static int init_or_cleanup(int init) | 353 | static int init_or_cleanup(int init) |
| 358 | { | 354 | { |
| 359 | int ret = 0; | 355 | int ret = 0; |
| @@ -371,50 +367,15 @@ static int init_or_cleanup(int init) | |||
| 371 | printk("ip_nat_init: can't setup rules.\n"); | 367 | printk("ip_nat_init: can't setup rules.\n"); |
| 372 | goto cleanup_decode_session; | 368 | goto cleanup_decode_session; |
| 373 | } | 369 | } |
| 374 | ret = nf_register_hook(&ip_nat_in_ops); | 370 | ret = nf_register_hooks(ip_nat_ops, ARRAY_SIZE(ip_nat_ops)); |
| 375 | if (ret < 0) { | 371 | if (ret < 0) { |
| 376 | printk("ip_nat_init: can't register in hook.\n"); | 372 | printk("ip_nat_init: can't register hooks.\n"); |
| 377 | goto cleanup_rule_init; | 373 | goto cleanup_rule_init; |
| 378 | } | 374 | } |
| 379 | ret = nf_register_hook(&ip_nat_out_ops); | ||
| 380 | if (ret < 0) { | ||
| 381 | printk("ip_nat_init: can't register out hook.\n"); | ||
| 382 | goto cleanup_inops; | ||
| 383 | } | ||
| 384 | ret = nf_register_hook(&ip_nat_adjust_in_ops); | ||
| 385 | if (ret < 0) { | ||
| 386 | printk("ip_nat_init: can't register adjust in hook.\n"); | ||
| 387 | goto cleanup_outops; | ||
| 388 | } | ||
| 389 | ret = nf_register_hook(&ip_nat_adjust_out_ops); | ||
| 390 | if (ret < 0) { | ||
| 391 | printk("ip_nat_init: can't register adjust out hook.\n"); | ||
| 392 | goto cleanup_adjustin_ops; | ||
| 393 | } | ||
| 394 | ret = nf_register_hook(&ip_nat_local_out_ops); | ||
| 395 | if (ret < 0) { | ||
| 396 | printk("ip_nat_init: can't register local out hook.\n"); | ||
| 397 | goto cleanup_adjustout_ops; | ||
| 398 | } | ||
| 399 | ret = nf_register_hook(&ip_nat_local_in_ops); | ||
| 400 | if (ret < 0) { | ||
| 401 | printk("ip_nat_init: can't register local in hook.\n"); | ||
| 402 | goto cleanup_localoutops; | ||
| 403 | } | ||
| 404 | return ret; | 375 | return ret; |
| 405 | 376 | ||
| 406 | cleanup: | 377 | cleanup: |
| 407 | nf_unregister_hook(&ip_nat_local_in_ops); | 378 | nf_unregister_hooks(ip_nat_ops, ARRAY_SIZE(ip_nat_ops)); |
| 408 | cleanup_localoutops: | ||
| 409 | nf_unregister_hook(&ip_nat_local_out_ops); | ||
| 410 | cleanup_adjustout_ops: | ||
| 411 | nf_unregister_hook(&ip_nat_adjust_out_ops); | ||
| 412 | cleanup_adjustin_ops: | ||
| 413 | nf_unregister_hook(&ip_nat_adjust_in_ops); | ||
| 414 | cleanup_outops: | ||
| 415 | nf_unregister_hook(&ip_nat_out_ops); | ||
| 416 | cleanup_inops: | ||
| 417 | nf_unregister_hook(&ip_nat_in_ops); | ||
| 418 | cleanup_rule_init: | 379 | cleanup_rule_init: |
| 419 | ip_nat_rule_cleanup(); | 380 | ip_nat_rule_cleanup(); |
| 420 | cleanup_decode_session: | 381 | cleanup_decode_session: |
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index 3d80aefe9cfa..7f417484bfbf 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c | |||
| @@ -157,37 +157,20 @@ static int __init iptable_filter_init(void) | |||
| 157 | return ret; | 157 | return ret; |
| 158 | 158 | ||
| 159 | /* Register hooks */ | 159 | /* Register hooks */ |
| 160 | ret = nf_register_hook(&ipt_ops[0]); | 160 | ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); |
| 161 | if (ret < 0) | 161 | if (ret < 0) |
| 162 | goto cleanup_table; | 162 | goto cleanup_table; |
| 163 | 163 | ||
| 164 | ret = nf_register_hook(&ipt_ops[1]); | ||
| 165 | if (ret < 0) | ||
| 166 | goto cleanup_hook0; | ||
| 167 | |||
| 168 | ret = nf_register_hook(&ipt_ops[2]); | ||
| 169 | if (ret < 0) | ||
| 170 | goto cleanup_hook1; | ||
| 171 | |||
| 172 | return ret; | 164 | return ret; |
| 173 | 165 | ||
| 174 | cleanup_hook1: | ||
| 175 | nf_unregister_hook(&ipt_ops[1]); | ||
| 176 | cleanup_hook0: | ||
| 177 | nf_unregister_hook(&ipt_ops[0]); | ||
| 178 | cleanup_table: | 166 | cleanup_table: |
| 179 | ipt_unregister_table(&packet_filter); | 167 | ipt_unregister_table(&packet_filter); |
| 180 | |||
| 181 | return ret; | 168 | return ret; |
| 182 | } | 169 | } |
| 183 | 170 | ||
| 184 | static void __exit iptable_filter_fini(void) | 171 | static void __exit iptable_filter_fini(void) |
| 185 | { | 172 | { |
| 186 | unsigned int i; | 173 | nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); |
| 187 | |||
| 188 | for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++) | ||
| 189 | nf_unregister_hook(&ipt_ops[i]); | ||
| 190 | |||
| 191 | ipt_unregister_table(&packet_filter); | 174 | ipt_unregister_table(&packet_filter); |
| 192 | } | 175 | } |
| 193 | 176 | ||
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index 412fc96cc896..397b95cc026b 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c | |||
| @@ -211,49 +211,20 @@ static int __init iptable_mangle_init(void) | |||
| 211 | return ret; | 211 | return ret; |
| 212 | 212 | ||
| 213 | /* Register hooks */ | 213 | /* Register hooks */ |
| 214 | ret = nf_register_hook(&ipt_ops[0]); | 214 | ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); |
| 215 | if (ret < 0) | 215 | if (ret < 0) |
| 216 | goto cleanup_table; | 216 | goto cleanup_table; |
| 217 | 217 | ||
| 218 | ret = nf_register_hook(&ipt_ops[1]); | ||
| 219 | if (ret < 0) | ||
| 220 | goto cleanup_hook0; | ||
| 221 | |||
| 222 | ret = nf_register_hook(&ipt_ops[2]); | ||
| 223 | if (ret < 0) | ||
| 224 | goto cleanup_hook1; | ||
| 225 | |||
| 226 | ret = nf_register_hook(&ipt_ops[3]); | ||
| 227 | if (ret < 0) | ||
| 228 | goto cleanup_hook2; | ||
| 229 | |||
| 230 | ret = nf_register_hook(&ipt_ops[4]); | ||
| 231 | if (ret < 0) | ||
| 232 | goto cleanup_hook3; | ||
| 233 | |||
| 234 | return ret; | 218 | return ret; |
| 235 | 219 | ||
| 236 | cleanup_hook3: | ||
| 237 | nf_unregister_hook(&ipt_ops[3]); | ||
| 238 | cleanup_hook2: | ||
| 239 | nf_unregister_hook(&ipt_ops[2]); | ||
| 240 | cleanup_hook1: | ||
| 241 | nf_unregister_hook(&ipt_ops[1]); | ||
| 242 | cleanup_hook0: | ||
| 243 | nf_unregister_hook(&ipt_ops[0]); | ||
| 244 | cleanup_table: | 220 | cleanup_table: |
| 245 | ipt_unregister_table(&packet_mangler); | 221 | ipt_unregister_table(&packet_mangler); |
| 246 | |||
| 247 | return ret; | 222 | return ret; |
| 248 | } | 223 | } |
| 249 | 224 | ||
| 250 | static void __exit iptable_mangle_fini(void) | 225 | static void __exit iptable_mangle_fini(void) |
| 251 | { | 226 | { |
| 252 | unsigned int i; | 227 | nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); |
| 253 | |||
| 254 | for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++) | ||
| 255 | nf_unregister_hook(&ipt_ops[i]); | ||
| 256 | |||
| 257 | ipt_unregister_table(&packet_mangler); | 228 | ipt_unregister_table(&packet_mangler); |
| 258 | } | 229 | } |
| 259 | 230 | ||
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index 03cc79a6160a..7912cce1e1b8 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c | |||
| @@ -101,18 +101,18 @@ ipt_hook(unsigned int hook, | |||
| 101 | /* 'raw' is the very first table. */ | 101 | /* 'raw' is the very first table. */ |
| 102 | static struct nf_hook_ops ipt_ops[] = { | 102 | static struct nf_hook_ops ipt_ops[] = { |
| 103 | { | 103 | { |
| 104 | .hook = ipt_hook, | 104 | .hook = ipt_hook, |
| 105 | .pf = PF_INET, | 105 | .pf = PF_INET, |
| 106 | .hooknum = NF_IP_PRE_ROUTING, | 106 | .hooknum = NF_IP_PRE_ROUTING, |
| 107 | .priority = NF_IP_PRI_RAW, | 107 | .priority = NF_IP_PRI_RAW, |
| 108 | .owner = THIS_MODULE, | 108 | .owner = THIS_MODULE, |
| 109 | }, | 109 | }, |
| 110 | { | 110 | { |
| 111 | .hook = ipt_hook, | 111 | .hook = ipt_hook, |
| 112 | .pf = PF_INET, | 112 | .pf = PF_INET, |
| 113 | .hooknum = NF_IP_LOCAL_OUT, | 113 | .hooknum = NF_IP_LOCAL_OUT, |
| 114 | .priority = NF_IP_PRI_RAW, | 114 | .priority = NF_IP_PRI_RAW, |
| 115 | .owner = THIS_MODULE, | 115 | .owner = THIS_MODULE, |
| 116 | }, | 116 | }, |
| 117 | }; | 117 | }; |
| 118 | 118 | ||
| @@ -126,31 +126,20 @@ static int __init iptable_raw_init(void) | |||
| 126 | return ret; | 126 | return ret; |
| 127 | 127 | ||
| 128 | /* Register hooks */ | 128 | /* Register hooks */ |
| 129 | ret = nf_register_hook(&ipt_ops[0]); | 129 | ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); |
| 130 | if (ret < 0) | 130 | if (ret < 0) |
| 131 | goto cleanup_table; | 131 | goto cleanup_table; |
| 132 | 132 | ||
| 133 | ret = nf_register_hook(&ipt_ops[1]); | ||
| 134 | if (ret < 0) | ||
| 135 | goto cleanup_hook0; | ||
| 136 | |||
| 137 | return ret; | 133 | return ret; |
| 138 | 134 | ||
| 139 | cleanup_hook0: | ||
| 140 | nf_unregister_hook(&ipt_ops[0]); | ||
| 141 | cleanup_table: | 135 | cleanup_table: |
| 142 | ipt_unregister_table(&packet_raw); | 136 | ipt_unregister_table(&packet_raw); |
| 143 | |||
| 144 | return ret; | 137 | return ret; |
| 145 | } | 138 | } |
| 146 | 139 | ||
| 147 | static void __exit iptable_raw_fini(void) | 140 | static void __exit iptable_raw_fini(void) |
| 148 | { | 141 | { |
| 149 | unsigned int i; | 142 | nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); |
| 150 | |||
| 151 | for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++) | ||
| 152 | nf_unregister_hook(&ipt_ops[i]); | ||
| 153 | |||
| 154 | ipt_unregister_table(&packet_raw); | 143 | ipt_unregister_table(&packet_raw); |
| 155 | } | 144 | } |
| 156 | 145 | ||
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 4afbc699d3ba..3fadaccbc582 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
| @@ -210,71 +210,63 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum, | |||
| 210 | 210 | ||
| 211 | /* Connection tracking may drop packets, but never alters them, so | 211 | /* Connection tracking may drop packets, but never alters them, so |
| 212 | make it the first hook. */ | 212 | make it the first hook. */ |
| 213 | static struct nf_hook_ops ipv4_conntrack_defrag_ops = { | 213 | static struct nf_hook_ops ipv4_conntrack_ops[] = { |
| 214 | .hook = ipv4_conntrack_defrag, | 214 | { |
| 215 | .owner = THIS_MODULE, | 215 | .hook = ipv4_conntrack_defrag, |
| 216 | .pf = PF_INET, | 216 | .owner = THIS_MODULE, |
| 217 | .hooknum = NF_IP_PRE_ROUTING, | 217 | .pf = PF_INET, |
| 218 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, | 218 | .hooknum = NF_IP_PRE_ROUTING, |
| 219 | }; | 219 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, |
| 220 | 220 | }, | |
| 221 | static struct nf_hook_ops ipv4_conntrack_in_ops = { | 221 | { |
| 222 | .hook = ipv4_conntrack_in, | 222 | .hook = ipv4_conntrack_in, |
| 223 | .owner = THIS_MODULE, | 223 | .owner = THIS_MODULE, |
| 224 | .pf = PF_INET, | 224 | .pf = PF_INET, |
| 225 | .hooknum = NF_IP_PRE_ROUTING, | 225 | .hooknum = NF_IP_PRE_ROUTING, |
| 226 | .priority = NF_IP_PRI_CONNTRACK, | 226 | .priority = NF_IP_PRI_CONNTRACK, |
| 227 | }; | 227 | }, |
| 228 | 228 | { | |
| 229 | static struct nf_hook_ops ipv4_conntrack_defrag_local_out_ops = { | 229 | .hook = ipv4_conntrack_defrag, |
| 230 | .hook = ipv4_conntrack_defrag, | 230 | .owner = THIS_MODULE, |
| 231 | .owner = THIS_MODULE, | 231 | .pf = PF_INET, |
| 232 | .pf = PF_INET, | 232 | .hooknum = NF_IP_LOCAL_OUT, |
| 233 | .hooknum = NF_IP_LOCAL_OUT, | 233 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, |
| 234 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, | 234 | }, |
| 235 | }; | 235 | { |
| 236 | 236 | .hook = ipv4_conntrack_local, | |
| 237 | static struct nf_hook_ops ipv4_conntrack_local_out_ops = { | 237 | .owner = THIS_MODULE, |
| 238 | .hook = ipv4_conntrack_local, | 238 | .pf = PF_INET, |
| 239 | .owner = THIS_MODULE, | 239 | .hooknum = NF_IP_LOCAL_OUT, |
| 240 | .pf = PF_INET, | 240 | .priority = NF_IP_PRI_CONNTRACK, |
| 241 | .hooknum = NF_IP_LOCAL_OUT, | 241 | }, |
| 242 | .priority = NF_IP_PRI_CONNTRACK, | 242 | { |
| 243 | }; | 243 | .hook = ipv4_conntrack_help, |
| 244 | 244 | .owner = THIS_MODULE, | |
| 245 | /* helpers */ | 245 | .pf = PF_INET, |
| 246 | static struct nf_hook_ops ipv4_conntrack_helper_out_ops = { | 246 | .hooknum = NF_IP_POST_ROUTING, |
| 247 | .hook = ipv4_conntrack_help, | 247 | .priority = NF_IP_PRI_CONNTRACK_HELPER, |
| 248 | .owner = THIS_MODULE, | 248 | }, |
| 249 | .pf = PF_INET, | 249 | { |
| 250 | .hooknum = NF_IP_POST_ROUTING, | 250 | .hook = ipv4_conntrack_help, |
| 251 | .priority = NF_IP_PRI_CONNTRACK_HELPER, | 251 | .owner = THIS_MODULE, |
| 252 | }; | 252 | .pf = PF_INET, |
| 253 | 253 | .hooknum = NF_IP_LOCAL_IN, | |
| 254 | static struct nf_hook_ops ipv4_conntrack_helper_in_ops = { | 254 | .priority = NF_IP_PRI_CONNTRACK_HELPER, |
| 255 | .hook = ipv4_conntrack_help, | 255 | }, |
| 256 | .owner = THIS_MODULE, | 256 | { |
| 257 | .pf = PF_INET, | 257 | .hook = ipv4_confirm, |
| 258 | .hooknum = NF_IP_LOCAL_IN, | 258 | .owner = THIS_MODULE, |
| 259 | .priority = NF_IP_PRI_CONNTRACK_HELPER, | 259 | .pf = PF_INET, |
| 260 | }; | 260 | .hooknum = NF_IP_POST_ROUTING, |
| 261 | 261 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | |
| 262 | 262 | }, | |
| 263 | /* Refragmenter; last chance. */ | 263 | { |
| 264 | static struct nf_hook_ops ipv4_conntrack_out_ops = { | 264 | .hook = ipv4_confirm, |
| 265 | .hook = ipv4_confirm, | 265 | .owner = THIS_MODULE, |
| 266 | .owner = THIS_MODULE, | 266 | .pf = PF_INET, |
| 267 | .pf = PF_INET, | 267 | .hooknum = NF_IP_LOCAL_IN, |
| 268 | .hooknum = NF_IP_POST_ROUTING, | 268 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, |
| 269 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | 269 | }, |
| 270 | }; | ||
| 271 | |||
| 272 | static struct nf_hook_ops ipv4_conntrack_local_in_ops = { | ||
| 273 | .hook = ipv4_confirm, | ||
| 274 | .owner = THIS_MODULE, | ||
| 275 | .pf = PF_INET, | ||
| 276 | .hooknum = NF_IP_LOCAL_IN, | ||
| 277 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | ||
| 278 | }; | 270 | }; |
| 279 | 271 | ||
| 280 | #ifdef CONFIG_SYSCTL | 272 | #ifdef CONFIG_SYSCTL |
| @@ -476,59 +468,18 @@ static int init_or_cleanup(int init) | |||
| 476 | goto cleanup_icmp; | 468 | goto cleanup_icmp; |
| 477 | } | 469 | } |
| 478 | 470 | ||
| 479 | ret = nf_register_hook(&ipv4_conntrack_defrag_ops); | 471 | ret = nf_register_hooks(ipv4_conntrack_ops, |
| 472 | ARRAY_SIZE(ipv4_conntrack_ops)); | ||
| 480 | if (ret < 0) { | 473 | if (ret < 0) { |
| 481 | printk("nf_conntrack_ipv4: can't register pre-routing defrag hook.\n"); | 474 | printk("nf_conntrack_ipv4: can't register hooks.\n"); |
| 482 | goto cleanup_ipv4; | 475 | goto cleanup_ipv4; |
| 483 | } | 476 | } |
| 484 | ret = nf_register_hook(&ipv4_conntrack_defrag_local_out_ops); | ||
| 485 | if (ret < 0) { | ||
| 486 | printk("nf_conntrack_ipv4: can't register local_out defrag hook.\n"); | ||
| 487 | goto cleanup_defragops; | ||
| 488 | } | ||
| 489 | |||
| 490 | ret = nf_register_hook(&ipv4_conntrack_in_ops); | ||
| 491 | if (ret < 0) { | ||
| 492 | printk("nf_conntrack_ipv4: can't register pre-routing hook.\n"); | ||
| 493 | goto cleanup_defraglocalops; | ||
| 494 | } | ||
| 495 | |||
| 496 | ret = nf_register_hook(&ipv4_conntrack_local_out_ops); | ||
| 497 | if (ret < 0) { | ||
| 498 | printk("nf_conntrack_ipv4: can't register local out hook.\n"); | ||
| 499 | goto cleanup_inops; | ||
| 500 | } | ||
| 501 | |||
| 502 | ret = nf_register_hook(&ipv4_conntrack_helper_in_ops); | ||
| 503 | if (ret < 0) { | ||
| 504 | printk("nf_conntrack_ipv4: can't register local helper hook.\n"); | ||
| 505 | goto cleanup_inandlocalops; | ||
| 506 | } | ||
| 507 | |||
| 508 | ret = nf_register_hook(&ipv4_conntrack_helper_out_ops); | ||
| 509 | if (ret < 0) { | ||
| 510 | printk("nf_conntrack_ipv4: can't register postrouting helper hook.\n"); | ||
| 511 | goto cleanup_helperinops; | ||
| 512 | } | ||
| 513 | |||
| 514 | ret = nf_register_hook(&ipv4_conntrack_out_ops); | ||
| 515 | if (ret < 0) { | ||
| 516 | printk("nf_conntrack_ipv4: can't register post-routing hook.\n"); | ||
| 517 | goto cleanup_helperoutops; | ||
| 518 | } | ||
| 519 | |||
| 520 | ret = nf_register_hook(&ipv4_conntrack_local_in_ops); | ||
| 521 | if (ret < 0) { | ||
| 522 | printk("nf_conntrack_ipv4: can't register local in hook.\n"); | ||
| 523 | goto cleanup_inoutandlocalops; | ||
| 524 | } | ||
| 525 | |||
| 526 | #ifdef CONFIG_SYSCTL | 477 | #ifdef CONFIG_SYSCTL |
| 527 | nf_ct_ipv4_sysctl_header = register_sysctl_table(nf_ct_net_table, 0); | 478 | nf_ct_ipv4_sysctl_header = register_sysctl_table(nf_ct_net_table, 0); |
| 528 | if (nf_ct_ipv4_sysctl_header == NULL) { | 479 | if (nf_ct_ipv4_sysctl_header == NULL) { |
| 529 | printk("nf_conntrack: can't register to sysctl.\n"); | 480 | printk("nf_conntrack: can't register to sysctl.\n"); |
| 530 | ret = -ENOMEM; | 481 | ret = -ENOMEM; |
| 531 | goto cleanup_localinops; | 482 | goto cleanup_hooks; |
| 532 | } | 483 | } |
| 533 | #endif | 484 | #endif |
| 534 | return ret; | 485 | return ret; |
| @@ -537,23 +488,9 @@ static int init_or_cleanup(int init) | |||
| 537 | synchronize_net(); | 488 | synchronize_net(); |
| 538 | #ifdef CONFIG_SYSCTL | 489 | #ifdef CONFIG_SYSCTL |
| 539 | unregister_sysctl_table(nf_ct_ipv4_sysctl_header); | 490 | unregister_sysctl_table(nf_ct_ipv4_sysctl_header); |
| 540 | cleanup_localinops: | 491 | cleanup_hooks: |
| 541 | #endif | 492 | #endif |
| 542 | nf_unregister_hook(&ipv4_conntrack_local_in_ops); | 493 | nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops)); |
| 543 | cleanup_inoutandlocalops: | ||
| 544 | nf_unregister_hook(&ipv4_conntrack_out_ops); | ||
| 545 | cleanup_helperoutops: | ||
| 546 | nf_unregister_hook(&ipv4_conntrack_helper_out_ops); | ||
| 547 | cleanup_helperinops: | ||
| 548 | nf_unregister_hook(&ipv4_conntrack_helper_in_ops); | ||
| 549 | cleanup_inandlocalops: | ||
| 550 | nf_unregister_hook(&ipv4_conntrack_local_out_ops); | ||
| 551 | cleanup_inops: | ||
| 552 | nf_unregister_hook(&ipv4_conntrack_in_ops); | ||
| 553 | cleanup_defraglocalops: | ||
| 554 | nf_unregister_hook(&ipv4_conntrack_defrag_local_out_ops); | ||
| 555 | cleanup_defragops: | ||
| 556 | nf_unregister_hook(&ipv4_conntrack_defrag_ops); | ||
| 557 | cleanup_ipv4: | 494 | cleanup_ipv4: |
| 558 | nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4); | 495 | nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4); |
| 559 | cleanup_icmp: | 496 | cleanup_icmp: |