netfilter: xtables: use xt_table for hook instantiation

The respective xt_table structures already have most of the metadata needed for hook setup. Add a 'priority' field to struct xt_table so that xt_hook_link() can be called with a reduced number of arguments. So should we be having more tables in the future, it comes at no static cost (only runtime, as before) - space saved: 6807373->6806555. Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
author: Jan Engelhardt <jengelh@medozas.de> 2009-06-17 07:57:48 -0400
committer: Jan Engelhardt <jengelh@medozas.de> 2010-02-10 11:13:33 -0500
commit: 2b95efe7f6bb750256a702cc32d33b0cb2cd8223 (patch)
tree: 49ab6f0eb13fe524211f94db29c19827529f49a5 /net/netfilter
parent: 2b21e051472fdb4680076278b2ccf63ebc1cc3bc (diff)
1 files changed, 54 insertions, 0 deletions
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index f01955cce314..b51cb0d7234a 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -1091,6 +1091,60 @@ static const struct file_operations xt_target_ops = {
 #endif /* CONFIG_PROC_FS */
+/**
+ * xt_hook_link - set up hooks for a new table
+ * @table:      table with metadata needed to set up hooks
+ * @fn:         Hook function
+ *
+ * This function will take care of creating and registering the necessary
+ * Netfilter hooks for XT tables.
+ */
+struct nf_hook_ops *xt_hook_link(const struct xt_table *table, nf_hookfn *fn)
+{
+        unsigned int hook_mask = table->valid_hooks;
+        uint8_t i, num_hooks = hweight32(hook_mask);
+        uint8_t hooknum;
+        struct nf_hook_ops *ops;
+        int ret;
+        ops = kmalloc(sizeof(*ops) * num_hooks, GFP_KERNEL);
+        if (ops == NULL)
+                return ERR_PTR(-ENOMEM);
+        for (i = 0, hooknum = 0; i < num_hooks && hook_mask != 0;
+             hook_mask >>= 1, ++hooknum) {
+                if (!(hook_mask & 1))
+                        continue;
+                ops[i].hook     = fn;
+                ops[i].owner    = table->me;
+                ops[i].pf       = table->af;
+                ops[i].hooknum  = hooknum;
+                ops[i].priority = table->priority;
+                ++i;
+        }
+        ret = nf_register_hooks(ops, num_hooks);
+        if (ret < 0) {
+                kfree(ops);
+                return ERR_PTR(ret);
+        }
+        return ops;
+}
+EXPORT_SYMBOL_GPL(xt_hook_link);
+/**
+ * xt_hook_unlink - remove hooks for a table
+ * @ops:        nf_hook_ops array as returned by nf_hook_link
+ * @hook_mask:  the very same mask that was passed to nf_hook_link
+ */
+void xt_hook_unlink(const struct xt_table *table, struct nf_hook_ops *ops)
+{
+        nf_unregister_hooks(ops, hweight32(table->valid_hooks));
+        kfree(ops);
+}
+EXPORT_SYMBOL_GPL(xt_hook_unlink);
 int xt_proto_init(struct net *net, u_int8_t af)
 {
 #ifdef CONFIG_PROC_FS
author	Jan Engelhardt <jengelh@medozas.de>	2009-06-17 07:57:48 -0400
committer	Jan Engelhardt <jengelh@medozas.de>	2010-02-10 11:13:33 -0500
commit	2b95efe7f6bb750256a702cc32d33b0cb2cd8223 (patch)
tree	49ab6f0eb13fe524211f94db29c19827529f49a5 /net/netfilter
parent	2b21e051472fdb4680076278b2ccf63ebc1cc3bc (diff)

diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index f01955cce314..b51cb0d7234a 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c
@@ -1091,6 +1091,60 @@ static const struct file_operations xt_target_ops = {
1091		1091
1092	#endif /* CONFIG_PROC_FS */	1092	#endif /* CONFIG_PROC_FS */
1093		1093
		1094	/**
		1095	* xt_hook_link - set up hooks for a new table
		1096	* @table: table with metadata needed to set up hooks
		1097	* @fn: Hook function
		1098	*
		1099	* This function will take care of creating and registering the necessary
		1100	* Netfilter hooks for XT tables.
		1101	*/
		1102	struct nf_hook_ops xt_hook_link(const struct xt_table table, nf_hookfn *fn)
		1103	{
		1104	unsigned int hook_mask = table->valid_hooks;
		1105	uint8_t i, num_hooks = hweight32(hook_mask);
		1106	uint8_t hooknum;
		1107	struct nf_hook_ops *ops;
		1108	int ret;
		1109
		1110	ops = kmalloc(sizeof(ops) num_hooks, GFP_KERNEL);
		1111	if (ops == NULL)
		1112	return ERR_PTR(-ENOMEM);
		1113
		1114	for (i = 0, hooknum = 0; i < num_hooks && hook_mask != 0;
		1115	hook_mask >>= 1, ++hooknum) {
		1116	if (!(hook_mask & 1))
		1117	continue;
		1118	ops[i].hook = fn;
		1119	ops[i].owner = table->me;
		1120	ops[i].pf = table->af;
		1121	ops[i].hooknum = hooknum;
		1122	ops[i].priority = table->priority;
		1123	++i;
		1124	}
		1125
		1126	ret = nf_register_hooks(ops, num_hooks);
		1127	if (ret < 0) {
		1128	kfree(ops);
		1129	return ERR_PTR(ret);
		1130	}
		1131
		1132	return ops;
		1133	}
		1134	EXPORT_SYMBOL_GPL(xt_hook_link);
		1135
		1136	/**
		1137	* xt_hook_unlink - remove hooks for a table
		1138	* @ops: nf_hook_ops array as returned by nf_hook_link
		1139	* @hook_mask: the very same mask that was passed to nf_hook_link
		1140	*/
		1141	void xt_hook_unlink(const struct xt_table table, struct nf_hook_ops ops)
		1142	{
		1143	nf_unregister_hooks(ops, hweight32(table->valid_hooks));
		1144	kfree(ops);
		1145	}
		1146	EXPORT_SYMBOL_GPL(xt_hook_unlink);
		1147
1094	int xt_proto_init(struct net *net, u_int8_t af)	1148	int xt_proto_init(struct net *net, u_int8_t af)
1095	{	1149	{
1096	#ifdef CONFIG_PROC_FS	1150	#ifdef CONFIG_PROC_FS