diff options
-rw-r--r-- | net/ipv4/netfilter/arptable_filter.c | 19 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_conntrack_standalone.c | 180 | ||||
-rw-r--r-- | net/ipv4/netfilter/ip_nat_standalone.c | 143 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_filter.c | 21 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_mangle.c | 33 | ||||
-rw-r--r-- | net/ipv4/netfilter/iptable_raw.c | 35 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 189 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_filter.c | 21 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_mangle.c | 33 | ||||
-rw-r--r-- | net/ipv6/netfilter/ip6table_raw.c | 15 | ||||
-rw-r--r-- | net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 143 |
11 files changed, 253 insertions, 579 deletions
diff --git a/net/ipv4/netfilter/arptable_filter.c b/net/ipv4/netfilter/arptable_filter.c index d0d379c7df9a..d7c472faa53b 100644 --- a/net/ipv4/netfilter/arptable_filter.c +++ b/net/ipv4/netfilter/arptable_filter.c | |||
@@ -181,33 +181,26 @@ static struct nf_hook_ops arpt_ops[] = { | |||
181 | 181 | ||
182 | static int __init arptable_filter_init(void) | 182 | static int __init arptable_filter_init(void) |
183 | { | 183 | { |
184 | int ret, i; | 184 | int ret; |
185 | 185 | ||
186 | /* Register table */ | 186 | /* Register table */ |
187 | ret = arpt_register_table(&packet_filter, &initial_table.repl); | 187 | ret = arpt_register_table(&packet_filter, &initial_table.repl); |
188 | if (ret < 0) | 188 | if (ret < 0) |
189 | return ret; | 189 | return ret; |
190 | 190 | ||
191 | for (i = 0; i < ARRAY_SIZE(arpt_ops); i++) | 191 | ret = nf_register_hooks(arpt_ops, ARRAY_SIZE(arpt_ops)); |
192 | if ((ret = nf_register_hook(&arpt_ops[i])) < 0) | 192 | if (ret < 0) |
193 | goto cleanup_hooks; | 193 | goto cleanup_table; |
194 | return ret; | 194 | return ret; |
195 | 195 | ||
196 | cleanup_hooks: | 196 | cleanup_table: |
197 | while (--i >= 0) | ||
198 | nf_unregister_hook(&arpt_ops[i]); | ||
199 | |||
200 | arpt_unregister_table(&packet_filter); | 197 | arpt_unregister_table(&packet_filter); |
201 | return ret; | 198 | return ret; |
202 | } | 199 | } |
203 | 200 | ||
204 | static void __exit arptable_filter_fini(void) | 201 | static void __exit arptable_filter_fini(void) |
205 | { | 202 | { |
206 | unsigned int i; | 203 | nf_unregister_hooks(arpt_ops, ARRAY_SIZE(arpt_ops)); |
207 | |||
208 | for (i = 0; i < ARRAY_SIZE(arpt_ops); i++) | ||
209 | nf_unregister_hook(&arpt_ops[i]); | ||
210 | |||
211 | arpt_unregister_table(&packet_filter); | 204 | arpt_unregister_table(&packet_filter); |
212 | } | 205 | } |
213 | 206 | ||
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c index 52076026db36..adc1a0f66409 100644 --- a/net/ipv4/netfilter/ip_conntrack_standalone.c +++ b/net/ipv4/netfilter/ip_conntrack_standalone.c | |||
@@ -469,70 +469,63 @@ static unsigned int ip_conntrack_local(unsigned int hooknum, | |||
469 | 469 | ||
470 | /* Connection tracking may drop packets, but never alters them, so | 470 | /* Connection tracking may drop packets, but never alters them, so |
471 | make it the first hook. */ | 471 | make it the first hook. */ |
472 | static struct nf_hook_ops ip_conntrack_defrag_ops = { | 472 | static struct nf_hook_ops ip_conntrack_ops[] = { |
473 | .hook = ip_conntrack_defrag, | 473 | { |
474 | .owner = THIS_MODULE, | 474 | .hook = ip_conntrack_defrag, |
475 | .pf = PF_INET, | 475 | .owner = THIS_MODULE, |
476 | .hooknum = NF_IP_PRE_ROUTING, | 476 | .pf = PF_INET, |
477 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, | 477 | .hooknum = NF_IP_PRE_ROUTING, |
478 | }; | 478 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, |
479 | 479 | }, | |
480 | static struct nf_hook_ops ip_conntrack_in_ops = { | 480 | { |
481 | .hook = ip_conntrack_in, | 481 | .hook = ip_conntrack_in, |
482 | .owner = THIS_MODULE, | 482 | .owner = THIS_MODULE, |
483 | .pf = PF_INET, | 483 | .pf = PF_INET, |
484 | .hooknum = NF_IP_PRE_ROUTING, | 484 | .hooknum = NF_IP_PRE_ROUTING, |
485 | .priority = NF_IP_PRI_CONNTRACK, | 485 | .priority = NF_IP_PRI_CONNTRACK, |
486 | }; | 486 | }, |
487 | 487 | { | |
488 | static struct nf_hook_ops ip_conntrack_defrag_local_out_ops = { | 488 | .hook = ip_conntrack_defrag, |
489 | .hook = ip_conntrack_defrag, | 489 | .owner = THIS_MODULE, |
490 | .owner = THIS_MODULE, | 490 | .pf = PF_INET, |
491 | .pf = PF_INET, | 491 | .hooknum = NF_IP_LOCAL_OUT, |
492 | .hooknum = NF_IP_LOCAL_OUT, | 492 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, |
493 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, | 493 | }, |
494 | }; | 494 | { |
495 | 495 | .hook = ip_conntrack_local, | |
496 | static struct nf_hook_ops ip_conntrack_local_out_ops = { | 496 | .owner = THIS_MODULE, |
497 | .hook = ip_conntrack_local, | 497 | .pf = PF_INET, |
498 | .owner = THIS_MODULE, | 498 | .hooknum = NF_IP_LOCAL_OUT, |
499 | .pf = PF_INET, | 499 | .priority = NF_IP_PRI_CONNTRACK, |
500 | .hooknum = NF_IP_LOCAL_OUT, | 500 | }, |
501 | .priority = NF_IP_PRI_CONNTRACK, | 501 | { |
502 | }; | 502 | .hook = ip_conntrack_help, |
503 | 503 | .owner = THIS_MODULE, | |
504 | /* helpers */ | 504 | .pf = PF_INET, |
505 | static struct nf_hook_ops ip_conntrack_helper_out_ops = { | 505 | .hooknum = NF_IP_POST_ROUTING, |
506 | .hook = ip_conntrack_help, | 506 | .priority = NF_IP_PRI_CONNTRACK_HELPER, |
507 | .owner = THIS_MODULE, | 507 | }, |
508 | .pf = PF_INET, | 508 | { |
509 | .hooknum = NF_IP_POST_ROUTING, | 509 | .hook = ip_conntrack_help, |
510 | .priority = NF_IP_PRI_CONNTRACK_HELPER, | 510 | .owner = THIS_MODULE, |
511 | }; | 511 | .pf = PF_INET, |
512 | 512 | .hooknum = NF_IP_LOCAL_IN, | |
513 | static struct nf_hook_ops ip_conntrack_helper_in_ops = { | 513 | .priority = NF_IP_PRI_CONNTRACK_HELPER, |
514 | .hook = ip_conntrack_help, | 514 | }, |
515 | .owner = THIS_MODULE, | 515 | { |
516 | .pf = PF_INET, | 516 | .hook = ip_confirm, |
517 | .hooknum = NF_IP_LOCAL_IN, | 517 | .owner = THIS_MODULE, |
518 | .priority = NF_IP_PRI_CONNTRACK_HELPER, | 518 | .pf = PF_INET, |
519 | }; | 519 | .hooknum = NF_IP_POST_ROUTING, |
520 | 520 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | |
521 | /* Refragmenter; last chance. */ | 521 | }, |
522 | static struct nf_hook_ops ip_conntrack_out_ops = { | 522 | { |
523 | .hook = ip_confirm, | 523 | .hook = ip_confirm, |
524 | .owner = THIS_MODULE, | 524 | .owner = THIS_MODULE, |
525 | .pf = PF_INET, | 525 | .pf = PF_INET, |
526 | .hooknum = NF_IP_POST_ROUTING, | 526 | .hooknum = NF_IP_LOCAL_IN, |
527 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | 527 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, |
528 | }; | 528 | }, |
529 | |||
530 | static struct nf_hook_ops ip_conntrack_local_in_ops = { | ||
531 | .hook = ip_confirm, | ||
532 | .owner = THIS_MODULE, | ||
533 | .pf = PF_INET, | ||
534 | .hooknum = NF_IP_LOCAL_IN, | ||
535 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | ||
536 | }; | 529 | }; |
537 | 530 | ||
538 | /* Sysctl support */ | 531 | /* Sysctl support */ |
@@ -813,52 +806,17 @@ static int init_or_cleanup(int init) | |||
813 | proc_stat->owner = THIS_MODULE; | 806 | proc_stat->owner = THIS_MODULE; |
814 | #endif | 807 | #endif |
815 | 808 | ||
816 | ret = nf_register_hook(&ip_conntrack_defrag_ops); | 809 | ret = nf_register_hooks(ip_conntrack_ops, ARRAY_SIZE(ip_conntrack_ops)); |
817 | if (ret < 0) { | 810 | if (ret < 0) { |
818 | printk("ip_conntrack: can't register pre-routing defrag hook.\n"); | 811 | printk("ip_conntrack: can't register hooks.\n"); |
819 | goto cleanup_proc_stat; | 812 | goto cleanup_proc_stat; |
820 | } | 813 | } |
821 | ret = nf_register_hook(&ip_conntrack_defrag_local_out_ops); | ||
822 | if (ret < 0) { | ||
823 | printk("ip_conntrack: can't register local_out defrag hook.\n"); | ||
824 | goto cleanup_defragops; | ||
825 | } | ||
826 | ret = nf_register_hook(&ip_conntrack_in_ops); | ||
827 | if (ret < 0) { | ||
828 | printk("ip_conntrack: can't register pre-routing hook.\n"); | ||
829 | goto cleanup_defraglocalops; | ||
830 | } | ||
831 | ret = nf_register_hook(&ip_conntrack_local_out_ops); | ||
832 | if (ret < 0) { | ||
833 | printk("ip_conntrack: can't register local out hook.\n"); | ||
834 | goto cleanup_inops; | ||
835 | } | ||
836 | ret = nf_register_hook(&ip_conntrack_helper_in_ops); | ||
837 | if (ret < 0) { | ||
838 | printk("ip_conntrack: can't register local in helper hook.\n"); | ||
839 | goto cleanup_inandlocalops; | ||
840 | } | ||
841 | ret = nf_register_hook(&ip_conntrack_helper_out_ops); | ||
842 | if (ret < 0) { | ||
843 | printk("ip_conntrack: can't register postrouting helper hook.\n"); | ||
844 | goto cleanup_helperinops; | ||
845 | } | ||
846 | ret = nf_register_hook(&ip_conntrack_out_ops); | ||
847 | if (ret < 0) { | ||
848 | printk("ip_conntrack: can't register post-routing hook.\n"); | ||
849 | goto cleanup_helperoutops; | ||
850 | } | ||
851 | ret = nf_register_hook(&ip_conntrack_local_in_ops); | ||
852 | if (ret < 0) { | ||
853 | printk("ip_conntrack: can't register local in hook.\n"); | ||
854 | goto cleanup_inoutandlocalops; | ||
855 | } | ||
856 | #ifdef CONFIG_SYSCTL | 814 | #ifdef CONFIG_SYSCTL |
857 | ip_ct_sysctl_header = register_sysctl_table(ip_ct_net_table, 0); | 815 | ip_ct_sysctl_header = register_sysctl_table(ip_ct_net_table, 0); |
858 | if (ip_ct_sysctl_header == NULL) { | 816 | if (ip_ct_sysctl_header == NULL) { |
859 | printk("ip_conntrack: can't register to sysctl.\n"); | 817 | printk("ip_conntrack: can't register to sysctl.\n"); |
860 | ret = -ENOMEM; | 818 | ret = -ENOMEM; |
861 | goto cleanup_localinops; | 819 | goto cleanup_hooks; |
862 | } | 820 | } |
863 | #endif | 821 | #endif |
864 | 822 | ||
@@ -868,23 +826,9 @@ static int init_or_cleanup(int init) | |||
868 | synchronize_net(); | 826 | synchronize_net(); |
869 | #ifdef CONFIG_SYSCTL | 827 | #ifdef CONFIG_SYSCTL |
870 | unregister_sysctl_table(ip_ct_sysctl_header); | 828 | unregister_sysctl_table(ip_ct_sysctl_header); |
871 | cleanup_localinops: | 829 | cleanup_hooks: |
872 | #endif | 830 | #endif |
873 | nf_unregister_hook(&ip_conntrack_local_in_ops); | 831 | nf_unregister_hooks(ip_conntrack_ops, ARRAY_SIZE(ip_conntrack_ops)); |
874 | cleanup_inoutandlocalops: | ||
875 | nf_unregister_hook(&ip_conntrack_out_ops); | ||
876 | cleanup_helperoutops: | ||
877 | nf_unregister_hook(&ip_conntrack_helper_out_ops); | ||
878 | cleanup_helperinops: | ||
879 | nf_unregister_hook(&ip_conntrack_helper_in_ops); | ||
880 | cleanup_inandlocalops: | ||
881 | nf_unregister_hook(&ip_conntrack_local_out_ops); | ||
882 | cleanup_inops: | ||
883 | nf_unregister_hook(&ip_conntrack_in_ops); | ||
884 | cleanup_defraglocalops: | ||
885 | nf_unregister_hook(&ip_conntrack_defrag_local_out_ops); | ||
886 | cleanup_defragops: | ||
887 | nf_unregister_hook(&ip_conntrack_defrag_ops); | ||
888 | cleanup_proc_stat: | 832 | cleanup_proc_stat: |
889 | #ifdef CONFIG_PROC_FS | 833 | #ifdef CONFIG_PROC_FS |
890 | remove_proc_entry("ip_conntrack", proc_net_stat); | 834 | remove_proc_entry("ip_conntrack", proc_net_stat); |
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c index 3505b0de2e04..5f02f439b07e 100644 --- a/net/ipv4/netfilter/ip_nat_standalone.c +++ b/net/ipv4/netfilter/ip_nat_standalone.c | |||
@@ -299,61 +299,57 @@ ip_nat_adjust(unsigned int hooknum, | |||
299 | 299 | ||
300 | /* We must be after connection tracking and before packet filtering. */ | 300 | /* We must be after connection tracking and before packet filtering. */ |
301 | 301 | ||
302 | /* Before packet filtering, change destination */ | 302 | static struct nf_hook_ops ip_nat_ops[] = { |
303 | static struct nf_hook_ops ip_nat_in_ops = { | 303 | /* Before packet filtering, change destination */ |
304 | .hook = ip_nat_in, | 304 | { |
305 | .owner = THIS_MODULE, | 305 | .hook = ip_nat_in, |
306 | .pf = PF_INET, | 306 | .owner = THIS_MODULE, |
307 | .hooknum = NF_IP_PRE_ROUTING, | 307 | .pf = PF_INET, |
308 | .priority = NF_IP_PRI_NAT_DST, | 308 | .hooknum = NF_IP_PRE_ROUTING, |
309 | .priority = NF_IP_PRI_NAT_DST, | ||
310 | }, | ||
311 | /* After packet filtering, change source */ | ||
312 | { | ||
313 | .hook = ip_nat_out, | ||
314 | .owner = THIS_MODULE, | ||
315 | .pf = PF_INET, | ||
316 | .hooknum = NF_IP_POST_ROUTING, | ||
317 | .priority = NF_IP_PRI_NAT_SRC, | ||
318 | }, | ||
319 | /* After conntrack, adjust sequence number */ | ||
320 | { | ||
321 | .hook = ip_nat_adjust, | ||
322 | .owner = THIS_MODULE, | ||
323 | .pf = PF_INET, | ||
324 | .hooknum = NF_IP_POST_ROUTING, | ||
325 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, | ||
326 | }, | ||
327 | /* Before packet filtering, change destination */ | ||
328 | { | ||
329 | .hook = ip_nat_local_fn, | ||
330 | .owner = THIS_MODULE, | ||
331 | .pf = PF_INET, | ||
332 | .hooknum = NF_IP_LOCAL_OUT, | ||
333 | .priority = NF_IP_PRI_NAT_DST, | ||
334 | }, | ||
335 | /* After packet filtering, change source */ | ||
336 | { | ||
337 | .hook = ip_nat_fn, | ||
338 | .owner = THIS_MODULE, | ||
339 | .pf = PF_INET, | ||
340 | .hooknum = NF_IP_LOCAL_IN, | ||
341 | .priority = NF_IP_PRI_NAT_SRC, | ||
342 | }, | ||
343 | /* After conntrack, adjust sequence number */ | ||
344 | { | ||
345 | .hook = ip_nat_adjust, | ||
346 | .owner = THIS_MODULE, | ||
347 | .pf = PF_INET, | ||
348 | .hooknum = NF_IP_LOCAL_IN, | ||
349 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, | ||
350 | }, | ||
309 | }; | 351 | }; |
310 | 352 | ||
311 | /* After packet filtering, change source */ | ||
312 | static struct nf_hook_ops ip_nat_out_ops = { | ||
313 | .hook = ip_nat_out, | ||
314 | .owner = THIS_MODULE, | ||
315 | .pf = PF_INET, | ||
316 | .hooknum = NF_IP_POST_ROUTING, | ||
317 | .priority = NF_IP_PRI_NAT_SRC, | ||
318 | }; | ||
319 | |||
320 | /* After conntrack, adjust sequence number */ | ||
321 | static struct nf_hook_ops ip_nat_adjust_out_ops = { | ||
322 | .hook = ip_nat_adjust, | ||
323 | .owner = THIS_MODULE, | ||
324 | .pf = PF_INET, | ||
325 | .hooknum = NF_IP_POST_ROUTING, | ||
326 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, | ||
327 | }; | ||
328 | |||
329 | /* Before packet filtering, change destination */ | ||
330 | static struct nf_hook_ops ip_nat_local_out_ops = { | ||
331 | .hook = ip_nat_local_fn, | ||
332 | .owner = THIS_MODULE, | ||
333 | .pf = PF_INET, | ||
334 | .hooknum = NF_IP_LOCAL_OUT, | ||
335 | .priority = NF_IP_PRI_NAT_DST, | ||
336 | }; | ||
337 | |||
338 | /* After packet filtering, change source for reply packets of LOCAL_OUT DNAT */ | ||
339 | static struct nf_hook_ops ip_nat_local_in_ops = { | ||
340 | .hook = ip_nat_fn, | ||
341 | .owner = THIS_MODULE, | ||
342 | .pf = PF_INET, | ||
343 | .hooknum = NF_IP_LOCAL_IN, | ||
344 | .priority = NF_IP_PRI_NAT_SRC, | ||
345 | }; | ||
346 | |||
347 | /* After conntrack, adjust sequence number */ | ||
348 | static struct nf_hook_ops ip_nat_adjust_in_ops = { | ||
349 | .hook = ip_nat_adjust, | ||
350 | .owner = THIS_MODULE, | ||
351 | .pf = PF_INET, | ||
352 | .hooknum = NF_IP_LOCAL_IN, | ||
353 | .priority = NF_IP_PRI_NAT_SEQ_ADJUST, | ||
354 | }; | ||
355 | |||
356 | |||
357 | static int init_or_cleanup(int init) | 353 | static int init_or_cleanup(int init) |
358 | { | 354 | { |
359 | int ret = 0; | 355 | int ret = 0; |
@@ -371,50 +367,15 @@ static int init_or_cleanup(int init) | |||
371 | printk("ip_nat_init: can't setup rules.\n"); | 367 | printk("ip_nat_init: can't setup rules.\n"); |
372 | goto cleanup_decode_session; | 368 | goto cleanup_decode_session; |
373 | } | 369 | } |
374 | ret = nf_register_hook(&ip_nat_in_ops); | 370 | ret = nf_register_hooks(ip_nat_ops, ARRAY_SIZE(ip_nat_ops)); |
375 | if (ret < 0) { | 371 | if (ret < 0) { |
376 | printk("ip_nat_init: can't register in hook.\n"); | 372 | printk("ip_nat_init: can't register hooks.\n"); |
377 | goto cleanup_rule_init; | 373 | goto cleanup_rule_init; |
378 | } | 374 | } |
379 | ret = nf_register_hook(&ip_nat_out_ops); | ||
380 | if (ret < 0) { | ||
381 | printk("ip_nat_init: can't register out hook.\n"); | ||
382 | goto cleanup_inops; | ||
383 | } | ||
384 | ret = nf_register_hook(&ip_nat_adjust_in_ops); | ||
385 | if (ret < 0) { | ||
386 | printk("ip_nat_init: can't register adjust in hook.\n"); | ||
387 | goto cleanup_outops; | ||
388 | } | ||
389 | ret = nf_register_hook(&ip_nat_adjust_out_ops); | ||
390 | if (ret < 0) { | ||
391 | printk("ip_nat_init: can't register adjust out hook.\n"); | ||
392 | goto cleanup_adjustin_ops; | ||
393 | } | ||
394 | ret = nf_register_hook(&ip_nat_local_out_ops); | ||
395 | if (ret < 0) { | ||
396 | printk("ip_nat_init: can't register local out hook.\n"); | ||
397 | goto cleanup_adjustout_ops; | ||
398 | } | ||
399 | ret = nf_register_hook(&ip_nat_local_in_ops); | ||
400 | if (ret < 0) { | ||
401 | printk("ip_nat_init: can't register local in hook.\n"); | ||
402 | goto cleanup_localoutops; | ||
403 | } | ||
404 | return ret; | 375 | return ret; |
405 | 376 | ||
406 | cleanup: | 377 | cleanup: |
407 | nf_unregister_hook(&ip_nat_local_in_ops); | 378 | nf_unregister_hooks(ip_nat_ops, ARRAY_SIZE(ip_nat_ops)); |
408 | cleanup_localoutops: | ||
409 | nf_unregister_hook(&ip_nat_local_out_ops); | ||
410 | cleanup_adjustout_ops: | ||
411 | nf_unregister_hook(&ip_nat_adjust_out_ops); | ||
412 | cleanup_adjustin_ops: | ||
413 | nf_unregister_hook(&ip_nat_adjust_in_ops); | ||
414 | cleanup_outops: | ||
415 | nf_unregister_hook(&ip_nat_out_ops); | ||
416 | cleanup_inops: | ||
417 | nf_unregister_hook(&ip_nat_in_ops); | ||
418 | cleanup_rule_init: | 379 | cleanup_rule_init: |
419 | ip_nat_rule_cleanup(); | 380 | ip_nat_rule_cleanup(); |
420 | cleanup_decode_session: | 381 | cleanup_decode_session: |
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index 3d80aefe9cfa..7f417484bfbf 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c | |||
@@ -157,37 +157,20 @@ static int __init iptable_filter_init(void) | |||
157 | return ret; | 157 | return ret; |
158 | 158 | ||
159 | /* Register hooks */ | 159 | /* Register hooks */ |
160 | ret = nf_register_hook(&ipt_ops[0]); | 160 | ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); |
161 | if (ret < 0) | 161 | if (ret < 0) |
162 | goto cleanup_table; | 162 | goto cleanup_table; |
163 | 163 | ||
164 | ret = nf_register_hook(&ipt_ops[1]); | ||
165 | if (ret < 0) | ||
166 | goto cleanup_hook0; | ||
167 | |||
168 | ret = nf_register_hook(&ipt_ops[2]); | ||
169 | if (ret < 0) | ||
170 | goto cleanup_hook1; | ||
171 | |||
172 | return ret; | 164 | return ret; |
173 | 165 | ||
174 | cleanup_hook1: | ||
175 | nf_unregister_hook(&ipt_ops[1]); | ||
176 | cleanup_hook0: | ||
177 | nf_unregister_hook(&ipt_ops[0]); | ||
178 | cleanup_table: | 166 | cleanup_table: |
179 | ipt_unregister_table(&packet_filter); | 167 | ipt_unregister_table(&packet_filter); |
180 | |||
181 | return ret; | 168 | return ret; |
182 | } | 169 | } |
183 | 170 | ||
184 | static void __exit iptable_filter_fini(void) | 171 | static void __exit iptable_filter_fini(void) |
185 | { | 172 | { |
186 | unsigned int i; | 173 | nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); |
187 | |||
188 | for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++) | ||
189 | nf_unregister_hook(&ipt_ops[i]); | ||
190 | |||
191 | ipt_unregister_table(&packet_filter); | 174 | ipt_unregister_table(&packet_filter); |
192 | } | 175 | } |
193 | 176 | ||
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c index 412fc96cc896..397b95cc026b 100644 --- a/net/ipv4/netfilter/iptable_mangle.c +++ b/net/ipv4/netfilter/iptable_mangle.c | |||
@@ -211,49 +211,20 @@ static int __init iptable_mangle_init(void) | |||
211 | return ret; | 211 | return ret; |
212 | 212 | ||
213 | /* Register hooks */ | 213 | /* Register hooks */ |
214 | ret = nf_register_hook(&ipt_ops[0]); | 214 | ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); |
215 | if (ret < 0) | 215 | if (ret < 0) |
216 | goto cleanup_table; | 216 | goto cleanup_table; |
217 | 217 | ||
218 | ret = nf_register_hook(&ipt_ops[1]); | ||
219 | if (ret < 0) | ||
220 | goto cleanup_hook0; | ||
221 | |||
222 | ret = nf_register_hook(&ipt_ops[2]); | ||
223 | if (ret < 0) | ||
224 | goto cleanup_hook1; | ||
225 | |||
226 | ret = nf_register_hook(&ipt_ops[3]); | ||
227 | if (ret < 0) | ||
228 | goto cleanup_hook2; | ||
229 | |||
230 | ret = nf_register_hook(&ipt_ops[4]); | ||
231 | if (ret < 0) | ||
232 | goto cleanup_hook3; | ||
233 | |||
234 | return ret; | 218 | return ret; |
235 | 219 | ||
236 | cleanup_hook3: | ||
237 | nf_unregister_hook(&ipt_ops[3]); | ||
238 | cleanup_hook2: | ||
239 | nf_unregister_hook(&ipt_ops[2]); | ||
240 | cleanup_hook1: | ||
241 | nf_unregister_hook(&ipt_ops[1]); | ||
242 | cleanup_hook0: | ||
243 | nf_unregister_hook(&ipt_ops[0]); | ||
244 | cleanup_table: | 220 | cleanup_table: |
245 | ipt_unregister_table(&packet_mangler); | 221 | ipt_unregister_table(&packet_mangler); |
246 | |||
247 | return ret; | 222 | return ret; |
248 | } | 223 | } |
249 | 224 | ||
250 | static void __exit iptable_mangle_fini(void) | 225 | static void __exit iptable_mangle_fini(void) |
251 | { | 226 | { |
252 | unsigned int i; | 227 | nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); |
253 | |||
254 | for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++) | ||
255 | nf_unregister_hook(&ipt_ops[i]); | ||
256 | |||
257 | ipt_unregister_table(&packet_mangler); | 228 | ipt_unregister_table(&packet_mangler); |
258 | } | 229 | } |
259 | 230 | ||
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c index 03cc79a6160a..7912cce1e1b8 100644 --- a/net/ipv4/netfilter/iptable_raw.c +++ b/net/ipv4/netfilter/iptable_raw.c | |||
@@ -101,18 +101,18 @@ ipt_hook(unsigned int hook, | |||
101 | /* 'raw' is the very first table. */ | 101 | /* 'raw' is the very first table. */ |
102 | static struct nf_hook_ops ipt_ops[] = { | 102 | static struct nf_hook_ops ipt_ops[] = { |
103 | { | 103 | { |
104 | .hook = ipt_hook, | 104 | .hook = ipt_hook, |
105 | .pf = PF_INET, | 105 | .pf = PF_INET, |
106 | .hooknum = NF_IP_PRE_ROUTING, | 106 | .hooknum = NF_IP_PRE_ROUTING, |
107 | .priority = NF_IP_PRI_RAW, | 107 | .priority = NF_IP_PRI_RAW, |
108 | .owner = THIS_MODULE, | 108 | .owner = THIS_MODULE, |
109 | }, | 109 | }, |
110 | { | 110 | { |
111 | .hook = ipt_hook, | 111 | .hook = ipt_hook, |
112 | .pf = PF_INET, | 112 | .pf = PF_INET, |
113 | .hooknum = NF_IP_LOCAL_OUT, | 113 | .hooknum = NF_IP_LOCAL_OUT, |
114 | .priority = NF_IP_PRI_RAW, | 114 | .priority = NF_IP_PRI_RAW, |
115 | .owner = THIS_MODULE, | 115 | .owner = THIS_MODULE, |
116 | }, | 116 | }, |
117 | }; | 117 | }; |
118 | 118 | ||
@@ -126,31 +126,20 @@ static int __init iptable_raw_init(void) | |||
126 | return ret; | 126 | return ret; |
127 | 127 | ||
128 | /* Register hooks */ | 128 | /* Register hooks */ |
129 | ret = nf_register_hook(&ipt_ops[0]); | 129 | ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); |
130 | if (ret < 0) | 130 | if (ret < 0) |
131 | goto cleanup_table; | 131 | goto cleanup_table; |
132 | 132 | ||
133 | ret = nf_register_hook(&ipt_ops[1]); | ||
134 | if (ret < 0) | ||
135 | goto cleanup_hook0; | ||
136 | |||
137 | return ret; | 133 | return ret; |
138 | 134 | ||
139 | cleanup_hook0: | ||
140 | nf_unregister_hook(&ipt_ops[0]); | ||
141 | cleanup_table: | 135 | cleanup_table: |
142 | ipt_unregister_table(&packet_raw); | 136 | ipt_unregister_table(&packet_raw); |
143 | |||
144 | return ret; | 137 | return ret; |
145 | } | 138 | } |
146 | 139 | ||
147 | static void __exit iptable_raw_fini(void) | 140 | static void __exit iptable_raw_fini(void) |
148 | { | 141 | { |
149 | unsigned int i; | 142 | nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); |
150 | |||
151 | for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++) | ||
152 | nf_unregister_hook(&ipt_ops[i]); | ||
153 | |||
154 | ipt_unregister_table(&packet_raw); | 143 | ipt_unregister_table(&packet_raw); |
155 | } | 144 | } |
156 | 145 | ||
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index 4afbc699d3ba..3fadaccbc582 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | |||
@@ -210,71 +210,63 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum, | |||
210 | 210 | ||
211 | /* Connection tracking may drop packets, but never alters them, so | 211 | /* Connection tracking may drop packets, but never alters them, so |
212 | make it the first hook. */ | 212 | make it the first hook. */ |
213 | static struct nf_hook_ops ipv4_conntrack_defrag_ops = { | 213 | static struct nf_hook_ops ipv4_conntrack_ops[] = { |
214 | .hook = ipv4_conntrack_defrag, | 214 | { |
215 | .owner = THIS_MODULE, | 215 | .hook = ipv4_conntrack_defrag, |
216 | .pf = PF_INET, | 216 | .owner = THIS_MODULE, |
217 | .hooknum = NF_IP_PRE_ROUTING, | 217 | .pf = PF_INET, |
218 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, | 218 | .hooknum = NF_IP_PRE_ROUTING, |
219 | }; | 219 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, |
220 | 220 | }, | |
221 | static struct nf_hook_ops ipv4_conntrack_in_ops = { | 221 | { |
222 | .hook = ipv4_conntrack_in, | 222 | .hook = ipv4_conntrack_in, |
223 | .owner = THIS_MODULE, | 223 | .owner = THIS_MODULE, |
224 | .pf = PF_INET, | 224 | .pf = PF_INET, |
225 | .hooknum = NF_IP_PRE_ROUTING, | 225 | .hooknum = NF_IP_PRE_ROUTING, |
226 | .priority = NF_IP_PRI_CONNTRACK, | 226 | .priority = NF_IP_PRI_CONNTRACK, |
227 | }; | 227 | }, |
228 | 228 | { | |
229 | static struct nf_hook_ops ipv4_conntrack_defrag_local_out_ops = { | 229 | .hook = ipv4_conntrack_defrag, |
230 | .hook = ipv4_conntrack_defrag, | 230 | .owner = THIS_MODULE, |
231 | .owner = THIS_MODULE, | 231 | .pf = PF_INET, |
232 | .pf = PF_INET, | 232 | .hooknum = NF_IP_LOCAL_OUT, |
233 | .hooknum = NF_IP_LOCAL_OUT, | 233 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, |
234 | .priority = NF_IP_PRI_CONNTRACK_DEFRAG, | 234 | }, |
235 | }; | 235 | { |
236 | 236 | .hook = ipv4_conntrack_local, | |
237 | static struct nf_hook_ops ipv4_conntrack_local_out_ops = { | 237 | .owner = THIS_MODULE, |
238 | .hook = ipv4_conntrack_local, | 238 | .pf = PF_INET, |
239 | .owner = THIS_MODULE, | 239 | .hooknum = NF_IP_LOCAL_OUT, |
240 | .pf = PF_INET, | 240 | .priority = NF_IP_PRI_CONNTRACK, |
241 | .hooknum = NF_IP_LOCAL_OUT, | 241 | }, |
242 | .priority = NF_IP_PRI_CONNTRACK, | 242 | { |
243 | }; | 243 | .hook = ipv4_conntrack_help, |
244 | 244 | .owner = THIS_MODULE, | |
245 | /* helpers */ | 245 | .pf = PF_INET, |
246 | static struct nf_hook_ops ipv4_conntrack_helper_out_ops = { | 246 | .hooknum = NF_IP_POST_ROUTING, |
247 | .hook = ipv4_conntrack_help, | 247 | .priority = NF_IP_PRI_CONNTRACK_HELPER, |
248 | .owner = THIS_MODULE, | 248 | }, |
249 | .pf = PF_INET, | 249 | { |
250 | .hooknum = NF_IP_POST_ROUTING, | 250 | .hook = ipv4_conntrack_help, |
251 | .priority = NF_IP_PRI_CONNTRACK_HELPER, | 251 | .owner = THIS_MODULE, |
252 | }; | 252 | .pf = PF_INET, |
253 | 253 | .hooknum = NF_IP_LOCAL_IN, | |
254 | static struct nf_hook_ops ipv4_conntrack_helper_in_ops = { | 254 | .priority = NF_IP_PRI_CONNTRACK_HELPER, |
255 | .hook = ipv4_conntrack_help, | 255 | }, |
256 | .owner = THIS_MODULE, | 256 | { |
257 | .pf = PF_INET, | 257 | .hook = ipv4_confirm, |
258 | .hooknum = NF_IP_LOCAL_IN, | 258 | .owner = THIS_MODULE, |
259 | .priority = NF_IP_PRI_CONNTRACK_HELPER, | 259 | .pf = PF_INET, |
260 | }; | 260 | .hooknum = NF_IP_POST_ROUTING, |
261 | 261 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | |
262 | 262 | }, | |
263 | /* Refragmenter; last chance. */ | 263 | { |
264 | static struct nf_hook_ops ipv4_conntrack_out_ops = { | 264 | .hook = ipv4_confirm, |
265 | .hook = ipv4_confirm, | 265 | .owner = THIS_MODULE, |
266 | .owner = THIS_MODULE, | 266 | .pf = PF_INET, |
267 | .pf = PF_INET, | 267 | .hooknum = NF_IP_LOCAL_IN, |
268 | .hooknum = NF_IP_POST_ROUTING, | 268 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, |
269 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | 269 | }, |
270 | }; | ||
271 | |||
272 | static struct nf_hook_ops ipv4_conntrack_local_in_ops = { | ||
273 | .hook = ipv4_confirm, | ||
274 | .owner = THIS_MODULE, | ||
275 | .pf = PF_INET, | ||
276 | .hooknum = NF_IP_LOCAL_IN, | ||
277 | .priority = NF_IP_PRI_CONNTRACK_CONFIRM, | ||
278 | }; | 270 | }; |
279 | 271 | ||
280 | #ifdef CONFIG_SYSCTL | 272 | #ifdef CONFIG_SYSCTL |
@@ -476,59 +468,18 @@ static int init_or_cleanup(int init) | |||
476 | goto cleanup_icmp; | 468 | goto cleanup_icmp; |
477 | } | 469 | } |
478 | 470 | ||
479 | ret = nf_register_hook(&ipv4_conntrack_defrag_ops); | 471 | ret = nf_register_hooks(ipv4_conntrack_ops, |
472 | ARRAY_SIZE(ipv4_conntrack_ops)); | ||
480 | if (ret < 0) { | 473 | if (ret < 0) { |
481 | printk("nf_conntrack_ipv4: can't register pre-routing defrag hook.\n"); | 474 | printk("nf_conntrack_ipv4: can't register hooks.\n"); |
482 | goto cleanup_ipv4; | 475 | goto cleanup_ipv4; |
483 | } | 476 | } |
484 | ret = nf_register_hook(&ipv4_conntrack_defrag_local_out_ops); | ||
485 | if (ret < 0) { | ||
486 | printk("nf_conntrack_ipv4: can't register local_out defrag hook.\n"); | ||
487 | goto cleanup_defragops; | ||
488 | } | ||
489 | |||
490 | ret = nf_register_hook(&ipv4_conntrack_in_ops); | ||
491 | if (ret < 0) { | ||
492 | printk("nf_conntrack_ipv4: can't register pre-routing hook.\n"); | ||
493 | goto cleanup_defraglocalops; | ||
494 | } | ||
495 | |||
496 | ret = nf_register_hook(&ipv4_conntrack_local_out_ops); | ||
497 | if (ret < 0) { | ||
498 | printk("nf_conntrack_ipv4: can't register local out hook.\n"); | ||
499 | goto cleanup_inops; | ||
500 | } | ||
501 | |||
502 | ret = nf_register_hook(&ipv4_conntrack_helper_in_ops); | ||
503 | if (ret < 0) { | ||
504 | printk("nf_conntrack_ipv4: can't register local helper hook.\n"); | ||
505 | goto cleanup_inandlocalops; | ||
506 | } | ||
507 | |||
508 | ret = nf_register_hook(&ipv4_conntrack_helper_out_ops); | ||
509 | if (ret < 0) { | ||
510 | printk("nf_conntrack_ipv4: can't register postrouting helper hook.\n"); | ||
511 | goto cleanup_helperinops; | ||
512 | } | ||
513 | |||
514 | ret = nf_register_hook(&ipv4_conntrack_out_ops); | ||
515 | if (ret < 0) { | ||
516 | printk("nf_conntrack_ipv4: can't register post-routing hook.\n"); | ||
517 | goto cleanup_helperoutops; | ||
518 | } | ||
519 | |||
520 | ret = nf_register_hook(&ipv4_conntrack_local_in_ops); | ||
521 | if (ret < 0) { | ||
522 | printk("nf_conntrack_ipv4: can't register local in hook.\n"); | ||
523 | goto cleanup_inoutandlocalops; | ||
524 | } | ||
525 | |||
526 | #ifdef CONFIG_SYSCTL | 477 | #ifdef CONFIG_SYSCTL |
527 | nf_ct_ipv4_sysctl_header = register_sysctl_table(nf_ct_net_table, 0); | 478 | nf_ct_ipv4_sysctl_header = register_sysctl_table(nf_ct_net_table, 0); |
528 | if (nf_ct_ipv4_sysctl_header == NULL) { | 479 | if (nf_ct_ipv4_sysctl_header == NULL) { |
529 | printk("nf_conntrack: can't register to sysctl.\n"); | 480 | printk("nf_conntrack: can't register to sysctl.\n"); |
530 | ret = -ENOMEM; | 481 | ret = -ENOMEM; |
531 | goto cleanup_localinops; | 482 | goto cleanup_hooks; |
532 | } | 483 | } |
533 | #endif | 484 | #endif |
534 | return ret; | 485 | return ret; |
@@ -537,23 +488,9 @@ static int init_or_cleanup(int init) | |||
537 | synchronize_net(); | 488 | synchronize_net(); |
538 | #ifdef CONFIG_SYSCTL | 489 | #ifdef CONFIG_SYSCTL |
539 | unregister_sysctl_table(nf_ct_ipv4_sysctl_header); | 490 | unregister_sysctl_table(nf_ct_ipv4_sysctl_header); |
540 | cleanup_localinops: | 491 | cleanup_hooks: |
541 | #endif | 492 | #endif |
542 | nf_unregister_hook(&ipv4_conntrack_local_in_ops); | 493 | nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops)); |
543 | cleanup_inoutandlocalops: | ||
544 | nf_unregister_hook(&ipv4_conntrack_out_ops); | ||
545 | cleanup_helperoutops: | ||
546 | nf_unregister_hook(&ipv4_conntrack_helper_out_ops); | ||
547 | cleanup_helperinops: | ||
548 | nf_unregister_hook(&ipv4_conntrack_helper_in_ops); | ||
549 | cleanup_inandlocalops: | ||
550 | nf_unregister_hook(&ipv4_conntrack_local_out_ops); | ||
551 | cleanup_inops: | ||
552 | nf_unregister_hook(&ipv4_conntrack_in_ops); | ||
553 | cleanup_defraglocalops: | ||
554 | nf_unregister_hook(&ipv4_conntrack_defrag_local_out_ops); | ||
555 | cleanup_defragops: | ||
556 | nf_unregister_hook(&ipv4_conntrack_defrag_ops); | ||
557 | cleanup_ipv4: | 494 | cleanup_ipv4: |
558 | nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4); | 495 | nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4); |
559 | cleanup_icmp: | 496 | cleanup_icmp: |
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index e5e724d9ee60..60976c0c58e8 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c | |||
@@ -177,37 +177,20 @@ static int __init ip6table_filter_init(void) | |||
177 | return ret; | 177 | return ret; |
178 | 178 | ||
179 | /* Register hooks */ | 179 | /* Register hooks */ |
180 | ret = nf_register_hook(&ip6t_ops[0]); | 180 | ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); |
181 | if (ret < 0) | 181 | if (ret < 0) |
182 | goto cleanup_table; | 182 | goto cleanup_table; |
183 | 183 | ||
184 | ret = nf_register_hook(&ip6t_ops[1]); | ||
185 | if (ret < 0) | ||
186 | goto cleanup_hook0; | ||
187 | |||
188 | ret = nf_register_hook(&ip6t_ops[2]); | ||
189 | if (ret < 0) | ||
190 | goto cleanup_hook1; | ||
191 | |||
192 | return ret; | 184 | return ret; |
193 | 185 | ||
194 | cleanup_hook1: | ||
195 | nf_unregister_hook(&ip6t_ops[1]); | ||
196 | cleanup_hook0: | ||
197 | nf_unregister_hook(&ip6t_ops[0]); | ||
198 | cleanup_table: | 186 | cleanup_table: |
199 | ip6t_unregister_table(&packet_filter); | 187 | ip6t_unregister_table(&packet_filter); |
200 | |||
201 | return ret; | 188 | return ret; |
202 | } | 189 | } |
203 | 190 | ||
204 | static void __exit ip6table_filter_fini(void) | 191 | static void __exit ip6table_filter_fini(void) |
205 | { | 192 | { |
206 | unsigned int i; | 193 | nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); |
207 | |||
208 | for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++) | ||
209 | nf_unregister_hook(&ip6t_ops[i]); | ||
210 | |||
211 | ip6t_unregister_table(&packet_filter); | 194 | ip6t_unregister_table(&packet_filter); |
212 | } | 195 | } |
213 | 196 | ||
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c index e1f0f6ae9841..03a13eab1dae 100644 --- a/net/ipv6/netfilter/ip6table_mangle.c +++ b/net/ipv6/netfilter/ip6table_mangle.c | |||
@@ -238,49 +238,20 @@ static int __init ip6table_mangle_init(void) | |||
238 | return ret; | 238 | return ret; |
239 | 239 | ||
240 | /* Register hooks */ | 240 | /* Register hooks */ |
241 | ret = nf_register_hook(&ip6t_ops[0]); | 241 | ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); |
242 | if (ret < 0) | 242 | if (ret < 0) |
243 | goto cleanup_table; | 243 | goto cleanup_table; |
244 | 244 | ||
245 | ret = nf_register_hook(&ip6t_ops[1]); | ||
246 | if (ret < 0) | ||
247 | goto cleanup_hook0; | ||
248 | |||
249 | ret = nf_register_hook(&ip6t_ops[2]); | ||
250 | if (ret < 0) | ||
251 | goto cleanup_hook1; | ||
252 | |||
253 | ret = nf_register_hook(&ip6t_ops[3]); | ||
254 | if (ret < 0) | ||
255 | goto cleanup_hook2; | ||
256 | |||
257 | ret = nf_register_hook(&ip6t_ops[4]); | ||
258 | if (ret < 0) | ||
259 | goto cleanup_hook3; | ||
260 | |||
261 | return ret; | 245 | return ret; |
262 | 246 | ||
263 | cleanup_hook3: | ||
264 | nf_unregister_hook(&ip6t_ops[3]); | ||
265 | cleanup_hook2: | ||
266 | nf_unregister_hook(&ip6t_ops[2]); | ||
267 | cleanup_hook1: | ||
268 | nf_unregister_hook(&ip6t_ops[1]); | ||
269 | cleanup_hook0: | ||
270 | nf_unregister_hook(&ip6t_ops[0]); | ||
271 | cleanup_table: | 247 | cleanup_table: |
272 | ip6t_unregister_table(&packet_mangler); | 248 | ip6t_unregister_table(&packet_mangler); |
273 | |||
274 | return ret; | 249 | return ret; |
275 | } | 250 | } |
276 | 251 | ||
277 | static void __exit ip6table_mangle_fini(void) | 252 | static void __exit ip6table_mangle_fini(void) |
278 | { | 253 | { |
279 | unsigned int i; | 254 | nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); |
280 | |||
281 | for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++) | ||
282 | nf_unregister_hook(&ip6t_ops[i]); | ||
283 | |||
284 | ip6t_unregister_table(&packet_mangler); | 255 | ip6t_unregister_table(&packet_mangler); |
285 | } | 256 | } |
286 | 257 | ||
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c index 54d1fffd62ba..61a7c58e99f8 100644 --- a/net/ipv6/netfilter/ip6table_raw.c +++ b/net/ipv6/netfilter/ip6table_raw.c | |||
@@ -152,31 +152,20 @@ static int __init ip6table_raw_init(void) | |||
152 | return ret; | 152 | return ret; |
153 | 153 | ||
154 | /* Register hooks */ | 154 | /* Register hooks */ |
155 | ret = nf_register_hook(&ip6t_ops[0]); | 155 | ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); |
156 | if (ret < 0) | 156 | if (ret < 0) |
157 | goto cleanup_table; | 157 | goto cleanup_table; |
158 | 158 | ||
159 | ret = nf_register_hook(&ip6t_ops[1]); | ||
160 | if (ret < 0) | ||
161 | goto cleanup_hook0; | ||
162 | |||
163 | return ret; | 159 | return ret; |
164 | 160 | ||
165 | cleanup_hook0: | ||
166 | nf_unregister_hook(&ip6t_ops[0]); | ||
167 | cleanup_table: | 161 | cleanup_table: |
168 | ip6t_unregister_table(&packet_raw); | 162 | ip6t_unregister_table(&packet_raw); |
169 | |||
170 | return ret; | 163 | return ret; |
171 | } | 164 | } |
172 | 165 | ||
173 | static void __exit ip6table_raw_fini(void) | 166 | static void __exit ip6table_raw_fini(void) |
174 | { | 167 | { |
175 | unsigned int i; | 168 | nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops)); |
176 | |||
177 | for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++) | ||
178 | nf_unregister_hook(&ip6t_ops[i]); | ||
179 | |||
180 | ip6t_unregister_table(&packet_raw); | 169 | ip6t_unregister_table(&packet_raw); |
181 | } | 170 | } |
182 | 171 | ||
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c index c8b5a96cbb0f..0426ed0e9c1d 100644 --- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c +++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | |||
@@ -286,55 +286,49 @@ static unsigned int ipv6_conntrack_local(unsigned int hooknum, | |||
286 | return ipv6_conntrack_in(hooknum, pskb, in, out, okfn); | 286 | return ipv6_conntrack_in(hooknum, pskb, in, out, okfn); |
287 | } | 287 | } |
288 | 288 | ||
289 | /* Connection tracking may drop packets, but never alters them, so | 289 | static struct nf_hook_ops ipv6_conntrack_ops[] = { |
290 | make it the first hook. */ | 290 | { |
291 | static struct nf_hook_ops ipv6_conntrack_defrag_ops = { | 291 | .hook = ipv6_defrag, |
292 | .hook = ipv6_defrag, | 292 | .owner = THIS_MODULE, |
293 | .owner = THIS_MODULE, | 293 | .pf = PF_INET6, |
294 | .pf = PF_INET6, | 294 | .hooknum = NF_IP6_PRE_ROUTING, |
295 | .hooknum = NF_IP6_PRE_ROUTING, | 295 | .priority = NF_IP6_PRI_CONNTRACK_DEFRAG, |
296 | .priority = NF_IP6_PRI_CONNTRACK_DEFRAG, | 296 | }, |
297 | }; | 297 | { |
298 | 298 | .hook = ipv6_conntrack_in, | |
299 | static struct nf_hook_ops ipv6_conntrack_in_ops = { | 299 | .owner = THIS_MODULE, |
300 | .hook = ipv6_conntrack_in, | 300 | .pf = PF_INET6, |
301 | .owner = THIS_MODULE, | 301 | .hooknum = NF_IP6_PRE_ROUTING, |
302 | .pf = PF_INET6, | 302 | .priority = NF_IP6_PRI_CONNTRACK, |
303 | .hooknum = NF_IP6_PRE_ROUTING, | 303 | }, |
304 | .priority = NF_IP6_PRI_CONNTRACK, | 304 | { |
305 | }; | 305 | .hook = ipv6_conntrack_local, |
306 | 306 | .owner = THIS_MODULE, | |
307 | static struct nf_hook_ops ipv6_conntrack_local_out_ops = { | 307 | .pf = PF_INET6, |
308 | .hook = ipv6_conntrack_local, | 308 | .hooknum = NF_IP6_LOCAL_OUT, |
309 | .owner = THIS_MODULE, | 309 | .priority = NF_IP6_PRI_CONNTRACK, |
310 | .pf = PF_INET6, | 310 | }, |
311 | .hooknum = NF_IP6_LOCAL_OUT, | 311 | { |
312 | .priority = NF_IP6_PRI_CONNTRACK, | 312 | .hook = ipv6_defrag, |
313 | }; | 313 | .owner = THIS_MODULE, |
314 | 314 | .pf = PF_INET6, | |
315 | static struct nf_hook_ops ipv6_conntrack_defrag_local_out_ops = { | 315 | .hooknum = NF_IP6_LOCAL_OUT, |
316 | .hook = ipv6_defrag, | 316 | .priority = NF_IP6_PRI_CONNTRACK_DEFRAG, |
317 | .owner = THIS_MODULE, | 317 | }, |
318 | .pf = PF_INET6, | 318 | { |
319 | .hooknum = NF_IP6_LOCAL_OUT, | 319 | .hook = ipv6_confirm, |
320 | .priority = NF_IP6_PRI_CONNTRACK_DEFRAG, | 320 | .owner = THIS_MODULE, |
321 | }; | 321 | .pf = PF_INET6, |
322 | 322 | .hooknum = NF_IP6_POST_ROUTING, | |
323 | /* Refragmenter; last chance. */ | 323 | .priority = NF_IP6_PRI_LAST, |
324 | static struct nf_hook_ops ipv6_conntrack_out_ops = { | 324 | }, |
325 | .hook = ipv6_confirm, | 325 | { |
326 | .owner = THIS_MODULE, | 326 | .hook = ipv6_confirm, |
327 | .pf = PF_INET6, | 327 | .owner = THIS_MODULE, |
328 | .hooknum = NF_IP6_POST_ROUTING, | 328 | .pf = PF_INET6, |
329 | .priority = NF_IP6_PRI_LAST, | 329 | .hooknum = NF_IP6_LOCAL_IN, |
330 | }; | 330 | .priority = NF_IP6_PRI_LAST-1, |
331 | 331 | }, | |
332 | static struct nf_hook_ops ipv6_conntrack_local_in_ops = { | ||
333 | .hook = ipv6_confirm, | ||
334 | .owner = THIS_MODULE, | ||
335 | .pf = PF_INET6, | ||
336 | .hooknum = NF_IP6_LOCAL_IN, | ||
337 | .priority = NF_IP6_PRI_LAST-1, | ||
338 | }; | 332 | }; |
339 | 333 | ||
340 | #ifdef CONFIG_SYSCTL | 334 | #ifdef CONFIG_SYSCTL |
@@ -505,50 +499,19 @@ static int init_or_cleanup(int init) | |||
505 | goto cleanup_icmpv6; | 499 | goto cleanup_icmpv6; |
506 | } | 500 | } |
507 | 501 | ||
508 | ret = nf_register_hook(&ipv6_conntrack_defrag_ops); | 502 | ret = nf_register_hooks(ipv6_conntrack_ops, |
503 | ARRAY_SIZE(ipv6_conntrack_ops)); | ||
509 | if (ret < 0) { | 504 | if (ret < 0) { |
510 | printk("nf_conntrack_ipv6: can't register pre-routing defrag " | 505 | printk("nf_conntrack_ipv6: can't register pre-routing defrag " |
511 | "hook.\n"); | 506 | "hook.\n"); |
512 | goto cleanup_ipv6; | 507 | goto cleanup_ipv6; |
513 | } | 508 | } |
514 | |||
515 | ret = nf_register_hook(&ipv6_conntrack_defrag_local_out_ops); | ||
516 | if (ret < 0) { | ||
517 | printk("nf_conntrack_ipv6: can't register local_out defrag " | ||
518 | "hook.\n"); | ||
519 | goto cleanup_defragops; | ||
520 | } | ||
521 | |||
522 | ret = nf_register_hook(&ipv6_conntrack_in_ops); | ||
523 | if (ret < 0) { | ||
524 | printk("nf_conntrack_ipv6: can't register pre-routing hook.\n"); | ||
525 | goto cleanup_defraglocalops; | ||
526 | } | ||
527 | |||
528 | ret = nf_register_hook(&ipv6_conntrack_local_out_ops); | ||
529 | if (ret < 0) { | ||
530 | printk("nf_conntrack_ipv6: can't register local out hook.\n"); | ||
531 | goto cleanup_inops; | ||
532 | } | ||
533 | |||
534 | ret = nf_register_hook(&ipv6_conntrack_out_ops); | ||
535 | if (ret < 0) { | ||
536 | printk("nf_conntrack_ipv6: can't register post-routing hook.\n"); | ||
537 | goto cleanup_inandlocalops; | ||
538 | } | ||
539 | |||
540 | ret = nf_register_hook(&ipv6_conntrack_local_in_ops); | ||
541 | if (ret < 0) { | ||
542 | printk("nf_conntrack_ipv6: can't register local in hook.\n"); | ||
543 | goto cleanup_inoutandlocalops; | ||
544 | } | ||
545 | |||
546 | #ifdef CONFIG_SYSCTL | 509 | #ifdef CONFIG_SYSCTL |
547 | nf_ct_ipv6_sysctl_header = register_sysctl_table(nf_ct_net_table, 0); | 510 | nf_ct_ipv6_sysctl_header = register_sysctl_table(nf_ct_net_table, 0); |
548 | if (nf_ct_ipv6_sysctl_header == NULL) { | 511 | if (nf_ct_ipv6_sysctl_header == NULL) { |
549 | printk("nf_conntrack: can't register to sysctl.\n"); | 512 | printk("nf_conntrack: can't register to sysctl.\n"); |
550 | ret = -ENOMEM; | 513 | ret = -ENOMEM; |
551 | goto cleanup_localinops; | 514 | goto cleanup_hooks; |
552 | } | 515 | } |
553 | #endif | 516 | #endif |
554 | return ret; | 517 | return ret; |
@@ -557,19 +520,9 @@ static int init_or_cleanup(int init) | |||
557 | synchronize_net(); | 520 | synchronize_net(); |
558 | #ifdef CONFIG_SYSCTL | 521 | #ifdef CONFIG_SYSCTL |
559 | unregister_sysctl_table(nf_ct_ipv6_sysctl_header); | 522 | unregister_sysctl_table(nf_ct_ipv6_sysctl_header); |
560 | cleanup_localinops: | 523 | cleanup_hooks: |
561 | #endif | 524 | #endif |
562 | nf_unregister_hook(&ipv6_conntrack_local_in_ops); | 525 | nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops)); |
563 | cleanup_inoutandlocalops: | ||
564 | nf_unregister_hook(&ipv6_conntrack_out_ops); | ||
565 | cleanup_inandlocalops: | ||
566 | nf_unregister_hook(&ipv6_conntrack_local_out_ops); | ||
567 | cleanup_inops: | ||
568 | nf_unregister_hook(&ipv6_conntrack_in_ops); | ||
569 | cleanup_defraglocalops: | ||
570 | nf_unregister_hook(&ipv6_conntrack_defrag_local_out_ops); | ||
571 | cleanup_defragops: | ||
572 | nf_unregister_hook(&ipv6_conntrack_defrag_ops); | ||
573 | cleanup_ipv6: | 526 | cleanup_ipv6: |
574 | nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv6); | 527 | nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv6); |
575 | cleanup_icmpv6: | 528 | cleanup_icmpv6: |