2 files changed, 57 insertions, 91 deletions
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 30e8f7571529..f5ba606f0549 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -1025,43 +1025,42 @@ ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff *skb,
 }
-/* After packet filtering, forward packet through VS/DR, VS/TUN,
+static struct nf_hook_ops ip_vs_ops[]  = {
-   or VS/NAT(change destination), so that filtering rules can be
+        /* After packet filtering, forward packet through VS/DR, VS/TUN,
-   applied to IPVS. */
+         * or VS/NAT(change destination), so that filtering rules can be
-static struct nf_hook_ops ip_vs_in_ops = {
+         * applied to IPVS. */
-        .hook           = ip_vs_in,
+        {
-        .owner          = THIS_MODULE,
+                .hook           = ip_vs_in,
-        .pf             = PF_INET,
+                .owner          = THIS_MODULE,
-        .hooknum        = NF_INET_LOCAL_IN,
+                .pf             = PF_INET,
-        .priority       = 100,
+                .hooknum        = NF_INET_LOCAL_IN,
-};
+                .priority       = 100,
+        },
-/* After packet filtering, change source only for VS/NAT */
+        /* After packet filtering, change source only for VS/NAT */
-static struct nf_hook_ops ip_vs_out_ops = {
+        {
-        .hook           = ip_vs_out,
+                .hook           = ip_vs_out,
-        .owner          = THIS_MODULE,
+                .owner          = THIS_MODULE,
-        .pf             = PF_INET,
+                .pf             = PF_INET,
-        .hooknum        = NF_INET_FORWARD,
+                .hooknum        = NF_INET_FORWARD,
-        .priority       = 100,
+                .priority       = 100,
-};
+        },
+        /* After packet filtering (but before ip_vs_out_icmp), catch icmp
-/* After packet filtering (but before ip_vs_out_icmp), catch icmp
+         * destined for 0.0.0.0/0, which is for incoming IPVS connections */
-   destined for 0.0.0.0/0, which is for incoming IPVS connections */
+        {
-static struct nf_hook_ops ip_vs_forward_icmp_ops = {
+                .hook           = ip_vs_forward_icmp,
-        .hook           = ip_vs_forward_icmp,
+                .owner          = THIS_MODULE,
-        .owner          = THIS_MODULE,
+                .pf             = PF_INET,
-        .pf             = PF_INET,
+                .hooknum        = NF_INET_FORWARD,
-        .hooknum        = NF_INET_FORWARD,
+                .priority       = 99,
-        .priority       = 99,
+        },
-};
+        /* Before the netfilter connection tracking, exit from POST_ROUTING */
+        {
-/* Before the netfilter connection tracking, exit from POST_ROUTING */
+                .hook           = ip_vs_post_routing,
-static struct nf_hook_ops ip_vs_post_routing_ops = {
+                .owner          = THIS_MODULE,
-        .hook           = ip_vs_post_routing,
+                .pf             = PF_INET,
-        .owner          = THIS_MODULE,
+                .hooknum        = NF_INET_POST_ROUTING,
-        .pf             = PF_INET,
+                .priority       = NF_IP_PRI_NAT_SRC-1,
-        .hooknum        = NF_INET_POST_ROUTING,
+        },
-        .priority       = NF_IP_PRI_NAT_SRC-1,
 };
@@ -1092,37 +1091,15 @@ static int __init ip_vs_init(void)
                goto cleanup_app;
        }
-        ret = nf_register_hook(&ip_vs_in_ops);
+        ret = nf_register_hooks(ip_vs_ops, ARRAY_SIZE(ip_vs_ops));
        if (ret < 0) {
-                IP_VS_ERR("can't register in hook.\n");
+                IP_VS_ERR("can't register hooks.\n");
                goto cleanup_conn;
        }
-        ret = nf_register_hook(&ip_vs_out_ops);
-        if (ret < 0) {
-                IP_VS_ERR("can't register out hook.\n");
-                goto cleanup_inops;
-        }
-        ret = nf_register_hook(&ip_vs_post_routing_ops);
-        if (ret < 0) {
-                IP_VS_ERR("can't register post_routing hook.\n");
-                goto cleanup_outops;
-        }
-        ret = nf_register_hook(&ip_vs_forward_icmp_ops);
-        if (ret < 0) {
-                IP_VS_ERR("can't register forward_icmp hook.\n");
-                goto cleanup_postroutingops;
-        }
        IP_VS_INFO("ipvs loaded.\n");
        return ret;
-  cleanup_postroutingops:
-        nf_unregister_hook(&ip_vs_post_routing_ops);
-  cleanup_outops:
-        nf_unregister_hook(&ip_vs_out_ops);
-  cleanup_inops:
-        nf_unregister_hook(&ip_vs_in_ops);
  cleanup_conn:
        ip_vs_conn_cleanup();
  cleanup_app:
@@ -1136,10 +1113,7 @@ static int __init ip_vs_init(void)
 static void __exit ip_vs_cleanup(void)
 {
-        nf_unregister_hook(&ip_vs_forward_icmp_ops);
+        nf_unregister_hooks(ip_vs_ops, ARRAY_SIZE(ip_vs_ops));
-        nf_unregister_hook(&ip_vs_post_routing_ops);
-        nf_unregister_hook(&ip_vs_out_ops);
-        nf_unregister_hook(&ip_vs_in_ops);
        ip_vs_conn_cleanup();
        ip_vs_app_cleanup();
        ip_vs_protocol_cleanup();
diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c
index 902d82ea764b..f4af9b604f3f 100644
--- a/net/sched/sch_ingress.c
+++ b/net/sched/sch_ingress.c
@@ -231,20 +231,21 @@ ing_hook(unsigned int hook, struct sk_buff *skb,
 }
 /* after ipt_filter */
-static struct nf_hook_ops ing_ops = {
+static struct nf_hook_ops ing_ops[] = {
-        .hook           = ing_hook,
+        {
-        .owner          = THIS_MODULE,
+                .hook           = ing_hook,
-        .pf             = PF_INET,
+                .owner          = THIS_MODULE,
-        .hooknum        = NF_INET_PRE_ROUTING,
+                .pf             = PF_INET,
-        .priority       = NF_IP_PRI_FILTER + 1,
+                .hooknum        = NF_INET_PRE_ROUTING,
-};
+                .priority       = NF_IP_PRI_FILTER + 1,
+        },
-static struct nf_hook_ops ing6_ops = {
+        {
-        .hook           = ing_hook,
+                .hook           = ing_hook,
-        .owner          = THIS_MODULE,
+                .owner          = THIS_MODULE,
-        .pf             = PF_INET6,
+                .pf             = PF_INET6,
-        .hooknum        = NF_INET_PRE_ROUTING,
+                .hooknum        = NF_INET_PRE_ROUTING,
-        .priority       = NF_IP6_PRI_FILTER + 1,
+                .priority       = NF_IP6_PRI_FILTER + 1,
+        },
 };
 #endif
@@ -268,17 +269,11 @@ static int ingress_init(struct Qdisc *sch,struct rtattr *opt)
 #ifndef CONFIG_NET_CLS_ACT
 #ifdef CONFIG_NETFILTER
        if (!nf_registered) {
-                if (nf_register_hook(&ing_ops) < 0) {
+                if (nf_register_hooks(ing_ops, ARRAY_SIZE(ing_ops)) < 0) {
                        printk("ingress qdisc registration error \n");
                        return -EINVAL;
                }
                nf_registered++;
-                if (nf_register_hook(&ing6_ops) < 0) {
-                        printk("IPv6 ingress qdisc registration error, " \
-                            "disabling IPv6 support.\n");
-                } else
-                        nf_registered++;
        }
 #endif
 #endif
@@ -385,11 +380,8 @@ static void __exit ingress_module_exit(void)
        unregister_qdisc(&ingress_qdisc_ops);
 #ifndef CONFIG_NET_CLS_ACT
 #ifdef CONFIG_NETFILTER
-        if (nf_registered) {
+        if (nf_registered)
-                nf_unregister_hook(&ing_ops);
+                nf_unregister_hooks(ing_ops, ARRAY_SIZE(ing_ops));
-                if (nf_registered > 1)
-                        nf_unregister_hook(&ing6_ops);
-        }
 #endif
 #endif
 }

diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c index 30e8f7571529..f5ba606f0549 100644 --- a/net/ipv4/ipvs/ip_vs_core.c +++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -1025,43 +1025,42 @@ ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff *skb,
1025	}	1025	}
1026		1026
1027		1027
1028	/* After packet filtering, forward packet through VS/DR, VS/TUN,	1028	static struct nf_hook_ops ip_vs_ops[] = {
1029	or VS/NAT(change destination), so that filtering rules can be	1029	/* After packet filtering, forward packet through VS/DR, VS/TUN,
1030	applied to IPVS. */	1030	* or VS/NAT(change destination), so that filtering rules can be
1031	static struct nf_hook_ops ip_vs_in_ops = {	1031	* applied to IPVS. */
1032	.hook = ip_vs_in,	1032	{
1033	.owner = THIS_MODULE,	1033	.hook = ip_vs_in,
1034	.pf = PF_INET,	1034	.owner = THIS_MODULE,
1035	.hooknum = NF_INET_LOCAL_IN,	1035	.pf = PF_INET,
1036	.priority = 100,	1036	.hooknum = NF_INET_LOCAL_IN,
1037	};	1037	.priority = 100,
1038		1038	},
1039	/* After packet filtering, change source only for VS/NAT */	1039	/* After packet filtering, change source only for VS/NAT */
1040	static struct nf_hook_ops ip_vs_out_ops = {	1040	{
1041	.hook = ip_vs_out,	1041	.hook = ip_vs_out,
1042	.owner = THIS_MODULE,	1042	.owner = THIS_MODULE,
1043	.pf = PF_INET,	1043	.pf = PF_INET,
1044	.hooknum = NF_INET_FORWARD,	1044	.hooknum = NF_INET_FORWARD,
1045	.priority = 100,	1045	.priority = 100,
1046	};	1046	},
1047		1047	/* After packet filtering (but before ip_vs_out_icmp), catch icmp
1048	/* After packet filtering (but before ip_vs_out_icmp), catch icmp	1048	* destined for 0.0.0.0/0, which is for incoming IPVS connections */
1049	destined for 0.0.0.0/0, which is for incoming IPVS connections */	1049	{
1050	static struct nf_hook_ops ip_vs_forward_icmp_ops = {	1050	.hook = ip_vs_forward_icmp,
1051	.hook = ip_vs_forward_icmp,	1051	.owner = THIS_MODULE,
1052	.owner = THIS_MODULE,	1052	.pf = PF_INET,
1053	.pf = PF_INET,	1053	.hooknum = NF_INET_FORWARD,
1054	.hooknum = NF_INET_FORWARD,	1054	.priority = 99,
1055	.priority = 99,	1055	},
1056	};	1056	/* Before the netfilter connection tracking, exit from POST_ROUTING */
1057		1057	{
1058	/* Before the netfilter connection tracking, exit from POST_ROUTING */	1058	.hook = ip_vs_post_routing,
1059	static struct nf_hook_ops ip_vs_post_routing_ops = {	1059	.owner = THIS_MODULE,
1060	.hook = ip_vs_post_routing,	1060	.pf = PF_INET,
1061	.owner = THIS_MODULE,	1061	.hooknum = NF_INET_POST_ROUTING,
1062	.pf = PF_INET,	1062	.priority = NF_IP_PRI_NAT_SRC-1,
1063	.hooknum = NF_INET_POST_ROUTING,	1063	},
1064	.priority = NF_IP_PRI_NAT_SRC-1,
1065	};	1064	};
1066		1065
1067		1066
@@ -1092,37 +1091,15 @@ static int __init ip_vs_init(void)
1092	goto cleanup_app;	1091	goto cleanup_app;
1093	}	1092	}
1094		1093
1095	ret = nf_register_hook(&ip_vs_in_ops);	1094	ret = nf_register_hooks(ip_vs_ops, ARRAY_SIZE(ip_vs_ops));
1096	if (ret < 0) {	1095	if (ret < 0) {
1097	IP_VS_ERR("can't register in hook.\n");	1096	IP_VS_ERR("can't register hooks.\n");
1098	goto cleanup_conn;	1097	goto cleanup_conn;
1099	}	1098	}
1100		1099
1101	ret = nf_register_hook(&ip_vs_out_ops);
1102	if (ret < 0) {
1103	IP_VS_ERR("can't register out hook.\n");
1104	goto cleanup_inops;
1105	}
1106	ret = nf_register_hook(&ip_vs_post_routing_ops);
1107	if (ret < 0) {
1108	IP_VS_ERR("can't register post_routing hook.\n");
1109	goto cleanup_outops;
1110	}
1111	ret = nf_register_hook(&ip_vs_forward_icmp_ops);
1112	if (ret < 0) {
1113	IP_VS_ERR("can't register forward_icmp hook.\n");
1114	goto cleanup_postroutingops;
1115	}
1116
1117	IP_VS_INFO("ipvs loaded.\n");	1100	IP_VS_INFO("ipvs loaded.\n");
1118	return ret;	1101	return ret;
1119		1102
1120	cleanup_postroutingops:
1121	nf_unregister_hook(&ip_vs_post_routing_ops);
1122	cleanup_outops:
1123	nf_unregister_hook(&ip_vs_out_ops);
1124	cleanup_inops:
1125	nf_unregister_hook(&ip_vs_in_ops);
1126	cleanup_conn:	1103	cleanup_conn:
1127	ip_vs_conn_cleanup();	1104	ip_vs_conn_cleanup();
1128	cleanup_app:	1105	cleanup_app:
@@ -1136,10 +1113,7 @@ static int __init ip_vs_init(void)
1136		1113
1137	static void __exit ip_vs_cleanup(void)	1114	static void __exit ip_vs_cleanup(void)
1138	{	1115	{
1139	nf_unregister_hook(&ip_vs_forward_icmp_ops);	1116	nf_unregister_hooks(ip_vs_ops, ARRAY_SIZE(ip_vs_ops));
1140	nf_unregister_hook(&ip_vs_post_routing_ops);
1141	nf_unregister_hook(&ip_vs_out_ops);
1142	nf_unregister_hook(&ip_vs_in_ops);
1143	ip_vs_conn_cleanup();	1117	ip_vs_conn_cleanup();
1144	ip_vs_app_cleanup();	1118	ip_vs_app_cleanup();
1145	ip_vs_protocol_cleanup();	1119	ip_vs_protocol_cleanup();


diff --git a/net/sched/sch_ingress.c b/net/sched/sch_ingress.c index 902d82ea764b..f4af9b604f3f 100644 --- a/net/sched/sch_ingress.c +++ b/net/sched/sch_ingress.c
@@ -231,20 +231,21 @@ ing_hook(unsigned int hook, struct sk_buff *skb,
231	}	231	}
232		232
233	/* after ipt_filter */	233	/* after ipt_filter */
234	static struct nf_hook_ops ing_ops = {	234	static struct nf_hook_ops ing_ops[] = {
235	.hook = ing_hook,	235	{
236	.owner = THIS_MODULE,	236	.hook = ing_hook,
237	.pf = PF_INET,	237	.owner = THIS_MODULE,
238	.hooknum = NF_INET_PRE_ROUTING,	238	.pf = PF_INET,
239	.priority = NF_IP_PRI_FILTER + 1,	239	.hooknum = NF_INET_PRE_ROUTING,
240	};	240	.priority = NF_IP_PRI_FILTER + 1,
241		241	},
242	static struct nf_hook_ops ing6_ops = {	242	{
243	.hook = ing_hook,	243	.hook = ing_hook,
244	.owner = THIS_MODULE,	244	.owner = THIS_MODULE,
245	.pf = PF_INET6,	245	.pf = PF_INET6,
246	.hooknum = NF_INET_PRE_ROUTING,	246	.hooknum = NF_INET_PRE_ROUTING,
247	.priority = NF_IP6_PRI_FILTER + 1,	247	.priority = NF_IP6_PRI_FILTER + 1,
		248	},
248	};	249	};
249		250
250	#endif	251	#endif
@@ -268,17 +269,11 @@ static int ingress_init(struct Qdisc sch,struct rtattr opt)
268	#ifndef CONFIG_NET_CLS_ACT	269	#ifndef CONFIG_NET_CLS_ACT
269	#ifdef CONFIG_NETFILTER	270	#ifdef CONFIG_NETFILTER
270	if (!nf_registered) {	271	if (!nf_registered) {
271	if (nf_register_hook(&ing_ops) < 0) {	272	if (nf_register_hooks(ing_ops, ARRAY_SIZE(ing_ops)) < 0) {
272	printk("ingress qdisc registration error \n");	273	printk("ingress qdisc registration error \n");
273	return -EINVAL;	274	return -EINVAL;
274	}	275	}
275	nf_registered++;	276	nf_registered++;
276
277	if (nf_register_hook(&ing6_ops) < 0) {
278	printk("IPv6 ingress qdisc registration error, " \
279	"disabling IPv6 support.\n");
280	} else
281	nf_registered++;
282	}	277	}
283	#endif	278	#endif
284	#endif	279	#endif
@@ -385,11 +380,8 @@ static void __exit ingress_module_exit(void)
385	unregister_qdisc(&ingress_qdisc_ops);	380	unregister_qdisc(&ingress_qdisc_ops);
386	#ifndef CONFIG_NET_CLS_ACT	381	#ifndef CONFIG_NET_CLS_ACT
387	#ifdef CONFIG_NETFILTER	382	#ifdef CONFIG_NETFILTER
388	if (nf_registered) {	383	if (nf_registered)
389	nf_unregister_hook(&ing_ops);	384	nf_unregister_hooks(ing_ops, ARRAY_SIZE(ing_ops));
390	if (nf_registered > 1)
391	nf_unregister_hook(&ing6_ops);
392	}
393	#endif	385	#endif
394	#endif	386	#endif
395	}	387	}