Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c2f9eafe authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nf_tables: remove hooks from family definition 



They don't belong to the family definition, move them to the filter
chain type definition instead.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent c974a3a3

include/net/netfilter/nf_tables.h

+1 −3
Original line number Diff line number Diff line
@@ -880,7 +880,7 @@ enum nft_chain_type { 
 * 	@family: address family

 * 	@owner: module owner

 * 	@hook_mask: mask of valid hooks

 * 	@hooks: hookfn overrides

 * 	@hooks: array of hook functions

 */

struct nf_chain_type {

	const char			*name;
@@ -974,7 +974,6 @@ enum nft_af_flags { 
 *	@owner: module owner

 *	@tables: used internally

 *	@flags: family flags

 *	@hooks: hookfn overrides for packet validation

 */

struct nft_af_info {

	struct list_head		list;
@@ -983,7 +982,6 @@ struct nft_af_info { 
	struct module			*owner;

	struct list_head		tables;

	u32				flags;

	nf_hookfn			*hooks[NF_MAX_HOOKS];

};



int nft_register_afinfo(struct net *, struct nft_af_info *);

net/bridge/netfilter/nf_tables_bridge.c

+7 −7
Original line number Diff line number Diff line
@@ -46,13 +46,6 @@ static struct nft_af_info nft_af_bridge __read_mostly = { 
	.family		= NFPROTO_BRIDGE,

	.nhooks		= NF_BR_NUMHOOKS,

	.owner		= THIS_MODULE,

	.hooks		= {

		[NF_BR_PRE_ROUTING]	= nft_do_chain_bridge,

		[NF_BR_LOCAL_IN]	= nft_do_chain_bridge,

		[NF_BR_FORWARD]		= nft_do_chain_bridge,

		[NF_BR_LOCAL_OUT]	= nft_do_chain_bridge,

		[NF_BR_POST_ROUTING]	= nft_do_chain_bridge,

	},

};



static int nf_tables_bridge_init_net(struct net *net)
@@ -93,6 +86,13 @@ static const struct nf_chain_type filter_bridge = { 
			  (1 << NF_BR_FORWARD) |

			  (1 << NF_BR_LOCAL_OUT) |

			  (1 << NF_BR_POST_ROUTING),

	.hooks		= {

		[NF_BR_PRE_ROUTING]	= nft_do_chain_bridge,

		[NF_BR_LOCAL_IN]	= nft_do_chain_bridge,

		[NF_BR_FORWARD]		= nft_do_chain_bridge,

		[NF_BR_LOCAL_OUT]	= nft_do_chain_bridge,

		[NF_BR_POST_ROUTING]	= nft_do_chain_bridge,

	},

};



static void nf_br_saveroute(const struct sk_buff *skb,

net/ipv4/netfilter/nf_tables_arp.c

+4 −4
Original line number Diff line number Diff line
@@ -31,10 +31,6 @@ static struct nft_af_info nft_af_arp __read_mostly = { 
	.family		= NFPROTO_ARP,

	.nhooks		= NF_ARP_NUMHOOKS,

	.owner		= THIS_MODULE,

	.hooks		= {

		[NF_ARP_IN]		= nft_do_chain_arp,

		[NF_ARP_OUT]		= nft_do_chain_arp,

	},

};



static int nf_tables_arp_init_net(struct net *net)
@@ -72,6 +68,10 @@ static const struct nf_chain_type filter_arp = { 
	.owner		= THIS_MODULE,

	.hook_mask	= (1 << NF_ARP_IN) |

			  (1 << NF_ARP_OUT),

	.hooks		= {

		[NF_ARP_IN]		= nft_do_chain_arp,

		[NF_ARP_OUT]		= nft_do_chain_arp,

	},

};



static int __init nf_tables_arp_init(void)

net/ipv4/netfilter/nf_tables_ipv4.c

+7 −7
Original line number Diff line number Diff line
@@ -49,13 +49,6 @@ static struct nft_af_info nft_af_ipv4 __read_mostly = { 
	.family		= NFPROTO_IPV4,

	.nhooks		= NF_INET_NUMHOOKS,

	.owner		= THIS_MODULE,

	.hooks		= {

		[NF_INET_LOCAL_IN]	= nft_do_chain_ipv4,

		[NF_INET_LOCAL_OUT]	= nft_ipv4_output,

		[NF_INET_FORWARD]	= nft_do_chain_ipv4,

		[NF_INET_PRE_ROUTING]	= nft_do_chain_ipv4,

		[NF_INET_POST_ROUTING]	= nft_do_chain_ipv4,

	},

};



static int nf_tables_ipv4_init_net(struct net *net)
@@ -96,6 +89,13 @@ static const struct nf_chain_type filter_ipv4 = { 
			  (1 << NF_INET_FORWARD) |

			  (1 << NF_INET_PRE_ROUTING) |

			  (1 << NF_INET_POST_ROUTING),

	.hooks		= {

		[NF_INET_LOCAL_IN]	= nft_do_chain_ipv4,

		[NF_INET_LOCAL_OUT]	= nft_ipv4_output,

		[NF_INET_FORWARD]	= nft_do_chain_ipv4,

		[NF_INET_PRE_ROUTING]	= nft_do_chain_ipv4,

		[NF_INET_POST_ROUTING]	= nft_do_chain_ipv4,

	},

};



static int __init nf_tables_ipv4_init(void)

net/ipv6/netfilter/nf_tables_ipv6.c

+7 −7
Original line number Diff line number Diff line
@@ -46,13 +46,6 @@ static struct nft_af_info nft_af_ipv6 __read_mostly = { 
	.family		= NFPROTO_IPV6,

	.nhooks		= NF_INET_NUMHOOKS,

	.owner		= THIS_MODULE,

	.hooks		= {

		[NF_INET_LOCAL_IN]	= nft_do_chain_ipv6,

		[NF_INET_LOCAL_OUT]	= nft_ipv6_output,

		[NF_INET_FORWARD]	= nft_do_chain_ipv6,

		[NF_INET_PRE_ROUTING]	= nft_do_chain_ipv6,

		[NF_INET_POST_ROUTING]	= nft_do_chain_ipv6,

	},

};



static int nf_tables_ipv6_init_net(struct net *net)
@@ -93,6 +86,13 @@ static const struct nf_chain_type filter_ipv6 = { 
			  (1 << NF_INET_FORWARD) |

			  (1 << NF_INET_PRE_ROUTING) |

			  (1 << NF_INET_POST_ROUTING),

	.hooks		= {

		[NF_INET_LOCAL_IN]	= nft_do_chain_ipv6,

		[NF_INET_LOCAL_OUT]	= nft_ipv6_output,

		[NF_INET_FORWARD]	= nft_do_chain_ipv6,

		[NF_INET_PRE_ROUTING]	= nft_do_chain_ipv6,

		[NF_INET_POST_ROUTING]	= nft_do_chain_ipv6,

	},

};



static int __init nf_tables_ipv6_init(void)