Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c974a3a3 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nf_tables: remove multihook chains and families 



Since NFPROTO_INET is handled from the core, we don't need to maintain
extra infrastructure in nf_tables to handle the double hook
registration, one for IPv4 and another for IPv6.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 12355d36

include/net/netfilter/nf_tables.h

+1 −8
Original line number Diff line number Diff line
@@ -902,8 +902,6 @@ struct nft_stats { 
	struct u64_stats_sync	syncp;

};



#define NFT_HOOK_OPS_MAX		2



/**

 *	struct nft_base_chain - nf_tables base chain

 *
@@ -915,7 +913,7 @@ struct nft_stats { 
 *	@dev_name: device name that this base chain is attached to (if any)

 */

struct nft_base_chain {

	struct nf_hook_ops		ops[NFT_HOOK_OPS_MAX];

	struct nf_hook_ops		ops;

	const struct nf_chain_type	*type;

	u8				policy;

	u8				flags;
@@ -976,8 +974,6 @@ enum nft_af_flags { 
 *	@owner: module owner

 *	@tables: used internally

 *	@flags: family flags

 *	@nops: number of hook ops in this family

 *	@hook_ops_init: initialization function for chain hook ops

 *	@hooks: hookfn overrides for packet validation

 */

struct nft_af_info {
@@ -987,9 +983,6 @@ struct nft_af_info { 
	struct module			*owner;

	struct list_head		tables;

	u32				flags;

	unsigned int			nops;

	void				(*hook_ops_init)(struct nf_hook_ops *,

							 unsigned int);

	nf_hookfn			*hooks[NF_MAX_HOOKS];

};

net/bridge/netfilter/nf_tables_bridge.c

+0 −1
Original line number Diff line number Diff line
@@ -46,7 +46,6 @@ static struct nft_af_info nft_af_bridge __read_mostly = { 
	.family		= NFPROTO_BRIDGE,

	.nhooks		= NF_BR_NUMHOOKS,

	.owner		= THIS_MODULE,

	.nops		= 1,

	.hooks		= {

		[NF_BR_PRE_ROUTING]	= nft_do_chain_bridge,

		[NF_BR_LOCAL_IN]	= nft_do_chain_bridge,

net/ipv4/netfilter/nf_tables_arp.c

+0 −1
Original line number Diff line number Diff line
@@ -31,7 +31,6 @@ static struct nft_af_info nft_af_arp __read_mostly = { 
	.family		= NFPROTO_ARP,

	.nhooks		= NF_ARP_NUMHOOKS,

	.owner		= THIS_MODULE,

	.nops		= 1,

	.hooks		= {

		[NF_ARP_IN]		= nft_do_chain_arp,

		[NF_ARP_OUT]		= nft_do_chain_arp,

net/ipv4/netfilter/nf_tables_ipv4.c

+0 −1
Original line number Diff line number Diff line
@@ -49,7 +49,6 @@ static struct nft_af_info nft_af_ipv4 __read_mostly = { 
	.family		= NFPROTO_IPV4,

	.nhooks		= NF_INET_NUMHOOKS,

	.owner		= THIS_MODULE,

	.nops		= 1,

	.hooks		= {

		[NF_INET_LOCAL_IN]	= nft_do_chain_ipv4,

		[NF_INET_LOCAL_OUT]	= nft_ipv4_output,

net/ipv6/netfilter/nf_tables_ipv6.c

+0 −1
Original line number Diff line number Diff line
@@ -46,7 +46,6 @@ static struct nft_af_info nft_af_ipv6 __read_mostly = { 
	.family		= NFPROTO_IPV6,

	.nhooks		= NF_INET_NUMHOOKS,

	.owner		= THIS_MODULE,

	.nops		= 1,

	.hooks		= {

		[NF_INET_LOCAL_IN]	= nft_do_chain_ipv6,

		[NF_INET_LOCAL_OUT]	= nft_ipv6_output,