Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 41c5b317 authored by Patrick McHardy's avatar Patrick McHardy Committed by David S. Miller
Browse files

[NETFILTER]: Use nf_register_hooks for multiple registrations 



Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 279c2c74

net/ipv4/ipvs/ip_vs_core.c

+39 −65
Original line number Diff line number Diff line
@@ -1025,43 +1025,42 @@ ip_vs_forward_icmp(unsigned int hooknum, struct sk_buff *skb, 
}





static struct nf_hook_ops ip_vs_ops[]  = {

	/* After packet filtering, forward packet through VS/DR, VS/TUN,

   or VS/NAT(change destination), so that filtering rules can be

   applied to IPVS. */

static struct nf_hook_ops ip_vs_in_ops = {

	 * or VS/NAT(change destination), so that filtering rules can be

	 * applied to IPVS. */

	{

		.hook		= ip_vs_in,

		.owner		= THIS_MODULE,

		.pf		= PF_INET,

		.hooknum        = NF_INET_LOCAL_IN,

		.priority       = 100,

};



	},

	/* After packet filtering, change source only for VS/NAT */

static struct nf_hook_ops ip_vs_out_ops = {

	{

		.hook		= ip_vs_out,

		.owner		= THIS_MODULE,

		.pf		= PF_INET,

		.hooknum        = NF_INET_FORWARD,

		.priority       = 100,

};



	},

	/* After packet filtering (but before ip_vs_out_icmp), catch icmp

   destined for 0.0.0.0/0, which is for incoming IPVS connections */

static struct nf_hook_ops ip_vs_forward_icmp_ops = {

	 * destined for 0.0.0.0/0, which is for incoming IPVS connections */

	{

		.hook		= ip_vs_forward_icmp,

		.owner		= THIS_MODULE,

		.pf		= PF_INET,

		.hooknum        = NF_INET_FORWARD,

		.priority       = 99,

};



	},

	/* Before the netfilter connection tracking, exit from POST_ROUTING */

static struct nf_hook_ops ip_vs_post_routing_ops = {

	{

		.hook		= ip_vs_post_routing,

		.owner		= THIS_MODULE,

		.pf		= PF_INET,

		.hooknum        = NF_INET_POST_ROUTING,

		.priority       = NF_IP_PRI_NAT_SRC-1,

	},

};
@@ -1092,37 +1091,15 @@ static int __init ip_vs_init(void) 
		goto cleanup_app;

	}



	ret = nf_register_hook(&ip_vs_in_ops);

	ret = nf_register_hooks(ip_vs_ops, ARRAY_SIZE(ip_vs_ops));

	if (ret < 0) {

		IP_VS_ERR("can't register in hook.\n");

		IP_VS_ERR("can't register hooks.\n");

		goto cleanup_conn;

	}



	ret = nf_register_hook(&ip_vs_out_ops);

	if (ret < 0) {

		IP_VS_ERR("can't register out hook.\n");

		goto cleanup_inops;

	}

	ret = nf_register_hook(&ip_vs_post_routing_ops);

	if (ret < 0) {

		IP_VS_ERR("can't register post_routing hook.\n");

		goto cleanup_outops;

	}

	ret = nf_register_hook(&ip_vs_forward_icmp_ops);

	if (ret < 0) {

		IP_VS_ERR("can't register forward_icmp hook.\n");

		goto cleanup_postroutingops;

	}



	IP_VS_INFO("ipvs loaded.\n");

	return ret;



  cleanup_postroutingops:

	nf_unregister_hook(&ip_vs_post_routing_ops);

  cleanup_outops:

	nf_unregister_hook(&ip_vs_out_ops);

  cleanup_inops:

	nf_unregister_hook(&ip_vs_in_ops);

  cleanup_conn:

	ip_vs_conn_cleanup();

  cleanup_app:
@@ -1136,10 +1113,7 @@ static int __init ip_vs_init(void) 


static void __exit ip_vs_cleanup(void)

{

	nf_unregister_hook(&ip_vs_forward_icmp_ops);

	nf_unregister_hook(&ip_vs_post_routing_ops);

	nf_unregister_hook(&ip_vs_out_ops);

	nf_unregister_hook(&ip_vs_in_ops);

	nf_unregister_hooks(ip_vs_ops, ARRAY_SIZE(ip_vs_ops));

	ip_vs_conn_cleanup();

	ip_vs_app_cleanup();

	ip_vs_protocol_cleanup();

net/sched/sch_ingress.c

+18 −26
Original line number Diff line number Diff line
@@ -231,20 +231,21 @@ ing_hook(unsigned int hook, struct sk_buff *skb, 
}



/* after ipt_filter */

static struct nf_hook_ops ing_ops = {

static struct nf_hook_ops ing_ops[] = {

	{

		.hook           = ing_hook,

		.owner		= THIS_MODULE,

		.pf             = PF_INET,

		.hooknum        = NF_INET_PRE_ROUTING,

		.priority       = NF_IP_PRI_FILTER + 1,

};



static struct nf_hook_ops ing6_ops = {

	},

	{

		.hook           = ing_hook,

		.owner		= THIS_MODULE,

		.pf             = PF_INET6,

		.hooknum        = NF_INET_PRE_ROUTING,

		.priority       = NF_IP6_PRI_FILTER + 1,

	},

};



#endif
@@ -268,17 +269,11 @@ static int ingress_init(struct Qdisc *sch,struct rtattr *opt) 
#ifndef CONFIG_NET_CLS_ACT

#ifdef CONFIG_NETFILTER

	if (!nf_registered) {

		if (nf_register_hook(&ing_ops) < 0) {

		if (nf_register_hooks(ing_ops, ARRAY_SIZE(ing_ops)) < 0) {

			printk("ingress qdisc registration error \n");

			return -EINVAL;

		}

		nf_registered++;



		if (nf_register_hook(&ing6_ops) < 0) {

			printk("IPv6 ingress qdisc registration error, " \

			    "disabling IPv6 support.\n");

		} else

			nf_registered++;

	}

#endif

#endif
@@ -385,11 +380,8 @@ static void __exit ingress_module_exit(void) 
	unregister_qdisc(&ingress_qdisc_ops);

#ifndef CONFIG_NET_CLS_ACT

#ifdef CONFIG_NETFILTER

	if (nf_registered) {

		nf_unregister_hook(&ing_ops);

		if (nf_registered > 1)

			nf_unregister_hook(&ing6_ops);

	}

	if (nf_registered)

		nf_unregister_hooks(ing_ops, ARRAY_SIZE(ing_ops));

#endif

#endif

}