[NETFILTER]: Clean up hook registration (964ddaa1) · Commits · e / devices / android_kernel_xiaomi_markw

net/ipv4/netfilter/arptable_filter.c

+6 −13

Original line number	Diff line number	Diff line
		@@ -181,33 +181,26 @@ static struct nf_hook_ops arpt_ops[] = {

		static int __init arptable_filter_init(void)
		{
		int ret, i;
		int ret;

		/* Register table */
		ret = arpt_register_table(&packet_filter, &initial_table.repl);
		if (ret < 0)
		return ret;

		for (i = 0; i < ARRAY_SIZE(arpt_ops); i++)
		if ((ret = nf_register_hook(&arpt_ops[i])) < 0)
		goto cleanup_hooks;
		ret = nf_register_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));
		if (ret < 0)
		goto cleanup_table;
		return ret;

		cleanup_hooks:
		while (--i >= 0)
		nf_unregister_hook(&arpt_ops[i]);

		cleanup_table:
		arpt_unregister_table(&packet_filter);
		return ret;
		}

		static void __exit arptable_filter_fini(void)
		{
		unsigned int i;

		for (i = 0; i < ARRAY_SIZE(arpt_ops); i++)
		nf_unregister_hook(&arpt_ops[i]);

		nf_unregister_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));
		arpt_unregister_table(&packet_filter);
		}

net/ipv4/netfilter/ip_conntrack_standalone.c

+62 −118

Original line number	Diff line number	Diff line
		@@ -469,70 +469,63 @@ static unsigned int ip_conntrack_local(unsigned int hooknum,

		/* Connection tracking may drop packets, but never alters them, so
		make it the first hook. */
		static struct nf_hook_ops ip_conntrack_defrag_ops = {
		static struct nf_hook_ops ip_conntrack_ops[] = {
		{
		.hook = ip_conntrack_defrag,
		.owner = THIS_MODULE,
		.pf = PF_INET,
		.hooknum = NF_IP_PRE_ROUTING,
		.priority = NF_IP_PRI_CONNTRACK_DEFRAG,
		};

		static struct nf_hook_ops ip_conntrack_in_ops = {
		},
		{
		.hook = ip_conntrack_in,
		.owner = THIS_MODULE,
		.pf = PF_INET,
		.hooknum = NF_IP_PRE_ROUTING,
		.priority = NF_IP_PRI_CONNTRACK,
		};

		static struct nf_hook_ops ip_conntrack_defrag_local_out_ops = {
		},
		{
		.hook = ip_conntrack_defrag,
		.owner = THIS_MODULE,
		.pf = PF_INET,
		.hooknum = NF_IP_LOCAL_OUT,
		.priority = NF_IP_PRI_CONNTRACK_DEFRAG,
		};

		static struct nf_hook_ops ip_conntrack_local_out_ops = {
		},
		{
		.hook = ip_conntrack_local,
		.owner = THIS_MODULE,
		.pf = PF_INET,
		.hooknum = NF_IP_LOCAL_OUT,
		.priority = NF_IP_PRI_CONNTRACK,
		};

		/* helpers */
		static struct nf_hook_ops ip_conntrack_helper_out_ops = {
		},
		{
		.hook = ip_conntrack_help,
		.owner = THIS_MODULE,
		.pf = PF_INET,
		.hooknum = NF_IP_POST_ROUTING,
		.priority = NF_IP_PRI_CONNTRACK_HELPER,
		};

		static struct nf_hook_ops ip_conntrack_helper_in_ops = {
		},
		{
		.hook = ip_conntrack_help,
		.owner = THIS_MODULE,
		.pf = PF_INET,
		.hooknum = NF_IP_LOCAL_IN,
		.priority = NF_IP_PRI_CONNTRACK_HELPER,
		};

		/* Refragmenter; last chance. */
		static struct nf_hook_ops ip_conntrack_out_ops = {
		},
		{
		.hook = ip_confirm,
		.owner = THIS_MODULE,
		.pf = PF_INET,
		.hooknum = NF_IP_POST_ROUTING,
		.priority = NF_IP_PRI_CONNTRACK_CONFIRM,
		};

		static struct nf_hook_ops ip_conntrack_local_in_ops = {
		},
		{
		.hook = ip_confirm,
		.owner = THIS_MODULE,
		.pf = PF_INET,
		.hooknum = NF_IP_LOCAL_IN,
		.priority = NF_IP_PRI_CONNTRACK_CONFIRM,
		},
		};

		/* Sysctl support */
		@@ -813,52 +806,17 @@ static int init_or_cleanup(int init)
		proc_stat->owner = THIS_MODULE;
		#endif

		ret = nf_register_hook(&ip_conntrack_defrag_ops);
		ret = nf_register_hooks(ip_conntrack_ops, ARRAY_SIZE(ip_conntrack_ops));
		if (ret < 0) {
		printk("ip_conntrack: can't register pre-routing defrag hook.\n");
		printk("ip_conntrack: can't register hooks.\n");
		goto cleanup_proc_stat;
		}
		ret = nf_register_hook(&ip_conntrack_defrag_local_out_ops);
		if (ret < 0) {
		printk("ip_conntrack: can't register local_out defrag hook.\n");
		goto cleanup_defragops;
		}
		ret = nf_register_hook(&ip_conntrack_in_ops);
		if (ret < 0) {
		printk("ip_conntrack: can't register pre-routing hook.\n");
		goto cleanup_defraglocalops;
		}
		ret = nf_register_hook(&ip_conntrack_local_out_ops);
		if (ret < 0) {
		printk("ip_conntrack: can't register local out hook.\n");
		goto cleanup_inops;
		}
		ret = nf_register_hook(&ip_conntrack_helper_in_ops);
		if (ret < 0) {
		printk("ip_conntrack: can't register local in helper hook.\n");
		goto cleanup_inandlocalops;
		}
		ret = nf_register_hook(&ip_conntrack_helper_out_ops);
		if (ret < 0) {
		printk("ip_conntrack: can't register postrouting helper hook.\n");
		goto cleanup_helperinops;
		}
		ret = nf_register_hook(&ip_conntrack_out_ops);
		if (ret < 0) {
		printk("ip_conntrack: can't register post-routing hook.\n");
		goto cleanup_helperoutops;
		}
		ret = nf_register_hook(&ip_conntrack_local_in_ops);
		if (ret < 0) {
		printk("ip_conntrack: can't register local in hook.\n");
		goto cleanup_inoutandlocalops;
		}
		#ifdef CONFIG_SYSCTL
		ip_ct_sysctl_header = register_sysctl_table(ip_ct_net_table, 0);
		if (ip_ct_sysctl_header == NULL) {
		printk("ip_conntrack: can't register to sysctl.\n");
		ret = -ENOMEM;
		goto cleanup_localinops;
		goto cleanup_hooks;
		}
		#endif

		@@ -868,23 +826,9 @@ static int init_or_cleanup(int init)
		synchronize_net();
		#ifdef CONFIG_SYSCTL
		unregister_sysctl_table(ip_ct_sysctl_header);
		cleanup_localinops:
		cleanup_hooks:
		#endif
		nf_unregister_hook(&ip_conntrack_local_in_ops);
		cleanup_inoutandlocalops:
		nf_unregister_hook(&ip_conntrack_out_ops);
		cleanup_helperoutops:
		nf_unregister_hook(&ip_conntrack_helper_out_ops);
		cleanup_helperinops:
		nf_unregister_hook(&ip_conntrack_helper_in_ops);
		cleanup_inandlocalops:
		nf_unregister_hook(&ip_conntrack_local_out_ops);
		cleanup_inops:
		nf_unregister_hook(&ip_conntrack_in_ops);
		cleanup_defraglocalops:
		nf_unregister_hook(&ip_conntrack_defrag_local_out_ops);
		cleanup_defragops:
		nf_unregister_hook(&ip_conntrack_defrag_ops);
		nf_unregister_hooks(ip_conntrack_ops, ARRAY_SIZE(ip_conntrack_ops));
		cleanup_proc_stat:
		#ifdef CONFIG_PROC_FS
		remove_proc_entry("ip_conntrack", proc_net_stat);

net/ipv4/netfilter/ip_nat_standalone.c

+52 −91

Original line number	Diff line number	Diff line
		@@ -299,61 +299,57 @@ ip_nat_adjust(unsigned int hooknum,

		/* We must be after connection tracking and before packet filtering. */

		static struct nf_hook_ops ip_nat_ops[] = {
		/* Before packet filtering, change destination */
		static struct nf_hook_ops ip_nat_in_ops = {
		{
		.hook = ip_nat_in,
		.owner = THIS_MODULE,
		.pf = PF_INET,
		.hooknum = NF_IP_PRE_ROUTING,
		.priority = NF_IP_PRI_NAT_DST,
		};

		},
		/* After packet filtering, change source */
		static struct nf_hook_ops ip_nat_out_ops = {
		{
		.hook = ip_nat_out,
		.owner = THIS_MODULE,
		.pf = PF_INET,
		.hooknum = NF_IP_POST_ROUTING,
		.priority = NF_IP_PRI_NAT_SRC,
		};

		},
		/* After conntrack, adjust sequence number */
		static struct nf_hook_ops ip_nat_adjust_out_ops = {
		{
		.hook = ip_nat_adjust,
		.owner = THIS_MODULE,
		.pf = PF_INET,
		.hooknum = NF_IP_POST_ROUTING,
		.priority = NF_IP_PRI_NAT_SEQ_ADJUST,
		};

		},
		/* Before packet filtering, change destination */
		static struct nf_hook_ops ip_nat_local_out_ops = {
		{
		.hook = ip_nat_local_fn,
		.owner = THIS_MODULE,
		.pf = PF_INET,
		.hooknum = NF_IP_LOCAL_OUT,
		.priority = NF_IP_PRI_NAT_DST,
		};

		/* After packet filtering, change source for reply packets of LOCAL_OUT DNAT */
		static struct nf_hook_ops ip_nat_local_in_ops = {
		},
		/* After packet filtering, change source */
		{
		.hook = ip_nat_fn,
		.owner = THIS_MODULE,
		.pf = PF_INET,
		.hooknum = NF_IP_LOCAL_IN,
		.priority = NF_IP_PRI_NAT_SRC,
		};

		},
		/* After conntrack, adjust sequence number */
		static struct nf_hook_ops ip_nat_adjust_in_ops = {
		{
		.hook = ip_nat_adjust,
		.owner = THIS_MODULE,
		.pf = PF_INET,
		.hooknum = NF_IP_LOCAL_IN,
		.priority = NF_IP_PRI_NAT_SEQ_ADJUST,
		},
		};


		static int init_or_cleanup(int init)
		{
		int ret = 0;
		@@ -371,50 +367,15 @@ static int init_or_cleanup(int init)
		printk("ip_nat_init: can't setup rules.\n");
		goto cleanup_decode_session;
		}
		ret = nf_register_hook(&ip_nat_in_ops);
		ret = nf_register_hooks(ip_nat_ops, ARRAY_SIZE(ip_nat_ops));
		if (ret < 0) {
		printk("ip_nat_init: can't register in hook.\n");
		printk("ip_nat_init: can't register hooks.\n");
		goto cleanup_rule_init;
		}
		ret = nf_register_hook(&ip_nat_out_ops);
		if (ret < 0) {
		printk("ip_nat_init: can't register out hook.\n");
		goto cleanup_inops;
		}
		ret = nf_register_hook(&ip_nat_adjust_in_ops);
		if (ret < 0) {
		printk("ip_nat_init: can't register adjust in hook.\n");
		goto cleanup_outops;
		}
		ret = nf_register_hook(&ip_nat_adjust_out_ops);
		if (ret < 0) {
		printk("ip_nat_init: can't register adjust out hook.\n");
		goto cleanup_adjustin_ops;
		}
		ret = nf_register_hook(&ip_nat_local_out_ops);
		if (ret < 0) {
		printk("ip_nat_init: can't register local out hook.\n");
		goto cleanup_adjustout_ops;
		}
		ret = nf_register_hook(&ip_nat_local_in_ops);
		if (ret < 0) {
		printk("ip_nat_init: can't register local in hook.\n");
		goto cleanup_localoutops;
		}
		return ret;

		cleanup:
		nf_unregister_hook(&ip_nat_local_in_ops);
		cleanup_localoutops:
		nf_unregister_hook(&ip_nat_local_out_ops);
		cleanup_adjustout_ops:
		nf_unregister_hook(&ip_nat_adjust_out_ops);
		cleanup_adjustin_ops:
		nf_unregister_hook(&ip_nat_adjust_in_ops);
		cleanup_outops:
		nf_unregister_hook(&ip_nat_out_ops);
		cleanup_inops:
		nf_unregister_hook(&ip_nat_in_ops);
		nf_unregister_hooks(ip_nat_ops, ARRAY_SIZE(ip_nat_ops));
		cleanup_rule_init:
		ip_nat_rule_cleanup();
		cleanup_decode_session:

net/ipv4/netfilter/iptable_filter.c

+2 −19

Original line number	Diff line number	Diff line
		@@ -157,37 +157,20 @@ static int __init iptable_filter_init(void)
		return ret;

		/* Register hooks */
		ret = nf_register_hook(&ipt_ops[0]);
		ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
		if (ret < 0)
		goto cleanup_table;

		ret = nf_register_hook(&ipt_ops[1]);
		if (ret < 0)
		goto cleanup_hook0;

		ret = nf_register_hook(&ipt_ops[2]);
		if (ret < 0)
		goto cleanup_hook1;

		return ret;

		cleanup_hook1:
		nf_unregister_hook(&ipt_ops[1]);
		cleanup_hook0:
		nf_unregister_hook(&ipt_ops[0]);
		cleanup_table:
		ipt_unregister_table(&packet_filter);

		return ret;
		}

		static void __exit iptable_filter_fini(void)
		{
		unsigned int i;

		for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++)
		nf_unregister_hook(&ipt_ops[i]);

		nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
		ipt_unregister_table(&packet_filter);
		}

net/ipv4/netfilter/iptable_mangle.c

+2 −31

Original line number	Diff line number	Diff line
		@@ -211,49 +211,20 @@ static int __init iptable_mangle_init(void)
		return ret;

		/* Register hooks */
		ret = nf_register_hook(&ipt_ops[0]);
		ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
		if (ret < 0)
		goto cleanup_table;

		ret = nf_register_hook(&ipt_ops[1]);
		if (ret < 0)
		goto cleanup_hook0;

		ret = nf_register_hook(&ipt_ops[2]);
		if (ret < 0)
		goto cleanup_hook1;

		ret = nf_register_hook(&ipt_ops[3]);
		if (ret < 0)
		goto cleanup_hook2;

		ret = nf_register_hook(&ipt_ops[4]);
		if (ret < 0)
		goto cleanup_hook3;

		return ret;

		cleanup_hook3:
		nf_unregister_hook(&ipt_ops[3]);
		cleanup_hook2:
		nf_unregister_hook(&ipt_ops[2]);
		cleanup_hook1:
		nf_unregister_hook(&ipt_ops[1]);
		cleanup_hook0:
		nf_unregister_hook(&ipt_ops[0]);
		cleanup_table:
		ipt_unregister_table(&packet_mangler);

		return ret;
		}

		static void __exit iptable_mangle_fini(void)
		{
		unsigned int i;

		for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++)
		nf_unregister_hook(&ipt_ops[i]);

		nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
		ipt_unregister_table(&packet_mangler);
		}