[NETFILTER]: Clean up hook registration
Clean up hook registration by makeing use of the new mass registration and unregistration helpers. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy
committed by
David S. Miller
David S. Miller
parent
972d1cb142
commit
964ddaa10d
@@ -177,37 +177,20 @@ static int __init ip6table_filter_init(void)
|
||||
return ret;
|
||||
|
||||
/* Register hooks */
|
||||
ret = nf_register_hook(&ip6t_ops[0]);
|
||||
ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
|
||||
if (ret < 0)
|
||||
goto cleanup_table;
|
||||
|
||||
ret = nf_register_hook(&ip6t_ops[1]);
|
||||
if (ret < 0)
|
||||
goto cleanup_hook0;
|
||||
|
||||
ret = nf_register_hook(&ip6t_ops[2]);
|
||||
if (ret < 0)
|
||||
goto cleanup_hook1;
|
||||
|
||||
return ret;
|
||||
|
||||
cleanup_hook1:
|
||||
nf_unregister_hook(&ip6t_ops[1]);
|
||||
cleanup_hook0:
|
||||
nf_unregister_hook(&ip6t_ops[0]);
|
||||
cleanup_table:
|
||||
ip6t_unregister_table(&packet_filter);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void __exit ip6table_filter_fini(void)
|
||||
{
|
||||
unsigned int i;
|
||||
|
||||
for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++)
|
||||
nf_unregister_hook(&ip6t_ops[i]);
|
||||
|
||||
nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
|
||||
ip6t_unregister_table(&packet_filter);
|
||||
}
|
||||
|
||||
|
||||
@@ -238,49 +238,20 @@ static int __init ip6table_mangle_init(void)
|
||||
return ret;
|
||||
|
||||
/* Register hooks */
|
||||
ret = nf_register_hook(&ip6t_ops[0]);
|
||||
ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
|
||||
if (ret < 0)
|
||||
goto cleanup_table;
|
||||
|
||||
ret = nf_register_hook(&ip6t_ops[1]);
|
||||
if (ret < 0)
|
||||
goto cleanup_hook0;
|
||||
|
||||
ret = nf_register_hook(&ip6t_ops[2]);
|
||||
if (ret < 0)
|
||||
goto cleanup_hook1;
|
||||
|
||||
ret = nf_register_hook(&ip6t_ops[3]);
|
||||
if (ret < 0)
|
||||
goto cleanup_hook2;
|
||||
|
||||
ret = nf_register_hook(&ip6t_ops[4]);
|
||||
if (ret < 0)
|
||||
goto cleanup_hook3;
|
||||
|
||||
return ret;
|
||||
|
||||
cleanup_hook3:
|
||||
nf_unregister_hook(&ip6t_ops[3]);
|
||||
cleanup_hook2:
|
||||
nf_unregister_hook(&ip6t_ops[2]);
|
||||
cleanup_hook1:
|
||||
nf_unregister_hook(&ip6t_ops[1]);
|
||||
cleanup_hook0:
|
||||
nf_unregister_hook(&ip6t_ops[0]);
|
||||
cleanup_table:
|
||||
ip6t_unregister_table(&packet_mangler);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void __exit ip6table_mangle_fini(void)
|
||||
{
|
||||
unsigned int i;
|
||||
|
||||
for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++)
|
||||
nf_unregister_hook(&ip6t_ops[i]);
|
||||
|
||||
nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
|
||||
ip6t_unregister_table(&packet_mangler);
|
||||
}
|
||||
|
||||
|
||||
@@ -152,31 +152,20 @@ static int __init ip6table_raw_init(void)
|
||||
return ret;
|
||||
|
||||
/* Register hooks */
|
||||
ret = nf_register_hook(&ip6t_ops[0]);
|
||||
ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
|
||||
if (ret < 0)
|
||||
goto cleanup_table;
|
||||
|
||||
ret = nf_register_hook(&ip6t_ops[1]);
|
||||
if (ret < 0)
|
||||
goto cleanup_hook0;
|
||||
|
||||
return ret;
|
||||
|
||||
cleanup_hook0:
|
||||
nf_unregister_hook(&ip6t_ops[0]);
|
||||
cleanup_table:
|
||||
ip6t_unregister_table(&packet_raw);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void __exit ip6table_raw_fini(void)
|
||||
{
|
||||
unsigned int i;
|
||||
|
||||
for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++)
|
||||
nf_unregister_hook(&ip6t_ops[i]);
|
||||
|
||||
nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
|
||||
ip6t_unregister_table(&packet_raw);
|
||||
}
|
||||
|
||||
|
||||
@@ -286,55 +286,49 @@ static unsigned int ipv6_conntrack_local(unsigned int hooknum,
|
||||
return ipv6_conntrack_in(hooknum, pskb, in, out, okfn);
|
||||
}
|
||||
|
||||
/* Connection tracking may drop packets, but never alters them, so
|
||||
make it the first hook. */
|
||||
static struct nf_hook_ops ipv6_conntrack_defrag_ops = {
|
||||
.hook = ipv6_defrag,
|
||||
.owner = THIS_MODULE,
|
||||
.pf = PF_INET6,
|
||||
.hooknum = NF_IP6_PRE_ROUTING,
|
||||
.priority = NF_IP6_PRI_CONNTRACK_DEFRAG,
|
||||
};
|
||||
|
||||
static struct nf_hook_ops ipv6_conntrack_in_ops = {
|
||||
.hook = ipv6_conntrack_in,
|
||||
.owner = THIS_MODULE,
|
||||
.pf = PF_INET6,
|
||||
.hooknum = NF_IP6_PRE_ROUTING,
|
||||
.priority = NF_IP6_PRI_CONNTRACK,
|
||||
};
|
||||
|
||||
static struct nf_hook_ops ipv6_conntrack_local_out_ops = {
|
||||
.hook = ipv6_conntrack_local,
|
||||
.owner = THIS_MODULE,
|
||||
.pf = PF_INET6,
|
||||
.hooknum = NF_IP6_LOCAL_OUT,
|
||||
.priority = NF_IP6_PRI_CONNTRACK,
|
||||
};
|
||||
|
||||
static struct nf_hook_ops ipv6_conntrack_defrag_local_out_ops = {
|
||||
.hook = ipv6_defrag,
|
||||
.owner = THIS_MODULE,
|
||||
.pf = PF_INET6,
|
||||
.hooknum = NF_IP6_LOCAL_OUT,
|
||||
.priority = NF_IP6_PRI_CONNTRACK_DEFRAG,
|
||||
};
|
||||
|
||||
/* Refragmenter; last chance. */
|
||||
static struct nf_hook_ops ipv6_conntrack_out_ops = {
|
||||
.hook = ipv6_confirm,
|
||||
.owner = THIS_MODULE,
|
||||
.pf = PF_INET6,
|
||||
.hooknum = NF_IP6_POST_ROUTING,
|
||||
.priority = NF_IP6_PRI_LAST,
|
||||
};
|
||||
|
||||
static struct nf_hook_ops ipv6_conntrack_local_in_ops = {
|
||||
.hook = ipv6_confirm,
|
||||
.owner = THIS_MODULE,
|
||||
.pf = PF_INET6,
|
||||
.hooknum = NF_IP6_LOCAL_IN,
|
||||
.priority = NF_IP6_PRI_LAST-1,
|
||||
static struct nf_hook_ops ipv6_conntrack_ops[] = {
|
||||
{
|
||||
.hook = ipv6_defrag,
|
||||
.owner = THIS_MODULE,
|
||||
.pf = PF_INET6,
|
||||
.hooknum = NF_IP6_PRE_ROUTING,
|
||||
.priority = NF_IP6_PRI_CONNTRACK_DEFRAG,
|
||||
},
|
||||
{
|
||||
.hook = ipv6_conntrack_in,
|
||||
.owner = THIS_MODULE,
|
||||
.pf = PF_INET6,
|
||||
.hooknum = NF_IP6_PRE_ROUTING,
|
||||
.priority = NF_IP6_PRI_CONNTRACK,
|
||||
},
|
||||
{
|
||||
.hook = ipv6_conntrack_local,
|
||||
.owner = THIS_MODULE,
|
||||
.pf = PF_INET6,
|
||||
.hooknum = NF_IP6_LOCAL_OUT,
|
||||
.priority = NF_IP6_PRI_CONNTRACK,
|
||||
},
|
||||
{
|
||||
.hook = ipv6_defrag,
|
||||
.owner = THIS_MODULE,
|
||||
.pf = PF_INET6,
|
||||
.hooknum = NF_IP6_LOCAL_OUT,
|
||||
.priority = NF_IP6_PRI_CONNTRACK_DEFRAG,
|
||||
},
|
||||
{
|
||||
.hook = ipv6_confirm,
|
||||
.owner = THIS_MODULE,
|
||||
.pf = PF_INET6,
|
||||
.hooknum = NF_IP6_POST_ROUTING,
|
||||
.priority = NF_IP6_PRI_LAST,
|
||||
},
|
||||
{
|
||||
.hook = ipv6_confirm,
|
||||
.owner = THIS_MODULE,
|
||||
.pf = PF_INET6,
|
||||
.hooknum = NF_IP6_LOCAL_IN,
|
||||
.priority = NF_IP6_PRI_LAST-1,
|
||||
},
|
||||
};
|
||||
|
||||
#ifdef CONFIG_SYSCTL
|
||||
@@ -505,50 +499,19 @@ static int init_or_cleanup(int init)
|
||||
goto cleanup_icmpv6;
|
||||
}
|
||||
|
||||
ret = nf_register_hook(&ipv6_conntrack_defrag_ops);
|
||||
ret = nf_register_hooks(ipv6_conntrack_ops,
|
||||
ARRAY_SIZE(ipv6_conntrack_ops));
|
||||
if (ret < 0) {
|
||||
printk("nf_conntrack_ipv6: can't register pre-routing defrag "
|
||||
"hook.\n");
|
||||
goto cleanup_ipv6;
|
||||
}
|
||||
|
||||
ret = nf_register_hook(&ipv6_conntrack_defrag_local_out_ops);
|
||||
if (ret < 0) {
|
||||
printk("nf_conntrack_ipv6: can't register local_out defrag "
|
||||
"hook.\n");
|
||||
goto cleanup_defragops;
|
||||
}
|
||||
|
||||
ret = nf_register_hook(&ipv6_conntrack_in_ops);
|
||||
if (ret < 0) {
|
||||
printk("nf_conntrack_ipv6: can't register pre-routing hook.\n");
|
||||
goto cleanup_defraglocalops;
|
||||
}
|
||||
|
||||
ret = nf_register_hook(&ipv6_conntrack_local_out_ops);
|
||||
if (ret < 0) {
|
||||
printk("nf_conntrack_ipv6: can't register local out hook.\n");
|
||||
goto cleanup_inops;
|
||||
}
|
||||
|
||||
ret = nf_register_hook(&ipv6_conntrack_out_ops);
|
||||
if (ret < 0) {
|
||||
printk("nf_conntrack_ipv6: can't register post-routing hook.\n");
|
||||
goto cleanup_inandlocalops;
|
||||
}
|
||||
|
||||
ret = nf_register_hook(&ipv6_conntrack_local_in_ops);
|
||||
if (ret < 0) {
|
||||
printk("nf_conntrack_ipv6: can't register local in hook.\n");
|
||||
goto cleanup_inoutandlocalops;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_SYSCTL
|
||||
nf_ct_ipv6_sysctl_header = register_sysctl_table(nf_ct_net_table, 0);
|
||||
if (nf_ct_ipv6_sysctl_header == NULL) {
|
||||
printk("nf_conntrack: can't register to sysctl.\n");
|
||||
ret = -ENOMEM;
|
||||
goto cleanup_localinops;
|
||||
goto cleanup_hooks;
|
||||
}
|
||||
#endif
|
||||
return ret;
|
||||
@@ -557,19 +520,9 @@ static int init_or_cleanup(int init)
|
||||
synchronize_net();
|
||||
#ifdef CONFIG_SYSCTL
|
||||
unregister_sysctl_table(nf_ct_ipv6_sysctl_header);
|
||||
cleanup_localinops:
|
||||
cleanup_hooks:
|
||||
#endif
|
||||
nf_unregister_hook(&ipv6_conntrack_local_in_ops);
|
||||
cleanup_inoutandlocalops:
|
||||
nf_unregister_hook(&ipv6_conntrack_out_ops);
|
||||
cleanup_inandlocalops:
|
||||
nf_unregister_hook(&ipv6_conntrack_local_out_ops);
|
||||
cleanup_inops:
|
||||
nf_unregister_hook(&ipv6_conntrack_in_ops);
|
||||
cleanup_defraglocalops:
|
||||
nf_unregister_hook(&ipv6_conntrack_defrag_local_out_ops);
|
||||
cleanup_defragops:
|
||||
nf_unregister_hook(&ipv6_conntrack_defrag_ops);
|
||||
nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops));
|
||||
cleanup_ipv6:
|
||||
nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv6);
|
||||
cleanup_icmpv6:
|
||||
|
||||
Reference in New Issue
Block a user