]> err.no Git - linux-2.6/commitdiff
[NETFILTER]: Clean up hook registration
authorPatrick McHardy <kaber@trash.net>
Thu, 6 Apr 2006 21:09:49 +0000 (14:09 -0700)
committerDavid S. Miller <davem@sunset.davemloft.net>
Mon, 10 Apr 2006 05:25:33 +0000 (22:25 -0700)
Clean up hook registration by makeing use of the new mass registration and
unregistration helpers.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/netfilter/arptable_filter.c
net/ipv4/netfilter/ip_conntrack_standalone.c
net/ipv4/netfilter/ip_nat_standalone.c
net/ipv4/netfilter/iptable_filter.c
net/ipv4/netfilter/iptable_mangle.c
net/ipv4/netfilter/iptable_raw.c
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
net/ipv6/netfilter/ip6table_filter.c
net/ipv6/netfilter/ip6table_mangle.c
net/ipv6/netfilter/ip6table_raw.c
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c

index d0d379c7df9abdbbde9165b5fc11ec2e7f969b6b..d7c472faa53b9666449b66dda6629137b1ae1970 100644 (file)
@@ -181,33 +181,26 @@ static struct nf_hook_ops arpt_ops[] = {
 
 static int __init arptable_filter_init(void)
 {
-       int ret, i;
+       int ret;
 
        /* Register table */
        ret = arpt_register_table(&packet_filter, &initial_table.repl);
        if (ret < 0)
                return ret;
 
-       for (i = 0; i < ARRAY_SIZE(arpt_ops); i++)
-               if ((ret = nf_register_hook(&arpt_ops[i])) < 0)
-                       goto cleanup_hooks;
+       ret = nf_register_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));
+       if (ret < 0)
+               goto cleanup_table;
        return ret;
 
-cleanup_hooks:
-       while (--i >= 0)
-               nf_unregister_hook(&arpt_ops[i]);
-
+cleanup_table:
        arpt_unregister_table(&packet_filter);
        return ret;
 }
 
 static void __exit arptable_filter_fini(void)
 {
-       unsigned int i;
-
-       for (i = 0; i < ARRAY_SIZE(arpt_ops); i++)
-               nf_unregister_hook(&arpt_ops[i]);
-
+       nf_unregister_hooks(arpt_ops, ARRAY_SIZE(arpt_ops));
        arpt_unregister_table(&packet_filter);
 }
 
index 52076026db36804eb5c2331c770f97f50414d889..adc1a0f664093858e4ebfd04cd8723bb3b40b561 100644 (file)
@@ -469,70 +469,63 @@ static unsigned int ip_conntrack_local(unsigned int hooknum,
 
 /* Connection tracking may drop packets, but never alters them, so
    make it the first hook. */
-static struct nf_hook_ops ip_conntrack_defrag_ops = {
-       .hook           = ip_conntrack_defrag,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_PRE_ROUTING,
-       .priority       = NF_IP_PRI_CONNTRACK_DEFRAG,
-};
-
-static struct nf_hook_ops ip_conntrack_in_ops = {
-       .hook           = ip_conntrack_in,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_PRE_ROUTING,
-       .priority       = NF_IP_PRI_CONNTRACK,
-};
-
-static struct nf_hook_ops ip_conntrack_defrag_local_out_ops = {
-       .hook           = ip_conntrack_defrag,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_LOCAL_OUT,
-       .priority       = NF_IP_PRI_CONNTRACK_DEFRAG,
-};
-
-static struct nf_hook_ops ip_conntrack_local_out_ops = {
-       .hook           = ip_conntrack_local,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_LOCAL_OUT,
-       .priority       = NF_IP_PRI_CONNTRACK,
-};
-
-/* helpers */
-static struct nf_hook_ops ip_conntrack_helper_out_ops = {
-       .hook           = ip_conntrack_help,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_POST_ROUTING,
-       .priority       = NF_IP_PRI_CONNTRACK_HELPER,
-};
-
-static struct nf_hook_ops ip_conntrack_helper_in_ops = {
-       .hook           = ip_conntrack_help,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_LOCAL_IN,
-       .priority       = NF_IP_PRI_CONNTRACK_HELPER,
-};
-
-/* Refragmenter; last chance. */
-static struct nf_hook_ops ip_conntrack_out_ops = {
-       .hook           = ip_confirm,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_POST_ROUTING,
-       .priority       = NF_IP_PRI_CONNTRACK_CONFIRM,
-};
-
-static struct nf_hook_ops ip_conntrack_local_in_ops = {
-       .hook           = ip_confirm,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_LOCAL_IN,
-       .priority       = NF_IP_PRI_CONNTRACK_CONFIRM,
+static struct nf_hook_ops ip_conntrack_ops[] = {
+       {
+               .hook           = ip_conntrack_defrag,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_PRE_ROUTING,
+               .priority       = NF_IP_PRI_CONNTRACK_DEFRAG,
+       },
+       {
+               .hook           = ip_conntrack_in,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_PRE_ROUTING,
+               .priority       = NF_IP_PRI_CONNTRACK,
+       },
+       {
+               .hook           = ip_conntrack_defrag,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_LOCAL_OUT,
+               .priority       = NF_IP_PRI_CONNTRACK_DEFRAG,
+       },
+       {
+               .hook           = ip_conntrack_local,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_LOCAL_OUT,
+               .priority       = NF_IP_PRI_CONNTRACK,
+       },
+       {
+               .hook           = ip_conntrack_help,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_POST_ROUTING,
+               .priority       = NF_IP_PRI_CONNTRACK_HELPER,
+       },
+       {
+               .hook           = ip_conntrack_help,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_LOCAL_IN,
+               .priority       = NF_IP_PRI_CONNTRACK_HELPER,
+       },
+       {
+               .hook           = ip_confirm,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_POST_ROUTING,
+               .priority       = NF_IP_PRI_CONNTRACK_CONFIRM,
+       },
+       {
+               .hook           = ip_confirm,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_LOCAL_IN,
+               .priority       = NF_IP_PRI_CONNTRACK_CONFIRM,
+       },
 };
 
 /* Sysctl support */
@@ -813,52 +806,17 @@ static int init_or_cleanup(int init)
        proc_stat->owner = THIS_MODULE;
 #endif
 
-       ret = nf_register_hook(&ip_conntrack_defrag_ops);
+       ret = nf_register_hooks(ip_conntrack_ops, ARRAY_SIZE(ip_conntrack_ops));
        if (ret < 0) {
-               printk("ip_conntrack: can't register pre-routing defrag hook.\n");
+               printk("ip_conntrack: can't register hooks.\n");
                goto cleanup_proc_stat;
        }
-       ret = nf_register_hook(&ip_conntrack_defrag_local_out_ops);
-       if (ret < 0) {
-               printk("ip_conntrack: can't register local_out defrag hook.\n");
-               goto cleanup_defragops;
-       }
-       ret = nf_register_hook(&ip_conntrack_in_ops);
-       if (ret < 0) {
-               printk("ip_conntrack: can't register pre-routing hook.\n");
-               goto cleanup_defraglocalops;
-       }
-       ret = nf_register_hook(&ip_conntrack_local_out_ops);
-       if (ret < 0) {
-               printk("ip_conntrack: can't register local out hook.\n");
-               goto cleanup_inops;
-       }
-       ret = nf_register_hook(&ip_conntrack_helper_in_ops);
-       if (ret < 0) {
-               printk("ip_conntrack: can't register local in helper hook.\n");
-               goto cleanup_inandlocalops;
-       }
-       ret = nf_register_hook(&ip_conntrack_helper_out_ops);
-       if (ret < 0) {
-               printk("ip_conntrack: can't register postrouting helper hook.\n");
-               goto cleanup_helperinops;
-       }
-       ret = nf_register_hook(&ip_conntrack_out_ops);
-       if (ret < 0) {
-               printk("ip_conntrack: can't register post-routing hook.\n");
-               goto cleanup_helperoutops;
-       }
-       ret = nf_register_hook(&ip_conntrack_local_in_ops);
-       if (ret < 0) {
-               printk("ip_conntrack: can't register local in hook.\n");
-               goto cleanup_inoutandlocalops;
-       }
 #ifdef CONFIG_SYSCTL
        ip_ct_sysctl_header = register_sysctl_table(ip_ct_net_table, 0);
        if (ip_ct_sysctl_header == NULL) {
                printk("ip_conntrack: can't register to sysctl.\n");
                ret = -ENOMEM;
-               goto cleanup_localinops;
+               goto cleanup_hooks;
        }
 #endif
 
@@ -868,23 +826,9 @@ static int init_or_cleanup(int init)
        synchronize_net();
 #ifdef CONFIG_SYSCTL
        unregister_sysctl_table(ip_ct_sysctl_header);
- cleanup_localinops:
+ cleanup_hooks:
 #endif
-       nf_unregister_hook(&ip_conntrack_local_in_ops);
- cleanup_inoutandlocalops:
-       nf_unregister_hook(&ip_conntrack_out_ops);
- cleanup_helperoutops:
-       nf_unregister_hook(&ip_conntrack_helper_out_ops);
- cleanup_helperinops:
-       nf_unregister_hook(&ip_conntrack_helper_in_ops);
- cleanup_inandlocalops:
-       nf_unregister_hook(&ip_conntrack_local_out_ops);
- cleanup_inops:
-       nf_unregister_hook(&ip_conntrack_in_ops);
- cleanup_defraglocalops:
-       nf_unregister_hook(&ip_conntrack_defrag_local_out_ops);
- cleanup_defragops:
-       nf_unregister_hook(&ip_conntrack_defrag_ops);
+       nf_unregister_hooks(ip_conntrack_ops, ARRAY_SIZE(ip_conntrack_ops));
  cleanup_proc_stat:
 #ifdef CONFIG_PROC_FS
        remove_proc_entry("ip_conntrack", proc_net_stat);
index 3505b0de2e046c09c39a9466df5b939089f0a50a..5f02f439b07eaba0f8bd4cd03c8ef5ae0729c307 100644 (file)
@@ -299,61 +299,57 @@ ip_nat_adjust(unsigned int hooknum,
 
 /* We must be after connection tracking and before packet filtering. */
 
-/* Before packet filtering, change destination */
-static struct nf_hook_ops ip_nat_in_ops = {
-       .hook           = ip_nat_in,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_PRE_ROUTING,
-       .priority       = NF_IP_PRI_NAT_DST,
+static struct nf_hook_ops ip_nat_ops[] = {
+       /* Before packet filtering, change destination */
+       {
+               .hook           = ip_nat_in,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_PRE_ROUTING,
+               .priority       = NF_IP_PRI_NAT_DST,
+       },
+       /* After packet filtering, change source */
+       {
+               .hook           = ip_nat_out,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_POST_ROUTING,
+               .priority       = NF_IP_PRI_NAT_SRC,
+       },
+       /* After conntrack, adjust sequence number */
+       {
+               .hook           = ip_nat_adjust,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_POST_ROUTING,
+               .priority       = NF_IP_PRI_NAT_SEQ_ADJUST,
+       },
+       /* Before packet filtering, change destination */
+       {
+               .hook           = ip_nat_local_fn,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_LOCAL_OUT,
+               .priority       = NF_IP_PRI_NAT_DST,
+       },
+       /* After packet filtering, change source */
+       {
+               .hook           = ip_nat_fn,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_LOCAL_IN,
+               .priority       = NF_IP_PRI_NAT_SRC,
+       },
+       /* After conntrack, adjust sequence number */
+       {
+               .hook           = ip_nat_adjust,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_LOCAL_IN,
+               .priority       = NF_IP_PRI_NAT_SEQ_ADJUST,
+       },
 };
 
-/* After packet filtering, change source */
-static struct nf_hook_ops ip_nat_out_ops = {
-       .hook           = ip_nat_out,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_POST_ROUTING,
-       .priority       = NF_IP_PRI_NAT_SRC,
-};
-
-/* After conntrack, adjust sequence number */
-static struct nf_hook_ops ip_nat_adjust_out_ops = {
-       .hook           = ip_nat_adjust,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_POST_ROUTING,
-       .priority       = NF_IP_PRI_NAT_SEQ_ADJUST,
-};
-
-/* Before packet filtering, change destination */
-static struct nf_hook_ops ip_nat_local_out_ops = {
-       .hook           = ip_nat_local_fn,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_LOCAL_OUT,
-       .priority       = NF_IP_PRI_NAT_DST,
-};
-
-/* After packet filtering, change source for reply packets of LOCAL_OUT DNAT */
-static struct nf_hook_ops ip_nat_local_in_ops = {
-       .hook           = ip_nat_fn,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_LOCAL_IN,
-       .priority       = NF_IP_PRI_NAT_SRC,
-};
-
-/* After conntrack, adjust sequence number */
-static struct nf_hook_ops ip_nat_adjust_in_ops = {
-       .hook           = ip_nat_adjust,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_LOCAL_IN,
-       .priority       = NF_IP_PRI_NAT_SEQ_ADJUST,
-};
-
-
 static int init_or_cleanup(int init)
 {
        int ret = 0;
@@ -371,50 +367,15 @@ static int init_or_cleanup(int init)
                printk("ip_nat_init: can't setup rules.\n");
                goto cleanup_decode_session;
        }
-       ret = nf_register_hook(&ip_nat_in_ops);
+       ret = nf_register_hooks(ip_nat_ops, ARRAY_SIZE(ip_nat_ops));
        if (ret < 0) {
-               printk("ip_nat_init: can't register in hook.\n");
+               printk("ip_nat_init: can't register hooks.\n");
                goto cleanup_rule_init;
        }
-       ret = nf_register_hook(&ip_nat_out_ops);
-       if (ret < 0) {
-               printk("ip_nat_init: can't register out hook.\n");
-               goto cleanup_inops;
-       }
-       ret = nf_register_hook(&ip_nat_adjust_in_ops);
-       if (ret < 0) {
-               printk("ip_nat_init: can't register adjust in hook.\n");
-               goto cleanup_outops;
-       }
-       ret = nf_register_hook(&ip_nat_adjust_out_ops);
-       if (ret < 0) {
-               printk("ip_nat_init: can't register adjust out hook.\n");
-               goto cleanup_adjustin_ops;
-       }
-       ret = nf_register_hook(&ip_nat_local_out_ops);
-       if (ret < 0) {
-               printk("ip_nat_init: can't register local out hook.\n");
-               goto cleanup_adjustout_ops;
-       }
-       ret = nf_register_hook(&ip_nat_local_in_ops);
-       if (ret < 0) {
-               printk("ip_nat_init: can't register local in hook.\n");
-               goto cleanup_localoutops;
-       }
        return ret;
 
  cleanup:
-       nf_unregister_hook(&ip_nat_local_in_ops);
- cleanup_localoutops:
-       nf_unregister_hook(&ip_nat_local_out_ops);
- cleanup_adjustout_ops:
-       nf_unregister_hook(&ip_nat_adjust_out_ops);
- cleanup_adjustin_ops:
-       nf_unregister_hook(&ip_nat_adjust_in_ops);
- cleanup_outops:
-       nf_unregister_hook(&ip_nat_out_ops);
- cleanup_inops:
-       nf_unregister_hook(&ip_nat_in_ops);
+       nf_unregister_hooks(ip_nat_ops, ARRAY_SIZE(ip_nat_ops));
  cleanup_rule_init:
        ip_nat_rule_cleanup();
  cleanup_decode_session:
index 3d80aefe9cfa72599b65ad0b215e569208928e69..7f417484bfbf3ee566359bd13d02199c1034b696 100644 (file)
@@ -157,37 +157,20 @@ static int __init iptable_filter_init(void)
                return ret;
 
        /* Register hooks */
-       ret = nf_register_hook(&ipt_ops[0]);
+       ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
        if (ret < 0)
                goto cleanup_table;
 
-       ret = nf_register_hook(&ipt_ops[1]);
-       if (ret < 0)
-               goto cleanup_hook0;
-
-       ret = nf_register_hook(&ipt_ops[2]);
-       if (ret < 0)
-               goto cleanup_hook1;
-
        return ret;
 
- cleanup_hook1:
-       nf_unregister_hook(&ipt_ops[1]);
- cleanup_hook0:
-       nf_unregister_hook(&ipt_ops[0]);
  cleanup_table:
        ipt_unregister_table(&packet_filter);
-
        return ret;
 }
 
 static void __exit iptable_filter_fini(void)
 {
-       unsigned int i;
-
-       for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++)
-               nf_unregister_hook(&ipt_ops[i]);
-
+       nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
        ipt_unregister_table(&packet_filter);
 }
 
index 412fc96cc8968c6f22d8d6576a65557f52e00a7a..397b95cc026ba9841f4414ca79cc9622318654e1 100644 (file)
@@ -211,49 +211,20 @@ static int __init iptable_mangle_init(void)
                return ret;
 
        /* Register hooks */
-       ret = nf_register_hook(&ipt_ops[0]);
+       ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
        if (ret < 0)
                goto cleanup_table;
 
-       ret = nf_register_hook(&ipt_ops[1]);
-       if (ret < 0)
-               goto cleanup_hook0;
-
-       ret = nf_register_hook(&ipt_ops[2]);
-       if (ret < 0)
-               goto cleanup_hook1;
-
-       ret = nf_register_hook(&ipt_ops[3]);
-       if (ret < 0)
-               goto cleanup_hook2;
-
-       ret = nf_register_hook(&ipt_ops[4]);
-       if (ret < 0)
-               goto cleanup_hook3;
-
        return ret;
 
- cleanup_hook3:
-        nf_unregister_hook(&ipt_ops[3]);
- cleanup_hook2:
-        nf_unregister_hook(&ipt_ops[2]);
- cleanup_hook1:
-       nf_unregister_hook(&ipt_ops[1]);
- cleanup_hook0:
-       nf_unregister_hook(&ipt_ops[0]);
  cleanup_table:
        ipt_unregister_table(&packet_mangler);
-
        return ret;
 }
 
 static void __exit iptable_mangle_fini(void)
 {
-       unsigned int i;
-
-       for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++)
-               nf_unregister_hook(&ipt_ops[i]);
-
+       nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
        ipt_unregister_table(&packet_mangler);
 }
 
index 03cc79a6160a68b89fbae369d06bf71dd95f5fde..7912cce1e1b8d2a0b1af3689354b8f590cd43fcd 100644 (file)
@@ -101,18 +101,18 @@ ipt_hook(unsigned int hook,
 /* 'raw' is the very first table. */
 static struct nf_hook_ops ipt_ops[] = {
        {
-         .hook = ipt_hook, 
-         .pf = PF_INET, 
-         .hooknum = NF_IP_PRE_ROUTING, 
-         .priority = NF_IP_PRI_RAW,
-         .owner = THIS_MODULE,
+               .hook = ipt_hook,
+               .pf = PF_INET,
+               .hooknum = NF_IP_PRE_ROUTING,
+               .priority = NF_IP_PRI_RAW,
+               .owner = THIS_MODULE,
        },
        {
-         .hook = ipt_hook, 
-         .pf = PF_INET, 
-         .hooknum = NF_IP_LOCAL_OUT, 
-         .priority = NF_IP_PRI_RAW,
-         .owner = THIS_MODULE,
+               .hook = ipt_hook,
+               .pf = PF_INET,
+               .hooknum = NF_IP_LOCAL_OUT,
+               .priority = NF_IP_PRI_RAW,
+               .owner = THIS_MODULE,
        },
 };
 
@@ -126,31 +126,20 @@ static int __init iptable_raw_init(void)
                return ret;
 
        /* Register hooks */
-       ret = nf_register_hook(&ipt_ops[0]);
+       ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
        if (ret < 0)
                goto cleanup_table;
 
-       ret = nf_register_hook(&ipt_ops[1]);
-       if (ret < 0)
-               goto cleanup_hook0;
-
        return ret;
 
- cleanup_hook0:
-       nf_unregister_hook(&ipt_ops[0]);
  cleanup_table:
        ipt_unregister_table(&packet_raw);
-
        return ret;
 }
 
 static void __exit iptable_raw_fini(void)
 {
-       unsigned int i;
-
-       for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++)
-               nf_unregister_hook(&ipt_ops[i]);
-
+       nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
        ipt_unregister_table(&packet_raw);
 }
 
index 4afbc699d3ba4ecedba1cbfca87d4be862cc57ec..3fadaccbc582f665d399be59b471f2a1968f6c05 100644 (file)
@@ -210,71 +210,63 @@ static unsigned int ipv4_conntrack_local(unsigned int hooknum,
 
 /* Connection tracking may drop packets, but never alters them, so
    make it the first hook. */
-static struct nf_hook_ops ipv4_conntrack_defrag_ops = {
-       .hook           = ipv4_conntrack_defrag,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_PRE_ROUTING,
-       .priority       = NF_IP_PRI_CONNTRACK_DEFRAG,
-};
-
-static struct nf_hook_ops ipv4_conntrack_in_ops = {
-       .hook           = ipv4_conntrack_in,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_PRE_ROUTING,
-       .priority       = NF_IP_PRI_CONNTRACK,
-};
-
-static struct nf_hook_ops ipv4_conntrack_defrag_local_out_ops = {
-       .hook           = ipv4_conntrack_defrag,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_LOCAL_OUT,
-       .priority       = NF_IP_PRI_CONNTRACK_DEFRAG,
-};
-
-static struct nf_hook_ops ipv4_conntrack_local_out_ops = {
-       .hook           = ipv4_conntrack_local,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_LOCAL_OUT,
-       .priority       = NF_IP_PRI_CONNTRACK,
-};
-
-/* helpers */
-static struct nf_hook_ops ipv4_conntrack_helper_out_ops = {
-       .hook           = ipv4_conntrack_help,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_POST_ROUTING,
-       .priority       = NF_IP_PRI_CONNTRACK_HELPER,
-};
-
-static struct nf_hook_ops ipv4_conntrack_helper_in_ops = {
-       .hook           = ipv4_conntrack_help,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_LOCAL_IN,
-       .priority       = NF_IP_PRI_CONNTRACK_HELPER,
-};
-
-
-/* Refragmenter; last chance. */
-static struct nf_hook_ops ipv4_conntrack_out_ops = {
-       .hook           = ipv4_confirm,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_POST_ROUTING,
-       .priority       = NF_IP_PRI_CONNTRACK_CONFIRM,
-};
-
-static struct nf_hook_ops ipv4_conntrack_local_in_ops = {
-       .hook           = ipv4_confirm,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET,
-       .hooknum        = NF_IP_LOCAL_IN,
-       .priority       = NF_IP_PRI_CONNTRACK_CONFIRM,
+static struct nf_hook_ops ipv4_conntrack_ops[] = {
+       {
+               .hook           = ipv4_conntrack_defrag,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_PRE_ROUTING,
+               .priority       = NF_IP_PRI_CONNTRACK_DEFRAG,
+       },
+       {
+               .hook           = ipv4_conntrack_in,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_PRE_ROUTING,
+               .priority       = NF_IP_PRI_CONNTRACK,
+       },
+       {
+               .hook           = ipv4_conntrack_defrag,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_LOCAL_OUT,
+               .priority       = NF_IP_PRI_CONNTRACK_DEFRAG,
+       },
+       {
+               .hook           = ipv4_conntrack_local,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_LOCAL_OUT,
+               .priority       = NF_IP_PRI_CONNTRACK,
+       },
+       {
+               .hook           = ipv4_conntrack_help,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_POST_ROUTING,
+               .priority       = NF_IP_PRI_CONNTRACK_HELPER,
+       },
+       {
+               .hook           = ipv4_conntrack_help,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_LOCAL_IN,
+               .priority       = NF_IP_PRI_CONNTRACK_HELPER,
+       },
+       {
+               .hook           = ipv4_confirm,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_POST_ROUTING,
+               .priority       = NF_IP_PRI_CONNTRACK_CONFIRM,
+       },
+       {
+               .hook           = ipv4_confirm,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET,
+               .hooknum        = NF_IP_LOCAL_IN,
+               .priority       = NF_IP_PRI_CONNTRACK_CONFIRM,
+       },
 };
 
 #ifdef CONFIG_SYSCTL
@@ -476,59 +468,18 @@ static int init_or_cleanup(int init)
                goto cleanup_icmp;
        }
 
-       ret = nf_register_hook(&ipv4_conntrack_defrag_ops);
+       ret = nf_register_hooks(ipv4_conntrack_ops,
+                               ARRAY_SIZE(ipv4_conntrack_ops));
        if (ret < 0) {
-               printk("nf_conntrack_ipv4: can't register pre-routing defrag hook.\n");
+               printk("nf_conntrack_ipv4: can't register hooks.\n");
                goto cleanup_ipv4;
        }
-       ret = nf_register_hook(&ipv4_conntrack_defrag_local_out_ops);
-       if (ret < 0) {
-               printk("nf_conntrack_ipv4: can't register local_out defrag hook.\n");
-               goto cleanup_defragops;
-       }
-
-       ret = nf_register_hook(&ipv4_conntrack_in_ops);
-       if (ret < 0) {
-               printk("nf_conntrack_ipv4: can't register pre-routing hook.\n");
-               goto cleanup_defraglocalops;
-       }
-
-       ret = nf_register_hook(&ipv4_conntrack_local_out_ops);
-       if (ret < 0) {
-               printk("nf_conntrack_ipv4: can't register local out hook.\n");
-               goto cleanup_inops;
-       }
-
-       ret = nf_register_hook(&ipv4_conntrack_helper_in_ops);
-       if (ret < 0) {
-               printk("nf_conntrack_ipv4: can't register local helper hook.\n");
-               goto cleanup_inandlocalops;
-       }
-
-       ret = nf_register_hook(&ipv4_conntrack_helper_out_ops);
-       if (ret < 0) {
-               printk("nf_conntrack_ipv4: can't register postrouting helper hook.\n");
-               goto cleanup_helperinops;
-       }
-
-       ret = nf_register_hook(&ipv4_conntrack_out_ops);
-       if (ret < 0) {
-               printk("nf_conntrack_ipv4: can't register post-routing hook.\n");
-               goto cleanup_helperoutops;
-       }
-
-       ret = nf_register_hook(&ipv4_conntrack_local_in_ops);
-       if (ret < 0) {
-               printk("nf_conntrack_ipv4: can't register local in hook.\n");
-               goto cleanup_inoutandlocalops;
-       }
-
 #ifdef CONFIG_SYSCTL
        nf_ct_ipv4_sysctl_header = register_sysctl_table(nf_ct_net_table, 0);
        if (nf_ct_ipv4_sysctl_header == NULL) {
                printk("nf_conntrack: can't register to sysctl.\n");
                ret = -ENOMEM;
-               goto cleanup_localinops;
+               goto cleanup_hooks;
        }
 #endif
        return ret;
@@ -537,23 +488,9 @@ static int init_or_cleanup(int init)
        synchronize_net();
 #ifdef CONFIG_SYSCTL
        unregister_sysctl_table(nf_ct_ipv4_sysctl_header);
- cleanup_localinops:
+ cleanup_hooks:
 #endif
-       nf_unregister_hook(&ipv4_conntrack_local_in_ops);
- cleanup_inoutandlocalops:
-       nf_unregister_hook(&ipv4_conntrack_out_ops);
- cleanup_helperoutops:
-       nf_unregister_hook(&ipv4_conntrack_helper_out_ops);
- cleanup_helperinops:
-       nf_unregister_hook(&ipv4_conntrack_helper_in_ops);
- cleanup_inandlocalops:
-       nf_unregister_hook(&ipv4_conntrack_local_out_ops);
- cleanup_inops:
-       nf_unregister_hook(&ipv4_conntrack_in_ops);
- cleanup_defraglocalops:
-       nf_unregister_hook(&ipv4_conntrack_defrag_local_out_ops);
- cleanup_defragops:
-       nf_unregister_hook(&ipv4_conntrack_defrag_ops);
+       nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops));
  cleanup_ipv4:
        nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4);
  cleanup_icmp:
index e5e724d9ee60ed40d61e651955528b60354606b0..60976c0c58e81ecdf3320152415d5be0bc80812f 100644 (file)
@@ -177,37 +177,20 @@ static int __init ip6table_filter_init(void)
                return ret;
 
        /* Register hooks */
-       ret = nf_register_hook(&ip6t_ops[0]);
+       ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
        if (ret < 0)
                goto cleanup_table;
 
-       ret = nf_register_hook(&ip6t_ops[1]);
-       if (ret < 0)
-               goto cleanup_hook0;
-
-       ret = nf_register_hook(&ip6t_ops[2]);
-       if (ret < 0)
-               goto cleanup_hook1;
-
        return ret;
 
- cleanup_hook1:
-       nf_unregister_hook(&ip6t_ops[1]);
- cleanup_hook0:
-       nf_unregister_hook(&ip6t_ops[0]);
  cleanup_table:
        ip6t_unregister_table(&packet_filter);
-
        return ret;
 }
 
 static void __exit ip6table_filter_fini(void)
 {
-       unsigned int i;
-
-       for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++)
-               nf_unregister_hook(&ip6t_ops[i]);
-
+       nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
        ip6t_unregister_table(&packet_filter);
 }
 
index e1f0f6ae9841ed646dcd0c4d3afd9c9e9c6a0f91..03a13eab1daef67a7766b328acb9886edbd64014 100644 (file)
@@ -238,49 +238,20 @@ static int __init ip6table_mangle_init(void)
                return ret;
 
        /* Register hooks */
-       ret = nf_register_hook(&ip6t_ops[0]);
+       ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
        if (ret < 0)
                goto cleanup_table;
 
-       ret = nf_register_hook(&ip6t_ops[1]);
-       if (ret < 0)
-               goto cleanup_hook0;
-
-       ret = nf_register_hook(&ip6t_ops[2]);
-       if (ret < 0)
-               goto cleanup_hook1;
-
-       ret = nf_register_hook(&ip6t_ops[3]);
-       if (ret < 0)
-               goto cleanup_hook2;
-
-       ret = nf_register_hook(&ip6t_ops[4]);
-       if (ret < 0)
-               goto cleanup_hook3;
-
        return ret;
 
- cleanup_hook3:
-        nf_unregister_hook(&ip6t_ops[3]);
- cleanup_hook2:
-       nf_unregister_hook(&ip6t_ops[2]);
- cleanup_hook1:
-       nf_unregister_hook(&ip6t_ops[1]);
- cleanup_hook0:
-       nf_unregister_hook(&ip6t_ops[0]);
  cleanup_table:
        ip6t_unregister_table(&packet_mangler);
-
        return ret;
 }
 
 static void __exit ip6table_mangle_fini(void)
 {
-       unsigned int i;
-
-       for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++)
-               nf_unregister_hook(&ip6t_ops[i]);
-
+       nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
        ip6t_unregister_table(&packet_mangler);
 }
 
index 54d1fffd62bac61c354981c4ab992c49adfaff2f..61a7c58e99f88c72fe3dda967388820460da47e1 100644 (file)
@@ -152,31 +152,20 @@ static int __init ip6table_raw_init(void)
                return ret;
 
        /* Register hooks */
-       ret = nf_register_hook(&ip6t_ops[0]);
+       ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
        if (ret < 0)
                goto cleanup_table;
 
-       ret = nf_register_hook(&ip6t_ops[1]);
-       if (ret < 0)
-               goto cleanup_hook0;
-
        return ret;
 
- cleanup_hook0:
-       nf_unregister_hook(&ip6t_ops[0]);
  cleanup_table:
        ip6t_unregister_table(&packet_raw);
-
        return ret;
 }
 
 static void __exit ip6table_raw_fini(void)
 {
-       unsigned int i;
-
-       for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++)
-               nf_unregister_hook(&ip6t_ops[i]);
-
+       nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
        ip6t_unregister_table(&packet_raw);
 }
 
index c8b5a96cbb0f563baa97c1b3708329bfcef4d37e..0426ed0e9c1d3099917093d5d88f878d07f171a4 100644 (file)
@@ -286,55 +286,49 @@ static unsigned int ipv6_conntrack_local(unsigned int hooknum,
        return ipv6_conntrack_in(hooknum, pskb, in, out, okfn);
 }
 
-/* Connection tracking may drop packets, but never alters them, so
-   make it the first hook. */
-static struct nf_hook_ops ipv6_conntrack_defrag_ops = {
-       .hook           = ipv6_defrag,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET6,
-       .hooknum        = NF_IP6_PRE_ROUTING,
-       .priority       = NF_IP6_PRI_CONNTRACK_DEFRAG,
-};
-
-static struct nf_hook_ops ipv6_conntrack_in_ops = {
-       .hook           = ipv6_conntrack_in,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET6,
-       .hooknum        = NF_IP6_PRE_ROUTING,
-       .priority       = NF_IP6_PRI_CONNTRACK,
-};
-
-static struct nf_hook_ops ipv6_conntrack_local_out_ops = {
-       .hook           = ipv6_conntrack_local,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET6,
-       .hooknum        = NF_IP6_LOCAL_OUT,
-       .priority       = NF_IP6_PRI_CONNTRACK,
-};
-
-static struct nf_hook_ops ipv6_conntrack_defrag_local_out_ops = {
-       .hook           = ipv6_defrag,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET6,
-       .hooknum        = NF_IP6_LOCAL_OUT,
-       .priority       = NF_IP6_PRI_CONNTRACK_DEFRAG,
-};
-
-/* Refragmenter; last chance. */
-static struct nf_hook_ops ipv6_conntrack_out_ops = {
-       .hook           = ipv6_confirm,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET6,
-       .hooknum        = NF_IP6_POST_ROUTING,
-       .priority       = NF_IP6_PRI_LAST,
-};
-
-static struct nf_hook_ops ipv6_conntrack_local_in_ops = {
-       .hook           = ipv6_confirm,
-       .owner          = THIS_MODULE,
-       .pf             = PF_INET6,
-       .hooknum        = NF_IP6_LOCAL_IN,
-       .priority       = NF_IP6_PRI_LAST-1,
+static struct nf_hook_ops ipv6_conntrack_ops[] = {
+       {
+               .hook           = ipv6_defrag,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET6,
+               .hooknum        = NF_IP6_PRE_ROUTING,
+               .priority       = NF_IP6_PRI_CONNTRACK_DEFRAG,
+       },
+       {
+               .hook           = ipv6_conntrack_in,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET6,
+               .hooknum        = NF_IP6_PRE_ROUTING,
+               .priority       = NF_IP6_PRI_CONNTRACK,
+       },
+       {
+               .hook           = ipv6_conntrack_local,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET6,
+               .hooknum        = NF_IP6_LOCAL_OUT,
+               .priority       = NF_IP6_PRI_CONNTRACK,
+       },
+       {
+               .hook           = ipv6_defrag,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET6,
+               .hooknum        = NF_IP6_LOCAL_OUT,
+               .priority       = NF_IP6_PRI_CONNTRACK_DEFRAG,
+       },
+       {
+               .hook           = ipv6_confirm,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET6,
+               .hooknum        = NF_IP6_POST_ROUTING,
+               .priority       = NF_IP6_PRI_LAST,
+       },
+       {
+               .hook           = ipv6_confirm,
+               .owner          = THIS_MODULE,
+               .pf             = PF_INET6,
+               .hooknum        = NF_IP6_LOCAL_IN,
+               .priority       = NF_IP6_PRI_LAST-1,
+       },
 };
 
 #ifdef CONFIG_SYSCTL
@@ -505,50 +499,19 @@ static int init_or_cleanup(int init)
                goto cleanup_icmpv6;
        }
 
-       ret = nf_register_hook(&ipv6_conntrack_defrag_ops);
+       ret = nf_register_hooks(ipv6_conntrack_ops,
+                               ARRAY_SIZE(ipv6_conntrack_ops));
        if (ret < 0) {
                printk("nf_conntrack_ipv6: can't register pre-routing defrag "
                       "hook.\n");
                goto cleanup_ipv6;
        }
-
-       ret = nf_register_hook(&ipv6_conntrack_defrag_local_out_ops);
-       if (ret < 0) {
-               printk("nf_conntrack_ipv6: can't register local_out defrag "
-                      "hook.\n");
-               goto cleanup_defragops;
-       }
-
-       ret = nf_register_hook(&ipv6_conntrack_in_ops);
-       if (ret < 0) {
-               printk("nf_conntrack_ipv6: can't register pre-routing hook.\n");
-               goto cleanup_defraglocalops;
-       }
-
-       ret = nf_register_hook(&ipv6_conntrack_local_out_ops);
-       if (ret < 0) {
-               printk("nf_conntrack_ipv6: can't register local out hook.\n");
-               goto cleanup_inops;
-       }
-
-       ret = nf_register_hook(&ipv6_conntrack_out_ops);
-       if (ret < 0) {
-               printk("nf_conntrack_ipv6: can't register post-routing hook.\n");
-               goto cleanup_inandlocalops;
-       }
-
-       ret = nf_register_hook(&ipv6_conntrack_local_in_ops);
-       if (ret < 0) {
-               printk("nf_conntrack_ipv6: can't register local in hook.\n");
-               goto cleanup_inoutandlocalops;
-       }
-
 #ifdef CONFIG_SYSCTL
        nf_ct_ipv6_sysctl_header = register_sysctl_table(nf_ct_net_table, 0);
        if (nf_ct_ipv6_sysctl_header == NULL) {
                printk("nf_conntrack: can't register to sysctl.\n");
                ret = -ENOMEM;
-               goto cleanup_localinops;
+               goto cleanup_hooks;
        }
 #endif
        return ret;
@@ -557,19 +520,9 @@ static int init_or_cleanup(int init)
        synchronize_net();
 #ifdef CONFIG_SYSCTL
        unregister_sysctl_table(nf_ct_ipv6_sysctl_header);
- cleanup_localinops:
+ cleanup_hooks:
 #endif
-       nf_unregister_hook(&ipv6_conntrack_local_in_ops);
- cleanup_inoutandlocalops:
-       nf_unregister_hook(&ipv6_conntrack_out_ops);
- cleanup_inandlocalops:
-       nf_unregister_hook(&ipv6_conntrack_local_out_ops);
- cleanup_inops:
-       nf_unregister_hook(&ipv6_conntrack_in_ops);
- cleanup_defraglocalops:
-       nf_unregister_hook(&ipv6_conntrack_defrag_local_out_ops);
- cleanup_defragops:
-       nf_unregister_hook(&ipv6_conntrack_defrag_ops);
+       nf_unregister_hooks(ipv6_conntrack_ops, ARRAY_SIZE(ipv6_conntrack_ops));
  cleanup_ipv6:
        nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv6);
  cleanup_icmpv6: