#define FILTER_VALID_HOOKS ((1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT))
-/* Standard entry. */
-struct ipt_standard
-{
- struct ipt_entry entry;
- struct ipt_standard_target target;
-};
-
-struct ipt_error_target
-{
- struct ipt_entry_target target;
- char errorname[IPT_FUNCTION_MAXNAMELEN];
-};
-
-struct ipt_error
-{
- struct ipt_entry entry;
- struct ipt_error_target target;
-};
-
static struct
{
struct ipt_replace repl;
struct ipt_standard entries[3];
struct ipt_error term;
-} initial_table __initdata
+} initial_table __initdata
= { { "filter", FILTER_VALID_HOOKS, 4,
sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error),
{ [NF_IP_LOCAL_IN] = 0,
static struct ipt_table packet_filter = {
.name = "filter",
- .table = &initial_table.repl,
.valid_hooks = FILTER_VALID_HOOKS,
.lock = RW_LOCK_UNLOCKED,
- .me = THIS_MODULE
+ .me = THIS_MODULE,
+ .af = AF_INET,
};
/* The work comes in here from netfilter.c. */
const struct net_device *out,
int (*okfn)(struct sk_buff *))
{
- return ipt_do_table(pskb, hook, in, out, &packet_filter, NULL);
+ return ipt_do_table(pskb, hook, in, out, &packet_filter);
}
static unsigned int
return NF_ACCEPT;
}
- return ipt_do_table(pskb, hook, in, out, &packet_filter, NULL);
+ return ipt_do_table(pskb, hook, in, out, &packet_filter);
}
static struct nf_hook_ops ipt_ops[] = {
static int forward = NF_ACCEPT;
module_param(forward, bool, 0000);
-static int __init init(void)
+static int __init iptable_filter_init(void)
{
int ret;
initial_table.entries[1].target.verdict = -forward - 1;
/* Register table */
- ret = ipt_register_table(&packet_filter);
+ ret = ipt_register_table(&packet_filter, &initial_table.repl);
if (ret < 0)
return ret;
/* Register hooks */
- ret = nf_register_hook(&ipt_ops[0]);
+ ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
if (ret < 0)
goto cleanup_table;
- ret = nf_register_hook(&ipt_ops[1]);
- if (ret < 0)
- goto cleanup_hook0;
-
- ret = nf_register_hook(&ipt_ops[2]);
- if (ret < 0)
- goto cleanup_hook1;
-
return ret;
- cleanup_hook1:
- nf_unregister_hook(&ipt_ops[1]);
- cleanup_hook0:
- nf_unregister_hook(&ipt_ops[0]);
cleanup_table:
ipt_unregister_table(&packet_filter);
-
return ret;
}
-static void __exit fini(void)
+static void __exit iptable_filter_fini(void)
{
- unsigned int i;
-
- for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++)
- nf_unregister_hook(&ipt_ops[i]);
-
+ nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
ipt_unregister_table(&packet_filter);
}
-module_init(init);
-module_exit(fini);
+module_init(iptable_filter_init);
+module_exit(iptable_filter_fini);