X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fipv4%2Fnetfilter%2Fiptable_filter.c;h=7f417484bfbf3ee566359bd13d02199c1034b696;hb=43bc926fffd92024b46cafaf7350d669ba9ca884;hp=6b291da926562abc9d28926983c7807aa34276bc;hpb=c7b5ebbddf7bcd3651947760f423e3783bbe6573;p=linux-2.6.git diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index 6b291da92..7f417484b 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c @@ -20,31 +20,12 @@ MODULE_DESCRIPTION("iptables filter table"); #define FILTER_VALID_HOOKS ((1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT)) -/* Standard entry. */ -struct ipt_standard -{ - struct ipt_entry entry; - struct ipt_standard_target target; -}; - -struct ipt_error_target -{ - struct ipt_entry_target target; - char errorname[IPT_FUNCTION_MAXNAMELEN]; -}; - -struct ipt_error -{ - struct ipt_entry entry; - struct ipt_error_target target; -}; - static struct { struct ipt_replace repl; struct ipt_standard entries[3]; struct ipt_error term; -} initial_table __initdata +} initial_table __initdata = { { "filter", FILTER_VALID_HOOKS, 4, sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), { [NF_IP_LOCAL_IN] = 0, @@ -95,10 +76,10 @@ static struct static struct ipt_table packet_filter = { .name = "filter", - .table = &initial_table.repl, .valid_hooks = FILTER_VALID_HOOKS, .lock = RW_LOCK_UNLOCKED, - .me = THIS_MODULE + .me = THIS_MODULE, + .af = AF_INET, }; /* The work comes in here from netfilter.c. */ @@ -158,7 +139,7 @@ static struct nf_hook_ops ipt_ops[] = { static int forward = NF_ACCEPT; module_param(forward, bool, 0000); -static int __init init(void) +static int __init iptable_filter_init(void) { int ret; @@ -171,44 +152,27 @@ static int __init init(void) initial_table.entries[1].target.verdict = -forward - 1; /* Register table */ - ret = ipt_register_table(&packet_filter); + ret = ipt_register_table(&packet_filter, &initial_table.repl); if (ret < 0) return ret; /* Register hooks */ - ret = nf_register_hook(&ipt_ops[0]); + ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); if (ret < 0) goto cleanup_table; - ret = nf_register_hook(&ipt_ops[1]); - if (ret < 0) - goto cleanup_hook0; - - ret = nf_register_hook(&ipt_ops[2]); - if (ret < 0) - goto cleanup_hook1; - return ret; - cleanup_hook1: - nf_unregister_hook(&ipt_ops[1]); - cleanup_hook0: - nf_unregister_hook(&ipt_ops[0]); cleanup_table: ipt_unregister_table(&packet_filter); - return ret; } -static void __exit fini(void) +static void __exit iptable_filter_fini(void) { - unsigned int i; - - for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++) - nf_unregister_hook(&ipt_ops[i]); - + nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); ipt_unregister_table(&packet_filter); } -module_init(init); -module_exit(fini); +module_init(iptable_filter_init); +module_exit(iptable_filter_fini);