X-Git-Url: http://git.onelab.eu/?a=blobdiff_plain;f=net%2Fipv4%2Fnetfilter%2Fiptable_filter.c;h=e2e7dd8d7903eb60090e5fb6a9b5d3b8a06769e9;hb=refs%2Fheads%2Fvserver;hp=8fb2ed9d1f9a17ea7e1dd69c8561d8b37ceac0a0;hpb=5273a3df6485dc2ad6aa7ddd441b9a21970f003b;p=linux-2.6.git diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c index 8fb2ed9d1..e2e7dd8d7 100644 --- a/net/ipv4/netfilter/iptable_filter.c +++ b/net/ipv4/netfilter/iptable_filter.c @@ -11,6 +11,7 @@ */ #include +#include #include MODULE_LICENSE("GPL"); @@ -19,31 +20,12 @@ MODULE_DESCRIPTION("iptables filter table"); #define FILTER_VALID_HOOKS ((1 << NF_IP_LOCAL_IN) | (1 << NF_IP_FORWARD) | (1 << NF_IP_LOCAL_OUT)) -/* Standard entry. */ -struct ipt_standard -{ - struct ipt_entry entry; - struct ipt_standard_target target; -}; - -struct ipt_error_target -{ - struct ipt_entry_target target; - char errorname[IPT_FUNCTION_MAXNAMELEN]; -}; - -struct ipt_error -{ - struct ipt_entry entry; - struct ipt_error_target target; -}; - static struct { struct ipt_replace repl; struct ipt_standard entries[3]; struct ipt_error term; -} initial_table __initdata +} initial_table __initdata = { { "filter", FILTER_VALID_HOOKS, 4, sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), { [NF_IP_LOCAL_IN] = 0, @@ -94,10 +76,10 @@ static struct static struct ipt_table packet_filter = { .name = "filter", - .table = &initial_table.repl, .valid_hooks = FILTER_VALID_HOOKS, .lock = RW_LOCK_UNLOCKED, - .me = THIS_MODULE + .me = THIS_MODULE, + .af = AF_INET, }; /* The work comes in here from netfilter.c. */ @@ -108,7 +90,7 @@ ipt_hook(unsigned int hook, const struct net_device *out, int (*okfn)(struct sk_buff *)) { - return ipt_do_table(pskb, hook, in, out, &packet_filter, NULL); + return ipt_do_table(pskb, hook, in, out, &packet_filter); } static unsigned int @@ -126,7 +108,7 @@ ipt_local_out_hook(unsigned int hook, return NF_ACCEPT; } - return ipt_do_table(pskb, hook, in, out, &packet_filter, NULL); + return ipt_do_table(pskb, hook, in, out, &packet_filter); } static struct nf_hook_ops ipt_ops[] = { @@ -155,9 +137,9 @@ static struct nf_hook_ops ipt_ops[] = { /* Default to forward because I got too much mail already. */ static int forward = NF_ACCEPT; -MODULE_PARM(forward, "i"); +module_param(forward, bool, 0000); -static int __init init(void) +static int __init iptable_filter_init(void) { int ret; @@ -170,44 +152,27 @@ static int __init init(void) initial_table.entries[1].target.verdict = -forward - 1; /* Register table */ - ret = ipt_register_table(&packet_filter); + ret = ipt_register_table(&packet_filter, &initial_table.repl); if (ret < 0) return ret; /* Register hooks */ - ret = nf_register_hook(&ipt_ops[0]); + ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); if (ret < 0) goto cleanup_table; - ret = nf_register_hook(&ipt_ops[1]); - if (ret < 0) - goto cleanup_hook0; - - ret = nf_register_hook(&ipt_ops[2]); - if (ret < 0) - goto cleanup_hook1; - return ret; - cleanup_hook1: - nf_unregister_hook(&ipt_ops[1]); - cleanup_hook0: - nf_unregister_hook(&ipt_ops[0]); cleanup_table: ipt_unregister_table(&packet_filter); - return ret; } -static void __exit fini(void) +static void __exit iptable_filter_fini(void) { - unsigned int i; - - for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++) - nf_unregister_hook(&ipt_ops[i]); - + nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); ipt_unregister_table(&packet_filter); } -module_init(init); -module_exit(fini); +module_init(iptable_filter_init); +module_exit(iptable_filter_fini);