git://git.onelab.eu / linux-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
linux 2.6.16.38 w/ vs2.0.3-rc1
[linux-2.6.git] / net / ipv4 / netfilter / iptable_mangle.c
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index f7b8906..3212a5c 100644 (file)
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -10,6 +10,7 @@
  *
  * Extended to all five netfilter hooks by Brad Chapman & Harald Welte
  */
+#include <linux/config.h>
 #include <linux/module.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <linux/netdevice.h>
@@ -157,8 +158,7 @@ ipt_local_hook(unsigned int hook,
                || (*pskb)->nfmark != nfmark
 #endif
                || (*pskb)->nh.iph->tos != tos))
-               if (ip_route_me_harder(pskb, RTN_UNSPEC))
-                       ret = NF_DROP;
+               return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;
 
        return ret;
 }
@@ -201,7 +201,7 @@ static struct nf_hook_ops ipt_ops[] = {
        },
 };
 
-static int __init iptable_mangle_init(void)
+static int __init init(void)
 {
        int ret;
 
@@ -211,22 +211,51 @@ static int __init iptable_mangle_init(void)
                return ret;
 
        /* Register hooks */
-       ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
+       ret = nf_register_hook(&ipt_ops[0]);
        if (ret < 0)
                goto cleanup_table;
 
+       ret = nf_register_hook(&ipt_ops[1]);
+       if (ret < 0)
+               goto cleanup_hook0;
+
+       ret = nf_register_hook(&ipt_ops[2]);
+       if (ret < 0)
+               goto cleanup_hook1;
+
+       ret = nf_register_hook(&ipt_ops[3]);
+       if (ret < 0)
+               goto cleanup_hook2;
+
+       ret = nf_register_hook(&ipt_ops[4]);
+       if (ret < 0)
+               goto cleanup_hook3;
+
        return ret;
 
+ cleanup_hook3:
+        nf_unregister_hook(&ipt_ops[3]);
+ cleanup_hook2:
+        nf_unregister_hook(&ipt_ops[2]);
+ cleanup_hook1:
+       nf_unregister_hook(&ipt_ops[1]);
+ cleanup_hook0:
+       nf_unregister_hook(&ipt_ops[0]);
  cleanup_table:
        ipt_unregister_table(&packet_mangler);
+
        return ret;
 }
 
-static void __exit iptable_mangle_fini(void)
+static void __exit fini(void)
 {
-       nf_unregister_hooks(ipt_ops, ARRAY_SIZE(ipt_ops));
+       unsigned int i;
+
+       for (i = 0; i < sizeof(ipt_ops)/sizeof(struct nf_hook_ops); i++)
+               nf_unregister_hook(&ipt_ops[i]);
+
        ipt_unregister_table(&packet_mangler);
 }
 
-module_init(iptable_mangle_init);
-module_exit(iptable_mangle_fini);
+module_init(init);
+module_exit(fini);
linux-2.6