From: pablo@netfilter.org
To: netfilter-devel@vger.kernel.org
Cc: kaber@trash.net, tomasz.bursztyka@linux.intel.com
Subject: [PATCH 3/7] netfilter: nf_tables: remove hook definitions from struct nft_af_info
Date: Thu, 10 Jan 2013 16:28:37 +0100 [thread overview]
Message-ID: <1357831721-10182-3-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1357831721-10182-1-git-send-email-pablo@netfilter.org>
From: Pablo Neira Ayuso <pablo@netfilter.org>
They are now included in the filter chain definition.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
include/net/netfilter/nf_tables.h | 2 --
net/ipv4/netfilter/nf_tables_ipv4.c | 5 +----
net/ipv6/netfilter/nf_tables_ipv6.c | 5 +----
net/netfilter/nf_tables_api.c | 2 --
4 files changed, 2 insertions(+), 12 deletions(-)
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 5d9d43f..0dc7d80 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -430,7 +430,6 @@ struct nft_table {
* @nhooks: number of hooks in this family
* @owner: module owner
* @tables: used internally
- * @hooks: hookfn overrides for packet validation
*/
struct nft_af_info {
struct list_head list;
@@ -438,7 +437,6 @@ struct nft_af_info {
unsigned int nhooks;
struct module *owner;
struct list_head tables;
- nf_hookfn *hooks[NF_MAX_HOOKS];
};
extern int nft_register_afinfo(struct net *, struct nft_af_info *);
diff --git a/net/ipv4/netfilter/nf_tables_ipv4.c b/net/ipv4/netfilter/nf_tables_ipv4.c
index a0ee4c2..29e09e9 100644
--- a/net/ipv4/netfilter/nf_tables_ipv4.c
+++ b/net/ipv4/netfilter/nf_tables_ipv4.c
@@ -38,9 +38,6 @@ static struct nft_af_info nft_af_ipv4 __read_mostly = {
.family = NFPROTO_IPV4,
.nhooks = NF_INET_NUMHOOKS,
.owner = THIS_MODULE,
- .hooks = {
- [NF_INET_LOCAL_OUT] = nft_ipv4_output,
- },
};
static int nf_tables_ipv4_init_net(struct net *net)
@@ -82,7 +79,7 @@ static struct nf_chain_type filter_ipv4 = {
(1 << NF_INET_POST_ROUTING),
.fn = {
[NF_INET_LOCAL_IN] = nft_do_chain,
- [NF_INET_LOCAL_OUT] = nft_do_chain,
+ [NF_INET_LOCAL_OUT] = nft_ipv4_output,
[NF_INET_FORWARD] = nft_do_chain,
[NF_INET_PRE_ROUTING] = nft_do_chain,
[NF_INET_POST_ROUTING] = nft_do_chain,
diff --git a/net/ipv6/netfilter/nf_tables_ipv6.c b/net/ipv6/netfilter/nf_tables_ipv6.c
index e1eee09..84ccd35 100644
--- a/net/ipv6/netfilter/nf_tables_ipv6.c
+++ b/net/ipv6/netfilter/nf_tables_ipv6.c
@@ -35,9 +35,6 @@ static struct nft_af_info nft_af_ipv6 __read_mostly = {
.family = NFPROTO_IPV6,
.nhooks = NF_INET_NUMHOOKS,
.owner = THIS_MODULE,
- .hooks = {
- [NF_INET_LOCAL_OUT] = nft_ipv6_output,
- },
};
static int nf_tables_ipv6_init_net(struct net *net)
@@ -79,7 +76,7 @@ static struct nf_chain_type filter_ipv6 = {
(1 << NF_INET_POST_ROUTING),
.fn = {
[NF_INET_LOCAL_IN] = nft_do_chain,
- [NF_INET_LOCAL_OUT] = nft_do_chain,
+ [NF_INET_LOCAL_OUT] = nft_ipv6_output,
[NF_INET_FORWARD] = nft_do_chain,
[NF_INET_PRE_ROUTING] = nft_do_chain,
[NF_INET_POST_ROUTING] = nft_do_chain,
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index a8ae0b4..697b853 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -842,8 +842,6 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
ops->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
ops->priv = chain;
ops->hook = hookfn;
- if (afi->hooks[ops->hooknum])
- ops->hook = afi->hooks[ops->hooknum];
chain->flags |= NFT_BASE_CHAIN;
--
1.7.10.4
next prev parent reply other threads:[~2013-01-10 15:28 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-10 15:28 [PATCH 1/7] netfilter: nf_tables: nft_compat: release cached matches/targets pablo
2013-01-10 15:28 ` [PATCH 2/7] netfilter: nf_tables: move filter chain definition to layer 3 modules pablo
2013-01-10 16:02 ` Patrick McHardy
2013-01-10 15:28 ` pablo [this message]
2013-01-10 16:04 ` [PATCH 3/7] netfilter: nf_tables: remove hook definitions from struct nft_af_info Patrick McHardy
2013-01-10 16:19 ` Pablo Neira Ayuso
2013-01-10 15:28 ` [PATCH 4/7] netfilter: nf_tables: move specific layer 3 compat code to nf_tables_ipv[4|6] pablo
2013-01-10 16:09 ` Patrick McHardy
2013-01-10 16:20 ` Pablo Neira Ayuso
2013-01-10 15:28 ` [PATCH 5/7] netfilter: nf_tables: x_tables support as a compile time option pablo
2013-01-10 15:28 ` [PATCH 6/7] netfilter: nf_tables: support 32bits-64bits x_tables compat pablo
2013-01-10 16:12 ` Patrick McHardy
2013-01-10 15:28 ` [PATCH 7/7] netfilter: nf_tables: fix alias for xtables over nftables module pablo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1357831721-10182-3-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=tomasz.bursztyka@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.