diff options
author | Jan Engelhardt <jengelh@medozas.de> | 2009-06-13 06:46:36 +0200 |
---|---|---|
committer | Jan Engelhardt <jengelh@medozas.de> | 2010-02-10 16:44:58 +0100 |
commit | 737535c5cf3524e4bfaa91e22edefd52eccabbce (patch) | |
tree | 4c6918a8fb0b7568f30310947043320a03d10328 /net/ipv6/netfilter/ip6table_filter.c | |
parent | 9ab99d5a43e9f283738fd9fd365539306d13eaac (diff) | |
download | kernel_samsung_smdk4412-737535c5cf3524e4bfaa91e22edefd52eccabbce.zip kernel_samsung_smdk4412-737535c5cf3524e4bfaa91e22edefd52eccabbce.tar.gz kernel_samsung_smdk4412-737535c5cf3524e4bfaa91e22edefd52eccabbce.tar.bz2 |
netfilter: xtables: compact table hook functions (1/2)
This patch combines all the per-hook functions in a given table into
a single function. Together with the 2nd patch, further
simplifications are possible up to the point of output code reduction.
Signed-off-by: Jan Engelhardt <jengelh@medozas.de>
Diffstat (limited to 'net/ipv6/netfilter/ip6table_filter.c')
-rw-r--r-- | net/ipv6/netfilter/ip6table_filter.c | 40 |
1 files changed, 11 insertions, 29 deletions
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c index 33ddfe5..38074e93 100644 --- a/net/ipv6/netfilter/ip6table_filter.c +++ b/net/ipv6/netfilter/ip6table_filter.c @@ -60,54 +60,36 @@ static const struct xt_table packet_filter = { /* The work comes in here from netfilter.c. */ static unsigned int -ip6t_in_hook(unsigned int hook, - struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)) +ip6table_filter_hook(unsigned int hook, struct sk_buff *skb, + const struct net_device *in, const struct net_device *out, + int (*okfn)(struct sk_buff *)) { - return ip6t_do_table(skb, hook, in, out, - dev_net(in)->ipv6.ip6table_filter); -} - -static unsigned int -ip6t_local_out_hook(unsigned int hook, - struct sk_buff *skb, - const struct net_device *in, - const struct net_device *out, - int (*okfn)(struct sk_buff *)) -{ -#if 0 - /* root is playing with raw sockets. */ - if (skb->len < sizeof(struct iphdr) || - ip_hdrlen(skb) < sizeof(struct iphdr)) { - if (net_ratelimit()) - printk("ip6t_hook: happy cracking.\n"); - return NF_ACCEPT; - } -#endif + if (hook == NF_INET_LOCAL_OUT) + return ip6t_do_table(skb, hook, in, out, + dev_net(out)->ipv6.ip6table_filter); + /* INPUT/FORWARD: */ return ip6t_do_table(skb, hook, in, out, - dev_net(out)->ipv6.ip6table_filter); + dev_net(in)->ipv6.ip6table_filter); } static struct nf_hook_ops ip6t_ops[] __read_mostly = { { - .hook = ip6t_in_hook, + .hook = ip6table_filter_hook, .owner = THIS_MODULE, .pf = NFPROTO_IPV6, .hooknum = NF_INET_LOCAL_IN, .priority = NF_IP6_PRI_FILTER, }, { - .hook = ip6t_in_hook, + .hook = ip6table_filter_hook, .owner = THIS_MODULE, .pf = NFPROTO_IPV6, .hooknum = NF_INET_FORWARD, .priority = NF_IP6_PRI_FILTER, }, { - .hook = ip6t_local_out_hook, + .hook = ip6table_filter_hook, .owner = THIS_MODULE, .pf = NFPROTO_IPV6, .hooknum = NF_INET_LOCAL_OUT, |