diff options
| author |   Florian Westphal <fw@strlen.de> | 2018-05-14 23:46:55 +0200 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2018-05-23 09:14:05 +0200 |
| commit | 4e25ceb80b585891c5e2a6edfa481bc4709e9544 (patch) | |
| tree | e847447499c4e4c91b418c011aa5bfd0515ac576 /net/netfilter/nf_tables_api.c | |
| parent | netfilter: xtables: allow table definitions not backed by hook_ops (diff) | |
| download | linux-dev-4e25ceb80b585891c5e2a6edfa481bc4709e9544.tar.xz linux-dev-4e25ceb80b585891c5e2a6edfa481bc4709e9544.zip | |
netfilter: nf_tables: allow chain type to override hook register
Will be used in followup patch when nat types no longer
use nf_register_net_hook() but will instead register with the nat core.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to '')
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 18bd584fadda..ded54b2abfbc 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -129,6 +129,7 @@ static int nf_tables_register_hook(struct net *net, const struct nft_table *table, struct nft_chain *chain) { + const struct nft_base_chain *basechain; struct nf_hook_ops *ops; int ret; @@ -136,7 +137,12 @@ static int nf_tables_register_hook(struct net *net, !nft_is_base_chain(chain)) return 0; - ops = &nft_base_chain(chain)->ops; + basechain = nft_base_chain(chain); + ops = &basechain->ops; + + if (basechain->type->ops_register) + return basechain->type->ops_register(net, ops); + ret = nf_register_net_hook(net, ops); if (ret == -EBUSY && nf_tables_allow_nat_conflict(net, ops)) { ops->nat_hook = false; @@ -151,11 +157,19 @@ static void nf_tables_unregister_hook(struct net *net, const struct nft_table *table, struct nft_chain *chain) { + const struct nft_base_chain *basechain; + const struct nf_hook_ops *ops; + if (table->flags & NFT_TABLE_F_DORMANT || !nft_is_base_chain(chain)) return; + basechain = nft_base_chain(chain); + ops = &basechain->ops; + + if (basechain->type->ops_unregister) + return basechain->type->ops_unregister(net, ops); - nf_unregister_net_hook(net, &nft_base_chain(chain)->ops); + nf_unregister_net_hook(net, ops); } static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type) @@ -1262,8 +1276,6 @@ static void nf_tables_chain_destroy(struct nft_ctx *ctx) if (nft_is_base_chain(chain)) { struct nft_base_chain *basechain = nft_base_chain(chain); - if (basechain->type->free) - basechain->type->free(ctx); module_put(basechain->type->owner); free_percpu(basechain->stats); if (basechain->stats) @@ -1396,9 +1408,6 @@ static int nf_tables_addchain(struct nft_ctx *ctx, u8 family, u8 genmask, } basechain->type = hook.type; - if (basechain->type->init) - basechain->type->init(ctx); - chain = &basechain->chain; ops = &basechain->ops; |