summaryrefslogtreecommitdiff
path: root/net/ipv4/netfilter
diff options
context:
space:
mode:
Diffstat (limited to 'net/ipv4/netfilter')
-rw-r--r--net/ipv4/netfilter/ip_conntrack_standalone.c90
-rw-r--r--net/ipv4/netfilter/ip_nat_standalone.c18
-rw-r--r--net/ipv4/netfilter/ip_queue.c31
-rw-r--r--net/ipv4/netfilter/ipt_CLUSTERIP.c40
-rw-r--r--net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c36
5 files changed, 97 insertions, 118 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
index adc1a0f66409..929d61f7be91 100644
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c
@@ -776,18 +776,46 @@ static ctl_table ip_ct_net_table[] = {
EXPORT_SYMBOL(ip_ct_log_invalid);
#endif /* CONFIG_SYSCTL */
-static int init_or_cleanup(int init)
+/* FIXME: Allow NULL functions and sub in pointers to generic for
+ them. --RR */
+int ip_conntrack_protocol_register(struct ip_conntrack_protocol *proto)
+{
+ int ret = 0;
+
+ write_lock_bh(&ip_conntrack_lock);
+ if (ip_ct_protos[proto->proto] != &ip_conntrack_generic_protocol) {
+ ret = -EBUSY;
+ goto out;
+ }
+ ip_ct_protos[proto->proto] = proto;
+ out:
+ write_unlock_bh(&ip_conntrack_lock);
+ return ret;
+}
+
+void ip_conntrack_protocol_unregister(struct ip_conntrack_protocol *proto)
+{
+ write_lock_bh(&ip_conntrack_lock);
+ ip_ct_protos[proto->proto] = &ip_conntrack_generic_protocol;
+ write_unlock_bh(&ip_conntrack_lock);
+
+ /* Somebody could be still looking at the proto in bh. */
+ synchronize_net();
+
+ /* Remove all contrack entries for this protocol */
+ ip_ct_iterate_cleanup(kill_proto, &proto->proto);
+}
+
+static int __init ip_conntrack_standalone_init(void)
{
#ifdef CONFIG_PROC_FS
struct proc_dir_entry *proc, *proc_exp, *proc_stat;
#endif
int ret = 0;
- if (!init) goto cleanup;
-
ret = ip_conntrack_init();
if (ret < 0)
- goto cleanup_nothing;
+ return ret;
#ifdef CONFIG_PROC_FS
ret = -ENOMEM;
@@ -819,16 +847,12 @@ static int init_or_cleanup(int init)
goto cleanup_hooks;
}
#endif
-
return ret;
- cleanup:
- synchronize_net();
#ifdef CONFIG_SYSCTL
- unregister_sysctl_table(ip_ct_sysctl_header);
cleanup_hooks:
-#endif
nf_unregister_hooks(ip_conntrack_ops, ARRAY_SIZE(ip_conntrack_ops));
+#endif
cleanup_proc_stat:
#ifdef CONFIG_PROC_FS
remove_proc_entry("ip_conntrack", proc_net_stat);
@@ -839,48 +863,22 @@ static int init_or_cleanup(int init)
cleanup_init:
#endif /* CONFIG_PROC_FS */
ip_conntrack_cleanup();
- cleanup_nothing:
return ret;
}
-/* FIXME: Allow NULL functions and sub in pointers to generic for
- them. --RR */
-int ip_conntrack_protocol_register(struct ip_conntrack_protocol *proto)
-{
- int ret = 0;
-
- write_lock_bh(&ip_conntrack_lock);
- if (ip_ct_protos[proto->proto] != &ip_conntrack_generic_protocol) {
- ret = -EBUSY;
- goto out;
- }
- ip_ct_protos[proto->proto] = proto;
- out:
- write_unlock_bh(&ip_conntrack_lock);
- return ret;
-}
-
-void ip_conntrack_protocol_unregister(struct ip_conntrack_protocol *proto)
-{
- write_lock_bh(&ip_conntrack_lock);
- ip_ct_protos[proto->proto] = &ip_conntrack_generic_protocol;
- write_unlock_bh(&ip_conntrack_lock);
-
- /* Somebody could be still looking at the proto in bh. */
- synchronize_net();
-
- /* Remove all contrack entries for this protocol */
- ip_ct_iterate_cleanup(kill_proto, &proto->proto);
-}
-
-static int __init ip_conntrack_standalone_init(void)
-{
- return init_or_cleanup(1);
-}
-
static void __exit ip_conntrack_standalone_fini(void)
{
- init_or_cleanup(0);
+ synchronize_net();
+#ifdef CONFIG_SYSCTL
+ unregister_sysctl_table(ip_ct_sysctl_header);
+#endif
+ nf_unregister_hooks(ip_conntrack_ops, ARRAY_SIZE(ip_conntrack_ops));
+#ifdef CONFIG_PROC_FS
+ remove_proc_entry("ip_conntrack", proc_net_stat);
+ proc_net_remove("ip_conntrack_expect");
+ proc_net_remove("ip_conntrack");
+#endif /* CONFIG_PROC_FS */
+ ip_conntrack_cleanup();
}
module_init(ip_conntrack_standalone_init);
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index 5f02f439b07e..8f760b28617e 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -350,14 +350,12 @@ static struct nf_hook_ops ip_nat_ops[] = {
},
};
-static int init_or_cleanup(int init)
+static int __init ip_nat_standalone_init(void)
{
int ret = 0;
need_conntrack();
- if (!init) goto cleanup;
-
#ifdef CONFIG_XFRM
BUG_ON(ip_nat_decode_session != NULL);
ip_nat_decode_session = nat_decode_session;
@@ -374,8 +372,6 @@ static int init_or_cleanup(int init)
}
return ret;
- cleanup:
- nf_unregister_hooks(ip_nat_ops, ARRAY_SIZE(ip_nat_ops));
cleanup_rule_init:
ip_nat_rule_cleanup();
cleanup_decode_session:
@@ -386,14 +382,14 @@ static int init_or_cleanup(int init)
return ret;
}
-static int __init ip_nat_standalone_init(void)
-{
- return init_or_cleanup(1);
-}
-
static void __exit ip_nat_standalone_fini(void)
{
- init_or_cleanup(0);
+ nf_unregister_hooks(ip_nat_ops, ARRAY_SIZE(ip_nat_ops));
+ ip_nat_rule_cleanup();
+#ifdef CONFIG_XFRM
+ ip_nat_decode_session = NULL;
+ synchronize_net();
+#endif
}
module_init(ip_nat_standalone_init);
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index 896a244f8f91..b93f0494362f 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -662,15 +662,11 @@ static struct nf_queue_handler nfqh = {
.outfn = &ipq_enqueue_packet,
};
-static int
-init_or_cleanup(int init)
+static int __init ip_queue_init(void)
{
int status = -ENOMEM;
struct proc_dir_entry *proc;
- if (!init)
- goto cleanup;
-
netlink_register_notifier(&ipq_nl_notifier);
ipqnl = netlink_kernel_create(NETLINK_FIREWALL, 0, ipq_rcv_sk,
THIS_MODULE);
@@ -697,11 +693,6 @@ init_or_cleanup(int init)
}
return status;
-cleanup:
- nf_unregister_queue_handlers(&nfqh);
- synchronize_net();
- ipq_flush(NF_DROP);
-
cleanup_sysctl:
unregister_sysctl_table(ipq_sysctl_header);
unregister_netdevice_notifier(&ipq_dev_notifier);
@@ -717,15 +708,21 @@ cleanup_netlink_notifier:
return status;
}
-static int __init ip_queue_init(void)
-{
-
- return init_or_cleanup(1);
-}
-
static void __exit ip_queue_fini(void)
{
- init_or_cleanup(0);
+ nf_unregister_queue_handlers(&nfqh);
+ synchronize_net();
+ ipq_flush(NF_DROP);
+
+ unregister_sysctl_table(ipq_sysctl_header);
+ unregister_netdevice_notifier(&ipq_dev_notifier);
+ proc_net_remove(IPQ_PROC_FS_NAME);
+
+ sock_release(ipqnl->sk_socket);
+ mutex_lock(&ipqnl_mutex);
+ mutex_unlock(&ipqnl_mutex);
+
+ netlink_unregister_notifier(&ipq_nl_notifier);
}
MODULE_DESCRIPTION("IPv4 packet queue handler");
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index e4768a31718b..aad9d28c8d71 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -725,22 +725,17 @@ static struct file_operations clusterip_proc_fops = {
#endif /* CONFIG_PROC_FS */
-static int init_or_cleanup(int fini)
+static int __init ipt_clusterip_init(void)
{
int ret;
- if (fini)
- goto cleanup;
-
- if (ipt_register_target(&clusterip_tgt)) {
- ret = -EINVAL;
- goto cleanup_none;
- }
+ ret = ipt_register_target(&clusterip_tgt);
+ if (ret < 0)
+ return ret;
- if (nf_register_hook(&cip_arp_ops) < 0) {
- ret = -EINVAL;
+ ret = nf_register_hook(&cip_arp_ops);
+ if (ret < 0)
goto cleanup_target;
- }
#ifdef CONFIG_PROC_FS
clusterip_procdir = proc_mkdir("ipt_CLUSTERIP", proc_net);
@@ -753,31 +748,24 @@ static int init_or_cleanup(int fini)
printk(KERN_NOTICE "ClusterIP Version %s loaded successfully\n",
CLUSTERIP_VERSION);
-
return 0;
-cleanup:
- printk(KERN_NOTICE "ClusterIP Version %s unloading\n",
- CLUSTERIP_VERSION);
-#ifdef CONFIG_PROC_FS
- remove_proc_entry(clusterip_procdir->name, clusterip_procdir->parent);
-#endif
cleanup_hook:
nf_unregister_hook(&cip_arp_ops);
cleanup_target:
ipt_unregister_target(&clusterip_tgt);
-cleanup_none:
- return -EINVAL;
-}
-
-static int __init ipt_clusterip_init(void)
-{
- return init_or_cleanup(0);
+ return ret;
}
static void __exit ipt_clusterip_fini(void)
{
- init_or_cleanup(1);
+ printk(KERN_NOTICE "ClusterIP Version %s unloading\n",
+ CLUSTERIP_VERSION);
+#ifdef CONFIG_PROC_FS
+ remove_proc_entry(clusterip_procdir->name, clusterip_procdir->parent);
+#endif
+ nf_unregister_hook(&cip_arp_ops);
+ ipt_unregister_target(&clusterip_tgt);
}
module_init(ipt_clusterip_init);
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 3fadaccbc582..5bc9f64d7b5b 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -432,16 +432,20 @@ struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4 = {
extern struct nf_conntrack_protocol nf_conntrack_protocol_tcp4;
extern struct nf_conntrack_protocol nf_conntrack_protocol_udp4;
extern struct nf_conntrack_protocol nf_conntrack_protocol_icmp;
-static int init_or_cleanup(int init)
+
+MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET));
+MODULE_LICENSE("GPL");
+
+static int __init nf_conntrack_l3proto_ipv4_init(void)
{
int ret = 0;
- if (!init) goto cleanup;
+ need_conntrack();
ret = nf_register_sockopt(&so_getorigdst);
if (ret < 0) {
printk(KERN_ERR "Unable to register netfilter socket option\n");
- goto cleanup_nothing;
+ return ret;
}
ret = nf_conntrack_protocol_register(&nf_conntrack_protocol_tcp4);
@@ -484,13 +488,10 @@ static int init_or_cleanup(int init)
#endif
return ret;
- cleanup:
- synchronize_net();
#ifdef CONFIG_SYSCTL
- unregister_sysctl_table(nf_ct_ipv4_sysctl_header);
cleanup_hooks:
-#endif
nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops));
+#endif
cleanup_ipv4:
nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4);
cleanup_icmp:
@@ -501,22 +502,21 @@ static int init_or_cleanup(int init)
nf_conntrack_protocol_unregister(&nf_conntrack_protocol_tcp4);
cleanup_sockopt:
nf_unregister_sockopt(&so_getorigdst);
- cleanup_nothing:
return ret;
}
-MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET));
-MODULE_LICENSE("GPL");
-
-static int __init nf_conntrack_l3proto_ipv4_init(void)
-{
- need_conntrack();
- return init_or_cleanup(1);
-}
-
static void __exit nf_conntrack_l3proto_ipv4_fini(void)
{
- init_or_cleanup(0);
+ synchronize_net();
+#ifdef CONFIG_SYSCTL
+ unregister_sysctl_table(nf_ct_ipv4_sysctl_header);
+#endif
+ nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops));
+ nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4);
+ nf_conntrack_protocol_unregister(&nf_conntrack_protocol_icmp);
+ nf_conntrack_protocol_unregister(&nf_conntrack_protocol_udp4);
+ nf_conntrack_protocol_unregister(&nf_conntrack_protocol_tcp4);
+ nf_unregister_sockopt(&so_getorigdst);
}
module_init(nf_conntrack_l3proto_ipv4_init);