提交 24c232d8 编写于 作者: J Jan Engelhardt

netfilter: xtables: switch hook PFs to nfproto

Signed-off-by: NJan Engelhardt <jengelh@medozas.de>
上级 57750a22
...@@ -77,21 +77,21 @@ static struct nf_hook_ops ebt_ops_filter[] __read_mostly = { ...@@ -77,21 +77,21 @@ static struct nf_hook_ops ebt_ops_filter[] __read_mostly = {
{ {
.hook = ebt_in_hook, .hook = ebt_in_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_BRIDGE, .pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_LOCAL_IN, .hooknum = NF_BR_LOCAL_IN,
.priority = NF_BR_PRI_FILTER_BRIDGED, .priority = NF_BR_PRI_FILTER_BRIDGED,
}, },
{ {
.hook = ebt_in_hook, .hook = ebt_in_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_BRIDGE, .pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_FORWARD, .hooknum = NF_BR_FORWARD,
.priority = NF_BR_PRI_FILTER_BRIDGED, .priority = NF_BR_PRI_FILTER_BRIDGED,
}, },
{ {
.hook = ebt_out_hook, .hook = ebt_out_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_BRIDGE, .pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_LOCAL_OUT, .hooknum = NF_BR_LOCAL_OUT,
.priority = NF_BR_PRI_FILTER_OTHER, .priority = NF_BR_PRI_FILTER_OTHER,
}, },
......
...@@ -77,21 +77,21 @@ static struct nf_hook_ops ebt_ops_nat[] __read_mostly = { ...@@ -77,21 +77,21 @@ static struct nf_hook_ops ebt_ops_nat[] __read_mostly = {
{ {
.hook = ebt_nat_out, .hook = ebt_nat_out,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_BRIDGE, .pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_LOCAL_OUT, .hooknum = NF_BR_LOCAL_OUT,
.priority = NF_BR_PRI_NAT_DST_OTHER, .priority = NF_BR_PRI_NAT_DST_OTHER,
}, },
{ {
.hook = ebt_nat_out, .hook = ebt_nat_out,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_BRIDGE, .pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_POST_ROUTING, .hooknum = NF_BR_POST_ROUTING,
.priority = NF_BR_PRI_NAT_SRC, .priority = NF_BR_PRI_NAT_SRC,
}, },
{ {
.hook = ebt_nat_in, .hook = ebt_nat_in,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_BRIDGE, .pf = NFPROTO_BRIDGE,
.hooknum = NF_BR_PRE_ROUTING, .hooknum = NF_BR_PRE_ROUTING,
.priority = NF_BR_PRI_NAT_DST_BRIDGED, .priority = NF_BR_PRI_NAT_DST_BRIDGED,
}, },
......
...@@ -102,21 +102,21 @@ static struct nf_hook_ops ipt_ops[] __read_mostly = { ...@@ -102,21 +102,21 @@ static struct nf_hook_ops ipt_ops[] __read_mostly = {
{ {
.hook = ipt_local_in_hook, .hook = ipt_local_in_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_IN, .hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP_PRI_FILTER, .priority = NF_IP_PRI_FILTER,
}, },
{ {
.hook = ipt_hook, .hook = ipt_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_FORWARD, .hooknum = NF_INET_FORWARD,
.priority = NF_IP_PRI_FILTER, .priority = NF_IP_PRI_FILTER,
}, },
{ {
.hook = ipt_local_out_hook, .hook = ipt_local_out_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT, .hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP_PRI_FILTER, .priority = NF_IP_PRI_FILTER,
}, },
......
...@@ -162,35 +162,35 @@ static struct nf_hook_ops ipt_ops[] __read_mostly = { ...@@ -162,35 +162,35 @@ static struct nf_hook_ops ipt_ops[] __read_mostly = {
{ {
.hook = ipt_pre_routing_hook, .hook = ipt_pre_routing_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_PRE_ROUTING, .hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP_PRI_MANGLE, .priority = NF_IP_PRI_MANGLE,
}, },
{ {
.hook = ipt_local_in_hook, .hook = ipt_local_in_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_IN, .hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP_PRI_MANGLE, .priority = NF_IP_PRI_MANGLE,
}, },
{ {
.hook = ipt_forward_hook, .hook = ipt_forward_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_FORWARD, .hooknum = NF_INET_FORWARD,
.priority = NF_IP_PRI_MANGLE, .priority = NF_IP_PRI_MANGLE,
}, },
{ {
.hook = ipt_local_hook, .hook = ipt_local_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT, .hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP_PRI_MANGLE, .priority = NF_IP_PRI_MANGLE,
}, },
{ {
.hook = ipt_post_routing_hook, .hook = ipt_post_routing_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_POST_ROUTING, .hooknum = NF_INET_POST_ROUTING,
.priority = NF_IP_PRI_MANGLE, .priority = NF_IP_PRI_MANGLE,
}, },
......
...@@ -74,14 +74,14 @@ ipt_local_hook(unsigned int hook, ...@@ -74,14 +74,14 @@ ipt_local_hook(unsigned int hook,
static struct nf_hook_ops ipt_ops[] __read_mostly = { static struct nf_hook_ops ipt_ops[] __read_mostly = {
{ {
.hook = ipt_hook, .hook = ipt_hook,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_PRE_ROUTING, .hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP_PRI_RAW, .priority = NF_IP_PRI_RAW,
.owner = THIS_MODULE, .owner = THIS_MODULE,
}, },
{ {
.hook = ipt_local_hook, .hook = ipt_local_hook,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT, .hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP_PRI_RAW, .priority = NF_IP_PRI_RAW,
.owner = THIS_MODULE, .owner = THIS_MODULE,
......
...@@ -105,21 +105,21 @@ static struct nf_hook_ops ipt_ops[] __read_mostly = { ...@@ -105,21 +105,21 @@ static struct nf_hook_ops ipt_ops[] __read_mostly = {
{ {
.hook = ipt_local_in_hook, .hook = ipt_local_in_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_IN, .hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP_PRI_SECURITY, .priority = NF_IP_PRI_SECURITY,
}, },
{ {
.hook = ipt_forward_hook, .hook = ipt_forward_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_FORWARD, .hooknum = NF_INET_FORWARD,
.priority = NF_IP_PRI_SECURITY, .priority = NF_IP_PRI_SECURITY,
}, },
{ {
.hook = ipt_local_out_hook, .hook = ipt_local_out_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT, .hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP_PRI_SECURITY, .priority = NF_IP_PRI_SECURITY,
}, },
......
...@@ -251,7 +251,7 @@ static struct nf_hook_ops nf_nat_ops[] __read_mostly = { ...@@ -251,7 +251,7 @@ static struct nf_hook_ops nf_nat_ops[] __read_mostly = {
{ {
.hook = nf_nat_in, .hook = nf_nat_in,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_PRE_ROUTING, .hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP_PRI_NAT_DST, .priority = NF_IP_PRI_NAT_DST,
}, },
...@@ -259,7 +259,7 @@ static struct nf_hook_ops nf_nat_ops[] __read_mostly = { ...@@ -259,7 +259,7 @@ static struct nf_hook_ops nf_nat_ops[] __read_mostly = {
{ {
.hook = nf_nat_out, .hook = nf_nat_out,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_POST_ROUTING, .hooknum = NF_INET_POST_ROUTING,
.priority = NF_IP_PRI_NAT_SRC, .priority = NF_IP_PRI_NAT_SRC,
}, },
...@@ -267,7 +267,7 @@ static struct nf_hook_ops nf_nat_ops[] __read_mostly = { ...@@ -267,7 +267,7 @@ static struct nf_hook_ops nf_nat_ops[] __read_mostly = {
{ {
.hook = nf_nat_local_fn, .hook = nf_nat_local_fn,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_OUT, .hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP_PRI_NAT_DST, .priority = NF_IP_PRI_NAT_DST,
}, },
...@@ -275,7 +275,7 @@ static struct nf_hook_ops nf_nat_ops[] __read_mostly = { ...@@ -275,7 +275,7 @@ static struct nf_hook_ops nf_nat_ops[] __read_mostly = {
{ {
.hook = nf_nat_fn, .hook = nf_nat_fn,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET, .pf = NFPROTO_IPV4,
.hooknum = NF_INET_LOCAL_IN, .hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP_PRI_NAT_SRC, .priority = NF_IP_PRI_NAT_SRC,
}, },
......
...@@ -95,21 +95,21 @@ static struct nf_hook_ops ip6t_ops[] __read_mostly = { ...@@ -95,21 +95,21 @@ static struct nf_hook_ops ip6t_ops[] __read_mostly = {
{ {
.hook = ip6t_in_hook, .hook = ip6t_in_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET6, .pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_IN, .hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP6_PRI_FILTER, .priority = NF_IP6_PRI_FILTER,
}, },
{ {
.hook = ip6t_in_hook, .hook = ip6t_in_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET6, .pf = NFPROTO_IPV6,
.hooknum = NF_INET_FORWARD, .hooknum = NF_INET_FORWARD,
.priority = NF_IP6_PRI_FILTER, .priority = NF_IP6_PRI_FILTER,
}, },
{ {
.hook = ip6t_local_out_hook, .hook = ip6t_local_out_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET6, .pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_OUT, .hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP6_PRI_FILTER, .priority = NF_IP6_PRI_FILTER,
}, },
......
...@@ -136,35 +136,35 @@ static struct nf_hook_ops ip6t_ops[] __read_mostly = { ...@@ -136,35 +136,35 @@ static struct nf_hook_ops ip6t_ops[] __read_mostly = {
{ {
.hook = ip6t_in_hook, .hook = ip6t_in_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET6, .pf = NFPROTO_IPV6,
.hooknum = NF_INET_PRE_ROUTING, .hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP6_PRI_MANGLE, .priority = NF_IP6_PRI_MANGLE,
}, },
{ {
.hook = ip6t_in_hook, .hook = ip6t_in_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET6, .pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_IN, .hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP6_PRI_MANGLE, .priority = NF_IP6_PRI_MANGLE,
}, },
{ {
.hook = ip6t_in_hook, .hook = ip6t_in_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET6, .pf = NFPROTO_IPV6,
.hooknum = NF_INET_FORWARD, .hooknum = NF_INET_FORWARD,
.priority = NF_IP6_PRI_MANGLE, .priority = NF_IP6_PRI_MANGLE,
}, },
{ {
.hook = ip6t_local_out_hook, .hook = ip6t_local_out_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET6, .pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_OUT, .hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP6_PRI_MANGLE, .priority = NF_IP6_PRI_MANGLE,
}, },
{ {
.hook = ip6t_post_routing_hook, .hook = ip6t_post_routing_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET6, .pf = NFPROTO_IPV6,
.hooknum = NF_INET_POST_ROUTING, .hooknum = NF_INET_POST_ROUTING,
.priority = NF_IP6_PRI_MANGLE, .priority = NF_IP6_PRI_MANGLE,
}, },
......
...@@ -68,14 +68,14 @@ ip6t_local_out_hook(unsigned int hook, ...@@ -68,14 +68,14 @@ ip6t_local_out_hook(unsigned int hook,
static struct nf_hook_ops ip6t_ops[] __read_mostly = { static struct nf_hook_ops ip6t_ops[] __read_mostly = {
{ {
.hook = ip6t_pre_routing_hook, .hook = ip6t_pre_routing_hook,
.pf = PF_INET6, .pf = NFPROTO_IPV6,
.hooknum = NF_INET_PRE_ROUTING, .hooknum = NF_INET_PRE_ROUTING,
.priority = NF_IP6_PRI_FIRST, .priority = NF_IP6_PRI_FIRST,
.owner = THIS_MODULE, .owner = THIS_MODULE,
}, },
{ {
.hook = ip6t_local_out_hook, .hook = ip6t_local_out_hook,
.pf = PF_INET6, .pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_OUT, .hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP6_PRI_FIRST, .priority = NF_IP6_PRI_FIRST,
.owner = THIS_MODULE, .owner = THIS_MODULE,
......
...@@ -101,21 +101,21 @@ static struct nf_hook_ops ip6t_ops[] __read_mostly = { ...@@ -101,21 +101,21 @@ static struct nf_hook_ops ip6t_ops[] __read_mostly = {
{ {
.hook = ip6t_local_in_hook, .hook = ip6t_local_in_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET6, .pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_IN, .hooknum = NF_INET_LOCAL_IN,
.priority = NF_IP6_PRI_SECURITY, .priority = NF_IP6_PRI_SECURITY,
}, },
{ {
.hook = ip6t_forward_hook, .hook = ip6t_forward_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET6, .pf = NFPROTO_IPV6,
.hooknum = NF_INET_FORWARD, .hooknum = NF_INET_FORWARD,
.priority = NF_IP6_PRI_SECURITY, .priority = NF_IP6_PRI_SECURITY,
}, },
{ {
.hook = ip6t_local_out_hook, .hook = ip6t_local_out_hook,
.owner = THIS_MODULE, .owner = THIS_MODULE,
.pf = PF_INET6, .pf = NFPROTO_IPV6,
.hooknum = NF_INET_LOCAL_OUT, .hooknum = NF_INET_LOCAL_OUT,
.priority = NF_IP6_PRI_SECURITY, .priority = NF_IP6_PRI_SECURITY,
}, },
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册