netfilter: nf_tables: minor nf_chain_type cleanups

[deliverable/linux.git] / net / ipv6 / netfilter / nf_tables_ipv6.c

diff --git a/net/ipv6/netfilter/nf_tables_ipv6.c b/net/ipv6/netfilter/nf_tables_ipv6.c
index d77db8a13505083d18b1993b03da91b4c5e7ef23..859fca0432ff7f9d31e040558815322ea289a2ef 100644 (file)
--- a/net/ipv6/netfilter/nf_tables_ipv6.c
+++ b/net/ipv6/netfilter/nf_tables_ipv6.c
@@ -16,34 +16,51 @@
 #include <net/netfilter/nf_tables.h>
 #include <net/netfilter/nf_tables_ipv6.h>
 
+static unsigned int nft_do_chain_ipv6(const struct nf_hook_ops *ops,
+                                     struct sk_buff *skb,
+                                     const struct net_device *in,
+                                     const struct net_device *out,
+                                     int (*okfn)(struct sk_buff *))
+{
+       struct nft_pktinfo pkt;
+
+       /* malformed packet, drop it */
+       if (nft_set_pktinfo_ipv6(&pkt, ops, skb, in, out) < 0)
+               return NF_DROP;
+
+       return nft_do_chain_pktinfo(&pkt, ops);
+}
+
 static unsigned int nft_ipv6_output(const struct nf_hook_ops *ops,
                                    struct sk_buff *skb,
                                    const struct net_device *in,
                                    const struct net_device *out,
                                    int (*okfn)(struct sk_buff *))
 {
-       struct nft_pktinfo pkt;
-
        if (unlikely(skb->len < sizeof(struct ipv6hdr))) {
                if (net_ratelimit())
                        pr_info("nf_tables_ipv6: ignoring short SOCK_RAW "
                                "packet\n");
                return NF_ACCEPT;
        }
-       if (nft_set_pktinfo_ipv6(&pkt, ops, skb, in, out) < 0)
-               return NF_DROP;
 
-       return nft_do_chain_pktinfo(&pkt, ops);
+       return nft_do_chain_ipv6(ops, skb, in, out, okfn);
 }
 
-static struct nft_af_info nft_af_ipv6 __read_mostly = {
+struct nft_af_info nft_af_ipv6 __read_mostly = {
        .family         = NFPROTO_IPV6,
        .nhooks         = NF_INET_NUMHOOKS,
        .owner          = THIS_MODULE,
+       .nops           = 1,
        .hooks          = {
+               [NF_INET_LOCAL_IN]      = nft_do_chain_ipv6,
                [NF_INET_LOCAL_OUT]     = nft_ipv6_output,
+               [NF_INET_FORWARD]       = nft_do_chain_ipv6,
+               [NF_INET_PRE_ROUTING]   = nft_do_chain_ipv6,
+               [NF_INET_POST_ROUTING]  = nft_do_chain_ipv6,
        },
 };
+EXPORT_SYMBOL_GPL(nft_af_ipv6);
 
 static int nf_tables_ipv6_init_net(struct net *net)
 {
@@ -73,38 +90,16 @@ static struct pernet_operations nf_tables_ipv6_net_ops = {
        .exit   = nf_tables_ipv6_exit_net,
 };
 
-static unsigned int
-nft_do_chain_ipv6(const struct nf_hook_ops *ops,
-                 struct sk_buff *skb,
-                 const struct net_device *in,
-                 const struct net_device *out,
-                 int (*okfn)(struct sk_buff *))
-{
-       struct nft_pktinfo pkt;
-
-       /* malformed packet, drop it */
-       if (nft_set_pktinfo_ipv6(&pkt, ops, skb, in, out) < 0)
-               return NF_DROP;
-
-       return nft_do_chain_pktinfo(&pkt, ops);
-}
-
-static struct nf_chain_type filter_ipv6 = {
-       .family         = NFPROTO_IPV6,
+static const struct nf_chain_type filter_ipv6 = {
        .name           = "filter",
        .type           = NFT_CHAIN_T_DEFAULT,
+       .family         = NFPROTO_IPV6,
+       .owner          = THIS_MODULE,
        .hook_mask      = (1 << NF_INET_LOCAL_IN) |
                          (1 << NF_INET_LOCAL_OUT) |
                          (1 << NF_INET_FORWARD) |
                          (1 << NF_INET_PRE_ROUTING) |
                          (1 << NF_INET_POST_ROUTING),
-       .fn             = {
-               [NF_INET_LOCAL_IN]      = nft_do_chain_ipv6,
-               [NF_INET_LOCAL_OUT]     = nft_ipv6_output,
-               [NF_INET_FORWARD]       = nft_do_chain_ipv6,
-               [NF_INET_PRE_ROUTING]   = nft_do_chain_ipv6,
-               [NF_INET_POST_ROUTING]  = nft_do_chain_ipv6,
-       },
 };
 
 static int __init nf_tables_ipv6_init(void)