netfilter: xtables: compact table hook functions (1/2)

[net-next-2.6.git] / net / ipv4 / netfilter / iptable_filter.c

diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index df566cbd68e555ccec91b95e6a3d8e4e518b17bd..5369833ad56acb9589119d77bb9efac8eeb5c7d7 100644 (file)
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -60,61 +60,43 @@ static const struct xt_table packet_filter = {
        .af             = NFPROTO_IPV4,
 };
 
-/* The work comes in here from netfilter.c. */
 static unsigned int
-ipt_local_in_hook(unsigned int hook,
-                 struct sk_buff *skb,
-                 const struct net_device *in,
-                 const struct net_device *out,
-                 int (*okfn)(struct sk_buff *))
+iptable_filter_hook(unsigned int hook, struct sk_buff *skb,
+                   const struct net_device *in, const struct net_device *out,
+                   int (*okfn)(struct sk_buff *))
 {
-       return ipt_do_table(skb, hook, in, out,
-                           dev_net(in)->ipv4.iptable_filter);
-}
+       if (hook == NF_INET_LOCAL_OUT) {
+               if (skb->len < sizeof(struct iphdr) ||
+                   ip_hdrlen(skb) < sizeof(struct iphdr))
+                       /* root is playing with raw sockets. */
+                       return NF_ACCEPT;
+
+               return ipt_do_table(skb, hook, in, out,
+                                   dev_net(out)->ipv4.iptable_filter);
+       }
 
-static unsigned int
-ipt_hook(unsigned int hook,
-        struct sk_buff *skb,
-        const struct net_device *in,
-        const struct net_device *out,
-        int (*okfn)(struct sk_buff *))
-{
+       /* LOCAL_IN/FORWARD: */
        return ipt_do_table(skb, hook, in, out,
                            dev_net(in)->ipv4.iptable_filter);
 }
 
-static unsigned int
-ipt_local_out_hook(unsigned int hook,
-                  struct sk_buff *skb,
-                  const struct net_device *in,
-                  const struct net_device *out,
-                  int (*okfn)(struct sk_buff *))
-{
-       /* root is playing with raw sockets. */
-       if (skb->len < sizeof(struct iphdr) ||
-           ip_hdrlen(skb) < sizeof(struct iphdr))
-               return NF_ACCEPT;
-       return ipt_do_table(skb, hook, in, out,
-                           dev_net(out)->ipv4.iptable_filter);
-}
-
 static struct nf_hook_ops ipt_ops[] __read_mostly = {
        {
-               .hook           = ipt_local_in_hook,
+               .hook           = iptable_filter_hook,
                .owner          = THIS_MODULE,
                .pf             = NFPROTO_IPV4,
                .hooknum        = NF_INET_LOCAL_IN,
                .priority       = NF_IP_PRI_FILTER,
        },
        {
-               .hook           = ipt_hook,
+               .hook           = iptable_filter_hook,
                .owner          = THIS_MODULE,
                .pf             = NFPROTO_IPV4,
                .hooknum        = NF_INET_FORWARD,
                .priority       = NF_IP_PRI_FILTER,
        },
        {
-               .hook           = ipt_local_out_hook,
+               .hook           = iptable_filter_hook,
                .owner          = THIS_MODULE,
                .pf             = NFPROTO_IPV4,
                .hooknum        = NF_INET_LOCAL_OUT,
@@ -138,7 +120,7 @@ static int __net_init iptable_filter_net_init(struct net *net)
 
 static void __net_exit iptable_filter_net_exit(struct net *net)
 {
-       ipt_unregister_table(net->ipv4.iptable_filter);
+       ipt_unregister_table(net, net->ipv4.iptable_filter);
 }
 
 static struct pernet_operations iptable_filter_net_ops = {