From patchwork Tue Dec 18 14:07:01 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jan Engelhardt X-Patchwork-Id: 207126 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 96DF72C0082 for ; Wed, 19 Dec 2012 01:07:08 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754959Ab2LROHF (ORCPT ); Tue, 18 Dec 2012 09:07:05 -0500 Received: from ares07.inai.de ([5.9.24.206]:44115 "EHLO ares07.inai.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754302Ab2LROHE (ORCPT ); Tue, 18 Dec 2012 09:07:04 -0500 Received: by ares07.inai.de (Postfix, from userid 25121) id 7E48696A06AE; Tue, 18 Dec 2012 15:07:01 +0100 (CET) From: Jan Engelhardt To: pablo@netfilter.org Cc: jhs@mojatatu.com, netfilter-devel@vger.kernel.org Subject: [PATCH] netfilter: xtables: remove table restrictions from some modules Date: Tue, 18 Dec 2012 15:07:01 +0100 Message-Id: <1355839621-14206-1-git-send-email-jengelh@inai.de> X-Mailer: git-send-email 1.7.10.4 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org I cannot think of a reason to limit the use of these modules to the "mangle" table or their hooks. TOS/DSCP is not only used to influence a routing decision, for example. Signed-off-by: Jan Engelhardt --- Are there any pitfalls I am not aware of? Could conntrack be upset if TCPOPTSTRIP/CHECKSUM can execute at different places? net/ipv4/netfilter/ipt_ECN.c | 1 - net/netfilter/xt_CHECKSUM.c | 1 - net/netfilter/xt_CLASSIFY.c | 3 --- net/netfilter/xt_DSCP.c | 4 ---- net/netfilter/xt_HL.c | 2 -- net/netfilter/xt_TCPOPTSTRIP.c | 2 -- 6 files changed, 13 deletions(-) diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c index 4bf3dc4..5508113 100644 --- a/net/ipv4/netfilter/ipt_ECN.c +++ b/net/ipv4/netfilter/ipt_ECN.c @@ -119,7 +119,6 @@ static struct xt_target ecn_tg_reg __read_mostly = { .family = NFPROTO_IPV4, .target = ecn_tg, .targetsize = sizeof(struct ipt_ECN_info), - .table = "mangle", .checkentry = ecn_tg_check, .me = THIS_MODULE, }; diff --git a/net/netfilter/xt_CHECKSUM.c b/net/netfilter/xt_CHECKSUM.c index 0f642ef..153d5c3 100644 --- a/net/netfilter/xt_CHECKSUM.c +++ b/net/netfilter/xt_CHECKSUM.c @@ -51,7 +51,6 @@ static struct xt_target checksum_tg_reg __read_mostly = { .family = NFPROTO_UNSPEC, .target = checksum_tg, .targetsize = sizeof(struct xt_CHECKSUM_info), - .table = "mangle", .checkentry = checksum_tg_check, .me = THIS_MODULE, }; diff --git a/net/netfilter/xt_CLASSIFY.c b/net/netfilter/xt_CLASSIFY.c index af9c4da..c988093 100644 --- a/net/netfilter/xt_CLASSIFY.c +++ b/net/netfilter/xt_CLASSIFY.c @@ -42,8 +42,6 @@ static struct xt_target classify_tg_reg[] __read_mostly = { .name = "CLASSIFY", .revision = 0, .family = NFPROTO_UNSPEC, - .hooks = (1 << NF_INET_LOCAL_OUT) | (1 << NF_INET_FORWARD) | - (1 << NF_INET_POST_ROUTING), .target = classify_tg, .targetsize = sizeof(struct xt_classify_target_info), .me = THIS_MODULE, @@ -52,7 +50,6 @@ static struct xt_target classify_tg_reg[] __read_mostly = { .name = "CLASSIFY", .revision = 0, .family = NFPROTO_ARP, - .hooks = (1 << NF_ARP_OUT) | (1 << NF_ARP_FORWARD), .target = classify_tg, .targetsize = sizeof(struct xt_classify_target_info), .me = THIS_MODULE, diff --git a/net/netfilter/xt_DSCP.c b/net/netfilter/xt_DSCP.c index ae82716..0a9ff64 100644 --- a/net/netfilter/xt_DSCP.c +++ b/net/netfilter/xt_DSCP.c @@ -118,7 +118,6 @@ static struct xt_target dscp_tg_reg[] __read_mostly = { .checkentry = dscp_tg_check, .target = dscp_tg, .targetsize = sizeof(struct xt_DSCP_info), - .table = "mangle", .me = THIS_MODULE, }, { @@ -127,14 +126,12 @@ static struct xt_target dscp_tg_reg[] __read_mostly = { .checkentry = dscp_tg_check, .target = dscp_tg6, .targetsize = sizeof(struct xt_DSCP_info), - .table = "mangle", .me = THIS_MODULE, }, { .name = "TOS", .revision = 1, .family = NFPROTO_IPV4, - .table = "mangle", .target = tos_tg, .targetsize = sizeof(struct xt_tos_target_info), .me = THIS_MODULE, @@ -143,7 +140,6 @@ static struct xt_target dscp_tg_reg[] __read_mostly = { .name = "TOS", .revision = 1, .family = NFPROTO_IPV6, - .table = "mangle", .target = tos_tg6, .targetsize = sizeof(struct xt_tos_target_info), .me = THIS_MODULE, diff --git a/net/netfilter/xt_HL.c b/net/netfilter/xt_HL.c index 1535e87..4da5db3 100644 --- a/net/netfilter/xt_HL.c +++ b/net/netfilter/xt_HL.c @@ -137,7 +137,6 @@ static struct xt_target hl_tg_reg[] __read_mostly = { .family = NFPROTO_IPV4, .target = ttl_tg, .targetsize = sizeof(struct ipt_TTL_info), - .table = "mangle", .checkentry = ttl_tg_check, .me = THIS_MODULE, }, @@ -147,7 +146,6 @@ static struct xt_target hl_tg_reg[] __read_mostly = { .family = NFPROTO_IPV6, .target = hl_tg6, .targetsize = sizeof(struct ip6t_HL_info), - .table = "mangle", .checkentry = hl_tg6_check, .me = THIS_MODULE, }, diff --git a/net/netfilter/xt_TCPOPTSTRIP.c b/net/netfilter/xt_TCPOPTSTRIP.c index 25fd1c4..b42c02e 100644 --- a/net/netfilter/xt_TCPOPTSTRIP.c +++ b/net/netfilter/xt_TCPOPTSTRIP.c @@ -103,7 +103,6 @@ static struct xt_target tcpoptstrip_tg_reg[] __read_mostly = { { .name = "TCPOPTSTRIP", .family = NFPROTO_IPV4, - .table = "mangle", .proto = IPPROTO_TCP, .target = tcpoptstrip_tg4, .targetsize = sizeof(struct xt_tcpoptstrip_target_info), @@ -113,7 +112,6 @@ static struct xt_target tcpoptstrip_tg_reg[] __read_mostly = { { .name = "TCPOPTSTRIP", .family = NFPROTO_IPV6, - .table = "mangle", .proto = IPPROTO_TCP, .target = tcpoptstrip_tg6, .targetsize = sizeof(struct xt_tcpoptstrip_target_info),