039b40ee58
nf_unregister_net_hook(s) can avoid a second call to synchronize_net, provided there is no nfqueue active in that net namespace (which is the common case). This also gets rid of the extra arg to nf_queue_nf_hook_drop(), normally this gets called during netns cleanup so no packets should be queued. For the rare case of base chain being unregistered or module removal while nfqueue is in use the extra hiccup due to the packet drops isn't a big deal. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
24 lines
569 B
C
24 lines
569 B
C
#ifndef _NF_INTERNALS_H
|
|
#define _NF_INTERNALS_H
|
|
|
|
#include <linux/list.h>
|
|
#include <linux/skbuff.h>
|
|
#include <linux/netdevice.h>
|
|
|
|
#ifdef CONFIG_NETFILTER_DEBUG
|
|
#define NFDEBUG(format, args...) printk(KERN_DEBUG format , ## args)
|
|
#else
|
|
#define NFDEBUG(format, args...)
|
|
#endif
|
|
|
|
/* nf_queue.c */
|
|
int nf_queue(struct sk_buff *skb, struct nf_hook_state *state,
|
|
struct nf_hook_entry **entryp, unsigned int verdict);
|
|
unsigned int nf_queue_nf_hook_drop(struct net *net);
|
|
int __init netfilter_queue_init(void);
|
|
|
|
/* nf_log.c */
|
|
int __init netfilter_log_init(void);
|
|
|
|
#endif
|