2 * This is a module which is used for queueing packets and communicating with
3 * userspace via nfetlink.
5 * (C) 2005 by Harald Welte <laforge@netfilter.org>
6 * (C) 2007 by Patrick McHardy <kaber@trash.net>
8 * Based on the old ipv4-only ip_queue.c:
9 * (C) 2000-2002 James Morris <jmorris@intercode.com.au>
10 * (C) 2003-2005 Netfilter Core Team <coreteam@netfilter.org>
12 * This program is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License version 2 as
14 * published by the Free Software Foundation.
17 #include <linux/module.h>
18 #include <linux/skbuff.h>
19 #include <linux/init.h>
20 #include <linux/spinlock.h>
21 #include <linux/notifier.h>
22 #include <linux/netdevice.h>
23 #include <linux/netfilter.h>
24 #include <linux/proc_fs.h>
25 #include <linux/netfilter_ipv4.h>
26 #include <linux/netfilter_ipv6.h>
27 #include <linux/netfilter/nfnetlink.h>
28 #include <linux/netfilter/nfnetlink_queue.h>
29 #include <linux/list.h>
31 #include <net/netfilter/nf_queue.h>
33 #include <asm/atomic.h>
35 #ifdef CONFIG_BRIDGE_NETFILTER
36 #include "../bridge/br_private.h"
39 #define NFQNL_QMAX_DEFAULT 1024
41 struct nfqnl_instance {
42 struct hlist_node hlist; /* global list of queues */
46 unsigned int queue_maxlen;
47 unsigned int copy_range;
48 unsigned int queue_total;
49 unsigned int queue_dropped;
50 unsigned int queue_user_dropped;
52 unsigned int id_sequence; /* 'sequence' of pkt ids */
54 u_int16_t queue_num; /* number of this queue */
59 struct list_head queue_list; /* packets in queue */
62 typedef int (*nfqnl_cmpfn)(struct nf_queue_entry *, unsigned long);
64 static DEFINE_SPINLOCK(instances_lock);
66 #define INSTANCE_BUCKETS 16
67 static struct hlist_head instance_table[INSTANCE_BUCKETS] __read_mostly;
69 static inline u_int8_t instance_hashfn(u_int16_t queue_num)
71 return ((queue_num >> 8) | queue_num) % INSTANCE_BUCKETS;
74 static struct nfqnl_instance *
75 instance_lookup(u_int16_t queue_num)
77 struct hlist_head *head;
78 struct hlist_node *pos;
79 struct nfqnl_instance *inst;
81 head = &instance_table[instance_hashfn(queue_num)];
82 hlist_for_each_entry_rcu(inst, pos, head, hlist) {
83 if (inst->queue_num == queue_num)
89 static struct nfqnl_instance *
90 instance_create(u_int16_t queue_num, int pid)
92 struct nfqnl_instance *inst = NULL;
95 spin_lock(&instances_lock);
96 if (instance_lookup(queue_num))
99 inst = kzalloc(sizeof(*inst), GFP_ATOMIC);
103 inst->queue_num = queue_num;
104 inst->peer_pid = pid;
105 inst->queue_maxlen = NFQNL_QMAX_DEFAULT;
106 inst->copy_range = 0xfffff;
107 inst->copy_mode = NFQNL_COPY_NONE;
108 spin_lock_init(&inst->lock);
109 INIT_LIST_HEAD(&inst->queue_list);
110 INIT_RCU_HEAD(&inst->rcu);
112 if (!try_module_get(THIS_MODULE))
115 h = instance_hashfn(queue_num);
116 hlist_add_head_rcu(&inst->hlist, &instance_table[h]);
118 spin_unlock(&instances_lock);
125 spin_unlock(&instances_lock);
129 static void nfqnl_flush(struct nfqnl_instance *queue, nfqnl_cmpfn cmpfn,
133 instance_destroy_rcu(struct rcu_head *head)
135 struct nfqnl_instance *inst = container_of(head, struct nfqnl_instance,
138 nfqnl_flush(inst, NULL, 0);
140 module_put(THIS_MODULE);
144 __instance_destroy(struct nfqnl_instance *inst)
146 hlist_del_rcu(&inst->hlist);
147 call_rcu(&inst->rcu, instance_destroy_rcu);
151 instance_destroy(struct nfqnl_instance *inst)
153 spin_lock(&instances_lock);
154 __instance_destroy(inst);
155 spin_unlock(&instances_lock);
159 __enqueue_entry(struct nfqnl_instance *queue, struct nf_queue_entry *entry)
161 list_add_tail(&entry->list, &queue->queue_list);
162 queue->queue_total++;
165 static struct nf_queue_entry *
166 find_dequeue_entry(struct nfqnl_instance *queue, unsigned int id)
168 struct nf_queue_entry *entry = NULL, *i;
170 spin_lock_bh(&queue->lock);
172 list_for_each_entry(i, &queue->queue_list, list) {
180 list_del(&entry->list);
181 queue->queue_total--;
184 spin_unlock_bh(&queue->lock);
190 nfqnl_flush(struct nfqnl_instance *queue, nfqnl_cmpfn cmpfn, unsigned long data)
192 struct nf_queue_entry *entry, *next;
194 spin_lock_bh(&queue->lock);
195 list_for_each_entry_safe(entry, next, &queue->queue_list, list) {
196 if (!cmpfn || cmpfn(entry, data)) {
197 list_del(&entry->list);
198 queue->queue_total--;
199 nf_reinject(entry, NF_DROP);
202 spin_unlock_bh(&queue->lock);
205 static struct sk_buff *
206 nfqnl_build_packet_message(struct nfqnl_instance *queue,
207 struct nf_queue_entry *entry)
209 sk_buff_data_t old_tail;
213 struct nfqnl_msg_packet_hdr pmsg;
214 struct nlmsghdr *nlh;
215 struct nfgenmsg *nfmsg;
216 struct sk_buff *entskb = entry->skb;
217 struct net_device *indev;
218 struct net_device *outdev;
220 size = NLMSG_ALIGN(sizeof(struct nfgenmsg))
221 + nla_total_size(sizeof(struct nfqnl_msg_packet_hdr))
222 + nla_total_size(sizeof(u_int32_t)) /* ifindex */
223 + nla_total_size(sizeof(u_int32_t)) /* ifindex */
224 #ifdef CONFIG_BRIDGE_NETFILTER
225 + nla_total_size(sizeof(u_int32_t)) /* ifindex */
226 + nla_total_size(sizeof(u_int32_t)) /* ifindex */
228 + nla_total_size(sizeof(u_int32_t)) /* mark */
229 + nla_total_size(sizeof(struct nfqnl_msg_packet_hw))
230 + nla_total_size(sizeof(struct nfqnl_msg_packet_timestamp));
232 outdev = entry->outdev;
234 spin_lock_bh(&queue->lock);
236 switch ((enum nfqnl_config_mode)queue->copy_mode) {
237 case NFQNL_COPY_META:
238 case NFQNL_COPY_NONE:
242 case NFQNL_COPY_PACKET:
243 if ((entskb->ip_summed == CHECKSUM_PARTIAL ||
244 entskb->ip_summed == CHECKSUM_COMPLETE) &&
245 skb_checksum_help(entskb)) {
246 spin_unlock_bh(&queue->lock);
249 if (queue->copy_range == 0
250 || queue->copy_range > entskb->len)
251 data_len = entskb->len;
253 data_len = queue->copy_range;
255 size += nla_total_size(data_len);
259 entry->id = queue->id_sequence++;
261 spin_unlock_bh(&queue->lock);
263 skb = alloc_skb(size, GFP_ATOMIC);
267 old_tail = skb->tail;
268 nlh = NLMSG_PUT(skb, 0, 0,
269 NFNL_SUBSYS_QUEUE << 8 | NFQNL_MSG_PACKET,
270 sizeof(struct nfgenmsg));
271 nfmsg = NLMSG_DATA(nlh);
272 nfmsg->nfgen_family = entry->pf;
273 nfmsg->version = NFNETLINK_V0;
274 nfmsg->res_id = htons(queue->queue_num);
276 pmsg.packet_id = htonl(entry->id);
277 pmsg.hw_protocol = entskb->protocol;
278 pmsg.hook = entry->hook;
280 NLA_PUT(skb, NFQA_PACKET_HDR, sizeof(pmsg), &pmsg);
282 indev = entry->indev;
284 #ifndef CONFIG_BRIDGE_NETFILTER
285 NLA_PUT_BE32(skb, NFQA_IFINDEX_INDEV, htonl(indev->ifindex));
287 if (entry->pf == PF_BRIDGE) {
288 /* Case 1: indev is physical input device, we need to
289 * look for bridge group (when called from
290 * netfilter_bridge) */
291 NLA_PUT_BE32(skb, NFQA_IFINDEX_PHYSINDEV,
292 htonl(indev->ifindex));
293 /* this is the bridge group "brX" */
294 NLA_PUT_BE32(skb, NFQA_IFINDEX_INDEV,
295 htonl(indev->br_port->br->dev->ifindex));
297 /* Case 2: indev is bridge group, we need to look for
298 * physical device (when called from ipv4) */
299 NLA_PUT_BE32(skb, NFQA_IFINDEX_INDEV,
300 htonl(indev->ifindex));
301 if (entskb->nf_bridge && entskb->nf_bridge->physindev)
302 NLA_PUT_BE32(skb, NFQA_IFINDEX_PHYSINDEV,
303 htonl(entskb->nf_bridge->physindev->ifindex));
309 #ifndef CONFIG_BRIDGE_NETFILTER
310 NLA_PUT_BE32(skb, NFQA_IFINDEX_OUTDEV, htonl(outdev->ifindex));
312 if (entry->pf == PF_BRIDGE) {
313 /* Case 1: outdev is physical output device, we need to
314 * look for bridge group (when called from
315 * netfilter_bridge) */
316 NLA_PUT_BE32(skb, NFQA_IFINDEX_PHYSOUTDEV,
317 htonl(outdev->ifindex));
318 /* this is the bridge group "brX" */
319 NLA_PUT_BE32(skb, NFQA_IFINDEX_OUTDEV,
320 htonl(outdev->br_port->br->dev->ifindex));
322 /* Case 2: outdev is bridge group, we need to look for
323 * physical output device (when called from ipv4) */
324 NLA_PUT_BE32(skb, NFQA_IFINDEX_OUTDEV,
325 htonl(outdev->ifindex));
326 if (entskb->nf_bridge && entskb->nf_bridge->physoutdev)
327 NLA_PUT_BE32(skb, NFQA_IFINDEX_PHYSOUTDEV,
328 htonl(entskb->nf_bridge->physoutdev->ifindex));
334 NLA_PUT_BE32(skb, NFQA_MARK, htonl(entskb->mark));
336 if (indev && entskb->dev) {
337 struct nfqnl_msg_packet_hw phw;
338 int len = dev_parse_header(entskb, phw.hw_addr);
340 phw.hw_addrlen = htons(len);
341 NLA_PUT(skb, NFQA_HWADDR, sizeof(phw), &phw);
345 if (entskb->tstamp.tv64) {
346 struct nfqnl_msg_packet_timestamp ts;
347 struct timeval tv = ktime_to_timeval(entskb->tstamp);
348 ts.sec = cpu_to_be64(tv.tv_sec);
349 ts.usec = cpu_to_be64(tv.tv_usec);
351 NLA_PUT(skb, NFQA_TIMESTAMP, sizeof(ts), &ts);
356 int size = nla_attr_size(data_len);
358 if (skb_tailroom(skb) < nla_total_size(data_len)) {
359 printk(KERN_WARNING "nf_queue: no tailroom!\n");
363 nla = (struct nlattr *)skb_put(skb, nla_total_size(data_len));
364 nla->nla_type = NFQA_PAYLOAD;
367 if (skb_copy_bits(entskb, 0, nla_data(nla), data_len))
371 nlh->nlmsg_len = skb->tail - old_tail;
379 printk(KERN_ERR "nf_queue: error creating packet message\n");
384 nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum)
386 struct sk_buff *nskb;
387 struct nfqnl_instance *queue;
390 /* rcu_read_lock()ed by nf_hook_slow() */
391 queue = instance_lookup(queuenum);
395 if (queue->copy_mode == NFQNL_COPY_NONE)
398 nskb = nfqnl_build_packet_message(queue, entry);
402 spin_lock_bh(&queue->lock);
404 if (!queue->peer_pid)
405 goto err_out_free_nskb;
407 if (queue->queue_total >= queue->queue_maxlen) {
408 queue->queue_dropped++;
410 printk(KERN_WARNING "nf_queue: full at %d entries, "
411 "dropping packets(s). Dropped: %d\n",
412 queue->queue_total, queue->queue_dropped);
413 goto err_out_free_nskb;
416 /* nfnetlink_unicast will either free the nskb or add it to a socket */
417 err = nfnetlink_unicast(nskb, queue->peer_pid, MSG_DONTWAIT);
419 queue->queue_user_dropped++;
423 __enqueue_entry(queue, entry);
425 spin_unlock_bh(&queue->lock);
431 spin_unlock_bh(&queue->lock);
437 nfqnl_mangle(void *data, int data_len, struct nf_queue_entry *e)
442 diff = data_len - e->skb->len;
444 if (pskb_trim(e->skb, data_len))
446 } else if (diff > 0) {
447 if (data_len > 0xFFFF)
449 if (diff > skb_tailroom(e->skb)) {
450 err = pskb_expand_head(e->skb, 0,
451 diff - skb_tailroom(e->skb),
454 printk(KERN_WARNING "nf_queue: OOM "
455 "in mangle, dropping packet\n");
459 skb_put(e->skb, diff);
461 if (!skb_make_writable(e->skb, data_len))
463 skb_copy_to_linear_data(e->skb, data, data_len);
464 e->skb->ip_summed = CHECKSUM_NONE;
469 nfqnl_set_mode(struct nfqnl_instance *queue,
470 unsigned char mode, unsigned int range)
474 spin_lock_bh(&queue->lock);
476 case NFQNL_COPY_NONE:
477 case NFQNL_COPY_META:
478 queue->copy_mode = mode;
479 queue->copy_range = 0;
482 case NFQNL_COPY_PACKET:
483 queue->copy_mode = mode;
484 /* we're using struct nlattr which has 16bit nla_len */
486 queue->copy_range = 0xffff;
488 queue->copy_range = range;
495 spin_unlock_bh(&queue->lock);
501 dev_cmp(struct nf_queue_entry *entry, unsigned long ifindex)
504 if (entry->indev->ifindex == ifindex)
507 if (entry->outdev->ifindex == ifindex)
509 #ifdef CONFIG_BRIDGE_NETFILTER
510 if (entry->skb->nf_bridge) {
511 if (entry->skb->nf_bridge->physindev &&
512 entry->skb->nf_bridge->physindev->ifindex == ifindex)
514 if (entry->skb->nf_bridge->physoutdev &&
515 entry->skb->nf_bridge->physoutdev->ifindex == ifindex)
522 /* drop all packets with either indev or outdev == ifindex from all queue
525 nfqnl_dev_drop(int ifindex)
531 for (i = 0; i < INSTANCE_BUCKETS; i++) {
532 struct hlist_node *tmp;
533 struct nfqnl_instance *inst;
534 struct hlist_head *head = &instance_table[i];
536 hlist_for_each_entry_rcu(inst, tmp, head, hlist)
537 nfqnl_flush(inst, dev_cmp, ifindex);
543 #define RCV_SKB_FAIL(err) do { netlink_ack(skb, nlh, (err)); return; } while (0)
546 nfqnl_rcv_dev_event(struct notifier_block *this,
547 unsigned long event, void *ptr)
549 struct net_device *dev = ptr;
551 if (dev->nd_net != &init_net)
554 /* Drop any packets associated with the downed device */
555 if (event == NETDEV_DOWN)
556 nfqnl_dev_drop(dev->ifindex);
560 static struct notifier_block nfqnl_dev_notifier = {
561 .notifier_call = nfqnl_rcv_dev_event,
565 nfqnl_rcv_nl_event(struct notifier_block *this,
566 unsigned long event, void *ptr)
568 struct netlink_notify *n = ptr;
570 if (event == NETLINK_URELEASE &&
571 n->protocol == NETLINK_NETFILTER && n->pid) {
574 /* destroy all instances for this pid */
575 spin_lock(&instances_lock);
576 for (i = 0; i < INSTANCE_BUCKETS; i++) {
577 struct hlist_node *tmp, *t2;
578 struct nfqnl_instance *inst;
579 struct hlist_head *head = &instance_table[i];
581 hlist_for_each_entry_safe(inst, tmp, t2, head, hlist) {
582 if ((n->net == &init_net) &&
583 (n->pid == inst->peer_pid))
584 __instance_destroy(inst);
587 spin_unlock(&instances_lock);
592 static struct notifier_block nfqnl_rtnl_notifier = {
593 .notifier_call = nfqnl_rcv_nl_event,
596 static const struct nla_policy nfqa_verdict_policy[NFQA_MAX+1] = {
597 [NFQA_VERDICT_HDR] = { .len = sizeof(struct nfqnl_msg_verdict_hdr) },
598 [NFQA_MARK] = { .type = NLA_U32 },
599 [NFQA_PAYLOAD] = { .type = NLA_UNSPEC },
603 nfqnl_recv_verdict(struct sock *ctnl, struct sk_buff *skb,
604 struct nlmsghdr *nlh, struct nlattr *nfqa[])
606 struct nfgenmsg *nfmsg = NLMSG_DATA(nlh);
607 u_int16_t queue_num = ntohs(nfmsg->res_id);
609 struct nfqnl_msg_verdict_hdr *vhdr;
610 struct nfqnl_instance *queue;
611 unsigned int verdict;
612 struct nf_queue_entry *entry;
616 queue = instance_lookup(queue_num);
622 if (queue->peer_pid != NETLINK_CB(skb).pid) {
627 if (!nfqa[NFQA_VERDICT_HDR]) {
632 vhdr = nla_data(nfqa[NFQA_VERDICT_HDR]);
633 verdict = ntohl(vhdr->verdict);
635 if ((verdict & NF_VERDICT_MASK) > NF_MAX_VERDICT) {
640 entry = find_dequeue_entry(queue, ntohl(vhdr->id));
647 if (nfqa[NFQA_PAYLOAD]) {
648 if (nfqnl_mangle(nla_data(nfqa[NFQA_PAYLOAD]),
649 nla_len(nfqa[NFQA_PAYLOAD]), entry) < 0)
654 entry->skb->mark = ntohl(nla_get_be32(nfqa[NFQA_MARK]));
656 nf_reinject(entry, verdict);
665 nfqnl_recv_unsupp(struct sock *ctnl, struct sk_buff *skb,
666 struct nlmsghdr *nlh, struct nlattr *nfqa[])
671 static const struct nla_policy nfqa_cfg_policy[NFQA_CFG_MAX+1] = {
672 [NFQA_CFG_CMD] = { .len = sizeof(struct nfqnl_msg_config_cmd) },
673 [NFQA_CFG_PARAMS] = { .len = sizeof(struct nfqnl_msg_config_params) },
676 static const struct nf_queue_handler nfqh = {
678 .outfn = &nfqnl_enqueue_packet,
682 nfqnl_recv_config(struct sock *ctnl, struct sk_buff *skb,
683 struct nlmsghdr *nlh, struct nlattr *nfqa[])
685 struct nfgenmsg *nfmsg = NLMSG_DATA(nlh);
686 u_int16_t queue_num = ntohs(nfmsg->res_id);
687 struct nfqnl_instance *queue;
688 struct nfqnl_msg_config_cmd *cmd = NULL;
691 if (nfqa[NFQA_CFG_CMD]) {
692 cmd = nla_data(nfqa[NFQA_CFG_CMD]);
694 /* Commands without queue context - might sleep */
695 switch (cmd->command) {
696 case NFQNL_CFG_CMD_PF_BIND:
697 ret = nf_register_queue_handler(ntohs(cmd->pf),
700 case NFQNL_CFG_CMD_PF_UNBIND:
701 ret = nf_unregister_queue_handler(ntohs(cmd->pf),
713 queue = instance_lookup(queue_num);
714 if (queue && queue->peer_pid != NETLINK_CB(skb).pid) {
720 switch (cmd->command) {
721 case NFQNL_CFG_CMD_BIND:
726 queue = instance_create(queue_num, NETLINK_CB(skb).pid);
732 case NFQNL_CFG_CMD_UNBIND:
737 instance_destroy(queue);
739 case NFQNL_CFG_CMD_PF_BIND:
740 case NFQNL_CFG_CMD_PF_UNBIND:
748 if (nfqa[NFQA_CFG_PARAMS]) {
749 struct nfqnl_msg_config_params *params;
755 params = nla_data(nfqa[NFQA_CFG_PARAMS]);
756 nfqnl_set_mode(queue, params->copy_mode,
757 ntohl(params->copy_range));
760 if (nfqa[NFQA_CFG_QUEUE_MAXLEN]) {
761 __be32 *queue_maxlen;
767 queue_maxlen = nla_data(nfqa[NFQA_CFG_QUEUE_MAXLEN]);
768 spin_lock_bh(&queue->lock);
769 queue->queue_maxlen = ntohl(*queue_maxlen);
770 spin_unlock_bh(&queue->lock);
778 static const struct nfnl_callback nfqnl_cb[NFQNL_MSG_MAX] = {
779 [NFQNL_MSG_PACKET] = { .call = nfqnl_recv_unsupp,
780 .attr_count = NFQA_MAX, },
781 [NFQNL_MSG_VERDICT] = { .call = nfqnl_recv_verdict,
782 .attr_count = NFQA_MAX,
783 .policy = nfqa_verdict_policy },
784 [NFQNL_MSG_CONFIG] = { .call = nfqnl_recv_config,
785 .attr_count = NFQA_CFG_MAX,
786 .policy = nfqa_cfg_policy },
789 static const struct nfnetlink_subsystem nfqnl_subsys = {
791 .subsys_id = NFNL_SUBSYS_QUEUE,
792 .cb_count = NFQNL_MSG_MAX,
796 #ifdef CONFIG_PROC_FS
801 static struct hlist_node *get_first(struct seq_file *seq)
803 struct iter_state *st = seq->private;
808 for (st->bucket = 0; st->bucket < INSTANCE_BUCKETS; st->bucket++) {
809 if (!hlist_empty(&instance_table[st->bucket]))
810 return instance_table[st->bucket].first;
815 static struct hlist_node *get_next(struct seq_file *seq, struct hlist_node *h)
817 struct iter_state *st = seq->private;
821 if (++st->bucket >= INSTANCE_BUCKETS)
824 h = instance_table[st->bucket].first;
829 static struct hlist_node *get_idx(struct seq_file *seq, loff_t pos)
831 struct hlist_node *head;
832 head = get_first(seq);
835 while (pos && (head = get_next(seq, head)))
837 return pos ? NULL : head;
840 static void *seq_start(struct seq_file *seq, loff_t *pos)
842 spin_lock(&instances_lock);
843 return get_idx(seq, *pos);
846 static void *seq_next(struct seq_file *s, void *v, loff_t *pos)
849 return get_next(s, v);
852 static void seq_stop(struct seq_file *s, void *v)
854 spin_unlock(&instances_lock);
857 static int seq_show(struct seq_file *s, void *v)
859 const struct nfqnl_instance *inst = v;
861 return seq_printf(s, "%5d %6d %5d %1d %5d %5d %5d %8d %2d\n",
863 inst->peer_pid, inst->queue_total,
864 inst->copy_mode, inst->copy_range,
865 inst->queue_dropped, inst->queue_user_dropped,
866 inst->id_sequence, 1);
869 static const struct seq_operations nfqnl_seq_ops = {
876 static int nfqnl_open(struct inode *inode, struct file *file)
878 return seq_open_private(file, &nfqnl_seq_ops,
879 sizeof(struct iter_state));
882 static const struct file_operations nfqnl_file_ops = {
883 .owner = THIS_MODULE,
887 .release = seq_release_private,
892 static int __init nfnetlink_queue_init(void)
894 int i, status = -ENOMEM;
895 #ifdef CONFIG_PROC_FS
896 struct proc_dir_entry *proc_nfqueue;
899 for (i = 0; i < INSTANCE_BUCKETS; i++)
900 INIT_HLIST_HEAD(&instance_table[i]);
902 netlink_register_notifier(&nfqnl_rtnl_notifier);
903 status = nfnetlink_subsys_register(&nfqnl_subsys);
905 printk(KERN_ERR "nf_queue: failed to create netlink socket\n");
906 goto cleanup_netlink_notifier;
909 #ifdef CONFIG_PROC_FS
910 proc_nfqueue = create_proc_entry("nfnetlink_queue", 0440,
914 proc_nfqueue->proc_fops = &nfqnl_file_ops;
917 register_netdevice_notifier(&nfqnl_dev_notifier);
920 #ifdef CONFIG_PROC_FS
922 nfnetlink_subsys_unregister(&nfqnl_subsys);
924 cleanup_netlink_notifier:
925 netlink_unregister_notifier(&nfqnl_rtnl_notifier);
929 static void __exit nfnetlink_queue_fini(void)
931 nf_unregister_queue_handlers(&nfqh);
932 unregister_netdevice_notifier(&nfqnl_dev_notifier);
933 #ifdef CONFIG_PROC_FS
934 remove_proc_entry("nfnetlink_queue", proc_net_netfilter);
936 nfnetlink_subsys_unregister(&nfqnl_subsys);
937 netlink_unregister_notifier(&nfqnl_rtnl_notifier);
940 MODULE_DESCRIPTION("netfilter packet queue handler");
941 MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
942 MODULE_LICENSE("GPL");
943 MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_QUEUE);
945 module_init(nfnetlink_queue_init);
946 module_exit(nfnetlink_queue_fini);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob