Use register_pernet_subsys for nf hook registration

2026-01-30 06:00:34 +03:00 · 2025-01-10 13:10:55 +03:00
parent 2e67c161f8
commit 351bbfb097
1 changed files with 51 additions and 60 deletions
--- a/src/kytunblock.c
+++ b/src/kytunblock.c
@@ -459,91 +459,91 @@ send_verdict:
 	return nf_verdict;
 }
-
+static struct nf_hook_ops ykb_hook_ops[] = {
-static struct nf_hook_ops ykb_nf_reg __read_mostly = {
+{
 	.hook		= ykb_nf_hook,
 	.pf		= NFPROTO_IPV4,
 	.hooknum	= NF_INET_POST_ROUTING,
 	.priority	= NF_IP_PRI_MANGLE,
-};
+}
-
+#ifndef NO_IPV6
-static struct nf_hook_ops ykb6_nf_reg __read_mostly = {
+,{
 	.hook		= ykb_nf_hook,
 	.pf		= NFPROTO_IPV6,
 	.hooknum	= NF_INET_POST_ROUTING,
 	.priority	= NF_IP6_PRI_MANGLE,
 }
 #endif
 };
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)
 static int ykb_net_init(struct net *net)
 {
 	return nf_register_net_hooks(net, ykb_hook_ops, sizeof(ykb_hook_ops));
 }
 static void ykb_net_exit(struct net *net)
 {
 	nf_unregister_net_hooks(net, ykb_hook_ops, sizeof(ykb_hook_ops));
 }
 static struct pernet_operations ykb_pernet_ops = {
 	.init = ykb_net_init,
 	.exit = ykb_net_exit
 };
 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0) */
 static int __init ykb_init(void) {
 	int ret;
 #ifdef NO_CONNTRACK
 	lgwarning("Conntrack is disabled.");
 #endif
 #ifdef NO_IPV6
 	lgwarning("IPv6 is disabled.");
 #endif
-
+	
 	int ret = 0;
 	struct net *n;
 	ret = init_config(&config);
 	if (ret < 0) goto err;
 	ret = open_raw_socket();
 	if (ret < 0) goto err;
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0)
 	for_each_net(n) {
 		ret = nf_register_net_hook(n, &ykb_nf_reg);
 		if (ret < 0) { 
 			lgerror(ret, "register net_hook");
 		}
 	}
 #else
 	ret = nf_register_hook(&ykb_nf_reg);
 	if (ret < 0) {
-		lgerror(ret, "register net_hook");
+		lgerror(ret, "ipv4 rawsocket initialization failed!");
 		goto err;
 	}
 #endif
 #ifndef NO_IPV6
 	ret = open_raw6_socket();
 	if (ret < 0) {
-		lgerror(ret, "ipv6 initialization failed!");
+		lgerror(ret, "ipv6 rawsocket initialization failed!");
-
+		goto err_close4_sock;
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0)
 		for_each_net(n)
 			nf_unregister_net_hook(n, &ykb_nf_reg);
 #else
 		nf_unregister_hook(&ykb_nf_reg);
 #endif
 		goto err;
 	}
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0)
 	for_each_net(n) {
 		ret = nf_register_net_hook(n, &ykb6_nf_reg);
 		if (ret < 0) {
 			lgerror(ret, "register net6_hook");
 		}
 	}
 #else
 	ret = nf_register_hook(&ykb6_nf_reg);
 	if (ret < 0) {
 		lgerror(ret, "register net6_hook");
 	}
 #endif
 #endif /* NO_IPV6 */
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)
 	ret = register_pernet_subsys(&ykb_pernet_ops);
 #else
 	ret = nf_register_hooks(ykb_hook_ops, sizeof(ykb_hook_ops));
 #endif
 	if (ret < 0)
 		goto err_close_sock;
 	lginfo("youtubeUnblock kernel module started.\n");
 	return 0;
 err_close_sock:
 #ifndef NO_IPV6
 	close_raw6_socket();
 #endif
 err_close4_sock:
 	close_raw_socket();
 err:
 	return ret;
 }
 static void __exit ykb_destroy(void) {
 	struct net *n;
 	mutex_lock(&config_free_mutex);
 	// acquire all locks.
 	spin_lock(&hot_config_spinlock);
@@ -555,22 +555,13 @@ static void __exit ykb_destroy(void) {
 	// netfilter callbacks keep running
 	while (atomic_read(&hot_config_counter) > 0) {}
-#ifndef NO_IPV6
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 3, 0)
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0)
+	unregister_pernet_subsys(&ykb_pernet_ops);
 	for_each_net(n)
 		nf_unregister_net_hook(n, &ykb6_nf_reg);
 #else
-	nf_unregister_hook(&ykb6_nf_reg);
+	nf_unregister_hooks(ykb_hook_ops, sizeof(ykb_hook_ops));
 #endif
 #endif /* NO_IPV6 */
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4,13,0)
+
 	for_each_net(n)
 		nf_unregister_net_hook(n, &ykb_nf_reg);
 #else
 	nf_unregister_hook(&ykb_nf_reg);
 #endif
 #ifndef NO_IPV6
 	close_raw6_socket();
 #endif