static int npf_fini(void) { /* At first, detach device and remove pfil hooks. */ #ifdef _MODULE devsw_detach(NULL, &npf_cdevsw); #endif npf_pfil_unregister(true); /* Flush all sessions, destroy configuration (ruleset, etc). */ npf_session_tracking(false); npf_config_fini(); /* Finally, safe to destroy the subsystems. */ npf_ext_sysfini(); npf_alg_sysfini(); npf_nat_sysfini(); npf_session_sysfini(); npf_tableset_sysfini(); npf_bpf_sysfini(); /* Note: worker is the last. */ npf_worker_sysfini(); if (npf_sysctl) { sysctl_teardown(&npf_sysctl); } percpu_free(npf_stats_percpu, NPF_STATS_SIZE); return 0; }
/* * npfctl_switch: enable or disable packet inspection. */ int npfctl_switch(void *data) { const bool onoff = *(int *)data ? true : false; int error; if (onoff) { /* Enable: add pfil hooks. */ error = npf_pfil_register(false); } else { /* Disable: remove pfil hooks. */ npf_pfil_unregister(false); error = 0; } return error; }