Eric Lee / smarc-fsl-linux-kernel

Blame view

net/ipv4/netfilter/arptable_filter.c 2.34 KB

1da177e4c Linus Torvalds Linux-2.6.12-rc2	1 2 3 4 5 6 7 8	/* * Filtering ARP tables module. * * Copyright (C) 2002 David S. Miller (davem@redhat.com) * */ #include <linux/module.h>
e3eaa9910 Jan Engelhardt netfilter: xtable...	9	#include <linux/netfilter/x_tables.h>
1da177e4c Linus Torvalds Linux-2.6.12-rc2	10	#include <linux/netfilter_arp/arp_tables.h>
5a0e3ad6a Tejun Heo include cleanup: ...	11	#include <linux/slab.h>
1da177e4c Linus Torvalds Linux-2.6.12-rc2	12 13 14 15 16 17 18	MODULE_LICENSE("GPL"); MODULE_AUTHOR("David S. Miller <davem@redhat.com>"); MODULE_DESCRIPTION("arptables filter table"); #define FILTER_VALID_HOOKS ((1 << NF_ARP_IN) \| (1 << NF_ARP_OUT) \| \ (1 << NF_ARP_FORWARD))
b9e69e127 Florian Westphal netfilter: xtable...	19	static int __net_init arptable_filter_table_init(struct net *net);
35aad0ffd Jan Engelhardt netfilter: xtable...	20	static const struct xt_table packet_filter = {
1da177e4c Linus Torvalds Linux-2.6.12-rc2	21 22	.name = "filter", .valid_hooks = FILTER_VALID_HOOKS,
1da177e4c Linus Torvalds Linux-2.6.12-rc2	23	.me = THIS_MODULE,
ee999d8b9 Jan Engelhardt netfilter: x_tabl...	24	.af = NFPROTO_ARP,
2b95efe7f Jan Engelhardt netfilter: xtable...	25	.priority = NF_IP_PRI_FILTER,
b9e69e127 Florian Westphal netfilter: xtable...	26	.table_init = arptable_filter_table_init,
1da177e4c Linus Torvalds Linux-2.6.12-rc2	27 28 29	}; /* The work comes in here from netfilter.c */
737535c5c Jan Engelhardt netfilter: xtable...	30	static unsigned int
06198b34a Eric W. Biederman netfilter: Pass p...	31	arptable_filter_hook(void priv, struct sk_buff skb,
238e54c9c David S. Miller netfilter: Make n...	32	const struct nf_hook_state *state)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	33	{
6cb8ff3f1 Eric W. Biederman inet netfilter: R...	34	return arpt_do_table(skb, state, state->net->ipv4.arptable_filter);
3918fed5f Alexey Dobriyan netfilter: arptab...	35	}
2b95efe7f Jan Engelhardt netfilter: xtable...	36	static struct nf_hook_ops *arpfilter_ops __read_mostly;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	37
b9e69e127 Florian Westphal netfilter: xtable...	38	static int __net_init arptable_filter_table_init(struct net *net)
9ea0cb260 Alexey Dobriyan [NETFILTER]: arp_...	39	{
e3eaa9910 Jan Engelhardt netfilter: xtable...	40	struct arpt_replace *repl;
a67dd266a Florian Westphal netfilter: xtable...	41	int err;
b9e69e127 Florian Westphal netfilter: xtable...	42 43	if (net->ipv4.arptable_filter) return 0;
e3eaa9910 Jan Engelhardt netfilter: xtable...	44 45 46	repl = arpt_alloc_initial_table(&packet_filter); if (repl == NULL) return -ENOMEM;
a67dd266a Florian Westphal netfilter: xtable...	47 48	err = arpt_register_table(net, &packet_filter, repl, arpfilter_ops, &net->ipv4.arptable_filter);
e3eaa9910 Jan Engelhardt netfilter: xtable...	49	kfree(repl);
a67dd266a Florian Westphal netfilter: xtable...	50	return err;
9ea0cb260 Alexey Dobriyan [NETFILTER]: arp_...	51 52 53 54	} static void __net_exit arptable_filter_net_exit(struct net *net) {
b9e69e127 Florian Westphal netfilter: xtable...	55 56	if (!net->ipv4.arptable_filter) return;
a67dd266a Florian Westphal netfilter: xtable...	57	arpt_unregister_table(net, net->ipv4.arptable_filter, arpfilter_ops);
b9e69e127 Florian Westphal netfilter: xtable...	58	net->ipv4.arptable_filter = NULL;
9ea0cb260 Alexey Dobriyan [NETFILTER]: arp_...	59 60 61	} static struct pernet_operations arptable_filter_net_ops = {
9ea0cb260 Alexey Dobriyan [NETFILTER]: arp_...	62 63	.exit = arptable_filter_net_exit, };
65b4b4e81 Andrew Morton [NETFILTER]: Rena...	64	static int __init arptable_filter_init(void)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	65	{
964ddaa10 Patrick McHardy [NETFILTER]: Clea...	66	int ret;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	67
b9e69e127 Florian Westphal netfilter: xtable...	68 69 70	arpfilter_ops = xt_hook_ops_alloc(&packet_filter, arptable_filter_hook); if (IS_ERR(arpfilter_ops)) return PTR_ERR(arpfilter_ops);
9ea0cb260 Alexey Dobriyan [NETFILTER]: arp_...	71	ret = register_pernet_subsys(&arptable_filter_net_ops);
b9e69e127 Florian Westphal netfilter: xtable...	72 73	if (ret < 0) { kfree(arpfilter_ops);
9ea0cb260 Alexey Dobriyan [NETFILTER]: arp_...	74	return ret;
2b95efe7f Jan Engelhardt netfilter: xtable...	75	}
1da177e4c Linus Torvalds Linux-2.6.12-rc2	76
ff76def3b Florian Westphal netfilter: arp_ta...	77 78 79 80 81	ret = arptable_filter_table_init(&init_net); if (ret) { unregister_pernet_subsys(&arptable_filter_net_ops); kfree(arpfilter_ops); }
1da177e4c Linus Torvalds Linux-2.6.12-rc2	82 83	return ret; }
65b4b4e81 Andrew Morton [NETFILTER]: Rena...	84	static void __exit arptable_filter_fini(void)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	85	{
9ea0cb260 Alexey Dobriyan [NETFILTER]: arp_...	86	unregister_pernet_subsys(&arptable_filter_net_ops);
b9e69e127 Florian Westphal netfilter: xtable...	87	kfree(arpfilter_ops);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	88	}
65b4b4e81 Andrew Morton [NETFILTER]: Rena...	89 90	module_init(arptable_filter_init); module_exit(arptable_filter_fini);