Eric Lee / smarc-fsl-linux-kernel

Blame view

net/ipv6/netfilter/ip6table_filter.c 2.94 KB

1da177e4c Linus Torvalds Linux-2.6.12-rc2	1 2 3 4 5 6 7 8 9 10 11 12 13 14	/* * This is the 1999 rewrite of IP Firewalling, aiming for kernel 2.3.x. * * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling * Copyright (C) 2000-2004 Netfilter Core Team <coreteam@netfilter.org> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <linux/module.h> #include <linux/moduleparam.h> #include <linux/netfilter_ipv6/ip6_tables.h>
5a0e3ad6a Tejun Heo include cleanup: ...	15	#include <linux/slab.h>
1da177e4c Linus Torvalds Linux-2.6.12-rc2	16 17 18 19	MODULE_LICENSE("GPL"); MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>"); MODULE_DESCRIPTION("ip6tables filter table");
6e23ae2a4 Patrick McHardy [NETFILTER]: Intr...	20 21 22	#define FILTER_VALID_HOOKS ((1 << NF_INET_LOCAL_IN) \| \ (1 << NF_INET_FORWARD) \| \ (1 << NF_INET_LOCAL_OUT))
1da177e4c Linus Torvalds Linux-2.6.12-rc2	23
b9e69e127 Florian Westphal netfilter: xtable...	24	static int __net_init ip6table_filter_table_init(struct net *net);
35aad0ffd Jan Engelhardt netfilter: xtable...	25	static const struct xt_table packet_filter = {
1da177e4c Linus Torvalds Linux-2.6.12-rc2	26 27	.name = "filter", .valid_hooks = FILTER_VALID_HOOKS,
1da177e4c Linus Torvalds Linux-2.6.12-rc2	28	.me = THIS_MODULE,
f88e6a8a5 Jan Engelhardt netfilter: xtable...	29	.af = NFPROTO_IPV6,
2b95efe7f Jan Engelhardt netfilter: xtable...	30	.priority = NF_IP6_PRI_FILTER,
b9e69e127 Florian Westphal netfilter: xtable...	31	.table_init = ip6table_filter_table_init,
1da177e4c Linus Torvalds Linux-2.6.12-rc2	32 33 34 35	}; /* The work comes in here from netfilter.c. */ static unsigned int
06198b34a Eric W. Biederman netfilter: Pass p...	36	ip6table_filter_hook(void priv, struct sk_buff skb,
238e54c9c David S. Miller netfilter: Make n...	37	const struct nf_hook_state *state)
43de9dfea Alexey Dobriyan netfilter: ip6tab...	38	{
6cb8ff3f1 Eric W. Biederman inet netfilter: R...	39	return ip6t_do_table(skb, state, state->net->ipv6.ip6table_filter);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	40	}
2b95efe7f Jan Engelhardt netfilter: xtable...	41	static struct nf_hook_ops *filter_ops __read_mostly;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	42 43	/* Default to forward because I got too much mail already. */
523f610e1 Rusty Russell netfilter: remove...	44	static bool forward = true;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	45	module_param(forward, bool, 0000);
b9e69e127 Florian Westphal netfilter: xtable...	46	static int __net_init ip6table_filter_table_init(struct net *net)
8280aa618 Alexey Dobriyan [NETFILTER]: ip6_...	47	{
e3eaa9910 Jan Engelhardt netfilter: xtable...	48	struct ip6t_replace *repl;
a67dd266a Florian Westphal netfilter: xtable...	49	int err;
e3eaa9910 Jan Engelhardt netfilter: xtable...	50
b9e69e127 Florian Westphal netfilter: xtable...	51 52	if (net->ipv6.ip6table_filter) return 0;
e3eaa9910 Jan Engelhardt netfilter: xtable...	53 54 55 56 57	repl = ip6t_alloc_initial_table(&packet_filter); if (repl == NULL) return -ENOMEM; /* Entry 1 is the FORWARD hook / ((struct ip6t_standard )repl->entries)[1].target.verdict =
523f610e1 Rusty Russell netfilter: remove...	58	forward ? -NF_ACCEPT - 1 : -NF_DROP - 1;
e3eaa9910 Jan Engelhardt netfilter: xtable...	59
a67dd266a Florian Westphal netfilter: xtable...	60 61	err = ip6t_register_table(net, &packet_filter, repl, filter_ops, &net->ipv6.ip6table_filter);
e3eaa9910 Jan Engelhardt netfilter: xtable...	62	kfree(repl);
a67dd266a Florian Westphal netfilter: xtable...	63	return err;
8280aa618 Alexey Dobriyan [NETFILTER]: ip6_...	64	}
b9e69e127 Florian Westphal netfilter: xtable...	65 66 67 68 69 70 71	static int __net_init ip6table_filter_net_init(struct net *net) { if (net == &init_net \|\| !forward) return ip6table_filter_table_init(net); return 0; }
8280aa618 Alexey Dobriyan [NETFILTER]: ip6_...	72 73	static void __net_exit ip6table_filter_net_exit(struct net *net) {
b9e69e127 Florian Westphal netfilter: xtable...	74 75	if (!net->ipv6.ip6table_filter) return;
a67dd266a Florian Westphal netfilter: xtable...	76	ip6t_unregister_table(net, net->ipv6.ip6table_filter, filter_ops);
b9e69e127 Florian Westphal netfilter: xtable...	77	net->ipv6.ip6table_filter = NULL;
8280aa618 Alexey Dobriyan [NETFILTER]: ip6_...	78 79 80 81 82 83	} static struct pernet_operations ip6table_filter_net_ops = { .init = ip6table_filter_net_init, .exit = ip6table_filter_net_exit, };
65b4b4e81 Andrew Morton [NETFILTER]: Rena...	84	static int __init ip6table_filter_init(void)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	85 86	{ int ret;
b9e69e127 Florian Westphal netfilter: xtable...	87 88 89	filter_ops = xt_hook_ops_alloc(&packet_filter, ip6table_filter_hook); if (IS_ERR(filter_ops)) return PTR_ERR(filter_ops);
8280aa618 Alexey Dobriyan [NETFILTER]: ip6_...	90 91	ret = register_pernet_subsys(&ip6table_filter_net_ops); if (ret < 0)
b9e69e127 Florian Westphal netfilter: xtable...	92	kfree(filter_ops);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	93
1da177e4c Linus Torvalds Linux-2.6.12-rc2	94	return ret;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	95	}
65b4b4e81 Andrew Morton [NETFILTER]: Rena...	96	static void __exit ip6table_filter_fini(void)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	97	{
8280aa618 Alexey Dobriyan [NETFILTER]: ip6_...	98	unregister_pernet_subsys(&ip6table_filter_net_ops);
b9e69e127 Florian Westphal netfilter: xtable...	99	kfree(filter_ops);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	100	}
65b4b4e81 Andrew Morton [NETFILTER]: Rena...	101 102	module_init(ip6table_filter_init); module_exit(ip6table_filter_fini);