~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv4/netfilter/arptable_filter.c

Version: ~ [ linux-5.8-rc5 ] ~ [ linux-5.7.8 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.51 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.132 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.188 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.230 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.230 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.85 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * Filtering ARP tables module.
  3  *
  4  * Copyright (C) 2002 David S. Miller (davem@redhat.com)
  5  *
  6  */
  7 
  8 #include <linux/module.h>
  9 #include <linux/netfilter/x_tables.h>
 10 #include <linux/netfilter_arp/arp_tables.h>
 11 #include <linux/slab.h>
 12 
 13 MODULE_LICENSE("GPL");
 14 MODULE_AUTHOR("David S. Miller <davem@redhat.com>");
 15 MODULE_DESCRIPTION("arptables filter table");
 16 
 17 #define FILTER_VALID_HOOKS ((1 << NF_ARP_IN) | (1 << NF_ARP_OUT) | \
 18                            (1 << NF_ARP_FORWARD))
 19 
 20 static int __net_init arptable_filter_table_init(struct net *net);
 21 
 22 static const struct xt_table packet_filter = {
 23         .name           = "filter",
 24         .valid_hooks    = FILTER_VALID_HOOKS,
 25         .me             = THIS_MODULE,
 26         .af             = NFPROTO_ARP,
 27         .priority       = NF_IP_PRI_FILTER,
 28         .table_init     = arptable_filter_table_init,
 29 };
 30 
 31 /* The work comes in here from netfilter.c */
 32 static unsigned int
 33 arptable_filter_hook(void *priv, struct sk_buff *skb,
 34                      const struct nf_hook_state *state)
 35 {
 36         return arpt_do_table(skb, state, state->net->ipv4.arptable_filter);
 37 }
 38 
 39 static struct nf_hook_ops *arpfilter_ops __read_mostly;
 40 
 41 static int __net_init arptable_filter_table_init(struct net *net)
 42 {
 43         struct arpt_replace *repl;
 44         int err;
 45 
 46         if (net->ipv4.arptable_filter)
 47                 return 0;
 48 
 49         repl = arpt_alloc_initial_table(&packet_filter);
 50         if (repl == NULL)
 51                 return -ENOMEM;
 52         err = arpt_register_table(net, &packet_filter, repl, arpfilter_ops,
 53                                   &net->ipv4.arptable_filter);
 54         kfree(repl);
 55         return err;
 56 }
 57 
 58 static void __net_exit arptable_filter_net_exit(struct net *net)
 59 {
 60         if (!net->ipv4.arptable_filter)
 61                 return;
 62         arpt_unregister_table(net, net->ipv4.arptable_filter, arpfilter_ops);
 63         net->ipv4.arptable_filter = NULL;
 64 }
 65 
 66 static struct pernet_operations arptable_filter_net_ops = {
 67         .exit = arptable_filter_net_exit,
 68 };
 69 
 70 static int __init arptable_filter_init(void)
 71 {
 72         int ret;
 73 
 74         arpfilter_ops = xt_hook_ops_alloc(&packet_filter, arptable_filter_hook);
 75         if (IS_ERR(arpfilter_ops))
 76                 return PTR_ERR(arpfilter_ops);
 77 
 78         ret = register_pernet_subsys(&arptable_filter_net_ops);
 79         if (ret < 0) {
 80                 kfree(arpfilter_ops);
 81                 return ret;
 82         }
 83 
 84         ret = arptable_filter_table_init(&init_net);
 85         if (ret) {
 86                 unregister_pernet_subsys(&arptable_filter_net_ops);
 87                 kfree(arpfilter_ops);
 88         }
 89 
 90         return ret;
 91 }
 92 
 93 static void __exit arptable_filter_fini(void)
 94 {
 95         unregister_pernet_subsys(&arptable_filter_net_ops);
 96         kfree(arpfilter_ops);
 97 }
 98 
 99 module_init(arptable_filter_init);
100 module_exit(arptable_filter_fini);
101 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp