~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv6/netfilter/ip6table_raw.c

Version: ~ [ linux-5.1-rc2 ] ~ [ linux-5.0.4 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.31 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.108 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.165 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.177 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.137 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.63 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.39.4 ] ~ [ linux-2.6.38.8 ] ~ [ linux-2.6.37.6 ] ~ [ linux-2.6.36.4 ] ~ [ linux-2.6.35.14 ] ~ [ linux-2.6.34.15 ] ~ [ linux-2.6.33.20 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * IPv6 raw table, a port of the IPv4 raw table to IPv6
  3  *
  4  * Copyright (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
  5  */
  6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  7 #include <linux/module.h>
  8 #include <linux/netfilter_ipv6/ip6_tables.h>
  9 #include <linux/slab.h>
 10 
 11 #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT))
 12 
 13 static int __net_init ip6table_raw_table_init(struct net *net);
 14 
 15 static bool raw_before_defrag __read_mostly;
 16 MODULE_PARM_DESC(raw_before_defrag, "Enable raw table before defrag");
 17 module_param(raw_before_defrag, bool, 0000);
 18 
 19 static const struct xt_table packet_raw = {
 20         .name = "raw",
 21         .valid_hooks = RAW_VALID_HOOKS,
 22         .me = THIS_MODULE,
 23         .af = NFPROTO_IPV6,
 24         .priority = NF_IP6_PRI_RAW,
 25         .table_init = ip6table_raw_table_init,
 26 };
 27 
 28 static const struct xt_table packet_raw_before_defrag = {
 29         .name = "raw",
 30         .valid_hooks = RAW_VALID_HOOKS,
 31         .me = THIS_MODULE,
 32         .af = NFPROTO_IPV6,
 33         .priority = NF_IP6_PRI_RAW_BEFORE_DEFRAG,
 34         .table_init = ip6table_raw_table_init,
 35 };
 36 
 37 /* The work comes in here from netfilter.c. */
 38 static unsigned int
 39 ip6table_raw_hook(void *priv, struct sk_buff *skb,
 40                   const struct nf_hook_state *state)
 41 {
 42         return ip6t_do_table(skb, state, state->net->ipv6.ip6table_raw);
 43 }
 44 
 45 static struct nf_hook_ops *rawtable_ops __read_mostly;
 46 
 47 static int __net_init ip6table_raw_table_init(struct net *net)
 48 {
 49         struct ip6t_replace *repl;
 50         const struct xt_table *table = &packet_raw;
 51         int ret;
 52 
 53         if (raw_before_defrag)
 54                 table = &packet_raw_before_defrag;
 55 
 56         if (net->ipv6.ip6table_raw)
 57                 return 0;
 58 
 59         repl = ip6t_alloc_initial_table(table);
 60         if (repl == NULL)
 61                 return -ENOMEM;
 62         ret = ip6t_register_table(net, table, repl, rawtable_ops,
 63                                   &net->ipv6.ip6table_raw);
 64         kfree(repl);
 65         return ret;
 66 }
 67 
 68 static void __net_exit ip6table_raw_net_exit(struct net *net)
 69 {
 70         if (!net->ipv6.ip6table_raw)
 71                 return;
 72         ip6t_unregister_table(net, net->ipv6.ip6table_raw, rawtable_ops);
 73         net->ipv6.ip6table_raw = NULL;
 74 }
 75 
 76 static struct pernet_operations ip6table_raw_net_ops = {
 77         .exit = ip6table_raw_net_exit,
 78 };
 79 
 80 static int __init ip6table_raw_init(void)
 81 {
 82         int ret;
 83         const struct xt_table *table = &packet_raw;
 84 
 85         if (raw_before_defrag) {
 86                 table = &packet_raw_before_defrag;
 87 
 88                 pr_info("Enabling raw table before defrag\n");
 89         }
 90 
 91         /* Register hooks */
 92         rawtable_ops = xt_hook_ops_alloc(table, ip6table_raw_hook);
 93         if (IS_ERR(rawtable_ops))
 94                 return PTR_ERR(rawtable_ops);
 95 
 96         ret = register_pernet_subsys(&ip6table_raw_net_ops);
 97         if (ret < 0) {
 98                 kfree(rawtable_ops);
 99                 return ret;
100         }
101 
102         ret = ip6table_raw_table_init(&init_net);
103         if (ret) {
104                 unregister_pernet_subsys(&ip6table_raw_net_ops);
105                 kfree(rawtable_ops);
106         }
107         return ret;
108 }
109 
110 static void __exit ip6table_raw_fini(void)
111 {
112         unregister_pernet_subsys(&ip6table_raw_net_ops);
113         kfree(rawtable_ops);
114 }
115 
116 module_init(ip6table_raw_init);
117 module_exit(ip6table_raw_fini);
118 MODULE_LICENSE("GPL");
119 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp