git.oblomov.eu Git - linux-2.6/blob - net/ipv6/netfilter/ip6table_raw.c

   1 /*
   2  * IPv6 raw table, a port of the IPv4 raw table to IPv6
   3  *
   4  * Copyright (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
   5  */
   6 #include <linux/module.h>
   7 #include <linux/netfilter_ipv6/ip6_tables.h>
   8
   9 #define RAW_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_OUT))
  10
  11 #if 0
  12 #define DEBUGP(x, args...)      printk(KERN_DEBUG x, ## args)
  13 #else
  14 #define DEBUGP(x, args...)
  15 #endif
  16
  17 static struct
  18 {
  19         struct ip6t_replace repl;
  20         struct ip6t_standard entries[2];
  21         struct ip6t_error term;
  22 } initial_table __initdata = {
  23         .repl = {
  24                 .name = "raw",
  25                 .valid_hooks = RAW_VALID_HOOKS,
  26                 .num_entries = 3,
  27                 .size = sizeof(struct ip6t_standard) * 2 + sizeof(struct ip6t_error),
  28                 .hook_entry = {
  29                         [NF_IP6_PRE_ROUTING] = 0,
  30                         [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
  31                 },
  32                 .underflow = {
  33                         [NF_IP6_PRE_ROUTING] = 0,
  34                         [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
  35                 },
  36         },
  37         .entries = {
  38                 /* PRE_ROUTING */
  39                 {
  40                         .entry = {
  41                                 .target_offset = sizeof(struct ip6t_entry),
  42                                 .next_offset = sizeof(struct ip6t_standard),
  43                         },
  44                         .target = {
  45                                 .target = {
  46                                         .u = {
  47                                                 .target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)),
  48                                         },
  49                                 },
  50                                 .verdict = -NF_ACCEPT - 1,
  51                         },
  52                 },
  53
  54                 /* LOCAL_OUT */
  55                 {
  56                         .entry = {
  57                                 .target_offset = sizeof(struct ip6t_entry),
  58                                 .next_offset = sizeof(struct ip6t_standard),
  59                         },
  60                         .target = {
  61                                 .target = {
  62                                         .u = {
  63                                                 .target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)),
  64                                         },
  65                                 },
  66                                 .verdict = -NF_ACCEPT - 1,
  67                         },
  68                 },
  69         },
  70         /* ERROR */
  71         .term = {
  72                 .entry = {
  73                         .target_offset = sizeof(struct ip6t_entry),
  74                         .next_offset = sizeof(struct ip6t_error),
  75                 },
  76                 .target = {
  77                         .target = {
  78                                 .u = {
  79                                         .user = {
  80                                                 .target_size = IP6T_ALIGN(sizeof(struct ip6t_error_target)),
  81                                                 .name = IP6T_ERROR_TARGET,
  82                                         },
  83                                 },
  84                         },
  85                         .errorname = "ERROR",
  86                 },
  87         }
  88 };
  89
  90 static struct xt_table packet_raw = {
  91         .name = "raw",
  92         .valid_hooks = RAW_VALID_HOOKS,
  93         .lock = RW_LOCK_UNLOCKED,
  94         .me = THIS_MODULE,
  95         .af = AF_INET6,
  96 };
  97
  98 /* The work comes in here from netfilter.c. */
  99 static unsigned int
 100 ip6t_hook(unsigned int hook,
 101          struct sk_buff **pskb,
 102          const struct net_device *in,
 103          const struct net_device *out,
 104          int (*okfn)(struct sk_buff *))
 105 {
 106         return ip6t_do_table(pskb, hook, in, out, &packet_raw);
 107 }
 108
 109 static struct nf_hook_ops ip6t_ops[] = {
 110         {
 111           .hook = ip6t_hook,
 112           .pf = PF_INET6,
 113           .hooknum = NF_IP6_PRE_ROUTING,
 114           .priority = NF_IP6_PRI_FIRST,
 115           .owner = THIS_MODULE,
 116         },
 117         {
 118           .hook = ip6t_hook,
 119           .pf = PF_INET6,
 120           .hooknum = NF_IP6_LOCAL_OUT,
 121           .priority = NF_IP6_PRI_FIRST,
 122           .owner = THIS_MODULE,
 123         },
 124 };
 125
 126 static int __init ip6table_raw_init(void)
 127 {
 128         int ret;
 129
 130         /* Register table */
 131         ret = ip6t_register_table(&packet_raw, &initial_table.repl);
 132         if (ret < 0)
 133                 return ret;
 134
 135         /* Register hooks */
 136         ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
 137         if (ret < 0)
 138                 goto cleanup_table;
 139
 140         return ret;
 141
 142  cleanup_table:
 143         ip6t_unregister_table(&packet_raw);
 144         return ret;
 145 }
 146
 147 static void __exit ip6table_raw_fini(void)
 148 {
 149         nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
 150         ip6t_unregister_table(&packet_raw);
 151 }
 152
 153 module_init(ip6table_raw_init);
 154 module_exit(ip6table_raw_fini);
 155 MODULE_LICENSE("GPL");