5  *      Bart De Schuymer <bdschuym@pandora.be>
 
  11 #include <linux/netfilter_bridge/ebtables.h>
 
  12 #include <linux/module.h>
 
  14 #define FILTER_VALID_HOOKS ((1 << NF_BR_LOCAL_IN) | (1 << NF_BR_FORWARD) | \
 
  15    (1 << NF_BR_LOCAL_OUT))
 
  17 static struct ebt_entries initial_chains[] =
 
  33 static struct ebt_replace_kernel initial_table =
 
  36         .valid_hooks    = FILTER_VALID_HOOKS,
 
  37         .entries_size   = 3 * sizeof(struct ebt_entries),
 
  39                 [NF_BR_LOCAL_IN]        = &initial_chains[0],
 
  40                 [NF_BR_FORWARD]         = &initial_chains[1],
 
  41                 [NF_BR_LOCAL_OUT]       = &initial_chains[2],
 
  43         .entries        = (char *)initial_chains,
 
  46 static int check(const struct ebt_table_info *info, unsigned int valid_hooks)
 
  48         if (valid_hooks & ~FILTER_VALID_HOOKS)
 
  53 static struct ebt_table frame_filter =
 
  56         .table          = &initial_table,
 
  57         .valid_hooks    = FILTER_VALID_HOOKS,
 
  58         .lock           = RW_LOCK_UNLOCKED,
 
  64 ebt_hook (unsigned int hook, struct sk_buff **pskb, const struct net_device *in,
 
  65    const struct net_device *out, int (*okfn)(struct sk_buff *))
 
  67         return ebt_do_table(hook, pskb, in, out, &frame_filter);
 
  70 static struct nf_hook_ops ebt_ops_filter[] = {
 
  75                 .hooknum        = NF_BR_LOCAL_IN,
 
  76                 .priority       = NF_BR_PRI_FILTER_BRIDGED,
 
  82                 .hooknum        = NF_BR_FORWARD,
 
  83                 .priority       = NF_BR_PRI_FILTER_BRIDGED,
 
  89                 .hooknum        = NF_BR_LOCAL_OUT,
 
  90                 .priority       = NF_BR_PRI_FILTER_OTHER,
 
  94 static int __init ebtable_filter_init(void)
 
  98         ret = ebt_register_table(&frame_filter);
 
 101         for (i = 0; i < ARRAY_SIZE(ebt_ops_filter); i++)
 
 102                 if ((ret = nf_register_hook(&ebt_ops_filter[i])) < 0)
 
 106         for (j = 0; j < i; j++)
 
 107                 nf_unregister_hook(&ebt_ops_filter[j]);
 
 108         ebt_unregister_table(&frame_filter);
 
 112 static void __exit ebtable_filter_fini(void)
 
 116         for (i = 0; i < ARRAY_SIZE(ebt_ops_filter); i++)
 
 117                 nf_unregister_hook(&ebt_ops_filter[i]);
 
 118         ebt_unregister_table(&frame_filter);
 
 121 module_init(ebtable_filter_init);
 
 122 module_exit(ebtable_filter_fini);
 
 123 MODULE_LICENSE("GPL");