PageRenderTime 11ms CodeModel.GetById 1ms app.highlight 8ms RepoModel.GetById 1ms app.codeStats 0ms

/net/ipv4/netfilter/iptable_raw.c

http://github.com/mirrors/linux
C | 120 lines | 91 code | 22 blank | 7 comment | 9 complexity | 4bb1845ba512d433cf204d8a997dcca9 MD5 | raw file 
  1// SPDX-License-Identifier: GPL-2.0-only
  2/*
  3 * 'raw' table, which is the very first hooked in at PRE_ROUTING and LOCAL_OUT .
  4 *
  5 * Copyright (C) 2003 Jozsef Kadlecsik <kadlec@netfilter.org>
  6 */
  7#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  8#include <linux/module.h>
  9#include <linux/netfilter_ipv4/ip_tables.h>
 10#include <linux/slab.h>
 11#include <net/ip.h>
 12
 13#define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT))
 14
 15static int __net_init iptable_raw_table_init(struct net *net);
 16
 17static bool raw_before_defrag __read_mostly;
 18MODULE_PARM_DESC(raw_before_defrag, "Enable raw table before defrag");
 19module_param(raw_before_defrag, bool, 0000);
 20
 21static const struct xt_table packet_raw = {
 22	.name = "raw",
 23	.valid_hooks =  RAW_VALID_HOOKS,
 24	.me = THIS_MODULE,
 25	.af = NFPROTO_IPV4,
 26	.priority = NF_IP_PRI_RAW,
 27	.table_init = iptable_raw_table_init,
 28};
 29
 30static const struct xt_table packet_raw_before_defrag = {
 31	.name = "raw",
 32	.valid_hooks =  RAW_VALID_HOOKS,
 33	.me = THIS_MODULE,
 34	.af = NFPROTO_IPV4,
 35	.priority = NF_IP_PRI_RAW_BEFORE_DEFRAG,
 36	.table_init = iptable_raw_table_init,
 37};
 38
 39/* The work comes in here from netfilter.c. */
 40static unsigned int
 41iptable_raw_hook(void *priv, struct sk_buff *skb,
 42		 const struct nf_hook_state *state)
 43{
 44	return ipt_do_table(skb, state, state->net->ipv4.iptable_raw);
 45}
 46
 47static struct nf_hook_ops *rawtable_ops __read_mostly;
 48
 49static int __net_init iptable_raw_table_init(struct net *net)
 50{
 51	struct ipt_replace *repl;
 52	const struct xt_table *table = &packet_raw;
 53	int ret;
 54
 55	if (raw_before_defrag)
 56		table = &packet_raw_before_defrag;
 57
 58	if (net->ipv4.iptable_raw)
 59		return 0;
 60
 61	repl = ipt_alloc_initial_table(table);
 62	if (repl == NULL)
 63		return -ENOMEM;
 64	ret = ipt_register_table(net, table, repl, rawtable_ops,
 65				 &net->ipv4.iptable_raw);
 66	kfree(repl);
 67	return ret;
 68}
 69
 70static void __net_exit iptable_raw_net_exit(struct net *net)
 71{
 72	if (!net->ipv4.iptable_raw)
 73		return;
 74	ipt_unregister_table(net, net->ipv4.iptable_raw, rawtable_ops);
 75	net->ipv4.iptable_raw = NULL;
 76}
 77
 78static struct pernet_operations iptable_raw_net_ops = {
 79	.exit = iptable_raw_net_exit,
 80};
 81
 82static int __init iptable_raw_init(void)
 83{
 84	int ret;
 85	const struct xt_table *table = &packet_raw;
 86
 87	if (raw_before_defrag) {
 88		table = &packet_raw_before_defrag;
 89
 90		pr_info("Enabling raw table before defrag\n");
 91	}
 92
 93	rawtable_ops = xt_hook_ops_alloc(table, iptable_raw_hook);
 94	if (IS_ERR(rawtable_ops))
 95		return PTR_ERR(rawtable_ops);
 96
 97	ret = register_pernet_subsys(&iptable_raw_net_ops);
 98	if (ret < 0) {
 99		kfree(rawtable_ops);
100		return ret;
101	}
102
103	ret = iptable_raw_table_init(&init_net);
104	if (ret) {
105		unregister_pernet_subsys(&iptable_raw_net_ops);
106		kfree(rawtable_ops);
107	}
108
109	return ret;
110}
111
112static void __exit iptable_raw_fini(void)
113{
114	unregister_pernet_subsys(&iptable_raw_net_ops);
115	kfree(rawtable_ops);
116}
117
118module_init(iptable_raw_init);
119module_exit(iptable_raw_fini);
120MODULE_LICENSE("GPL");