[mirror_ubuntu-artful-kernel.git] / net / ipv6 / netfilter / ip6table_raw.c

/*
 * IPv6 raw table, a port of the IPv4 raw table to IPv6
 *
 * Copyright (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
 */
#include <linux/module.h>
#include <linux/netfilter_ipv6/ip6_tables.h>

#define RAW_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_OUT))

#if 0
#define DEBUGP(x, args...)	printk(KERN_DEBUG x, ## args)
#else
#define DEBUGP(x, args...)
#endif

/* Standard entry. */
struct ip6t_standard
{
	struct ip6t_entry entry;
	struct ip6t_standard_target target;
};

struct ip6t_error_target
{
	struct ip6t_entry_target target;
	char errorname[IP6T_FUNCTION_MAXNAMELEN];
};

struct ip6t_error
{
	struct ip6t_entry entry;
	struct ip6t_error_target target;
};

static struct
{
	struct ip6t_replace repl;
	struct ip6t_standard entries[2];
	struct ip6t_error term;
} initial_table __initdata = {
	.repl = {
		.name = "raw",
		.valid_hooks = RAW_VALID_HOOKS,
		.num_entries = 3,
		.size = sizeof(struct ip6t_standard) * 2 + sizeof(struct ip6t_error),
		.hook_entry = {
			[NF_IP6_PRE_ROUTING] = 0,
			[NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
		},
		.underflow = {
			[NF_IP6_PRE_ROUTING] = 0,
			[NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
		},
	},
	.entries = {
		/* PRE_ROUTING */
		{
			.entry = {
				.target_offset = sizeof(struct ip6t_entry),
				.next_offset = sizeof(struct ip6t_standard),
			},
			.target = {
				.target = {
					.u = {
						.target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)),
					},
				},
				.verdict = -NF_ACCEPT - 1,
			},
		},

		/* LOCAL_OUT */
		{
			.entry = {
				.target_offset = sizeof(struct ip6t_entry),
				.next_offset = sizeof(struct ip6t_standard),
			},
			.target = {
				.target = {
					.u = {
						.target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)),
					},
				},
				.verdict = -NF_ACCEPT - 1,
			},
		},
	},
	/* ERROR */
	.term = {
		.entry = {
			.target_offset = sizeof(struct ip6t_entry),
			.next_offset = sizeof(struct ip6t_error),
		},
		.target = {
			.target = {
				.u = {
					.user = {
						.target_size = IP6T_ALIGN(sizeof(struct ip6t_error_target)),
						.name = IP6T_ERROR_TARGET,
					},
				},
			},
			.errorname = "ERROR",
		},
	}
};

static struct xt_table packet_raw = { 
	.name = "raw", 
	.valid_hooks = RAW_VALID_HOOKS, 
	.lock = RW_LOCK_UNLOCKED, 
	.me = THIS_MODULE,
	.af = AF_INET6,
};

/* The work comes in here from netfilter.c. */
static unsigned int
ip6t_hook(unsigned int hook,
	 struct sk_buff **pskb,
	 const struct net_device *in,
	 const struct net_device *out,
	 int (*okfn)(struct sk_buff *))
{
	return ip6t_do_table(pskb, hook, in, out, &packet_raw, NULL);
}

static struct nf_hook_ops ip6t_ops[] = { 
	{
	  .hook = ip6t_hook, 
	  .pf = PF_INET6,
	  .hooknum = NF_IP6_PRE_ROUTING,
	  .priority = NF_IP6_PRI_FIRST,
	  .owner = THIS_MODULE,
	},
	{
	  .hook = ip6t_hook, 
	  .pf = PF_INET6, 
	  .hooknum = NF_IP6_LOCAL_OUT,
	  .priority = NF_IP6_PRI_FIRST,
	  .owner = THIS_MODULE,
	},
};

static int __init ip6table_raw_init(void)
{
	int ret;

	/* Register table */
	ret = ip6t_register_table(&packet_raw, &initial_table.repl);
	if (ret < 0)
		return ret;

	/* Register hooks */
	ret = nf_register_hook(&ip6t_ops[0]);
	if (ret < 0)
		goto cleanup_table;

	ret = nf_register_hook(&ip6t_ops[1]);
	if (ret < 0)
		goto cleanup_hook0;

	return ret;

 cleanup_hook0:
	nf_unregister_hook(&ip6t_ops[0]);
 cleanup_table:
	ip6t_unregister_table(&packet_raw);

	return ret;
}

static void __exit ip6table_raw_fini(void)
{
	unsigned int i;

	for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++)
		nf_unregister_hook(&ip6t_ops[i]);

	ip6t_unregister_table(&packet_raw);
}

module_init(ip6table_raw_init);
module_exit(ip6table_raw_fini);
MODULE_LICENSE("GPL");
Commit	Line	Data
1da177e4 LT	1	/*
	2	* IPv6 raw table, a port of the IPv4 raw table to IPv6
	3	*
	4	* Copyright (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	5	*/
	6	#include <linux/module.h>
	7	#include <linux/netfilter_ipv6/ip6_tables.h>
	8
	9	#define RAW_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) \| (1 << NF_IP6_LOCAL_OUT))
	10
	11	#if 0
	12	#define DEBUGP(x, args...) printk(KERN_DEBUG x, ## args)
	13	#else
	14	#define DEBUGP(x, args...)
	15	#endif
	16
	17	/* Standard entry. */
	18	struct ip6t_standard
	19	{
	20	struct ip6t_entry entry;
	21	struct ip6t_standard_target target;
	22	};
	23
	24	struct ip6t_error_target
	25	{
	26	struct ip6t_entry_target target;
	27	char errorname[IP6T_FUNCTION_MAXNAMELEN];
	28	};
	29
	30	struct ip6t_error
	31	{
	32	struct ip6t_entry entry;
	33	struct ip6t_error_target target;
	34	};
	35
	36	static struct
	37	{
	38	struct ip6t_replace repl;
	39	struct ip6t_standard entries[2];
	40	struct ip6t_error term;
	41	} initial_table __initdata = {
	42	.repl = {
	43	.name = "raw",
	44	.valid_hooks = RAW_VALID_HOOKS,
	45	.num_entries = 3,
	46	.size = sizeof(struct ip6t_standard) * 2 + sizeof(struct ip6t_error),
	47	.hook_entry = {
	48	[NF_IP6_PRE_ROUTING] = 0,
	49	[NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
	50	},
	51	.underflow = {
	52	[NF_IP6_PRE_ROUTING] = 0,
	53	[NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
	54	},
	55	},
	56	.entries = {
	57	/* PRE_ROUTING */
	58	{
	59	.entry = {
	60	.target_offset = sizeof(struct ip6t_entry),
	61	.next_offset = sizeof(struct ip6t_standard),
	62	},
	63	.target = {
	64	.target = {
65	.u = {
66	.target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)),
67	},
68	},
69	.verdict = -NF_ACCEPT - 1,
70	},
71	},
72
73	/* LOCAL_OUT */
74	{
75	.entry = {
76	.target_offset = sizeof(struct ip6t_entry),
77	.next_offset = sizeof(struct ip6t_standard),
78	},
79	.target = {
80	.target = {
81	.u = {
82	.target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)),
83	},
84	},
85	.verdict = -NF_ACCEPT - 1,
86	},
87	},
88	},
89	/* ERROR */
90	.term = {
91	.entry = {
92	.target_offset = sizeof(struct ip6t_entry),
93	.next_offset = sizeof(struct ip6t_error),
94	},
95	.target = {
96	.target = {
97	.u = {
98	.user = {
99	.target_size = IP6T_ALIGN(sizeof(struct ip6t_error_target)),
100	.name = IP6T_ERROR_TARGET,
101	},
102	},
103	},
104	.errorname = "ERROR",
105	},
106	}
107	};
108
2e4e6a17	109	static struct xt_table packet_raw = {
1da177e4 LT	110	.name = "raw",
	111	.valid_hooks = RAW_VALID_HOOKS,
	112	.lock = RW_LOCK_UNLOCKED,
2e4e6a17 HW	113	.me = THIS_MODULE,
2e4e6a17 HW	114	.af = AF_INET6,
1da177e4 LT	115	};
	116
	117	/* The work comes in here from netfilter.c. */
	118	static unsigned int
	119	ip6t_hook(unsigned int hook,
	120	struct sk_buff **pskb,
	121	const struct net_device *in,
	122	const struct net_device *out,
	123	int (okfn)(struct sk_buff ))
	124	{
	125	return ip6t_do_table(pskb, hook, in, out, &packet_raw, NULL);
	126	}
	127
	128	static struct nf_hook_ops ip6t_ops[] = {
	129	{
	130	.hook = ip6t_hook,
	131	.pf = PF_INET6,
	132	.hooknum = NF_IP6_PRE_ROUTING,
97216c79 PM	133	.priority = NF_IP6_PRI_FIRST,
97216c79 PM	134	.owner = THIS_MODULE,
1da177e4 LT	135	},
	136	{
	137	.hook = ip6t_hook,
	138	.pf = PF_INET6,
	139	.hooknum = NF_IP6_LOCAL_OUT,
97216c79 PM	140	.priority = NF_IP6_PRI_FIRST,
97216c79 PM	141	.owner = THIS_MODULE,
1da177e4 LT	142	},
	143	};
	144
65b4b4e8	145	static int __init ip6table_raw_init(void)
1da177e4 LT	146	{
	147	int ret;
	148
	149	/* Register table */
	150	ret = ip6t_register_table(&packet_raw, &initial_table.repl);
	151	if (ret < 0)
	152	return ret;
	153
	154	/* Register hooks */
	155	ret = nf_register_hook(&ip6t_ops[0]);
	156	if (ret < 0)
	157	goto cleanup_table;
	158
	159	ret = nf_register_hook(&ip6t_ops[1]);
	160	if (ret < 0)
	161	goto cleanup_hook0;
	162
	163	return ret;
	164
	165	cleanup_hook0:
	166	nf_unregister_hook(&ip6t_ops[0]);
	167	cleanup_table:
	168	ip6t_unregister_table(&packet_raw);
	169
	170	return ret;
	171	}
	172
65b4b4e8	173	static void __exit ip6table_raw_fini(void)
1da177e4 LT	174	{
	175	unsigned int i;
	176
	177	for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++)
	178	nf_unregister_hook(&ip6t_ops[i]);
	179
	180	ip6t_unregister_table(&packet_raw);
	181	}
	182
65b4b4e8 AM	183	module_init(ip6table_raw_init);
65b4b4e8 AM	184	module_exit(ip6table_raw_fini);
1da177e4	185	MODULE_LICENSE("GPL");