This source file includes following definitions.
- ip6table_raw_hook
- ip6table_raw_table_init
- ip6table_raw_net_exit
- ip6table_raw_init
- ip6table_raw_fini
1
2
3
4
5
6
7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8 #include <linux/module.h>
9 #include <linux/netfilter_ipv6/ip6_tables.h>
10 #include <linux/slab.h>
11
12 #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT))
13
14 static int __net_init ip6table_raw_table_init(struct net *net);
15
16 static bool raw_before_defrag __read_mostly;
17 MODULE_PARM_DESC(raw_before_defrag, "Enable raw table before defrag");
18 module_param(raw_before_defrag, bool, 0000);
19
20 static const struct xt_table packet_raw = {
21 .name = "raw",
22 .valid_hooks = RAW_VALID_HOOKS,
23 .me = THIS_MODULE,
24 .af = NFPROTO_IPV6,
25 .priority = NF_IP6_PRI_RAW,
26 .table_init = ip6table_raw_table_init,
27 };
28
29 static const struct xt_table packet_raw_before_defrag = {
30 .name = "raw",
31 .valid_hooks = RAW_VALID_HOOKS,
32 .me = THIS_MODULE,
33 .af = NFPROTO_IPV6,
34 .priority = NF_IP6_PRI_RAW_BEFORE_DEFRAG,
35 .table_init = ip6table_raw_table_init,
36 };
37
38
39 static unsigned int
40 ip6table_raw_hook(void *priv, struct sk_buff *skb,
41 const struct nf_hook_state *state)
42 {
43 return ip6t_do_table(skb, state, state->net->ipv6.ip6table_raw);
44 }
45
46 static struct nf_hook_ops *rawtable_ops __read_mostly;
47
48 static int __net_init ip6table_raw_table_init(struct net *net)
49 {
50 struct ip6t_replace *repl;
51 const struct xt_table *table = &packet_raw;
52 int ret;
53
54 if (raw_before_defrag)
55 table = &packet_raw_before_defrag;
56
57 if (net->ipv6.ip6table_raw)
58 return 0;
59
60 repl = ip6t_alloc_initial_table(table);
61 if (repl == NULL)
62 return -ENOMEM;
63 ret = ip6t_register_table(net, table, repl, rawtable_ops,
64 &net->ipv6.ip6table_raw);
65 kfree(repl);
66 return ret;
67 }
68
69 static void __net_exit ip6table_raw_net_exit(struct net *net)
70 {
71 if (!net->ipv6.ip6table_raw)
72 return;
73 ip6t_unregister_table(net, net->ipv6.ip6table_raw, rawtable_ops);
74 net->ipv6.ip6table_raw = NULL;
75 }
76
77 static struct pernet_operations ip6table_raw_net_ops = {
78 .exit = ip6table_raw_net_exit,
79 };
80
81 static int __init ip6table_raw_init(void)
82 {
83 int ret;
84 const struct xt_table *table = &packet_raw;
85
86 if (raw_before_defrag) {
87 table = &packet_raw_before_defrag;
88
89 pr_info("Enabling raw table before defrag\n");
90 }
91
92
93 rawtable_ops = xt_hook_ops_alloc(table, ip6table_raw_hook);
94 if (IS_ERR(rawtable_ops))
95 return PTR_ERR(rawtable_ops);
96
97 ret = register_pernet_subsys(&ip6table_raw_net_ops);
98 if (ret < 0) {
99 kfree(rawtable_ops);
100 return ret;
101 }
102
103 ret = ip6table_raw_table_init(&init_net);
104 if (ret) {
105 unregister_pernet_subsys(&ip6table_raw_net_ops);
106 kfree(rawtable_ops);
107 }
108 return ret;
109 }
110
111 static void __exit ip6table_raw_fini(void)
112 {
113 unregister_pernet_subsys(&ip6table_raw_net_ops);
114 kfree(rawtable_ops);
115 }
116
117 module_init(ip6table_raw_init);
118 module_exit(ip6table_raw_fini);
119 MODULE_LICENSE("GPL");