This source file includes following definitions.
- iptable_raw_hook
- iptable_raw_table_init
- iptable_raw_net_exit
- iptable_raw_init
- iptable_raw_fini
1
2
3
4
5
6
7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8 #include <linux/module.h>
9 #include <linux/netfilter_ipv4/ip_tables.h>
10 #include <linux/slab.h>
11 #include <net/ip.h>
12
13 #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT))
14
15 static int __net_init iptable_raw_table_init(struct net *net);
16
17 static bool raw_before_defrag __read_mostly;
18 MODULE_PARM_DESC(raw_before_defrag, "Enable raw table before defrag");
19 module_param(raw_before_defrag, bool, 0000);
20
21 static const struct xt_table packet_raw = {
22 .name = "raw",
23 .valid_hooks = RAW_VALID_HOOKS,
24 .me = THIS_MODULE,
25 .af = NFPROTO_IPV4,
26 .priority = NF_IP_PRI_RAW,
27 .table_init = iptable_raw_table_init,
28 };
29
30 static const struct xt_table packet_raw_before_defrag = {
31 .name = "raw",
32 .valid_hooks = RAW_VALID_HOOKS,
33 .me = THIS_MODULE,
34 .af = NFPROTO_IPV4,
35 .priority = NF_IP_PRI_RAW_BEFORE_DEFRAG,
36 .table_init = iptable_raw_table_init,
37 };
38
39
40 static unsigned int
41 iptable_raw_hook(void *priv, struct sk_buff *skb,
42 const struct nf_hook_state *state)
43 {
44 return ipt_do_table(skb, state, state->net->ipv4.iptable_raw);
45 }
46
47 static struct nf_hook_ops *rawtable_ops __read_mostly;
48
49 static int __net_init iptable_raw_table_init(struct net *net)
50 {
51 struct ipt_replace *repl;
52 const struct xt_table *table = &packet_raw;
53 int ret;
54
55 if (raw_before_defrag)
56 table = &packet_raw_before_defrag;
57
58 if (net->ipv4.iptable_raw)
59 return 0;
60
61 repl = ipt_alloc_initial_table(table);
62 if (repl == NULL)
63 return -ENOMEM;
64 ret = ipt_register_table(net, table, repl, rawtable_ops,
65 &net->ipv4.iptable_raw);
66 kfree(repl);
67 return ret;
68 }
69
70 static void __net_exit iptable_raw_net_exit(struct net *net)
71 {
72 if (!net->ipv4.iptable_raw)
73 return;
74 ipt_unregister_table(net, net->ipv4.iptable_raw, rawtable_ops);
75 net->ipv4.iptable_raw = NULL;
76 }
77
78 static struct pernet_operations iptable_raw_net_ops = {
79 .exit = iptable_raw_net_exit,
80 };
81
82 static int __init iptable_raw_init(void)
83 {
84 int ret;
85 const struct xt_table *table = &packet_raw;
86
87 if (raw_before_defrag) {
88 table = &packet_raw_before_defrag;
89
90 pr_info("Enabling raw table before defrag\n");
91 }
92
93 rawtable_ops = xt_hook_ops_alloc(table, iptable_raw_hook);
94 if (IS_ERR(rawtable_ops))
95 return PTR_ERR(rawtable_ops);
96
97 ret = register_pernet_subsys(&iptable_raw_net_ops);
98 if (ret < 0) {
99 kfree(rawtable_ops);
100 return ret;
101 }
102
103 ret = iptable_raw_table_init(&init_net);
104 if (ret) {
105 unregister_pernet_subsys(&iptable_raw_net_ops);
106 kfree(rawtable_ops);
107 }
108
109 return ret;
110 }
111
112 static void __exit iptable_raw_fini(void)
113 {
114 unregister_pernet_subsys(&iptable_raw_net_ops);
115 kfree(rawtable_ops);
116 }
117
118 module_init(iptable_raw_init);
119 module_exit(iptable_raw_fini);
120 MODULE_LICENSE("GPL");