net/ipv6/netfilter/ip6table_raw.c

   1 /*
   2  * IPv6 raw table, a port of the IPv4 raw table to IPv6
   3  *
   4  * Copyright (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
   5  */
   6 #include <linux/module.h>
   7 #include <linux/netfilter_ipv6/ip6_tables.h>
   8
   9 #define RAW_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_OUT))
  10
  11 #if 0
  12 #define DEBUGP(x, args...)      printk(KERN_DEBUG x, ## args)
  13 #else
  14 #define DEBUGP(x, args...)
  15 #endif
  16
  17 /* Standard entry. */
  18 struct ip6t_standard
  19 {
  20         struct ip6t_entry entry;
  21         struct ip6t_standard_target target;
  22 };
  23
  24 struct ip6t_error_target
  25 {
  26         struct ip6t_entry_target target;
  27         char errorname[IP6T_FUNCTION_MAXNAMELEN];
  28 };
  29
  30 struct ip6t_error
  31 {
  32         struct ip6t_entry entry;
  33         struct ip6t_error_target target;
  34 };
  35
  36 static struct
  37 {
  38         struct ip6t_replace repl;
  39         struct ip6t_standard entries[2];
  40         struct ip6t_error term;
  41 } initial_table __initdata = {
  42         .repl = {
  43                 .name = "raw",
  44                 .valid_hooks = RAW_VALID_HOOKS,
  45                 .num_entries = 3,
  46                 .size = sizeof(struct ip6t_standard) * 2 + sizeof(struct ip6t_error),
  47                 .hook_entry = {
  48                         [NF_IP6_PRE_ROUTING] = 0,
  49                         [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
  50                 },
  51                 .underflow = {
  52                         [NF_IP6_PRE_ROUTING] = 0,
  53                         [NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
  54                 },
  55         },
  56         .entries = {
  57                 /* PRE_ROUTING */
  58                 {
  59                         .entry = {
  60                                 .target_offset = sizeof(struct ip6t_entry),
  61                                 .next_offset = sizeof(struct ip6t_standard),
  62                         },
  63                         .target = {
  64                                 .target = {
  65                                         .u = {
  66                                                 .target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)),
  67                                         },
  68                                 },
  69                                 .verdict = -NF_ACCEPT - 1,
  70                         },
  71                 },
  72
  73                 /* LOCAL_OUT */
  74                 {
  75                         .entry = {
  76                                 .target_offset = sizeof(struct ip6t_entry),
  77                                 .next_offset = sizeof(struct ip6t_standard),
  78                         },
  79                         .target = {
  80                                 .target = {
  81                                         .u = {
  82                                                 .target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)),
  83                                         },
  84                                 },
  85                                 .verdict = -NF_ACCEPT - 1,
  86                         },
  87                 },
  88         },
  89         /* ERROR */
  90         .term = {
  91                 .entry = {
  92                         .target_offset = sizeof(struct ip6t_entry),
  93                         .next_offset = sizeof(struct ip6t_error),
  94                 },
  95                 .target = {
  96                         .target = {
  97                                 .u = {
  98                                         .user = {
  99                                                 .target_size = IP6T_ALIGN(sizeof(struct ip6t_error_target)),
 100                                                 .name = IP6T_ERROR_TARGET,
 101                                         },
 102                                 },
 103                         },
 104                         .errorname = "ERROR",
 105                 },
 106         }
 107 };
 108
 109 static struct xt_table packet_raw = {
 110         .name = "raw",
 111         .valid_hooks = RAW_VALID_HOOKS,
 112         .lock = RW_LOCK_UNLOCKED,
 113         .me = THIS_MODULE,
 114         .af = AF_INET6,
 115 };
 116
 117 /* The work comes in here from netfilter.c. */
 118 static unsigned int
 119 ip6t_hook(unsigned int hook,
 120          struct sk_buff **pskb,
 121          const struct net_device *in,
 122          const struct net_device *out,
 123          int (*okfn)(struct sk_buff *))
 124 {
 125         return ip6t_do_table(pskb, hook, in, out, &packet_raw, NULL);
 126 }
 127
 128 static struct nf_hook_ops ip6t_ops[] = {
 129         {
 130           .hook = ip6t_hook,
 131           .pf = PF_INET6,
 132           .hooknum = NF_IP6_PRE_ROUTING,
 133           .priority = NF_IP6_PRI_FIRST,
 134           .owner = THIS_MODULE,
 135         },
 136         {
 137           .hook = ip6t_hook,
 138           .pf = PF_INET6,
 139           .hooknum = NF_IP6_LOCAL_OUT,
 140           .priority = NF_IP6_PRI_FIRST,
 141           .owner = THIS_MODULE,
 142         },
 143 };
 144
 145 static int __init init(void)
 146 {
 147         int ret;
 148
 149         /* Register table */
 150         ret = ip6t_register_table(&packet_raw, &initial_table.repl);
 151         if (ret < 0)
 152                 return ret;
 153
 154         /* Register hooks */
 155         ret = nf_register_hook(&ip6t_ops[0]);
 156         if (ret < 0)
 157                 goto cleanup_table;
 158
 159         ret = nf_register_hook(&ip6t_ops[1]);
 160         if (ret < 0)
 161                 goto cleanup_hook0;
 162
 163         return ret;
 164
 165  cleanup_hook0:
 166         nf_unregister_hook(&ip6t_ops[0]);
 167  cleanup_table:
 168         ip6t_unregister_table(&packet_raw);
 169
 170         return ret;
 171 }
 172
 173 static void __exit fini(void)
 174 {
 175         unsigned int i;
 176
 177         for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++)
 178                 nf_unregister_hook(&ip6t_ops[i]);
 179
 180         ip6t_unregister_table(&packet_raw);
 181 }
 182
 183 module_init(init);
 184 module_exit(fini);
 185 MODULE_LICENSE("GPL");