[deliverable/linux.git] / net / ipv6 / netfilter / ip6table_raw.c

/*
 * IPv6 raw table, a port of the IPv4 raw table to IPv6
 *
 * Copyright (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
 */
#include <linux/module.h>
#include <linux/netfilter_ipv6/ip6_tables.h>

#define RAW_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_OUT))

#if 0
#define DEBUGP(x, args...)	printk(KERN_DEBUG x, ## args)
#else
#define DEBUGP(x, args...)
#endif

static struct
{
	struct ip6t_replace repl;
	struct ip6t_standard entries[2];
	struct ip6t_error term;
} initial_table __initdata = {
	.repl = {
		.name = "raw",
		.valid_hooks = RAW_VALID_HOOKS,
		.num_entries = 3,
		.size = sizeof(struct ip6t_standard) * 2 + sizeof(struct ip6t_error),
		.hook_entry = {
			[NF_IP6_PRE_ROUTING] = 0,
			[NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
		},
		.underflow = {
			[NF_IP6_PRE_ROUTING] = 0,
			[NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
		},
	},
	.entries = {
		/* PRE_ROUTING */
		{
			.entry = {
				.target_offset = sizeof(struct ip6t_entry),
				.next_offset = sizeof(struct ip6t_standard),
			},
			.target = {
				.target = {
					.u = {
						.target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)),
					},
				},
				.verdict = -NF_ACCEPT - 1,
			},
		},

		/* LOCAL_OUT */
		{
			.entry = {
				.target_offset = sizeof(struct ip6t_entry),
				.next_offset = sizeof(struct ip6t_standard),
			},
			.target = {
				.target = {
					.u = {
						.target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)),
					},
				},
				.verdict = -NF_ACCEPT - 1,
			},
		},
	},
	/* ERROR */
	.term = {
		.entry = {
			.target_offset = sizeof(struct ip6t_entry),
			.next_offset = sizeof(struct ip6t_error),
		},
		.target = {
			.target = {
				.u = {
					.user = {
						.target_size = IP6T_ALIGN(sizeof(struct ip6t_error_target)),
						.name = IP6T_ERROR_TARGET,
					},
				},
			},
			.errorname = "ERROR",
		},
	}
};

static struct xt_table packet_raw = {
	.name = "raw",
	.valid_hooks = RAW_VALID_HOOKS,
	.lock = RW_LOCK_UNLOCKED,
	.me = THIS_MODULE,
	.af = AF_INET6,
};

/* The work comes in here from netfilter.c. */
static unsigned int
ip6t_hook(unsigned int hook,
	 struct sk_buff **pskb,
	 const struct net_device *in,
	 const struct net_device *out,
	 int (*okfn)(struct sk_buff *))
{
	return ip6t_do_table(pskb, hook, in, out, &packet_raw);
}

static struct nf_hook_ops ip6t_ops[] = {
	{
	  .hook = ip6t_hook,
	  .pf = PF_INET6,
	  .hooknum = NF_IP6_PRE_ROUTING,
	  .priority = NF_IP6_PRI_FIRST,
	  .owner = THIS_MODULE,
	},
	{
	  .hook = ip6t_hook,
	  .pf = PF_INET6,
	  .hooknum = NF_IP6_LOCAL_OUT,
	  .priority = NF_IP6_PRI_FIRST,
	  .owner = THIS_MODULE,
	},
};

static int __init ip6table_raw_init(void)
{
	int ret;

	/* Register table */
	ret = ip6t_register_table(&packet_raw, &initial_table.repl);
	if (ret < 0)
		return ret;

	/* Register hooks */
	ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
	if (ret < 0)
		goto cleanup_table;

	return ret;

 cleanup_table:
	ip6t_unregister_table(&packet_raw);
	return ret;
}

static void __exit ip6table_raw_fini(void)
{
	nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
	ip6t_unregister_table(&packet_raw);
}

module_init(ip6table_raw_init);
module_exit(ip6table_raw_fini);
MODULE_LICENSE("GPL");
Commit	Line	Data
1da177e4 LT	1	/*
	2	* IPv6 raw table, a port of the IPv4 raw table to IPv6
	3	*
	4	* Copyright (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	5	*/
	6	#include <linux/module.h>
	7	#include <linux/netfilter_ipv6/ip6_tables.h>
	8
	9	#define RAW_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) \| (1 << NF_IP6_LOCAL_OUT))
	10
	11	#if 0
	12	#define DEBUGP(x, args...) printk(KERN_DEBUG x, ## args)
	13	#else
	14	#define DEBUGP(x, args...)
	15	#endif
	16
1da177e4 LT	17	static struct
	18	{
	19	struct ip6t_replace repl;
	20	struct ip6t_standard entries[2];
	21	struct ip6t_error term;
	22	} initial_table __initdata = {
	23	.repl = {
	24	.name = "raw",
	25	.valid_hooks = RAW_VALID_HOOKS,
	26	.num_entries = 3,
	27	.size = sizeof(struct ip6t_standard) * 2 + sizeof(struct ip6t_error),
	28	.hook_entry = {
	29	[NF_IP6_PRE_ROUTING] = 0,
	30	[NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
	31	},
	32	.underflow = {
	33	[NF_IP6_PRE_ROUTING] = 0,
	34	[NF_IP6_LOCAL_OUT] = sizeof(struct ip6t_standard)
	35	},
	36	},
	37	.entries = {
	38	/* PRE_ROUTING */
	39	{
	40	.entry = {
	41	.target_offset = sizeof(struct ip6t_entry),
	42	.next_offset = sizeof(struct ip6t_standard),
	43	},
	44	.target = {
	45	.target = {
	46	.u = {
	47	.target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)),
	48	},
	49	},
	50	.verdict = -NF_ACCEPT - 1,
	51	},
	52	},
	53
	54	/* LOCAL_OUT */
	55	{
	56	.entry = {
	57	.target_offset = sizeof(struct ip6t_entry),
	58	.next_offset = sizeof(struct ip6t_standard),
	59	},
	60	.target = {
	61	.target = {
	62	.u = {
	63	.target_size = IP6T_ALIGN(sizeof(struct ip6t_standard_target)),
	64	},
	65	},
	66	.verdict = -NF_ACCEPT - 1,
	67	},
	68	},
	69	},
	70	/* ERROR */
	71	.term = {
	72	.entry = {
	73	.target_offset = sizeof(struct ip6t_entry),
	74	.next_offset = sizeof(struct ip6t_error),
	75	},
	76	.target = {
	77	.target = {
	78	.u = {
	79	.user = {
	80	.target_size = IP6T_ALIGN(sizeof(struct ip6t_error_target)),
81	.name = IP6T_ERROR_TARGET,
82	},
83	},
84	},
85	.errorname = "ERROR",
86	},
87	}
88	};
89
1ab1457c YH	90	static struct xt_table packet_raw = {
	91	.name = "raw",
	92	.valid_hooks = RAW_VALID_HOOKS,
	93	.lock = RW_LOCK_UNLOCKED,
2e4e6a17 HW	94	.me = THIS_MODULE,
2e4e6a17 HW	95	.af = AF_INET6,
1da177e4 LT	96	};
	97
	98	/* The work comes in here from netfilter.c. */
	99	static unsigned int
	100	ip6t_hook(unsigned int hook,
	101	struct sk_buff **pskb,
	102	const struct net_device *in,
	103	const struct net_device *out,
	104	int (okfn)(struct sk_buff ))
	105	{
fe1cb108	106	return ip6t_do_table(pskb, hook, in, out, &packet_raw);
1da177e4 LT	107	}
1da177e4 LT	108
1ab1457c	109	static struct nf_hook_ops ip6t_ops[] = {
1da177e4	110	{
1ab1457c	111	.hook = ip6t_hook,
1da177e4 LT	112	.pf = PF_INET6,
1da177e4 LT	113	.hooknum = NF_IP6_PRE_ROUTING,
97216c79 PM	114	.priority = NF_IP6_PRI_FIRST,
97216c79 PM	115	.owner = THIS_MODULE,
1da177e4 LT	116	},
1da177e4 LT	117	{
1ab1457c YH	118	.hook = ip6t_hook,
1ab1457c YH	119	.pf = PF_INET6,
1da177e4	120	.hooknum = NF_IP6_LOCAL_OUT,
97216c79 PM	121	.priority = NF_IP6_PRI_FIRST,
97216c79 PM	122	.owner = THIS_MODULE,
1da177e4 LT	123	},
	124	};
	125
65b4b4e8	126	static int __init ip6table_raw_init(void)
1da177e4 LT	127	{
	128	int ret;
	129
	130	/* Register table */
	131	ret = ip6t_register_table(&packet_raw, &initial_table.repl);
	132	if (ret < 0)
	133	return ret;
	134
	135	/* Register hooks */
964ddaa1	136	ret = nf_register_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
1da177e4 LT	137	if (ret < 0)
	138	goto cleanup_table;
	139
1da177e4 LT	140	return ret;
1da177e4 LT	141
1da177e4 LT	142	cleanup_table:
1da177e4 LT	143	ip6t_unregister_table(&packet_raw);
1da177e4 LT	144	return ret;
	145	}
	146
65b4b4e8	147	static void __exit ip6table_raw_fini(void)
1da177e4	148	{
964ddaa1	149	nf_unregister_hooks(ip6t_ops, ARRAY_SIZE(ip6t_ops));
1da177e4 LT	150	ip6t_unregister_table(&packet_raw);
	151	}
	152
65b4b4e8 AM	153	module_init(ip6table_raw_init);
65b4b4e8 AM	154	module_exit(ip6table_raw_fini);
1da177e4	155	MODULE_LICENSE("GPL");