root/net/core/firewall.c

/* [previous][next][first][last][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. register_firewall
  2. unregister_firewall
  3. call_fw_firewall
  4. call_in_firewall
  5. call_out_firewall
  6. fwchain_init
   1 /*
   2  *      Generic loadable firewalls. At the moment only IP will actually
   3  *      use these, but people can add the others as they are needed.
   4  *
   5  *      Authors:        Dave Bonn (for IP)
   6  *      much hacked by: Alan Cox
   7  */
   8  
   9 #include <linux/skbuff.h>
  10 #include <linux/firewall.h>
  11 
  12 static int firewall_lock=0;
  13 static int firewall_policy[NPROTO];
  14 static struct firewall_ops *firewall_chain[NPROTO];
  15 
  16 /*
  17  *      Register a firewall
  18  */
  19  
  20 int register_firewall(int pf, struct firewall_ops *fw)
     /* [previous][next][first][last][top][bottom][index][help] */
  21 {
  22         struct firewall_ops **p;
  23         
  24         if(pf<0||pf>=NPROTO)
  25                 return -EINVAL;
  26         if(pf!=PF_INET)
  27                 return -ENOPROTOOPT;
  28         
  29         /*
  30          *      Don't allow two people to adjust at once.
  31          */
  32          
  33         while(firewall_lock)
  34                 schedule();
  35         firewall_lock=1;
  36         
  37         p=&firewall_chain[pf];
  38         
  39         while(*p)
  40         {
  41                 if(fw->fw_priority > (*p)->fw_priority)
  42                         break;
  43                 p=&((*p)->next);
  44         }
  45 
  46         fw->next=*p;
  47         /*
  48          *      We need to set p atomically in case someone runs down the list
  49          *      at the wrong moment. This saves locking it 
  50          */
  51          
  52         xchg(p,fw);
  53 
  54         /*
  55          *      And release the sleep lock
  56          */
  57 
  58         firewall_lock=0;
  59         return 0;
  60 }
  61 
  62 /*
  63  *      Unregister a firewall
  64  */
  65 
  66 int unregister_firewall(int pf, struct firewall_ops *fw)
     /* [previous][next][first][last][top][bottom][index][help] */
  67 {
  68         struct firewall_ops **nl;
  69         
  70         if(pf<0||pf>=NPROTO)
  71                 return -EINVAL;
  72         if(pf!=PF_INET)
  73                 return -ENOPROTOOPT;
  74         
  75         /*
  76          *      Don't allow two people to adjust at once.
  77          */
  78          
  79         while(firewall_lock)
  80                 schedule();
  81         firewall_lock=1;
  82 
  83         nl=&firewall_chain[pf];
  84         
  85         while(*nl!=NULL)
  86         {
  87                 if(*nl==fw)
  88                 {
  89                         struct firewall_ops *f=fw->next;
  90                         xchg(nl,f);
  91                         firewall_lock=0;
  92                         return 0;
  93                 }                       
  94                 nl=&((*nl)->next);
  95         }
  96         firewall_lock=0;
  97         return -ENOENT;
  98 }
  99 
 100 int call_fw_firewall(int pf, struct sk_buff *skb, void *phdr)
     /* [previous][next][first][last][top][bottom][index][help] */
 101 {
 102         struct firewall_ops *fw=firewall_chain[pf];
 103         int result=firewall_policy[pf];
 104         
 105         while(fw!=NULL)
 106         {
 107                 int rc=fw->fw_forward(fw,pf,skb,phdr);
 108                 if(rc!=FW_SKIP)
 109                         return rc;
 110                 fw=fw->next;
 111         }
 112         /* alan, is this right? */
 113         return result;
 114 }
 115 
 116 /*
 117  *      Actual invocation of the chains
 118  */
 119  
 120 int call_in_firewall(int pf, struct sk_buff *skb, void *phdr)
     /* [previous][next][first][last][top][bottom][index][help] */
 121 {
 122         struct firewall_ops *fw=firewall_chain[pf];
 123         int result=firewall_policy[pf];
 124         
 125         while(fw!=NULL)
 126         {
 127                 int rc=fw->fw_input(fw,pf,skb,phdr);
 128                 if(rc!=FW_SKIP)
 129                         return rc;
 130                 fw=fw->next;
 131         }
 132         /* alan, is this right? */
 133         return result;
 134 }
 135 
 136 int call_out_firewall(int pf, struct sk_buff *skb, void *phdr)
     /* [previous][next][first][last][top][bottom][index][help] */
 137 {
 138         struct firewall_ops *fw=firewall_chain[pf];
 139         int result=firewall_policy[pf];
 140         
 141         while(fw!=NULL)
 142         {
 143                 int rc=fw->fw_output(fw,pf,skb,phdr);
 144                 if(rc!=FW_SKIP)
 145                         return rc;
 146                 fw=fw->next;
 147         }
 148         /* alan, is this right? */
 149         return result;
 150 }
 151 
 152 void fwchain_init(void)
     /* [previous][next][first][last][top][bottom][index][help] */
 153 {
 154         int i;
 155         for(i=0;i<NPROTO;i++)
 156                 firewall_policy[i]=FW_ACCEPT;
 157 }
/* [previous][next][first][last][top][bottom][index][help] */