This source file includes following definitions.
- register_firewall
- unregister_firewall
- call_fw_firewall
- call_in_firewall
- call_out_firewall
- fwchain_init
1
2
3
4
5
6
7
8
9 #include <linux/skbuff.h>
10 #include <linux/firewall.h>
11
12 static int firewall_lock=0;
13 static int firewall_policy[NPROTO];
14 static struct firewall_ops *firewall_chain[NPROTO];
15
16
17
18
19
20 int register_firewall(int pf, struct firewall_ops *fw)
21 {
22 struct firewall_ops **p;
23
24 if(pf<0||pf>=NPROTO)
25 return -EINVAL;
26 if(pf!=PF_INET)
27 return -ENOPROTOOPT;
28
29
30
31
32
33 while(firewall_lock)
34 schedule();
35 firewall_lock=1;
36
37 p=&firewall_chain[pf];
38
39 while(*p)
40 {
41 if(fw->fw_priority > (*p)->fw_priority)
42 break;
43 p=&((*p)->next);
44 }
45
46 fw->next=*p;
47
48
49
50
51
52 xchg(p,fw);
53
54
55
56
57
58 firewall_lock=0;
59 return 0;
60 }
61
62
63
64
65
66 int unregister_firewall(int pf, struct firewall_ops *fw)
67 {
68 struct firewall_ops **nl;
69
70 if(pf<0||pf>=NPROTO)
71 return -EINVAL;
72 if(pf!=PF_INET)
73 return -ENOPROTOOPT;
74
75
76
77
78
79 while(firewall_lock)
80 schedule();
81 firewall_lock=1;
82
83 nl=&firewall_chain[pf];
84
85 while(*nl!=NULL)
86 {
87 if(*nl==fw)
88 {
89 struct firewall_ops *f=fw->next;
90 xchg(nl,f);
91 firewall_lock=0;
92 return 0;
93 }
94 nl=&((*nl)->next);
95 }
96 firewall_lock=0;
97 return -ENOENT;
98 }
99
100 int call_fw_firewall(int pf, struct sk_buff *skb, void *phdr)
101 {
102 struct firewall_ops *fw=firewall_chain[pf];
103 int result=firewall_policy[pf];
104
105 while(fw!=NULL)
106 {
107 int rc=fw->fw_forward(fw,pf,skb,phdr);
108 if(rc!=FW_SKIP)
109 return rc;
110 fw=fw->next;
111 }
112
113 return result;
114 }
115
116
117
118
119
120 int call_in_firewall(int pf, struct sk_buff *skb, void *phdr)
121 {
122 struct firewall_ops *fw=firewall_chain[pf];
123 int result=firewall_policy[pf];
124
125 while(fw!=NULL)
126 {
127 int rc=fw->fw_input(fw,pf,skb,phdr);
128 if(rc!=FW_SKIP)
129 return rc;
130 fw=fw->next;
131 }
132
133 return result;
134 }
135
136 int call_out_firewall(int pf, struct sk_buff *skb, void *phdr)
137 {
138 struct firewall_ops *fw=firewall_chain[pf];
139 int result=firewall_policy[pf];
140
141 while(fw!=NULL)
142 {
143 int rc=fw->fw_output(fw,pf,skb,phdr);
144 if(rc!=FW_SKIP)
145 return rc;
146 fw=fw->next;
147 }
148
149 return result;
150 }
151
152 void fwchain_init(void)
153 {
154 int i;
155 for(i=0;i<NPROTO;i++)
156 firewall_policy[i]=FW_ACCEPT;
157 }