This source file includes following definitions.
- register_firewall
- unregister_firewall
- call_fw_firewall
- call_in_firewall
- call_out_firewall
- fwchain_init
1
2
3
4
5
6
7
8
9 #include <linux/skbuff.h>
10 #include <linux/firewall.h>
11
12 static int firewall_lock=0;
13 static int firewall_policy[NPROTO];
14 static struct firewall_ops *firewall_chain[NPROTO];
15
16
17
18
19
20 int register_firewall(int pf, struct firewall_ops *fw)
21 {
22 struct firewall_ops **p;
23
24 if(pf<0||pf>=NPROTO)
25 return -EINVAL;
26 if(pf!=PF_INET)
27 return -ENOPROTOOPT;
28
29
30
31
32
33 while(firewall_lock)
34 schedule();
35 firewall_lock=1;
36
37 p=&firewall_chain[pf];
38
39 while(*p)
40 {
41 if(fw->fw_priority > (*p)->fw_priority)
42 break;
43 p=&((*p)->next);
44 }
45
46 fw->next=*p;
47
48
49
50
51
52 xchg(p,fw);
53
54
55
56
57
58 firewall_lock=0;
59 return 0;
60 }
61
62
63
64
65
66 int unregister_firewall(int pf, struct firewall_ops *fw)
67 {
68 struct firewall_ops **nl;
69
70 if(pf<0||pf>=NPROTO)
71 return -EINVAL;
72 if(pf!=PF_INET)
73 return -ENOPROTOOPT;
74
75
76
77
78
79 while(firewall_lock)
80 schedule();
81 firewall_lock=1;
82
83 nl=&firewall_chain[pf];
84
85 while(*nl!=NULL)
86 {
87 if(*nl==fw)
88 {
89 struct firewall_ops *f=fw->next;
90 xchg(nl,f);
91 firewall_lock=0;
92 return 0;
93 }
94 nl=&((*nl)->next);
95 }
96 firewall_lock=0;
97 return -ENOENT;
98 }
99
100 int call_fw_firewall(int pf, struct sk_buff *skb, void *phdr)
101 {
102 struct firewall_ops *fw=firewall_chain[pf];
103
104 while(fw!=NULL)
105 {
106 int rc=fw->fw_forward(fw,pf,skb,phdr);
107 if(rc!=FW_SKIP)
108 return rc;
109 fw=fw->next;
110 }
111 return firewall_policy[pf];
112 }
113
114
115
116
117
118 int call_in_firewall(int pf, struct sk_buff *skb, void *phdr)
119 {
120 struct firewall_ops *fw=firewall_chain[pf];
121
122 while(fw!=NULL)
123 {
124 int rc=fw->fw_input(fw,pf,skb,phdr);
125 if(rc!=FW_SKIP)
126 return rc;
127 fw=fw->next;
128 }
129 return firewall_policy[pf];
130 }
131
132 int call_out_firewall(int pf, struct sk_buff *skb, void *phdr)
133 {
134 struct firewall_ops *fw=firewall_chain[pf];
135
136 while(fw!=NULL)
137 {
138 int rc=fw->fw_output(fw,pf,skb,phdr);
139 if(rc!=FW_SKIP)
140 return rc;
141 fw=fw->next;
142 }
143
144 return firewall_policy[pf];
145 }
146
147 void fwchain_init(void)
148 {
149 int i;
150 for(i=0;i<NPROTO;i++)
151 firewall_policy[i]=FW_ACCEPT;
152 }