root/net/core/firewall.c

/* [previous][next][first][last][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. register_firewall
  2. unregister_firewall
  3. call_fw_firewall
  4. call_in_firewall
  5. call_out_firewall
  6. fwchain_init
   1 /*
   2  *      Generic loadable firewalls. At the moment only IP will actually
   3  *      use these, but people can add the others as they are needed.
   4  *
   5  *      Authors:        Dave Bonn (for IP)
   6  *      much hacked by: Alan Cox
   7  */
   8  
   9 #include <linux/skbuff.h>
  10 #include <linux/firewall.h>
  11 
  12 static int firewall_lock=0;
  13 static int firewall_policy[NPROTO];
  14 static struct firewall_ops *firewall_chain[NPROTO];
  15 
  16 /*
  17  *      Register a firewall
  18  */
  19  
  20 int register_firewall(int pf, struct firewall_ops *fw)
     /* [previous][next][first][last][top][bottom][index][help] */
  21 {
  22         struct firewall_ops **p;
  23         
  24         if(pf<0||pf>=NPROTO)
  25                 return -EINVAL;
  26         if(pf!=PF_INET)
  27                 return -ENOPROTOOPT;
  28         
  29         /*
  30          *      Don't allow two people to adjust at once.
  31          */
  32          
  33         while(firewall_lock)
  34                 schedule();
  35         firewall_lock=1;
  36         
  37         p=&firewall_chain[pf];
  38         
  39         while(*p)
  40         {
  41                 if(fw->fw_priority > (*p)->fw_priority)
  42                         break;
  43                 p=&((*p)->next);
  44         }
  45 
  46         fw->next=*p;
  47         /*
  48          *      We need to set p atomically in case someone runs down the list
  49          *      at the wrong moment. This saves locking it 
  50          */
  51          
  52         xchg(p,fw);
  53 
  54         /*
  55          *      And release the sleep lock
  56          */
  57 
  58         firewall_lock=0;
  59         return 0;
  60 }
  61 
  62 /*
  63  *      Unregister a firewall
  64  */
  65 
  66 int unregister_firewall(int pf, struct firewall_ops *fw)
     /* [previous][next][first][last][top][bottom][index][help] */
  67 {
  68         struct firewall_ops **nl;
  69         
  70         if(pf<0||pf>=NPROTO)
  71                 return -EINVAL;
  72         if(pf!=PF_INET)
  73                 return -ENOPROTOOPT;
  74         
  75         /*
  76          *      Don't allow two people to adjust at once.
  77          */
  78          
  79         while(firewall_lock)
  80                 schedule();
  81         firewall_lock=1;
  82 
  83         nl=&firewall_chain[pf];
  84         
  85         while(*nl!=NULL)
  86         {
  87                 if(*nl==fw)
  88                 {
  89                         struct firewall_ops *f=fw->next;
  90                         xchg(nl,f);
  91                         firewall_lock=0;
  92                         return 0;
  93                 }                       
  94                 nl=&((*nl)->next);
  95         }
  96         firewall_lock=0;
  97         return -ENOENT;
  98 }
  99 
 100 int call_fw_firewall(int pf, struct sk_buff *skb, void *phdr)
     /* [previous][next][first][last][top][bottom][index][help] */
 101 {
 102         struct firewall_ops *fw=firewall_chain[pf];
 103         
 104         while(fw!=NULL)
 105         {
 106                 int rc=fw->fw_forward(fw,pf,skb,phdr);
 107                 if(rc!=FW_SKIP)
 108                         return rc;
 109                 fw=fw->next;
 110         }
 111         return firewall_policy[pf];
 112 }
 113 
 114 /*
 115  *      Actual invocation of the chains
 116  */
 117  
 118 int call_in_firewall(int pf, struct sk_buff *skb, void *phdr)
     /* [previous][next][first][last][top][bottom][index][help] */
 119 {
 120         struct firewall_ops *fw=firewall_chain[pf];
 121         
 122         while(fw!=NULL)
 123         {
 124                 int rc=fw->fw_input(fw,pf,skb,phdr);
 125                 if(rc!=FW_SKIP)
 126                         return rc;
 127                 fw=fw->next;
 128         }
 129         return firewall_policy[pf];
 130 }
 131 
 132 int call_out_firewall(int pf, struct sk_buff *skb, void *phdr)
     /* [previous][next][first][last][top][bottom][index][help] */
 133 {
 134         struct firewall_ops *fw=firewall_chain[pf];
 135         
 136         while(fw!=NULL)
 137         {
 138                 int rc=fw->fw_output(fw,pf,skb,phdr);
 139                 if(rc!=FW_SKIP)
 140                         return rc;
 141                 fw=fw->next;
 142         }
 143         /* alan, is this right? */
 144         return firewall_policy[pf];
 145 }
 146 
 147 void fwchain_init(void)
     /* [previous][next][first][last][top][bottom][index][help] */
 148 {
 149         int i;
 150         for(i=0;i<NPROTO;i++)
 151                 firewall_policy[i]=FW_ACCEPT;
 152 }
/* [previous][next][first][last][top][bottom][index][help] */