root/net/core/firewall.c

/* [previous][next][first][last][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. register_firewall
  2. unregister_firewall
  3. call_fw_firewall
  4. call_in_firewall
  5. call_out_firewall
  6. fwchain_init
   1 /*
   2  *      Generic loadable firewalls. At the moment only IP will actually
   3  *      use these, but people can add the others as they are needed.
   4  *
   5  *      Authors:        Dave Bonn (for IP)
   6  *      much hacked by: Alan Cox
   7  */
   8  
   9 #include <linux/skbuff.h>
  10 #include <linux/firewall.h>
  11 
  12 static int firewall_lock=0;
  13 static int firewall_policy[NPROTO];
  14 static struct firewall_ops *firewall_chain[NPROTO];
  15 
  16 /*
  17  *      Register a firewall
  18  */
  19  
  20 int register_firewall(int pf, struct firewall_ops *fw)
     /* [previous][next][first][last][top][bottom][index][help] */
  21 {
  22         struct firewall_ops **p;
  23         
  24         if(pf<0||pf>=NPROTO)
  25                 return -EINVAL;
  26         
  27         /*
  28          *      Don't allow two people to adjust at once.
  29          */
  30          
  31         while(firewall_lock)
  32                 schedule();
  33         firewall_lock=1;
  34         
  35         p=&firewall_chain[pf];
  36         
  37         while(*p)
  38         {
  39                 if(fw->fw_priority > (*p)->fw_priority)
  40                         break;
  41                 p=&((*p)->next);
  42         }
  43 
  44         fw->next=*p;
  45         /*
  46          *      We need to set p atomically in case someone runs down the list
  47          *      at the wrong moment. This saves locking it 
  48          */
  49          
  50         xchg(p,fw);
  51 
  52         /*
  53          *      And release the sleep lock
  54          */
  55 
  56         firewall_lock=0;
  57         return 0;
  58 }
  59 
  60 /*
  61  *      Unregister a firewall
  62  */
  63 
  64 int unregister_firewall(int pf, struct firewall_ops *fw)
     /* [previous][next][first][last][top][bottom][index][help] */
  65 {
  66         struct firewall_ops **nl;
  67         
  68         if(pf<0||pf>=NPROTO)
  69                 return -EINVAL;
  70         
  71         /*
  72          *      Don't allow two people to adjust at once.
  73          */
  74          
  75         while(firewall_lock)
  76                 schedule();
  77         firewall_lock=1;
  78 
  79         nl=&firewall_chain[pf];
  80         
  81         while(*nl!=NULL)
  82         {
  83                 if(*nl==fw)
  84                 {
  85                         struct firewall_ops *f=fw->next;
  86                         xchg(nl,f);
  87                         firewall_lock=0;
  88                         return 0;
  89                 }                       
  90                 nl=&((*nl)->next);
  91         }
  92         firewall_lock=0;
  93         return -ENOENT;
  94 }
  95 
  96 int call_fw_firewall(int pf, struct sk_buff *skb, void *phdr)
     /* [previous][next][first][last][top][bottom][index][help] */
  97 {
  98         struct firewall_ops *fw=firewall_chain[pf];
  99         
 100         while(fw!=NULL)
 101         {
 102                 int rc=fw->fw_forward(fw,pf,skb,phdr);
 103                 if(rc!=FW_SKIP)
 104                         return rc;
 105                 fw=fw->next;
 106         }
 107         return firewall_policy[pf];
 108 }
 109 
 110 /*
 111  *      Actual invocation of the chains
 112  */
 113  
 114 int call_in_firewall(int pf, struct sk_buff *skb, void *phdr)
     /* [previous][next][first][last][top][bottom][index][help] */
 115 {
 116         struct firewall_ops *fw=firewall_chain[pf];
 117         
 118         while(fw!=NULL)
 119         {
 120                 int rc=fw->fw_input(fw,pf,skb,phdr);
 121                 if(rc!=FW_SKIP)
 122                         return rc;
 123                 fw=fw->next;
 124         }
 125         return firewall_policy[pf];
 126 }
 127 
 128 int call_out_firewall(int pf, struct sk_buff *skb, void *phdr)
     /* [previous][next][first][last][top][bottom][index][help] */
 129 {
 130         struct firewall_ops *fw=firewall_chain[pf];
 131         
 132         while(fw!=NULL)
 133         {
 134                 int rc=fw->fw_output(fw,pf,skb,phdr);
 135                 if(rc!=FW_SKIP)
 136                         return rc;
 137                 fw=fw->next;
 138         }
 139         /* alan, is this right? */
 140         return firewall_policy[pf];
 141 }
 142 
 143 void fwchain_init(void)
     /* [previous][next][first][last][top][bottom][index][help] */
 144 {
 145         int i;
 146         for(i=0;i<NPROTO;i++)
 147                 firewall_policy[i]=FW_ACCEPT;
 148 }
/* [previous][next][first][last][top][bottom][index][help] */