This source file includes following definitions.
- register_firewall
- unregister_firewall
- call_fw_firewall
- call_in_firewall
- call_out_firewall
- fwchain_init
1
2
3
4
5
6
7
8
9 #include <linux/skbuff.h>
10 #include <linux/firewall.h>
11
12 static int firewall_lock=0;
13 static int firewall_policy[NPROTO];
14 static struct firewall_ops *firewall_chain[NPROTO];
15
16
17
18
19
20 int register_firewall(int pf, struct firewall_ops *fw)
21 {
22 struct firewall_ops **p;
23
24 if(pf<0||pf>=NPROTO)
25 return -EINVAL;
26
27
28
29
30
31 while(firewall_lock)
32 schedule();
33 firewall_lock=1;
34
35 p=&firewall_chain[pf];
36
37 while(*p)
38 {
39 if(fw->fw_priority > (*p)->fw_priority)
40 break;
41 p=&((*p)->next);
42 }
43
44
45
46
47
48
49
50
51
52
53 fw->next=*p;
54 mb();
55 *p = fw;
56
57
58
59
60
61 firewall_lock=0;
62 return 0;
63 }
64
65
66
67
68
69 int unregister_firewall(int pf, struct firewall_ops *fw)
70 {
71 struct firewall_ops **nl;
72
73 if(pf<0||pf>=NPROTO)
74 return -EINVAL;
75
76
77
78
79
80 while(firewall_lock)
81 schedule();
82 firewall_lock=1;
83
84 nl=&firewall_chain[pf];
85
86 while(*nl!=NULL)
87 {
88 if(*nl==fw)
89 {
90 struct firewall_ops *f=fw->next;
91 *nl = f;
92 firewall_lock=0;
93 return 0;
94 }
95 nl=&((*nl)->next);
96 }
97 firewall_lock=0;
98 return -ENOENT;
99 }
100
101 int call_fw_firewall(int pf, struct sk_buff *skb, void *phdr)
102 {
103 struct firewall_ops *fw=firewall_chain[pf];
104
105 while(fw!=NULL)
106 {
107 int rc=fw->fw_forward(fw,pf,skb,phdr);
108 if(rc!=FW_SKIP)
109 return rc;
110 fw=fw->next;
111 }
112 return firewall_policy[pf];
113 }
114
115
116
117
118
119 int call_in_firewall(int pf, struct sk_buff *skb, void *phdr)
120 {
121 struct firewall_ops *fw=firewall_chain[pf];
122
123 while(fw!=NULL)
124 {
125 int rc=fw->fw_input(fw,pf,skb,phdr);
126 if(rc!=FW_SKIP)
127 return rc;
128 fw=fw->next;
129 }
130 return firewall_policy[pf];
131 }
132
133 int call_out_firewall(int pf, struct sk_buff *skb, void *phdr)
134 {
135 struct firewall_ops *fw=firewall_chain[pf];
136
137 while(fw!=NULL)
138 {
139 int rc=fw->fw_output(fw,pf,skb,phdr);
140 if(rc!=FW_SKIP)
141 return rc;
142 fw=fw->next;
143 }
144
145 return firewall_policy[pf];
146 }
147
148 void fwchain_init(void)
149 {
150 int i;
151 for(i=0;i<NPROTO;i++)
152 firewall_policy[i]=FW_ACCEPT;
153 }