root/net/core/firewall.c

/* [previous][next][first][last][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. register_firewall
  2. unregister_firewall
  3. call_fw_firewall
  4. call_in_firewall
  5. call_out_firewall
  6. fwchain_init
   1 /*
   2  *      Generic loadable firewalls. At the moment only IP will actually
   3  *      use these, but people can add the others as they are needed.
   4  *
   5  *      Authors:        Dave Bonn (for IP)
   6  *      much hacked by: Alan Cox
   7  */
   8  
   9 #include <linux/skbuff.h>
  10 #include <linux/firewall.h>
  11 
  12 static int firewall_lock=0;
  13 static int firewall_policy[NPROTO];
  14 static struct firewall_ops *firewall_chain[NPROTO];
  15 
  16 /*
  17  *      Register a firewall
  18  */
  19  
  20 int register_firewall(int pf, struct firewall_ops *fw)
     /* [previous][next][first][last][top][bottom][index][help] */
  21 {
  22         struct firewall_ops **p;
  23         
  24         if(pf<0||pf>=NPROTO)
  25                 return -EINVAL;
  26         
  27         /*
  28          *      Don't allow two people to adjust at once.
  29          */
  30          
  31         while(firewall_lock)
  32                 schedule();
  33         firewall_lock=1;
  34         
  35         p=&firewall_chain[pf];
  36         
  37         while(*p)
  38         {
  39                 if(fw->fw_priority > (*p)->fw_priority)
  40                         break;
  41                 p=&((*p)->next);
  42         }
  43 
  44         
  45         /*
  46          * We need to use a memory barrier to make sure that this
  47          * works correctly even in SMP with weakly ordered writes.
  48          *
  49          * This is atomic wrt interrupts (and generally walking the
  50          * chain), but not wrt itself (so you can't call this from
  51          * an interrupt. Not that you'd want to).
  52          */
  53         fw->next=*p;
  54         mb();
  55         *p = fw;
  56 
  57         /*
  58          *      And release the sleep lock
  59          */
  60 
  61         firewall_lock=0;
  62         return 0;
  63 }
  64 
  65 /*
  66  *      Unregister a firewall
  67  */
  68 
  69 int unregister_firewall(int pf, struct firewall_ops *fw)
     /* [previous][next][first][last][top][bottom][index][help] */
  70 {
  71         struct firewall_ops **nl;
  72         
  73         if(pf<0||pf>=NPROTO)
  74                 return -EINVAL;
  75         
  76         /*
  77          *      Don't allow two people to adjust at once.
  78          */
  79          
  80         while(firewall_lock)
  81                 schedule();
  82         firewall_lock=1;
  83 
  84         nl=&firewall_chain[pf];
  85         
  86         while(*nl!=NULL)
  87         {
  88                 if(*nl==fw)
  89                 {
  90                         struct firewall_ops *f=fw->next;
  91                         *nl = f;
  92                         firewall_lock=0;
  93                         return 0;
  94                 }                       
  95                 nl=&((*nl)->next);
  96         }
  97         firewall_lock=0;
  98         return -ENOENT;
  99 }
 100 
 101 int call_fw_firewall(int pf, struct sk_buff *skb, void *phdr)
     /* [previous][next][first][last][top][bottom][index][help] */
 102 {
 103         struct firewall_ops *fw=firewall_chain[pf];
 104         
 105         while(fw!=NULL)
 106         {
 107                 int rc=fw->fw_forward(fw,pf,skb,phdr);
 108                 if(rc!=FW_SKIP)
 109                         return rc;
 110                 fw=fw->next;
 111         }
 112         return firewall_policy[pf];
 113 }
 114 
 115 /*
 116  *      Actual invocation of the chains
 117  */
 118  
 119 int call_in_firewall(int pf, struct sk_buff *skb, void *phdr)
     /* [previous][next][first][last][top][bottom][index][help] */
 120 {
 121         struct firewall_ops *fw=firewall_chain[pf];
 122         
 123         while(fw!=NULL)
 124         {
 125                 int rc=fw->fw_input(fw,pf,skb,phdr);
 126                 if(rc!=FW_SKIP)
 127                         return rc;
 128                 fw=fw->next;
 129         }
 130         return firewall_policy[pf];
 131 }
 132 
 133 int call_out_firewall(int pf, struct sk_buff *skb, void *phdr)
     /* [previous][next][first][last][top][bottom][index][help] */
 134 {
 135         struct firewall_ops *fw=firewall_chain[pf];
 136         
 137         while(fw!=NULL)
 138         {
 139                 int rc=fw->fw_output(fw,pf,skb,phdr);
 140                 if(rc!=FW_SKIP)
 141                         return rc;
 142                 fw=fw->next;
 143         }
 144         /* alan, is this right? */
 145         return firewall_policy[pf];
 146 }
 147 
 148 void fwchain_init(void)
     /* [previous][next][first][last][top][bottom][index][help] */
 149 {
 150         int i;
 151         for(i=0;i<NPROTO;i++)
 152                 firewall_policy[i]=FW_ACCEPT;
 153 }
/* [previous][next][first][last][top][bottom][index][help] */