root/net/core/firewall.c

/* [previous][next][first][last][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. register_firewall
  2. unregister_firewall
  3. call_fw_firewall
  4. call_in_firewall
  5. call_out_firewall
  6. fwchain_init
   1 /*
   2  *      Generic loadable firewalls. At the moment only IP will actually
   3  *      use these, but people can add the others as they are needed.
   4  *
   5  *      Authors:        Dave Bonn (for IP)
   6  *      much hacked by: Alan Cox
   7  */
   8 
   9 #include <linux/module.h> 
  10 #include <linux/skbuff.h>
  11 #include <linux/firewall.h>
  12 
  13 static int firewall_lock=0;
  14 static int firewall_policy[NPROTO];
  15 static struct firewall_ops *firewall_chain[NPROTO];
  16 
  17 /*
  18  *      Register a firewall
  19  */
  20  
  21 int register_firewall(int pf, struct firewall_ops *fw)
     /* [previous][next][first][last][top][bottom][index][help] */
  22 {
  23         struct firewall_ops **p;
  24         
  25         if(pf<0||pf>=NPROTO)
  26                 return -EINVAL;
  27         
  28         /*
  29          *      Don't allow two people to adjust at once.
  30          */
  31          
  32         while(firewall_lock)
  33                 schedule();
  34         firewall_lock=1;
  35         
  36         p=&firewall_chain[pf];
  37         
  38         while(*p)
  39         {
  40                 if(fw->fw_priority > (*p)->fw_priority)
  41                         break;
  42                 p=&((*p)->next);
  43         }
  44 
  45         
  46         /*
  47          * We need to use a memory barrier to make sure that this
  48          * works correctly even in SMP with weakly ordered writes.
  49          *
  50          * This is atomic wrt interrupts (and generally walking the
  51          * chain), but not wrt itself (so you can't call this from
  52          * an interrupt. Not that you'd want to).
  53          */
  54         fw->next=*p;
  55         mb();
  56         *p = fw;
  57 
  58         /*
  59          *      And release the sleep lock
  60          */
  61 
  62         firewall_lock=0;
  63         return 0;
  64 }
  65 
  66 /*
  67  *      Unregister a firewall
  68  */
  69 
  70 int unregister_firewall(int pf, struct firewall_ops *fw)
     /* [previous][next][first][last][top][bottom][index][help] */
  71 {
  72         struct firewall_ops **nl;
  73         
  74         if(pf<0||pf>=NPROTO)
  75                 return -EINVAL;
  76         
  77         /*
  78          *      Don't allow two people to adjust at once.
  79          */
  80          
  81         while(firewall_lock)
  82                 schedule();
  83         firewall_lock=1;
  84 
  85         nl=&firewall_chain[pf];
  86         
  87         while(*nl!=NULL)
  88         {
  89                 if(*nl==fw)
  90                 {
  91                         struct firewall_ops *f=fw->next;
  92                         *nl = f;
  93                         firewall_lock=0;
  94                         return 0;
  95                 }                       
  96                 nl=&((*nl)->next);
  97         }
  98         firewall_lock=0;
  99         return -ENOENT;
 100 }
 101 
 102 int call_fw_firewall(int pf, struct device *dev, void *phdr)
     /* [previous][next][first][last][top][bottom][index][help] */
 103 {
 104         struct firewall_ops *fw=firewall_chain[pf];
 105         
 106         while(fw!=NULL)
 107         {
 108                 int rc=fw->fw_forward(fw,pf,dev,phdr);
 109                 if(rc!=FW_SKIP)
 110                         return rc;
 111                 fw=fw->next;
 112         }
 113         return firewall_policy[pf];
 114 }
 115 
 116 /*
 117  *      Actual invocation of the chains
 118  */
 119  
 120 int call_in_firewall(int pf, struct device *dev, void *phdr)
     /* [previous][next][first][last][top][bottom][index][help] */
 121 {
 122         struct firewall_ops *fw=firewall_chain[pf];
 123         
 124         while(fw!=NULL)
 125         {
 126                 int rc=fw->fw_input(fw,pf,dev,phdr);
 127                 if(rc!=FW_SKIP)
 128                         return rc;
 129                 fw=fw->next;
 130         }
 131         return firewall_policy[pf];
 132 }
 133 
 134 int call_out_firewall(int pf, struct device *dev, void *phdr)
     /* [previous][next][first][last][top][bottom][index][help] */
 135 {
 136         struct firewall_ops *fw=firewall_chain[pf];
 137         
 138         while(fw!=NULL)
 139         {
 140                 int rc=fw->fw_output(fw,pf,dev,phdr);
 141                 if(rc!=FW_SKIP)
 142                         return rc;
 143                 fw=fw->next;
 144         }
 145         /* alan, is this right? */
 146         return firewall_policy[pf];
 147 }
 148 
 149 static struct symbol_table firewall_syms = {
 150 #include <linux/symtab_begin.h>
 151         X(register_firewall),
 152         X(unregister_firewall),
 153         X(call_in_firewall),
 154         X(call_out_firewall),
 155         X(call_fw_firewall),
 156 #include <linux/symtab_end.h>
 157 };
 158 
 159 void fwchain_init(void)
     /* [previous][next][first][last][top][bottom][index][help] */
 160 {
 161         int i;
 162         for(i=0;i<NPROTO;i++)
 163                 firewall_policy[i]=FW_ACCEPT;
 164         register_symtab(&firewall_syms);
 165 }
/* [previous][next][first][last][top][bottom][index][help] */