Commit | Line | Data |
---|---|---|
ed683f13 PNA |
1 | /* |
2 | * Copyright (c) 2008-2010 Patrick McHardy <kaber@trash.net> | |
3 | * Copyright (c) 2013 Pablo Neira Ayuso <pablo@netfilter.org> | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License version 2 as | |
7 | * published by the Free Software Foundation. | |
8 | * | |
9 | * Development of this code funded by Astaro AG (http://www.astaro.com/) | |
10 | */ | |
11 | ||
12 | #include <linux/module.h> | |
13 | #include <linux/init.h> | |
14 | #include <linux/netfilter_arp.h> | |
15 | #include <net/netfilter/nf_tables.h> | |
16 | ||
3b088c4b | 17 | static unsigned int |
06198b34 | 18 | nft_do_chain_arp(void *priv, |
3b088c4b | 19 | struct sk_buff *skb, |
238e54c9 | 20 | const struct nf_hook_state *state) |
3b088c4b PM |
21 | { |
22 | struct nft_pktinfo pkt; | |
23 | ||
beac5afa | 24 | nft_set_pktinfo_unspec(&pkt, skb, state); |
3b088c4b | 25 | |
06198b34 | 26 | return nft_do_chain(&pkt, priv); |
3b088c4b PM |
27 | } |
28 | ||
ed683f13 PNA |
29 | static struct nft_af_info nft_af_arp __read_mostly = { |
30 | .family = NFPROTO_ARP, | |
31 | .nhooks = NF_ARP_NUMHOOKS, | |
32 | .owner = THIS_MODULE, | |
115a60b1 | 33 | .nops = 1, |
3b088c4b PM |
34 | .hooks = { |
35 | [NF_ARP_IN] = nft_do_chain_arp, | |
36 | [NF_ARP_OUT] = nft_do_chain_arp, | |
37 | [NF_ARP_FORWARD] = nft_do_chain_arp, | |
38 | }, | |
ed683f13 PNA |
39 | }; |
40 | ||
41 | static int nf_tables_arp_init_net(struct net *net) | |
42 | { | |
43 | net->nft.arp = kmalloc(sizeof(struct nft_af_info), GFP_KERNEL); | |
44 | if (net->nft.arp== NULL) | |
45 | return -ENOMEM; | |
46 | ||
47 | memcpy(net->nft.arp, &nft_af_arp, sizeof(nft_af_arp)); | |
48 | ||
49 | if (nft_register_afinfo(net, net->nft.arp) < 0) | |
50 | goto err; | |
51 | ||
52 | return 0; | |
53 | err: | |
54 | kfree(net->nft.arp); | |
55 | return -ENOMEM; | |
56 | } | |
57 | ||
58 | static void nf_tables_arp_exit_net(struct net *net) | |
59 | { | |
df05ef87 | 60 | nft_unregister_afinfo(net, net->nft.arp); |
ed683f13 PNA |
61 | kfree(net->nft.arp); |
62 | } | |
63 | ||
64 | static struct pernet_operations nf_tables_arp_net_ops = { | |
65 | .init = nf_tables_arp_init_net, | |
66 | .exit = nf_tables_arp_exit_net, | |
67 | }; | |
68 | ||
2a37d755 | 69 | static const struct nf_chain_type filter_arp = { |
ed683f13 PNA |
70 | .name = "filter", |
71 | .type = NFT_CHAIN_T_DEFAULT, | |
fa2c1de0 PM |
72 | .family = NFPROTO_ARP, |
73 | .owner = THIS_MODULE, | |
ed683f13 PNA |
74 | .hook_mask = (1 << NF_ARP_IN) | |
75 | (1 << NF_ARP_OUT) | | |
76 | (1 << NF_ARP_FORWARD), | |
ed683f13 PNA |
77 | }; |
78 | ||
79 | static int __init nf_tables_arp_init(void) | |
80 | { | |
81 | int ret; | |
82 | ||
23d07508 GF |
83 | ret = nft_register_chain_type(&filter_arp); |
84 | if (ret < 0) | |
85 | return ret; | |
86 | ||
ed683f13 PNA |
87 | ret = register_pernet_subsys(&nf_tables_arp_net_ops); |
88 | if (ret < 0) | |
89 | nft_unregister_chain_type(&filter_arp); | |
90 | ||
91 | return ret; | |
92 | } | |
93 | ||
94 | static void __exit nf_tables_arp_exit(void) | |
95 | { | |
96 | unregister_pernet_subsys(&nf_tables_arp_net_ops); | |
97 | nft_unregister_chain_type(&filter_arp); | |
98 | } | |
99 | ||
100 | module_init(nf_tables_arp_init); | |
101 | module_exit(nf_tables_arp_exit); | |
102 | ||
103 | MODULE_LICENSE("GPL"); | |
104 | MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>"); | |
105 | MODULE_ALIAS_NFT_FAMILY(3); /* NFPROTO_ARP */ |