[deliverable/linux.git] / net / ipv4 / netfilter / nf_tables_arp.c

/*
 * Copyright (c) 2008-2010 Patrick McHardy <kaber@trash.net>
 * Copyright (c) 2013 Pablo Neira Ayuso <pablo@netfilter.org>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 * Development of this code funded by Astaro AG (http://www.astaro.com/)
 */

#include <linux/module.h>
#include <linux/init.h>
#include <linux/netfilter_arp.h>
#include <net/netfilter/nf_tables.h>

static unsigned int
nft_do_chain_arp(const struct nf_hook_ops *ops,
		  struct sk_buff *skb,
		  const struct net_device *in,
		  const struct net_device *out,
		  int (*okfn)(struct sk_buff *))
{
	struct nft_pktinfo pkt;

	nft_set_pktinfo(&pkt, ops, skb, in, out);

	return nft_do_chain(&pkt, ops);
}

static struct nft_af_info nft_af_arp __read_mostly = {
	.family		= NFPROTO_ARP,
	.nhooks		= NF_ARP_NUMHOOKS,
	.owner		= THIS_MODULE,
	.nops		= 1,
	.hooks		= {
		[NF_ARP_IN]		= nft_do_chain_arp,
		[NF_ARP_OUT]		= nft_do_chain_arp,
		[NF_ARP_FORWARD]	= nft_do_chain_arp,
	},
};

static int nf_tables_arp_init_net(struct net *net)
{
	net->nft.arp = kmalloc(sizeof(struct nft_af_info), GFP_KERNEL);
	if (net->nft.arp== NULL)
		return -ENOMEM;

	memcpy(net->nft.arp, &nft_af_arp, sizeof(nft_af_arp));

	if (nft_register_afinfo(net, net->nft.arp) < 0)
		goto err;

	return 0;
err:
	kfree(net->nft.arp);
	return -ENOMEM;
}

static void nf_tables_arp_exit_net(struct net *net)
{
	nft_unregister_afinfo(net->nft.arp);
	kfree(net->nft.arp);
}

static struct pernet_operations nf_tables_arp_net_ops = {
	.init   = nf_tables_arp_init_net,
	.exit   = nf_tables_arp_exit_net,
};

static const struct nf_chain_type filter_arp = {
	.name		= "filter",
	.type		= NFT_CHAIN_T_DEFAULT,
	.family		= NFPROTO_ARP,
	.owner		= THIS_MODULE,
	.hook_mask	= (1 << NF_ARP_IN) |
			  (1 << NF_ARP_OUT) |
			  (1 << NF_ARP_FORWARD),
};

static int __init nf_tables_arp_init(void)
{
	int ret;

	nft_register_chain_type(&filter_arp);
	ret = register_pernet_subsys(&nf_tables_arp_net_ops);
	if (ret < 0)
		nft_unregister_chain_type(&filter_arp);

	return ret;
}

static void __exit nf_tables_arp_exit(void)
{
	unregister_pernet_subsys(&nf_tables_arp_net_ops);
	nft_unregister_chain_type(&filter_arp);
}

module_init(nf_tables_arp_init);
module_exit(nf_tables_arp_exit);

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
MODULE_ALIAS_NFT_FAMILY(3); /* NFPROTO_ARP */
Commit	Line	Data
ed683f13 PNA	1	/*
	2	* Copyright (c) 2008-2010 Patrick McHardy <kaber@trash.net>
	3	* Copyright (c) 2013 Pablo Neira Ayuso <pablo@netfilter.org>
	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of the GNU General Public License version 2 as
	7	* published by the Free Software Foundation.
	8	*
	9	* Development of this code funded by Astaro AG (http://www.astaro.com/)
	10	*/
	11
	12	#include <linux/module.h>
	13	#include <linux/init.h>
	14	#include <linux/netfilter_arp.h>
	15	#include <net/netfilter/nf_tables.h>
	16
3b088c4b PM	17	static unsigned int
	18	nft_do_chain_arp(const struct nf_hook_ops *ops,
	19	struct sk_buff *skb,
	20	const struct net_device *in,
	21	const struct net_device *out,
	22	int (okfn)(struct sk_buff ))
	23	{
	24	struct nft_pktinfo pkt;
	25
	26	nft_set_pktinfo(&pkt, ops, skb, in, out);
	27
3876d22d	28	return nft_do_chain(&pkt, ops);
3b088c4b PM	29	}
3b088c4b PM	30
ed683f13 PNA	31	static struct nft_af_info nft_af_arp __read_mostly = {
	32	.family = NFPROTO_ARP,
	33	.nhooks = NF_ARP_NUMHOOKS,
	34	.owner = THIS_MODULE,
115a60b1	35	.nops = 1,
3b088c4b PM	36	.hooks = {
	37	[NF_ARP_IN] = nft_do_chain_arp,
	38	[NF_ARP_OUT] = nft_do_chain_arp,
	39	[NF_ARP_FORWARD] = nft_do_chain_arp,
	40	},
ed683f13 PNA	41	};
	42
	43	static int nf_tables_arp_init_net(struct net *net)
	44	{
	45	net->nft.arp = kmalloc(sizeof(struct nft_af_info), GFP_KERNEL);
	46	if (net->nft.arp== NULL)
	47	return -ENOMEM;
	48
	49	memcpy(net->nft.arp, &nft_af_arp, sizeof(nft_af_arp));
	50
	51	if (nft_register_afinfo(net, net->nft.arp) < 0)
	52	goto err;
	53
	54	return 0;
	55	err:
	56	kfree(net->nft.arp);
	57	return -ENOMEM;
	58	}
	59
	60	static void nf_tables_arp_exit_net(struct net *net)
	61	{
	62	nft_unregister_afinfo(net->nft.arp);
	63	kfree(net->nft.arp);
	64	}
	65
	66	static struct pernet_operations nf_tables_arp_net_ops = {
	67	.init = nf_tables_arp_init_net,
	68	.exit = nf_tables_arp_exit_net,
	69	};
	70
2a37d755	71	static const struct nf_chain_type filter_arp = {
ed683f13 PNA	72	.name = "filter",
ed683f13 PNA	73	.type = NFT_CHAIN_T_DEFAULT,
fa2c1de0 PM	74	.family = NFPROTO_ARP,
fa2c1de0 PM	75	.owner = THIS_MODULE,
ed683f13 PNA	76	.hook_mask = (1 << NF_ARP_IN) \|
	77	(1 << NF_ARP_OUT) \|
	78	(1 << NF_ARP_FORWARD),
ed683f13 PNA	79	};
	80
	81	static int __init nf_tables_arp_init(void)
	82	{
	83	int ret;
	84
	85	nft_register_chain_type(&filter_arp);
	86	ret = register_pernet_subsys(&nf_tables_arp_net_ops);
	87	if (ret < 0)
	88	nft_unregister_chain_type(&filter_arp);
	89
	90	return ret;
	91	}
	92
	93	static void __exit nf_tables_arp_exit(void)
	94	{
	95	unregister_pernet_subsys(&nf_tables_arp_net_ops);
	96	nft_unregister_chain_type(&filter_arp);
	97	}
	98
	99	module_init(nf_tables_arp_init);
	100	module_exit(nf_tables_arp_exit);
	101
	102	MODULE_LICENSE("GPL");
	103	MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
	104	MODULE_ALIAS_NFT_FAMILY(3); /* NFPROTO_ARP */