net/ipv6/netfilter/ip6table_raw.c

   1 // SPDX-License-Identifier: GPL-2.0-only
   2 /*
   3  * IPv6 raw table, a port of the IPv4 raw table to IPv6
   4  *
   5  * Copyright (C) 2003 Jozsef Kadlecsik <kadlec@netfilter.org>
   6  */
   7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
   8 #include <linux/module.h>
   9 #include <linux/netfilter_ipv6/ip6_tables.h>
  10 #include <linux/slab.h>
  11
  12 #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT))
  13
  14 static bool raw_before_defrag __read_mostly;
  15 MODULE_PARM_DESC(raw_before_defrag, "Enable raw table before defrag");
  16 module_param(raw_before_defrag, bool, 0000);
  17
  18 static const struct xt_table packet_raw = {
  19         .name = "raw",
  20         .valid_hooks = RAW_VALID_HOOKS,
  21         .me = THIS_MODULE,
  22         .af = NFPROTO_IPV6,
  23         .priority = NF_IP6_PRI_RAW,
  24 };
  25
  26 static const struct xt_table packet_raw_before_defrag = {
  27         .name = "raw",
  28         .valid_hooks = RAW_VALID_HOOKS,
  29         .me = THIS_MODULE,
  30         .af = NFPROTO_IPV6,
  31         .priority = NF_IP6_PRI_RAW_BEFORE_DEFRAG,
  32 };
  33
  34 static struct nf_hook_ops *rawtable_ops __read_mostly;
  35
  36 static int ip6table_raw_table_init(struct net *net)
  37 {
  38         struct ip6t_replace *repl;
  39         const struct xt_table *table = &packet_raw;
  40         int ret;
  41
  42         if (raw_before_defrag)
  43                 table = &packet_raw_before_defrag;
  44
  45         repl = ip6t_alloc_initial_table(table);
  46         if (repl == NULL)
  47                 return -ENOMEM;
  48         ret = ip6t_register_table(net, table, repl, rawtable_ops);
  49         kfree(repl);
  50         return ret;
  51 }
  52
  53 static void __net_exit ip6table_raw_net_pre_exit(struct net *net)
  54 {
  55         ip6t_unregister_table_pre_exit(net, "raw");
  56 }
  57
  58 static void __net_exit ip6table_raw_net_exit(struct net *net)
  59 {
  60         ip6t_unregister_table_exit(net, "raw");
  61 }
  62
  63 static struct pernet_operations ip6table_raw_net_ops = {
  64         .pre_exit = ip6table_raw_net_pre_exit,
  65         .exit = ip6table_raw_net_exit,
  66 };
  67
  68 static int __init ip6table_raw_init(void)
  69 {
  70         const struct xt_table *table = &packet_raw;
  71         int ret;
  72
  73         if (raw_before_defrag) {
  74                 table = &packet_raw_before_defrag;
  75                 pr_info("Enabling raw table before defrag\n");
  76         }
  77
  78         ret = xt_register_template(table, ip6table_raw_table_init);
  79         if (ret < 0)
  80                 return ret;
  81
  82         /* Register hooks */
  83         rawtable_ops = xt_hook_ops_alloc(table, ip6t_do_table);
  84         if (IS_ERR(rawtable_ops)) {
  85                 xt_unregister_template(table);
  86                 return PTR_ERR(rawtable_ops);
  87         }
  88
  89         ret = register_pernet_subsys(&ip6table_raw_net_ops);
  90         if (ret < 0) {
  91                 kfree(rawtable_ops);
  92                 xt_unregister_template(table);
  93                 return ret;
  94         }
  95
  96         return ret;
  97 }
  98
  99 static void __exit ip6table_raw_fini(void)
 100 {
 101         unregister_pernet_subsys(&ip6table_raw_net_ops);
 102         xt_unregister_template(&packet_raw);
 103         kfree(rawtable_ops);
 104 }
 105
 106 module_init(ip6table_raw_init);
 107 module_exit(ip6table_raw_fini);
 108 MODULE_LICENSE("GPL");
 109 MODULE_DESCRIPTION("Ip6tables legacy raw table");