xref: /openbmc/linux/net/ipv4/netfilter/iptable_raw.c (revision 0ed66cb7) 
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * 'raw' table, which is the very first hooked in at PRE_ROUTING and LOCAL_OUT .
4  *
5  * Copyright (C) 2003 Jozsef Kadlecsik <kadlec@netfilter.org>
6  */
7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8 #include <linux/module.h>
9 #include <linux/netfilter_ipv4/ip_tables.h>
10 #include <linux/slab.h>
11 #include <net/ip.h>
12 
13 #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT))
14 
15 static bool raw_before_defrag __read_mostly;
16 MODULE_PARM_DESC(raw_before_defrag, "Enable raw table before defrag");
17 module_param(raw_before_defrag, bool, 0000);
18 
19 static const struct xt_table packet_raw = {
20 	.name = "raw",
21 	.valid_hooks =  RAW_VALID_HOOKS,
22 	.me = THIS_MODULE,
23 	.af = NFPROTO_IPV4,
24 	.priority = NF_IP_PRI_RAW,
25 };
26 
27 static const struct xt_table packet_raw_before_defrag = {
28 	.name = "raw",
29 	.valid_hooks =  RAW_VALID_HOOKS,
30 	.me = THIS_MODULE,
31 	.af = NFPROTO_IPV4,
32 	.priority = NF_IP_PRI_RAW_BEFORE_DEFRAG,
33 };
34 
35 /* The work comes in here from netfilter.c. */
36 static unsigned int
37 iptable_raw_hook(void *priv, struct sk_buff *skb,
38 		 const struct nf_hook_state *state)
39 {
40 	return ipt_do_table(skb, state, priv);
41 }
42 
43 static struct nf_hook_ops *rawtable_ops __read_mostly;
44 
45 static int __net_init iptable_raw_table_init(struct net *net)
46 {
47 	struct ipt_replace *repl;
48 	const struct xt_table *table = &packet_raw;
49 	int ret;
50 
51 	if (raw_before_defrag)
52 		table = &packet_raw_before_defrag;
53 
54 	repl = ipt_alloc_initial_table(table);
55 	if (repl == NULL)
56 		return -ENOMEM;
57 	ret = ipt_register_table(net, table, repl, rawtable_ops);
58 	kfree(repl);
59 	return ret;
60 }
61 
62 static void __net_exit iptable_raw_net_pre_exit(struct net *net)
63 {
64 	ipt_unregister_table_pre_exit(net, "raw");
65 }
66 
67 static void __net_exit iptable_raw_net_exit(struct net *net)
68 {
69 	ipt_unregister_table_exit(net, "raw");
70 }
71 
72 static struct pernet_operations iptable_raw_net_ops = {
73 	.pre_exit = iptable_raw_net_pre_exit,
74 	.exit = iptable_raw_net_exit,
75 };
76 
77 static int __init iptable_raw_init(void)
78 {
79 	int ret;
80 	const struct xt_table *table = &packet_raw;
81 
82 	if (raw_before_defrag) {
83 		table = &packet_raw_before_defrag;
84 
85 		pr_info("Enabling raw table before defrag\n");
86 	}
87 
88 	ret = xt_register_template(table,
89 				   iptable_raw_table_init);
90 	if (ret < 0)
91 		return ret;
92 
93 	rawtable_ops = xt_hook_ops_alloc(table, iptable_raw_hook);
94 	if (IS_ERR(rawtable_ops)) {
95 		xt_unregister_template(table);
96 		return PTR_ERR(rawtable_ops);
97 	}
98 
99 	ret = register_pernet_subsys(&iptable_raw_net_ops);
100 	if (ret < 0) {
101 		xt_unregister_template(table);
102 		kfree(rawtable_ops);
103 		return ret;
104 	}
105 
106 	return ret;
107 }
108 
109 static void __exit iptable_raw_fini(void)
110 {
111 	unregister_pernet_subsys(&iptable_raw_net_ops);
112 	kfree(rawtable_ops);
113 	xt_unregister_template(&packet_raw);
114 }
115 
116 module_init(iptable_raw_init);
117 module_exit(iptable_raw_fini);
118 MODULE_LICENSE("GPL");
119