1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * 'raw' table, which is the very first hooked in at PRE_ROUTING and LOCAL_OUT . 4 * 5 * Copyright (C) 2003 Jozsef Kadlecsik <kadlec@netfilter.org> 6 */ 7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 8 #include <linux/module.h> 9 #include <linux/netfilter_ipv4/ip_tables.h> 10 #include <linux/slab.h> 11 #include <net/ip.h> 12 13 #define RAW_VALID_HOOKS ((1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT)) 14 15 static int __net_init iptable_raw_table_init(struct net *net); 16 17 static bool raw_before_defrag __read_mostly; 18 MODULE_PARM_DESC(raw_before_defrag, "Enable raw table before defrag"); 19 module_param(raw_before_defrag, bool, 0000); 20 21 static const struct xt_table packet_raw = { 22 .name = "raw", 23 .valid_hooks = RAW_VALID_HOOKS, 24 .me = THIS_MODULE, 25 .af = NFPROTO_IPV4, 26 .priority = NF_IP_PRI_RAW, 27 .table_init = iptable_raw_table_init, 28 }; 29 30 static const struct xt_table packet_raw_before_defrag = { 31 .name = "raw", 32 .valid_hooks = RAW_VALID_HOOKS, 33 .me = THIS_MODULE, 34 .af = NFPROTO_IPV4, 35 .priority = NF_IP_PRI_RAW_BEFORE_DEFRAG, 36 .table_init = iptable_raw_table_init, 37 }; 38 39 /* The work comes in here from netfilter.c. */ 40 static unsigned int 41 iptable_raw_hook(void *priv, struct sk_buff *skb, 42 const struct nf_hook_state *state) 43 { 44 return ipt_do_table(skb, state, priv); 45 } 46 47 static struct nf_hook_ops *rawtable_ops __read_mostly; 48 49 static int __net_init iptable_raw_table_init(struct net *net) 50 { 51 struct ipt_replace *repl; 52 const struct xt_table *table = &packet_raw; 53 int ret; 54 55 if (raw_before_defrag) 56 table = &packet_raw_before_defrag; 57 58 repl = ipt_alloc_initial_table(table); 59 if (repl == NULL) 60 return -ENOMEM; 61 ret = ipt_register_table(net, table, repl, rawtable_ops); 62 kfree(repl); 63 return ret; 64 } 65 66 static void __net_exit iptable_raw_net_pre_exit(struct net *net) 67 { 68 ipt_unregister_table_pre_exit(net, "raw"); 69 } 70 71 static void __net_exit iptable_raw_net_exit(struct net *net) 72 { 73 ipt_unregister_table_exit(net, "raw"); 74 } 75 76 static struct pernet_operations iptable_raw_net_ops = { 77 .pre_exit = iptable_raw_net_pre_exit, 78 .exit = iptable_raw_net_exit, 79 }; 80 81 static int __init iptable_raw_init(void) 82 { 83 int ret; 84 const struct xt_table *table = &packet_raw; 85 86 if (raw_before_defrag) { 87 table = &packet_raw_before_defrag; 88 89 pr_info("Enabling raw table before defrag\n"); 90 } 91 92 rawtable_ops = xt_hook_ops_alloc(table, iptable_raw_hook); 93 if (IS_ERR(rawtable_ops)) 94 return PTR_ERR(rawtable_ops); 95 96 ret = register_pernet_subsys(&iptable_raw_net_ops); 97 if (ret < 0) { 98 kfree(rawtable_ops); 99 return ret; 100 } 101 102 ret = iptable_raw_table_init(&init_net); 103 if (ret) { 104 unregister_pernet_subsys(&iptable_raw_net_ops); 105 kfree(rawtable_ops); 106 } 107 108 return ret; 109 } 110 111 static void __exit iptable_raw_fini(void) 112 { 113 unregister_pernet_subsys(&iptable_raw_net_ops); 114 kfree(rawtable_ops); 115 } 116 117 module_init(iptable_raw_init); 118 module_exit(iptable_raw_fini); 119 MODULE_LICENSE("GPL"); 120