URL https://opencores.org/ocsvn/or1k/or1k/trunk

Subversion Repositories or1k

[/] [or1k/] [trunk/] [linux/] [linux-2.4/] [net/] [ipv6/] [ip6_fw.c] - Blame information for rev 1275

Go to most recent revision | Details | Compare with Previous | View Log


/*
 *      IPv6 Firewall
 *      Linux INET6 implementation
 *
 *      Authors:
 *      Pedro Roque             <roque@di.fc.ul.pt>
 *
 *      $Id: ip6_fw.c,v 1.1.1.1 2004-04-15 01:14:44 phoenix Exp $
 *
 *      This program is free software; you can redistribute it and/or
 *      modify it under the terms of the GNU General Public License
 *      as published by the Free Software Foundation; either version
 *      2 of the License, or (at your option) any later version.
 */
 
#include <linux/config.h>
#include <linux/errno.h>
#include <linux/types.h>
#include <linux/string.h>
#include <linux/socket.h>
#include <linux/sockios.h>
#include <linux/net.h>
#include <linux/route.h>
#include <linux/netdevice.h>
#include <linux/in6.h>
#include <linux/udp.h>
#include <linux/init.h>
 
#include <net/ipv6.h>
#include <net/ip6_route.h>
#include <net/ip6_fw.h>
#include <net/netlink.h>
 
static unsigned long ip6_fw_rule_cnt;
static struct ip6_fw_rule ip6_fw_rule_list = {
        {0},
        NULL, NULL,
        {0},
        IP6_FW_REJECT
};
 
static int ip6_fw_accept(struct dst_entry *dst, struct fl_acc_args *args);
 
struct flow_rule_ops ip6_fw_ops = {
        ip6_fw_accept
};
 
 
static struct rt6_info ip6_fw_null_entry = {
        {{NULL, 0, 0, NULL,
          0, 0, 0, 0, 0, 0, 0, 0, -ENETUNREACH, NULL, NULL,
          ip6_pkt_discard, ip6_pkt_discard, NULL}},
        NULL, {{{0}}}, 256, RTF_REJECT|RTF_NONEXTHOP, ~0UL,
        0, &ip6_fw_rule_list, {{{{0}}}, 128}, {{{{0}}}, 128}
};
 
static struct fib6_node ip6_fw_fib = {
        NULL, NULL, NULL, NULL,
        &ip6_fw_null_entry,
        0, RTN_ROOT|RTN_TL_ROOT, 0
};
 
rwlock_t ip6_fw_lock = RW_LOCK_UNLOCKED;
 
 
static void ip6_rule_add(struct ip6_fw_rule *rl)
{
        struct ip6_fw_rule *next;
 
        write_lock_bh(&ip6_fw_lock);
        ip6_fw_rule_cnt++;
        next = &ip6_fw_rule_list;
        rl->next = next;
        rl->prev = next->prev;
        rl->prev->next = rl;
        next->prev = rl;
        write_unlock_bh(&ip6_fw_lock);
}
 
static void ip6_rule_del(struct ip6_fw_rule *rl)
{
        struct ip6_fw_rule *next, *prev;
 
        write_lock_bh(&ip6_fw_lock);
        ip6_fw_rule_cnt--;
        next = rl->next;
        prev = rl->prev;
        next->prev = prev;
        prev->next = next;
        write_unlock_bh(&ip6_fw_lock);
}
 
static __inline__ struct ip6_fw_rule * ip6_fwrule_alloc(void)
{
        struct ip6_fw_rule *rl;
 
        rl = kmalloc(sizeof(struct ip6_fw_rule), GFP_ATOMIC);
        if (rl)
        {
                memset(rl, 0, sizeof(struct ip6_fw_rule));
                rl->flowr.ops = &ip6_fw_ops;
        }
        return rl;
}
 
static __inline__ void ip6_fwrule_free(struct ip6_fw_rule * rl)
{
        kfree(rl);
}
 
static __inline__ int port_match(int rl_port, int fl_port)
{
        int res = 0;
        if (rl_port == 0 || (rl_port == fl_port))
                res = 1;
        return res;
}
 
static int ip6_fw_accept_trans(struct ip6_fw_rule *rl,
                               struct fl_acc_args *args)
{
        int res = FLOWR_NODECISION;
        int proto = 0;
        int sport = 0;
        int dport = 0;
 
        switch (args->type) {
        case FL_ARG_FORWARD:
        {
                struct sk_buff *skb = args->fl_u.skb;
                struct ipv6hdr *hdr = skb->nh.ipv6h;
                int len;
 
                len = skb->len - sizeof(struct ipv6hdr);
 
                proto = hdr->nexthdr;
 
                switch (proto) {
                case IPPROTO_TCP:
                {
                        struct tcphdr *th;
 
                        if (len < sizeof(struct tcphdr)) {
                                res = FLOWR_ERROR;
                                goto out;
                        }
                        th = (struct tcphdr *)(hdr + 1);
                        sport = th->source;
                        dport = th->dest;
                        break;
                }
                case IPPROTO_UDP:
                {
                        struct udphdr *uh;
 
                        if (len < sizeof(struct udphdr)) {
                                res = FLOWR_ERROR;
                                goto out;
                        }
                        uh = (struct udphdr *)(hdr + 1);
                        sport = uh->source;
                        dport = uh->dest;
                        break;
                }
                default:
                        goto out;
                };
                break;
        }
 
        case FL_ARG_ORIGIN:
        {
                proto = args->fl_u.fl_o.flow->proto;
 
                if (proto == IPPROTO_ICMPV6) {
                        goto out;
                } else {
                        sport = args->fl_u.fl_o.flow->uli_u.ports.sport;
                        dport = args->fl_u.fl_o.flow->uli_u.ports.dport;
                }
                break;
        }
 
        if (proto == rl->info.proto &&
            port_match(args->fl_u.fl_o.flow->uli_u.ports.sport, sport) &&
            port_match(args->fl_u.fl_o.flow->uli_u.ports.dport, dport)) {
                if (rl->policy & IP6_FW_REJECT)
                        res = FLOWR_SELECT;
                else
                        res = FLOWR_CLEAR;
        }
 
        default:
#if IP6_FW_DEBUG >= 1
                printk(KERN_DEBUG "ip6_fw_accept: unknown arg type\n");
#endif
                goto out;
        };
 
out:
        return res;
}
 
static int ip6_fw_accept(struct dst_entry *dst, struct fl_acc_args *args)
{
        struct rt6_info *rt;
        struct ip6_fw_rule *rl;
        int proto;
        int res = FLOWR_NODECISION;
 
        rt = (struct rt6_info *) dst;
        rl = (struct ip6_fw_rule *) rt->rt6i_flowr;
 
        proto = rl->info.proto;
 
        switch (proto) {
        case 0:
                if (rl->policy & IP6_FW_REJECT)
                        res = FLOWR_SELECT;
                else
                        res = FLOWR_CLEAR;
                break;
        case IPPROTO_TCP:
        case IPPROTO_UDP:
                res = ip6_fw_accept_trans(rl, args);
                break;
        case IPPROTO_ICMPV6:
        };
 
        return res;
}
 
static struct dst_entry * ip6_fw_dup(struct dst_entry *frule,
                                     struct dst_entry *rt,
                                     struct fl_acc_args *args)
{
        struct ip6_fw_rule *rl;
        struct rt6_info *nrt;
        struct rt6_info *frt;
 
        frt = (struct rt6_info *) frule;
 
        rl = (struct ip6_fw_rule *) frt->rt6i_flowr;
 
        nrt = ip6_rt_copy((struct rt6_info *) rt);
 
        if (nrt) {
                nrt->u.dst.input = frule->input;
                nrt->u.dst.output = frule->output;
 
                nrt->rt6i_flowr = flow_clone(frt->rt6i_flowr);
 
                nrt->rt6i_flags |= RTF_CACHE;
                nrt->rt6i_tstamp = jiffies;
        }
 
        return (struct dst_entry *) nrt;
}
 
int ip6_fw_reject(struct sk_buff *skb)
{
#if IP6_FW_DEBUG >= 1
        printk(KERN_DEBUG "packet rejected: \n");
#endif
 
        icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADM_PROHIBITED, 0,
                    skb->dev);
        /*
         *      send it via netlink, as (rule, skb)
         */
 
        kfree_skb(skb);
        return 0;
}
 
int ip6_fw_discard(struct sk_buff *skb)
{
        printk(KERN_DEBUG "ip6_fw: BUG fw_reject called\n");
        kfree_skb(skb);
        return 0;
}
 
int ip6_fw_msg_add(struct ip6_fw_msg *msg)
{
        struct in6_rtmsg rtmsg;
        struct ip6_fw_rule *rl;
        struct rt6_info *rt;
        int err;
 
        ipv6_addr_copy(&rtmsg.rtmsg_dst, &msg->dst);
        ipv6_addr_copy(&rtmsg.rtmsg_src, &msg->src);
        rtmsg.rtmsg_dst_len = msg->dst_len;
        rtmsg.rtmsg_src_len = msg->src_len;
        rtmsg.rtmsg_metric = IP6_RT_PRIO_FW;
 
        rl = ip6_fwrule_alloc();
 
        if (rl == NULL)
                return -ENOMEM;
 
        rl->policy = msg->policy;
        rl->info.proto = msg->proto;
        rl->info.uli_u.data = msg->u.data;
 
        rtmsg.rtmsg_flags = RTF_NONEXTHOP|RTF_POLICY;
        err = ip6_route_add(&rtmsg);
 
        if (err) {
                ip6_fwrule_free(rl);
                return err;
        }
 
        /* The rest will not work for now. --ABK (989725) */
 
#ifndef notdef
        ip6_fwrule_free(rl);
        return -EPERM;
#else
        rt->u.dst.error = -EPERM;
 
        if (msg->policy == IP6_FW_ACCEPT) {
                /*
                 *      Accept rules are never selected
                 *      (i.e. packets use normal forwarding)
                 */
                rt->u.dst.input = ip6_fw_discard;
                rt->u.dst.output = ip6_fw_discard;
        } else {
                rt->u.dst.input = ip6_fw_reject;
                rt->u.dst.output = ip6_fw_reject;
        }
 
        ip6_rule_add(rl);
 
        rt->rt6i_flowr = flow_clone((struct flow_rule *)rl);
 
        return 0;
#endif
}
 
static int ip6_fw_msgrcv(int unit, struct sk_buff *skb)
{
        int count = 0;
 
        while (skb->len) {
                struct ip6_fw_msg *msg;
 
                if (skb->len < sizeof(struct ip6_fw_msg)) {
                        count = -EINVAL;
                        break;
                }
 
                msg = (struct ip6_fw_msg *) skb->data;
                skb_pull(skb, sizeof(struct ip6_fw_msg));
                count += sizeof(struct ip6_fw_msg);
 
                switch (msg->action) {
                case IP6_FW_MSG_ADD:
                        ip6_fw_msg_add(msg);
                        break;
                case IP6_FW_MSG_DEL:
                        break;
                default:
                        return -EINVAL;
                };
        }
 
        return count;
}
 
static void ip6_fw_destroy(struct flow_rule *rl)
{
        ip6_fwrule_free((struct ip6_fw_rule *)rl);
}
 
#ifdef MODULE
#define ip6_fw_init module_init
#endif
 
void __init ip6_fw_init(void)
{
        netlink_attach(NETLINK_IP6_FW, ip6_fw_msgrcv);
}
 
#ifdef MODULE
void cleanup_module(void)
{
        netlink_detach(NETLINK_IP6_FW);
}
#endif

Browse

Tools

Subversion Repositories or1k

[/] [or1k/] [trunk/] [linux/] [linux-2.4/] [net/] [ipv6/] [ip6_fw.c] - Blame information for rev 1275

Line No.	Rev	Author	Line
1	1275	phoenix	`/*`
2			`* IPv6 Firewall`
3			`* Linux INET6 implementation`
4			`*`
5			`* Authors:`
6			`* Pedro Roque <roque@di.fc.ul.pt>`
7			`*`
8			`* $Id: ip6_fw.c,v 1.1.1.1 2004-04-15 01:14:44 phoenix Exp $`
9			`*`
10			`* This program is free software; you can redistribute it and/or`
11			`* modify it under the terms of the GNU General Public License`
12			`* as published by the Free Software Foundation; either version`
13			`* 2 of the License, or (at your option) any later version.`
14			`*/`
15
16			`#include <linux/config.h>`
17			`#include <linux/errno.h>`
18			`#include <linux/types.h>`
19			`#include <linux/string.h>`
20			`#include <linux/socket.h>`
21			`#include <linux/sockios.h>`
22			`#include <linux/net.h>`
23			`#include <linux/route.h>`
24			`#include <linux/netdevice.h>`
25			`#include <linux/in6.h>`
26			`#include <linux/udp.h>`
27			`#include <linux/init.h>`
28
29			`#include <net/ipv6.h>`
30			`#include <net/ip6_route.h>`
31			`#include <net/ip6_fw.h>`
32			`#include <net/netlink.h>`
33
34			`static unsigned long ip6_fw_rule_cnt;`
35			`static struct ip6_fw_rule ip6_fw_rule_list = {`
36			`{0},`
37			`NULL, NULL,`
38			`{0},`
39			`IP6_FW_REJECT`
40			`};`
41
42			`static int ip6_fw_accept(struct dst_entry dst, struct fl_acc_args args);`
43
44			`struct flow_rule_ops ip6_fw_ops = {`
45			`ip6_fw_accept`
46			`};`
47
48
49			`static struct rt6_info ip6_fw_null_entry = {`
50			`{{NULL, 0, 0, NULL,`
51			`0, 0, 0, 0, 0, 0, 0, 0, -ENETUNREACH, NULL, NULL,`
52			`ip6_pkt_discard, ip6_pkt_discard, NULL}},`
53			`NULL, {{{0}}}, 256, RTF_REJECT\|RTF_NONEXTHOP, ~0UL,`
54			`0, &ip6_fw_rule_list, {{{{0}}}, 128}, {{{{0}}}, 128}`
55			`};`
56
57			`static struct fib6_node ip6_fw_fib = {`
58			`NULL, NULL, NULL, NULL,`
59			`&ip6_fw_null_entry,`
60			`0, RTN_ROOT\|RTN_TL_ROOT, 0`
61			`};`
62
63			`rwlock_t ip6_fw_lock = RW_LOCK_UNLOCKED;`
64
65
66			`static void ip6_rule_add(struct ip6_fw_rule *rl)`
67			`{`
68			`struct ip6_fw_rule *next;`
69
70			`write_lock_bh(&ip6_fw_lock);`
71			`ip6_fw_rule_cnt++;`
72			`next = &ip6_fw_rule_list;`
73			`rl->next = next;`
74			`rl->prev = next->prev;`
75			`rl->prev->next = rl;`
76			`next->prev = rl;`
77			`write_unlock_bh(&ip6_fw_lock);`
78			`}`
79
80			`static void ip6_rule_del(struct ip6_fw_rule *rl)`
81			`{`
82			`struct ip6_fw_rule next, prev;`
83
84			`write_lock_bh(&ip6_fw_lock);`
85			`ip6_fw_rule_cnt--;`
86			`next = rl->next;`
87			`prev = rl->prev;`
88			`next->prev = prev;`
89			`prev->next = next;`
90			`write_unlock_bh(&ip6_fw_lock);`
91			`}`
92
93			`static __inline__ struct ip6_fw_rule * ip6_fwrule_alloc(void)`
94			`{`
95			`struct ip6_fw_rule *rl;`
96
97			`rl = kmalloc(sizeof(struct ip6_fw_rule), GFP_ATOMIC);`
98			`if (rl)`
99			`{`
100			`memset(rl, 0, sizeof(struct ip6_fw_rule));`
101			`rl->flowr.ops = &ip6_fw_ops;`
102			`}`
103			`return rl;`
104			`}`
105
106			`static __inline__ void ip6_fwrule_free(struct ip6_fw_rule * rl)`
107			`{`
108			`kfree(rl);`
109			`}`
110
111			`static __inline__ int port_match(int rl_port, int fl_port)`
112			`{`
113			`int res = 0;`
114			`if (rl_port == 0 \|\| (rl_port == fl_port))`
115			`res = 1;`
116			`return res;`
117			`}`
118
119			`static int ip6_fw_accept_trans(struct ip6_fw_rule *rl,`
120			`struct fl_acc_args *args)`
121			`{`
122			`int res = FLOWR_NODECISION;`
123			`int proto = 0;`
124			`int sport = 0;`
125			`int dport = 0;`
126
127			`switch (args->type) {`
128			`case FL_ARG_FORWARD:`
129			`{`
130			`struct sk_buff *skb = args->fl_u.skb;`
131			`struct ipv6hdr *hdr = skb->nh.ipv6h;`
132			`int len;`
133
134			`len = skb->len - sizeof(struct ipv6hdr);`
135
136			`proto = hdr->nexthdr;`
137
138			`switch (proto) {`
139			`case IPPROTO_TCP:`
140			`{`
141			`struct tcphdr *th;`
142
143			`if (len < sizeof(struct tcphdr)) {`
144			`res = FLOWR_ERROR;`
145			`goto out;`
146			`}`
147			`th = (struct tcphdr *)(hdr + 1);`
148			`sport = th->source;`
149			`dport = th->dest;`
150			`break;`
151			`}`
152			`case IPPROTO_UDP:`
153			`{`
154			`struct udphdr *uh;`
155
156			`if (len < sizeof(struct udphdr)) {`
157			`res = FLOWR_ERROR;`
158			`goto out;`
159			`}`
160			`uh = (struct udphdr *)(hdr + 1);`
161			`sport = uh->source;`
162			`dport = uh->dest;`
163			`break;`
164			`}`
165			`default:`
166			`goto out;`
167			`};`
168			`break;`
169			`}`
170
171			`case FL_ARG_ORIGIN:`
172			`{`
173			`proto = args->fl_u.fl_o.flow->proto;`
174
175			`if (proto == IPPROTO_ICMPV6) {`
176			`goto out;`
177			`} else {`
178			`sport = args->fl_u.fl_o.flow->uli_u.ports.sport;`
179			`dport = args->fl_u.fl_o.flow->uli_u.ports.dport;`
180			`}`
181			`break;`
182			`}`
183
184			`if (proto == rl->info.proto &&`
185			`port_match(args->fl_u.fl_o.flow->uli_u.ports.sport, sport) &&`
186			`port_match(args->fl_u.fl_o.flow->uli_u.ports.dport, dport)) {`
187			`if (rl->policy & IP6_FW_REJECT)`
188			`res = FLOWR_SELECT;`
189			`else`
190			`res = FLOWR_CLEAR;`
191			`}`
192
193			`default:`
194			`#if IP6_FW_DEBUG >= 1`
195			`printk(KERN_DEBUG "ip6_fw_accept: unknown arg type\n");`
196			`#endif`
197			`goto out;`
198			`};`
199
200			`out:`
201			`return res;`
202			`}`
203
204			`static int ip6_fw_accept(struct dst_entry dst, struct fl_acc_args args)`
205			`{`
206			`struct rt6_info *rt;`
207			`struct ip6_fw_rule *rl;`
208			`int proto;`
209			`int res = FLOWR_NODECISION;`
210
211			`rt = (struct rt6_info *) dst;`
212			`rl = (struct ip6_fw_rule *) rt->rt6i_flowr;`
213
214			`proto = rl->info.proto;`
215
216			`switch (proto) {`
217			`case 0:`
218			`if (rl->policy & IP6_FW_REJECT)`
219			`res = FLOWR_SELECT;`
220			`else`
221			`res = FLOWR_CLEAR;`
222			`break;`
223			`case IPPROTO_TCP:`
224			`case IPPROTO_UDP:`
225			`res = ip6_fw_accept_trans(rl, args);`
226			`break;`
227			`case IPPROTO_ICMPV6:`
228			`};`
229
230			`return res;`
231			`}`
232
233			`static struct dst_entry * ip6_fw_dup(struct dst_entry *frule,`
234			`struct dst_entry *rt,`
235			`struct fl_acc_args *args)`
236			`{`
237			`struct ip6_fw_rule *rl;`
238			`struct rt6_info *nrt;`
239			`struct rt6_info *frt;`
240
241			`frt = (struct rt6_info *) frule;`
242
243			`rl = (struct ip6_fw_rule *) frt->rt6i_flowr;`
244
245			`nrt = ip6_rt_copy((struct rt6_info *) rt);`
246
247			`if (nrt) {`
248			`nrt->u.dst.input = frule->input;`
249			`nrt->u.dst.output = frule->output;`
250
251			`nrt->rt6i_flowr = flow_clone(frt->rt6i_flowr);`
252
253			`nrt->rt6i_flags \|= RTF_CACHE;`
254			`nrt->rt6i_tstamp = jiffies;`
255			`}`
256
257			`return (struct dst_entry *) nrt;`
258			`}`
259
260			`int ip6_fw_reject(struct sk_buff *skb)`
261			`{`
262			`#if IP6_FW_DEBUG >= 1`
263			`printk(KERN_DEBUG "packet rejected: \n");`
264			`#endif`
265
266			`icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADM_PROHIBITED, 0,`
267			`skb->dev);`
268			`/*`
269			`* send it via netlink, as (rule, skb)`
270			`*/`
271
272			`kfree_skb(skb);`
273			`return 0;`
274			`}`
275
276			`int ip6_fw_discard(struct sk_buff *skb)`
277			`{`
278			`printk(KERN_DEBUG "ip6_fw: BUG fw_reject called\n");`
279			`kfree_skb(skb);`
280			`return 0;`
281			`}`
282
283			`int ip6_fw_msg_add(struct ip6_fw_msg *msg)`
284			`{`
285			`struct in6_rtmsg rtmsg;`
286			`struct ip6_fw_rule *rl;`
287			`struct rt6_info *rt;`
288			`int err;`
289
290			`ipv6_addr_copy(&rtmsg.rtmsg_dst, &msg->dst);`
291			`ipv6_addr_copy(&rtmsg.rtmsg_src, &msg->src);`
292			`rtmsg.rtmsg_dst_len = msg->dst_len;`
293			`rtmsg.rtmsg_src_len = msg->src_len;`
294			`rtmsg.rtmsg_metric = IP6_RT_PRIO_FW;`
295
296			`rl = ip6_fwrule_alloc();`
297
298			`if (rl == NULL)`
299			`return -ENOMEM;`
300
301			`rl->policy = msg->policy;`
302			`rl->info.proto = msg->proto;`
303			`rl->info.uli_u.data = msg->u.data;`
304
305			`rtmsg.rtmsg_flags = RTF_NONEXTHOP\|RTF_POLICY;`
306			`err = ip6_route_add(&rtmsg);`
307
308			`if (err) {`
309			`ip6_fwrule_free(rl);`
310			`return err;`
311			`}`
312
313			`/* The rest will not work for now. --ABK (989725) */`
314
315			`#ifndef notdef`
316			`ip6_fwrule_free(rl);`
317			`return -EPERM;`
318			`#else`
319			`rt->u.dst.error = -EPERM;`
320
321			`if (msg->policy == IP6_FW_ACCEPT) {`
322			`/*`
323			`* Accept rules are never selected`
324			`* (i.e. packets use normal forwarding)`
325			`*/`
326			`rt->u.dst.input = ip6_fw_discard;`
327			`rt->u.dst.output = ip6_fw_discard;`
328			`} else {`
329			`rt->u.dst.input = ip6_fw_reject;`
330			`rt->u.dst.output = ip6_fw_reject;`
331			`}`
332
333			`ip6_rule_add(rl);`
334
335			`rt->rt6i_flowr = flow_clone((struct flow_rule *)rl);`
336
337			`return 0;`
338			`#endif`
339			`}`
340
341			`static int ip6_fw_msgrcv(int unit, struct sk_buff *skb)`
342			`{`
343			`int count = 0;`
344
345			`while (skb->len) {`
346			`struct ip6_fw_msg *msg;`
347
348			`if (skb->len < sizeof(struct ip6_fw_msg)) {`
349			`count = -EINVAL;`
350			`break;`
351			`}`
352
353			`msg = (struct ip6_fw_msg *) skb->data;`
354			`skb_pull(skb, sizeof(struct ip6_fw_msg));`
355			`count += sizeof(struct ip6_fw_msg);`
356
357			`switch (msg->action) {`
358			`case IP6_FW_MSG_ADD:`
359			`ip6_fw_msg_add(msg);`
360			`break;`
361			`case IP6_FW_MSG_DEL:`
362			`break;`
363			`default:`
364			`return -EINVAL;`
365			`};`
366			`}`
367
368			`return count;`
369			`}`
370
371			`static void ip6_fw_destroy(struct flow_rule *rl)`
372			`{`
373			`ip6_fwrule_free((struct ip6_fw_rule *)rl);`
374			`}`
375
376			`#ifdef MODULE`
377			`#define ip6_fw_init module_init`
378			`#endif`
379
380			`void __init ip6_fw_init(void)`
381			`{`
382			`netlink_attach(NETLINK_IP6_FW, ip6_fw_msgrcv);`
383			`}`
384
385			`#ifdef MODULE`
386			`void cleanup_module(void)`
387			`{`
388			`netlink_detach(NETLINK_IP6_FW);`
389			`}`
390			`#endif`