URL https://opencores.org/ocsvn/or1k_old/or1k_old/trunk

Subversion Repositories or1k_old

[/] [or1k_old/] [trunk/] [uclinux/] [uClinux-2.0.x/] [net/] [core/] [firewall.c] - Blame information for rev 1782

Details | Compare with Previous | View Log


/*
 *      Generic loadable firewalls. At the moment only IP will actually
 *      use these, but people can add the others as they are needed.
 *
 *      Authors:        Dave Bonn (for IP)
 *      much hacked by: Alan Cox
 */
 
#include <linux/module.h> 
#include <linux/config.h>
#include <linux/skbuff.h>
#include <linux/firewall.h>
 
static int firewall_lock=0;
static int firewall_policy[NPROTO];
static struct firewall_ops *firewall_chain[NPROTO];
 
/*
 *      Register a firewall
 */
 
int register_firewall(int pf, struct firewall_ops *fw)
{
        struct firewall_ops **p;
 
        if(pf<0||pf>=NPROTO)
                return -EINVAL;
 
        /*
         *      Don't allow two people to adjust at once.
         */
 
        while(firewall_lock)
                schedule();
        firewall_lock=1;
 
        p=&firewall_chain[pf];
 
        while(*p)
        {
                if(fw->fw_priority > (*p)->fw_priority)
                        break;
                p=&((*p)->next);
        }
 
 
        /*
         * We need to use a memory barrier to make sure that this
         * works correctly even in SMP with weakly ordered writes.
         *
         * This is atomic wrt interrupts (and generally walking the
         * chain), but not wrt itself (so you can't call this from
         * an interrupt. Not that you'd want to).
         */
        fw->next=*p;
        mb();
        *p = fw;
 
        /*
         *      And release the sleep lock
         */
 
        firewall_lock=0;
        return 0;
}
 
/*
 *      Unregister a firewall
 */
 
int unregister_firewall(int pf, struct firewall_ops *fw)
{
        struct firewall_ops **nl;
 
        if(pf<0||pf>=NPROTO)
                return -EINVAL;
 
        /*
         *      Don't allow two people to adjust at once.
         */
 
        while(firewall_lock)
                schedule();
        firewall_lock=1;
 
        nl=&firewall_chain[pf];
 
        while(*nl!=NULL)
        {
                if(*nl==fw)
                {
                        struct firewall_ops *f=fw->next;
                        *nl = f;
                        firewall_lock=0;
                        return 0;
                }
                nl=&((*nl)->next);
        }
        firewall_lock=0;
        return -ENOENT;
}
 
int call_fw_firewall(int pf, struct device *dev, void *phdr, void *arg)
{
        struct firewall_ops *fw=firewall_chain[pf];
 
        while(fw!=NULL)
        {
                int rc=fw->fw_forward(fw,pf,dev,phdr,arg);
                if(rc!=FW_SKIP)
                        return rc;
                fw=fw->next;
        }
        return firewall_policy[pf];
}
 
/*
 *      Actual invocation of the chains
 */
 
int call_in_firewall(int pf, struct device *dev, void *phdr, void *arg)
{
        struct firewall_ops *fw=firewall_chain[pf];
 
        while(fw!=NULL)
        {
                int rc=fw->fw_input(fw,pf,dev,phdr,arg);
                if(rc!=FW_SKIP)
                        return rc;
                fw=fw->next;
        }
        return firewall_policy[pf];
}
 
int call_out_firewall(int pf, struct device *dev, void *phdr, void *arg)
{
        struct firewall_ops *fw=firewall_chain[pf];
 
        while(fw!=NULL)
        {
                int rc=fw->fw_output(fw,pf,dev,phdr,arg);
                if(rc!=FW_SKIP)
                        return rc;
                fw=fw->next;
        }
        /* alan, is this right? */
        return firewall_policy[pf];
}
 
static struct symbol_table firewall_syms = {
#include <linux/symtab_begin.h>
        X(register_firewall),
        X(unregister_firewall),
        X(call_in_firewall),
        X(call_out_firewall),
        X(call_fw_firewall),
#include <linux/symtab_end.h>
};
 
void fwchain_init(void)
{
        int i;
        for(i=0;i<NPROTO;i++)
                firewall_policy[i]=FW_ACCEPT;
        register_symtab(&firewall_syms);
}

Line No.	Rev	Author	Line
1	200	simons	`/*`
2			`* Generic loadable firewalls. At the moment only IP will actually`
3			`* use these, but people can add the others as they are needed.`
4			`*`
5			`* Authors: Dave Bonn (for IP)`
6			`* much hacked by: Alan Cox`
7			`*/`
8
9			`#include <linux/module.h>`
10			`#include <linux/config.h>`
11			`#include <linux/skbuff.h>`
12			`#include <linux/firewall.h>`
13
14			`static int firewall_lock=0;`
15			`static int firewall_policy[NPROTO];`
16			`static struct firewall_ops *firewall_chain[NPROTO];`
17
18			`/*`
19			`* Register a firewall`
20			`*/`
21
22			`int register_firewall(int pf, struct firewall_ops *fw)`
23			`{`
24			`struct firewall_ops **p;`
25
26			`if(pf<0\|\|pf>=NPROTO)`
27			`return -EINVAL;`
28
29			`/*`
30			`* Don't allow two people to adjust at once.`
31			`*/`
32
33			`while(firewall_lock)`
34			`schedule();`
35			`firewall_lock=1;`
36
37			`p=&firewall_chain[pf];`
38
39			`while(*p)`
40			`{`
41			`if(fw->fw_priority > (*p)->fw_priority)`
42			`break;`
43			`p=&((*p)->next);`
44			`}`
45
46
47			`/*`
48			`* We need to use a memory barrier to make sure that this`
49			`* works correctly even in SMP with weakly ordered writes.`
50			`*`
51			`* This is atomic wrt interrupts (and generally walking the`
52			`* chain), but not wrt itself (so you can't call this from`
53			`* an interrupt. Not that you'd want to).`
54			`*/`
55			`fw->next=*p;`
56			`mb();`
57			`*p = fw;`
58
59			`/*`
60			`* And release the sleep lock`
61			`*/`
62
63			`firewall_lock=0;`
64			`return 0;`
65			`}`
66
67			`/*`
68			`* Unregister a firewall`
69			`*/`
70
71			`int unregister_firewall(int pf, struct firewall_ops *fw)`
72			`{`
73			`struct firewall_ops **nl;`
74
75			`if(pf<0\|\|pf>=NPROTO)`
76			`return -EINVAL;`
77
78			`/*`
79			`* Don't allow two people to adjust at once.`
80			`*/`
81
82			`while(firewall_lock)`
83			`schedule();`
84			`firewall_lock=1;`
85
86			`nl=&firewall_chain[pf];`
87
88			`while(*nl!=NULL)`
89			`{`
90			`if(*nl==fw)`
91			`{`
92			`struct firewall_ops *f=fw->next;`
93			`*nl = f;`
94			`firewall_lock=0;`
95			`return 0;`
96			`}`
97			`nl=&((*nl)->next);`
98			`}`
99			`firewall_lock=0;`
100			`return -ENOENT;`
101			`}`
102
103			`int call_fw_firewall(int pf, struct device dev, void phdr, void *arg)`
104			`{`
105			`struct firewall_ops *fw=firewall_chain[pf];`
106
107			`while(fw!=NULL)`
108			`{`
109			`int rc=fw->fw_forward(fw,pf,dev,phdr,arg);`
110			`if(rc!=FW_SKIP)`
111			`return rc;`
112			`fw=fw->next;`
113			`}`
114			`return firewall_policy[pf];`
115			`}`
116
117			`/*`
118			`* Actual invocation of the chains`
119			`*/`
120
121			`int call_in_firewall(int pf, struct device dev, void phdr, void *arg)`
122			`{`
123			`struct firewall_ops *fw=firewall_chain[pf];`
124
125			`while(fw!=NULL)`
126			`{`
127			`int rc=fw->fw_input(fw,pf,dev,phdr,arg);`
128			`if(rc!=FW_SKIP)`
129			`return rc;`
130			`fw=fw->next;`
131			`}`
132			`return firewall_policy[pf];`
133			`}`
134
135			`int call_out_firewall(int pf, struct device dev, void phdr, void *arg)`
136			`{`
137			`struct firewall_ops *fw=firewall_chain[pf];`
138
139			`while(fw!=NULL)`
140			`{`
141			`int rc=fw->fw_output(fw,pf,dev,phdr,arg);`
142			`if(rc!=FW_SKIP)`
143			`return rc;`
144			`fw=fw->next;`
145			`}`
146			`/* alan, is this right? */`
147			`return firewall_policy[pf];`
148			`}`
149
150			`static struct symbol_table firewall_syms = {`
151			`#include <linux/symtab_begin.h>`
152			`X(register_firewall),`
153			`X(unregister_firewall),`
154			`X(call_in_firewall),`
155			`X(call_out_firewall),`
156			`X(call_fw_firewall),`
157			`#include <linux/symtab_end.h>`
158			`};`
159
160			`void fwchain_init(void)`
161			`{`
162			`int i;`
163			`for(i=0;i<NPROTO;i++)`
164			`firewall_policy[i]=FW_ACCEPT;`
165			`register_symtab(&firewall_syms);`
166			`}`

Browse

Tools

Subversion Repositories or1k_old

[/] [or1k_old/] [trunk/] [uclinux/] [uClinux-2.0.x/] [net/] [core/] [firewall.c] - Blame information for rev 1782