#include <linux/init.h> #include <linux/kernel.h> #include <linux/netdevice.h> #include <net/net_namespace.h> #include <net/netfilter/nf_tables.h> #include <linux/netfilter_ipv4.h> #include <linux/netfilter_ipv6.h> #include <linux/netfilter_bridge.h> #include <linux/netfilter_arp.h> #include <net/netfilter/nf_tables_ipv4.h> #include <net/netfilter/nf_tables_ipv6.h> #ifdef CONFIG_NF_TABLES_IPV4 static unsigned int nft_do_chain_ipv4(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { … } static const struct nft_chain_type nft_chain_filter_ipv4 = …; static void nft_chain_filter_ipv4_init(void) { … } static void nft_chain_filter_ipv4_fini(void) { … } #else static inline void nft_chain_filter_ipv4_init(void) {} static inline void nft_chain_filter_ipv4_fini(void) {} #endif /* CONFIG_NF_TABLES_IPV4 */ #ifdef CONFIG_NF_TABLES_ARP static unsigned int nft_do_chain_arp(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { … } static const struct nft_chain_type nft_chain_filter_arp = …; static void nft_chain_filter_arp_init(void) { … } static void nft_chain_filter_arp_fini(void) { … } #else static inline void nft_chain_filter_arp_init(void) {} static inline void nft_chain_filter_arp_fini(void) {} #endif /* CONFIG_NF_TABLES_ARP */ #ifdef CONFIG_NF_TABLES_IPV6 static unsigned int nft_do_chain_ipv6(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { … } static const struct nft_chain_type nft_chain_filter_ipv6 = …; static void nft_chain_filter_ipv6_init(void) { … } static void nft_chain_filter_ipv6_fini(void) { … } #else static inline void nft_chain_filter_ipv6_init(void) {} static inline void nft_chain_filter_ipv6_fini(void) {} #endif /* CONFIG_NF_TABLES_IPV6 */ #ifdef CONFIG_NF_TABLES_INET static unsigned int nft_do_chain_inet(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { … } static unsigned int nft_do_chain_inet_ingress(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { … } static const struct nft_chain_type nft_chain_filter_inet = …; static void nft_chain_filter_inet_init(void) { … } static void nft_chain_filter_inet_fini(void) { … } #else static inline void nft_chain_filter_inet_init(void) {} static inline void nft_chain_filter_inet_fini(void) {} #endif /* CONFIG_NF_TABLES_IPV6 */ #if IS_ENABLED(CONFIG_NF_TABLES_BRIDGE) static unsigned int nft_do_chain_bridge(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { … } static const struct nft_chain_type nft_chain_filter_bridge = …; static void nft_chain_filter_bridge_init(void) { … } static void nft_chain_filter_bridge_fini(void) { … } #else static inline void nft_chain_filter_bridge_init(void) {} static inline void nft_chain_filter_bridge_fini(void) {} #endif /* CONFIG_NF_TABLES_BRIDGE */ #ifdef CONFIG_NF_TABLES_NETDEV static unsigned int nft_do_chain_netdev(void *priv, struct sk_buff *skb, const struct nf_hook_state *state) { … } static const struct nft_chain_type nft_chain_filter_netdev = …; static void nft_netdev_event(unsigned long event, struct net_device *dev, struct nft_ctx *ctx) { … } static int nf_tables_netdev_event(struct notifier_block *this, unsigned long event, void *ptr) { … } static struct notifier_block nf_tables_netdev_notifier = …; static int nft_chain_filter_netdev_init(void) { … } static void nft_chain_filter_netdev_fini(void) { … } #else static inline int nft_chain_filter_netdev_init(void) { return 0; } static inline void nft_chain_filter_netdev_fini(void) {} #endif /* CONFIG_NF_TABLES_NETDEV */ int __init nft_chain_filter_init(void) { … } void nft_chain_filter_fini(void) { … }
Codebase Browser
linux