.repl = {
.name = "raw",
.valid_hooks = RAW_VALID_HOOKS,
.num_entries = 3,
.size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error),
.hook_entry = {
[NF_IP_PRE_ROUTING] = 0,
[NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard)
},
.underflow = {
[NF_IP_PRE_ROUTING] = 0,
[NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard)
},
},
.entries = {
IPT_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */
IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */
},
.term = IPT_ERROR_INIT, /* ERROR */
};
static struct xt_table packet_raw = {
.name = "raw",
.valid_hooks = RAW_VALID_HOOKS,
.me = THIS_MODULE,
.af = AF_INET,
};
/* The work comes in here from netfilter.c. */
static unsigned int
ipt_hook(unsigned int hook,
.valid_hooks = SECURITY_VALID_HOOKS,
.num_entries = 4,
.size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error),
.hook_entry = {
[NF_INET_LOCAL_IN] = 0,
[NF_INET_FORWARD] = sizeof(struct ipt_standard),
[NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2,
},
.underflow = {
[NF_INET_LOCAL_IN] = 0,
[NF_INET_FORWARD] = sizeof(struct ipt_standard),
[NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2,
},
},
.entries = {
IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */
IPT_STANDARD_INIT(NF_ACCEPT), /* FORWARD */
IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */
},
.term = IPT_ERROR_INIT, /* ERROR */
};
static struct xt_table security_table = {
.name = "security",
.valid_hooks = SECURITY_VALID_HOOKS,
.lock = __RW_LOCK_UNLOCKED(security_table.lock),
.me = THIS_MODULE,
.af = AF_INET,
};
static unsigned int
[NF_INET_PRE_ROUTING] = 0,
[NF_INET_LOCAL_IN] = sizeof(struct ipt_standard),
[NF_INET_FORWARD] = sizeof(struct ipt_standard) * 2,
[NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 3,
[NF_INET_POST_ROUTING] = sizeof(struct ipt_standard) * 4,
},
.underflow = {
[NF_INET_PRE_ROUTING] = 0,
[NF_INET_LOCAL_IN] = sizeof(struct ipt_standard),
[NF_INET_FORWARD] = sizeof(struct ipt_standard) * 2,
[NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 3,
[NF_INET_POST_ROUTING] = sizeof(struct ipt_standard) * 4,
},
},
.entries = {
IPT_STANDARD_INIT(NF_ACCEPT),
IPT_STANDARD_INIT(NF_ACCEPT),
IPT_STANDARD_INIT(NF_ACCEPT),
IPT_STANDARD_INIT(NF_ACCEPT),
IPT_STANDARD_INIT(NF_ACCEPT),
},
.term = IPT_ERROR_INIT,
};
static const struct xt_table packet_mangler = {
.name = "mangle",
.valid_hooks = MANGLE_VALID_HOOKS,
.me = THIS_MODULE,
.af = NFPROTO_IPV4,
};
[NF_IP_PRE_ROUTING] = 0,
[NF_IP_LOCAL_IN] = sizeof(struct ipt_standard),
[NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2,
[NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3,
[NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4,
},
.underflow = {
[NF_IP_PRE_ROUTING] = 0,
[NF_IP_LOCAL_IN] = sizeof(struct ipt_standard),
[NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2,
[NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3,
[NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4,
},
},
.entries = {
IPT_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */
IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */
IPT_STANDARD_INIT(NF_ACCEPT), /* FORWARD */
IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */
IPT_STANDARD_INIT(NF_ACCEPT), /* POST_ROUTING */
},
.term = IPT_ERROR_INIT, /* ERROR */
};
static struct xt_table packet_mangler = {
.name = "mangle",
.valid_hooks = MANGLE_VALID_HOOKS,
.me = THIS_MODULE,
.af = AF_INET,
};
} rawpost4_initial __initdata = {
.repl = {
.name = "rawpost",
.valid_hooks = RAWPOST_VALID_HOOKS,
.num_entries = 2,
.size = sizeof(struct ipt_standard) +
sizeof(struct ipt_error),
.hook_entry = {
[NF_INET_POST_ROUTING] = 0,
},
.underflow = {
[NF_INET_POST_ROUTING] = 0,
},
},
.entries = {
IPT_STANDARD_INIT(NF_ACCEPT), /* POST_ROUTING */
},
.term = IPT_ERROR_INIT, /* ERROR */
};
static struct xt_table *rawpost4_ptable;
static struct xt_table rawpost4_itable = {
.name = "rawpost",
.af = NFPROTO_IPV4,
.valid_hooks = RAWPOST_VALID_HOOKS,
.me = THIS_MODULE,
};
static unsigned int rawpost4_hook_fn(unsigned int hook, sk_buff_t *skb,
const struct net_device *in, const struct net_device *out,
