static int __init rawpost4_table_init(void) { int ret; #if LINUX_VERSION_CODE <= KERNEL_VERSION(2, 6, 29) rwlock_init(&rawpost4_itable.lock); #endif #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 25) rawpost4_ptable = ipt_register_table(&init_net, &rawpost4_itable, &rawpost4_initial.repl); if (IS_ERR(rawpost4_ptable)) return PTR_ERR(rawpost4_ptable); #else ret = ipt_register_table(&rawpost4_itable, &rawpost4_initial.repl); if (ret < 0) return ret; rawpost4_ptable = &rawpost4_itable; #endif ret = nf_register_hook(&rawpost4_hook_ops); if (ret < 0) goto out; return ret; out: ipt_unregister_table(rawpost4_ptable); return ret; }
static int __init iptable_filter_init(void) { int ret; if (forward < 0 || forward > NF_MAX_VERDICT) { printk("iptables forward must be 0 or 1\n"); return -EINVAL; } /* Entry 1 is the FORWARD hook */ initial_table.entries[1].target.verdict = -forward - 1; /* Register table */ ret = ipt_register_table(&packet_filter, &initial_table.repl); if (ret < 0) return ret; /* Register hooks */ ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); if (ret < 0) goto cleanup_table; return ret; cleanup_table: ipt_unregister_table(&packet_filter); return ret; }
static int __init init(void) { int ret; /* Register table */ ret = ipt_register_table(&packet_raw, &initial_table.repl); if (ret < 0) return ret; /* Register hooks */ ret = nf_register_hook(&ipt_ops[0]); if (ret < 0) goto cleanup_table; ret = nf_register_hook(&ipt_ops[1]); if (ret < 0) goto cleanup_hook0; return ret; cleanup_hook0: nf_unregister_hook(&ipt_ops[0]); cleanup_table: ipt_unregister_table(&packet_raw); return ret; }
int __init nf_nat_rule_init(void) { int ret; nat_table = ipt_register_table(&init_net, &__nat_table, &nat_initial_table.repl); if (IS_ERR(nat_table)) return PTR_ERR(nat_table); ret = xt_register_target(&ipt_snat_reg); if (ret != 0) goto unregister_table; ret = xt_register_target(&ipt_dnat_reg); if (ret != 0) goto unregister_snat; return ret; unregister_snat: xt_unregister_target(&ipt_snat_reg); unregister_table: ipt_unregister_table(nat_table); return ret; }
static int __net_init nf_nat_rule_net_init(struct net *net) { net->ipv4.nat_table = ipt_register_table(net, &nat_table, &nat_initial_table.repl); if (IS_ERR(net->ipv4.nat_table)) return PTR_ERR(net->ipv4.nat_table); return 0; }
static int __net_init iptable_mangle_net_init(struct net *net) { net->ipv4.iptable_mangle = ipt_register_table(net, &packet_mangler, &initial_table.repl); if (IS_ERR(net->ipv4.iptable_mangle)) return PTR_ERR(net->ipv4.iptable_mangle); return 0; }
static int __net_init iptable_raw_net_init(struct net *net) { /* Register table */ net->ipv4.iptable_raw = ipt_register_table(net, &packet_raw, &initial_table.repl); if (IS_ERR(net->ipv4.iptable_raw)) return PTR_ERR(net->ipv4.iptable_raw); return 0; }
static int __net_init iptable_security_net_init(struct net *net) { net->ipv4.iptable_security = ipt_register_table(net, &security_table, &initial_table.repl); if (IS_ERR(net->ipv4.iptable_security)) return PTR_ERR(net->ipv4.iptable_security); return 0; }
static int __net_init iptable_nat_net_init(struct net *net) { struct ipt_replace *repl; repl = ipt_alloc_initial_table(&nf_nat_ipv4_table); if (repl == NULL) return -ENOMEM; net->ipv4.nat_table = ipt_register_table(net, &nf_nat_ipv4_table, repl); kfree(repl); return PTR_RET(net->ipv4.nat_table); }
static int __net_init iptable_security_net_init(struct net *net) { struct ipt_replace *repl; repl = ipt_alloc_initial_table(&security_table); if (repl == NULL) return -ENOMEM; net->ipv4.iptable_security = ipt_register_table(net, &security_table, repl); kfree(repl); return PTR_RET(net->ipv4.iptable_security); }
static int __net_init iptable_mangle_net_init(struct net *net) { struct ipt_replace *repl; repl = ipt_alloc_initial_table(&packet_mangler); if (repl == NULL) return -ENOMEM; net->ipv4.iptable_mangle = ipt_register_table(net, &packet_mangler, repl); kfree(repl); return PTR_RET(net->ipv4.iptable_mangle); }
static int __net_init iptable_raw_net_init(struct net *net) { struct ipt_replace *repl; repl = ipt_alloc_initial_table(&packet_raw); if (repl == NULL) return -ENOMEM; net->ipv4.iptable_raw = ipt_register_table(net, &packet_raw, repl); kfree(repl); return PTR_ERR_OR_ZERO(net->ipv4.iptable_raw); }
static int __net_init iptable_filter_net_init(struct net *net) { if (!net_ipt_permitted(net, VE_IP_FILTER)) return 0; /* Register table */ net->ipv4.iptable_filter = ipt_register_table(net, &packet_filter, &initial_table.repl); if (IS_ERR(net->ipv4.iptable_filter)) return PTR_ERR(net->ipv4.iptable_filter); net_ipt_module_set(net, VE_IP_FILTER); return 0; }
static int __net_init nf_nat_rule_net_init(struct net *net) { if (!net_ipt_permitted(net, VE_IP_IPTABLE_NAT)) return 0; net->ipv4.nat_table = ipt_register_table(net, &nat_table, &nat_initial_table.repl); if (IS_ERR(net->ipv4.nat_table)) return PTR_ERR(net->ipv4.nat_table); net_ipt_module_set(net, VE_IP_IPTABLE_NAT); return 0; }
static int __net_init iptable_security_table_init(struct net *net) { struct ipt_replace *repl; int ret; if (net->ipv4.iptable_security) return 0; repl = ipt_alloc_initial_table(&security_table); if (repl == NULL) return -ENOMEM; ret = ipt_register_table(net, &security_table, repl, sectbl_ops, &net->ipv4.iptable_security); kfree(repl); return ret; }
static int __net_init iptable_mangle_table_init(struct net *net) { struct ipt_replace *repl; int ret; if (net->ipv4.iptable_mangle) return 0; repl = ipt_alloc_initial_table(&packet_mangler); if (repl == NULL) return -ENOMEM; ret = ipt_register_table(net, &packet_mangler, repl, mangle_ops, &net->ipv4.iptable_mangle); kfree(repl); return ret; }
static int __net_init iptable_filter_net_init(struct net *net) { /* Register table */ // 注册过滤表。Netfilter在内核中为防火墙系统维护了一个结构体,该结构体中存储的是内核中 // 当前可用的所有match、target和table,它们都是以双向链表的形式被组织起来的。 // 这个全局的结构体变量是static struct xt_af *xt // ipt_register_table所做的事情就是从模板initial_table变量的repl成员里取出初始化数据, // 然后申请一块内存并用repl里的值来初始化它,之后,将这块内存的首地址赋给packet filter表 // 的private成员,最后将packet filter挂载到xt[2].tables的双向链表中 net->ipv4.iptable_filter = ipt_register_table(net, &packet_filter, &initial_table.repl); if (IS_ERR(net->ipv4.iptable_filter)) return PTR_ERR(net->ipv4.iptable_filter); return 0; }
static int __net_init iptable_filter_net_init(struct net *net) { struct ipt_replace *repl; repl = ipt_alloc_initial_table(&packet_filter); if (repl == NULL) return -ENOMEM; /* Entry 1 is the FORWARD hook */ ((struct ipt_standard *)repl->entries)[1].target.verdict = forward ? -NF_ACCEPT - 1 : -NF_DROP - 1; net->ipv4.iptable_filter = ipt_register_table(net, &packet_filter, repl); kfree(repl); return PTR_RET(net->ipv4.iptable_filter); }
static int __init iptable_raw_init(void) { int ret; /* Register table */ ret = ipt_register_table(&packet_raw, &initial_table.repl); if (ret < 0) return ret; /* Register hooks */ ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); if (ret < 0) { ipt_unregister_table(&packet_raw); } return ret; }
static int __init iptable_mangle_init(void) { int ret; /* Register table */ ret = ipt_register_table(&packet_mangler, &initial_table.repl); if (ret < 0) return ret; /* Register hooks */ ret = nf_register_hooks(ipt_ops, ARRAY_SIZE(ipt_ops)); if (ret < 0) goto cleanup_table; return ret; cleanup_table: ipt_unregister_table(&packet_mangler); return ret; }
int __init nf_nat_rule_init(void) { int ret; ret = ipt_register_table(&nat_table, &nat_initial_table.repl); if (ret != 0) return ret; ret = xt_register_target(&ipt_snat_reg); if (ret != 0) goto unregister_table; ret = xt_register_target(&ipt_dnat_reg); if (ret != 0) goto unregister_snat; return ret; unregister_snat: xt_unregister_target(&ipt_snat_reg); unregister_table: ipt_unregister_table(&nat_table); return ret; }