.repl = { .name = "raw", .valid_hooks = RAW_VALID_HOOKS, .num_entries = 3, .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error), .hook_entry = { [NF_IP_PRE_ROUTING] = 0, [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) }, .underflow = { [NF_IP_PRE_ROUTING] = 0, [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) }, }, .entries = { IPT_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */ IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */ }, .term = IPT_ERROR_INIT, /* ERROR */ }; static struct xt_table packet_raw = { .name = "raw", .valid_hooks = RAW_VALID_HOOKS, .me = THIS_MODULE, .af = AF_INET, }; /* The work comes in here from netfilter.c. */ static unsigned int ipt_hook(unsigned int hook,
.valid_hooks = SECURITY_VALID_HOOKS, .num_entries = 4, .size = sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error), .hook_entry = { [NF_INET_LOCAL_IN] = 0, [NF_INET_FORWARD] = sizeof(struct ipt_standard), [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, }, .underflow = { [NF_INET_LOCAL_IN] = 0, [NF_INET_FORWARD] = sizeof(struct ipt_standard), [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 2, }, }, .entries = { IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */ IPT_STANDARD_INIT(NF_ACCEPT), /* FORWARD */ IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */ }, .term = IPT_ERROR_INIT, /* ERROR */ }; static struct xt_table security_table = { .name = "security", .valid_hooks = SECURITY_VALID_HOOKS, .lock = __RW_LOCK_UNLOCKED(security_table.lock), .me = THIS_MODULE, .af = AF_INET, }; static unsigned int
[NF_INET_PRE_ROUTING] = 0, [NF_INET_LOCAL_IN] = sizeof(struct ipt_standard), [NF_INET_FORWARD] = sizeof(struct ipt_standard) * 2, [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard) * 4, }, .underflow = { [NF_INET_PRE_ROUTING] = 0, [NF_INET_LOCAL_IN] = sizeof(struct ipt_standard), [NF_INET_FORWARD] = sizeof(struct ipt_standard) * 2, [NF_INET_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, [NF_INET_POST_ROUTING] = sizeof(struct ipt_standard) * 4, }, }, .entries = { IPT_STANDARD_INIT(NF_ACCEPT), IPT_STANDARD_INIT(NF_ACCEPT), IPT_STANDARD_INIT(NF_ACCEPT), IPT_STANDARD_INIT(NF_ACCEPT), IPT_STANDARD_INIT(NF_ACCEPT), }, .term = IPT_ERROR_INIT, }; static const struct xt_table packet_mangler = { .name = "mangle", .valid_hooks = MANGLE_VALID_HOOKS, .me = THIS_MODULE, .af = NFPROTO_IPV4, };
[NF_IP_PRE_ROUTING] = 0, [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4, }, .underflow = { [NF_IP_PRE_ROUTING] = 0, [NF_IP_LOCAL_IN] = sizeof(struct ipt_standard), [NF_IP_FORWARD] = sizeof(struct ipt_standard) * 2, [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) * 3, [NF_IP_POST_ROUTING] = sizeof(struct ipt_standard) * 4, }, }, .entries = { IPT_STANDARD_INIT(NF_ACCEPT), /* PRE_ROUTING */ IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_IN */ IPT_STANDARD_INIT(NF_ACCEPT), /* FORWARD */ IPT_STANDARD_INIT(NF_ACCEPT), /* LOCAL_OUT */ IPT_STANDARD_INIT(NF_ACCEPT), /* POST_ROUTING */ }, .term = IPT_ERROR_INIT, /* ERROR */ }; static struct xt_table packet_mangler = { .name = "mangle", .valid_hooks = MANGLE_VALID_HOOKS, .me = THIS_MODULE, .af = AF_INET, };
} rawpost4_initial __initdata = { .repl = { .name = "rawpost", .valid_hooks = RAWPOST_VALID_HOOKS, .num_entries = 2, .size = sizeof(struct ipt_standard) + sizeof(struct ipt_error), .hook_entry = { [NF_INET_POST_ROUTING] = 0, }, .underflow = { [NF_INET_POST_ROUTING] = 0, }, }, .entries = { IPT_STANDARD_INIT(NF_ACCEPT), /* POST_ROUTING */ }, .term = IPT_ERROR_INIT, /* ERROR */ }; static struct xt_table *rawpost4_ptable; static struct xt_table rawpost4_itable = { .name = "rawpost", .af = NFPROTO_IPV4, .valid_hooks = RAWPOST_VALID_HOOKS, .me = THIS_MODULE, }; static unsigned int rawpost4_hook_fn(unsigned int hook, sk_buff_t *skb, const struct net_device *in, const struct net_device *out,