static int __init imq_init_hooks(void)
{
int err;
if ((err = nf_register_queue_handler(PF_INET, imq_nf_queue, NULL)))
goto err1;
if ((err = nf_register_hook(&imq_ingress_ipv4)))
goto err2;
if ((err = nf_register_hook(&imq_egress_ipv4)))
goto err3;
#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
if ((err = nf_register_queue_handler(PF_INET6, imq_nf_queue, NULL)))
goto err4;
if ((err = nf_register_hook(&imq_ingress_ipv6)))
goto err5;
if ((err = nf_register_hook(&imq_egress_ipv6)))
goto err6;
#endif
//000001:tc.chen start
#if defined(CONFIG_BRIDGE_NF_EBTABLES)
if ((err = nf_register_queue_handler(PF_BRIDGE, imq_nf_queue, NULL)))
goto err7;
if ((err = nf_register_hook(&imq_ingress_bridge)))
goto err8;
if ((err = nf_register_hook(&imq_egress_bridge)))
goto err9;
#endif
//000001:tc.chen end
return 0;
//000001:tc.chen start
#if defined(CONFIG_BRIDGE_NF_EBTABLES)
err9:
nf_unregister_hook(&imq_ingress_bridge);
err8:
nf_unregister_queue_handler(PF_BRIDGE);
err7:
#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
nf_unregister_hook(&imq_egress_ipv6);
#endif
#endif
//000001:tc.chen end
#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
err6:
nf_unregister_hook(&imq_ingress_ipv6);
err5:
nf_unregister_queue_handler(PF_INET6);
err4:
nf_unregister_hook(&imq_egress_ipv4);
#endif
err3:
nf_unregister_hook(&imq_ingress_ipv4);
err2:
nf_unregister_queue_handler(PF_INET);
err1:
return err;
}
int nfilter_init (void)
{
int alloc_result = -1;
int add_result = -1;
int add_send_hook = -1;
struct device *device_result = NULL;
cdev_init(&url_cdev, &sec_url_filter_fops );
do
{
if (init_Managers() < 0) break;
if ((alloc_result = alloc_chrdev_region(&url_ver, 0, 1, "url")) < 0 ) break;
if ((url_class = class_create(THIS_MODULE, "secfilter")) == NULL) break;
if ((device_result = device_create( url_class, NULL, url_ver, NULL, "url" )) == NULL) break;
if ((add_result = cdev_add(&url_cdev, url_ver, 1)) <0) break;
if ((add_send_hook =nf_register_hook( &sec_url_filter)) <0) break;
if (nf_register_hook( &sec_url_recv_filter) <0) break;
nf_register_queue_handler(PF_INET, &sec_url_queue_handler);
return 0;
}while(0);
deInit_Managers();
if (add_result == 0) cdev_del( &url_cdev );
if (device_result != NULL) device_destroy(url_class, url_ver);
if (url_class != NULL) class_destroy(url_class);
if (alloc_result == 0) unregister_chrdev_region(url_ver, 1);
if (add_send_hook == 0) nf_unregister_hook(&sec_url_filter);
printk(KERN_ALERT "SEC_FILTER : FAIL TO INIT\n");
return -1;
}
static ipq_queue_t *ipq_create_queue(nf_queue_outfn_t outfn,
ipq_send_cb_t send_cb,
int *errp, int *sysctl_qmax)
{
int status;
ipq_queue_t *q;
*errp = 0;
q = kmalloc(sizeof(ipq_queue_t), GFP_KERNEL);
if (q == NULL) {
*errp = -ENOMEM;
return NULL;
}
q->peer.pid = 0;
q->peer.died = 0;
q->peer.copy_mode = IPQ_COPY_NONE;
q->peer.copy_range = 0;
q->peer.send = send_cb;
q->len = 0;
q->maxlen = sysctl_qmax;
q->flushing = 0;
q->terminate = 0;
INIT_LIST_HEAD(&q->list);
spin_lock_init(&q->lock);
status = nf_register_queue_handler(PF_INET, outfn, q);
if (status < 0) {
*errp = -EBUSY;
kfree(q);
return NULL;
}
return q;
}
static int __init imq_init_hooks(void)
{
int err;
err = nf_register_queue_handler(PF_INET, &nfqh);
if (err > 0)
goto err1;
if ((err = nf_register_hook(&imq_ingress_ipv4)))
goto err2;
if ((err = nf_register_hook(&imq_egress_ipv4)))
goto err3;
#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
if ((err = nf_register_queue_handler(PF_INET6, &nfqh)))
goto err4;
if ((err = nf_register_hook(&imq_ingress_ipv6)))
goto err5;
if ((err = nf_register_hook(&imq_egress_ipv6)))
goto err6;
#endif
return 0;
#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
err6:
nf_unregister_hook(&imq_ingress_ipv6);
err5:
nf_unregister_queue_handler(PF_INET6,&nfqh);
err4:
nf_unregister_hook(&imq_egress_ipv4);
#endif
err3:
nf_unregister_hook(&imq_ingress_ipv4);
err2:
nf_unregister_queue_handler(PF_INET,&nfqh);
err1:
return err;
}
/*
* Module initialization and cleanup
*/
static int __init f_init_module(void)
{
int i;
int retval = 0;
get_random_bytes(&seed1, sizeof(seed1));
get_random_bytes(&seed2, sizeof(seed2));
get_random_bytes(&seed3, sizeof(seed3));
firm_proc_dir = proc_mkdir("firmament", proc_net);
if (!firm_proc_dir) {
remove_proc_entry("firmament", proc_net);
printk(KERN_ERR
"firmament error: could not create firmament directory\n");
retval = -ENOMEM;
goto exit;
}
firm_rules_proc_dir = proc_mkdir("rules", firm_proc_dir);
if (!firm_rules_proc_dir) {
remove_proc_entry("rules", firm_proc_dir);
printk(KERN_ERR
"firmament error: could not create firmament/rules directory\n");
retval = -ENOMEM;
goto unreg_firm_proc;
}
proc_net_firm_action =
create_proc_entry("control", S_IWUSR, firm_proc_dir);
proc_net_firm_action->proc_iops = &f_iops;
proc_net_firm_action->proc_fops = &f_cfops;
if (!proc_net_firm_action) {
remove_proc_entry("control", firm_proc_dir);
printk(KERN_ERR
"firmament error: could not create control file\n");
retval = -ENOMEM;
goto unreg_rules_proc;
}
for (i = 0; f_flowtable[i].name != NULL; i++) {
f_flowtable[i].pdir =
create_proc_entry(f_flowtable[i].name,
S_IRUSR | S_IWUSR, firm_rules_proc_dir);
f_flowtable[i].pdir->proc_iops = &f_iops;
f_flowtable[i].pdir->proc_fops = &f_fops;
if (!f_flowtable[i].pdir) {
remove_proc_entry(f_flowtable[i].name, firm_rules_proc_dir);
printk(KERN_ERR
"firm_vm: could not create %s rule file.\n",
f_flowtable[i].name);
retval = -ENOMEM;
break;
}
/* Register the queue handler (delayed packets) */
nf_register_queue_handler(f_flowtable[i].pf, &nf_q_h); /* Alterado */
}
if (f_flowtable[i].name != NULL) {
/* Not all rule files created. Unroll changes and quit */
while (i >= 0) {
remove_proc_entry(f_flowtable[i--].name, firm_rules_proc_dir);
}
} else {
/* Everything went well */
printk(KERN_INFO "firm_vm: loaded\n");
printk(KERN_INFO "firm_vm: random seeds are 0x%x 0x%x 0x%x\n",
seed1, seed2, seed3);
return retval;
}
remove_proc_entry("control", firm_proc_dir);
unreg_rules_proc:
remove_proc_entry("rules", firm_proc_dir);
unreg_firm_proc:
remove_proc_entry("firmament", proc_net);
exit:
return retval;
}