[mirror_ubuntu-bionic-kernel.git] / include / net / netfilter / nf_tables_ipv4.h

/* SPDX-License-Identifier: GPL-2.0 */
#ifndef _NF_TABLES_IPV4_H_
#define _NF_TABLES_IPV4_H_

#include <net/netfilter/nf_tables.h>
#include <net/ip.h>

static inline void
nft_set_pktinfo_ipv4(struct nft_pktinfo *pkt,
		     struct sk_buff *skb,
		     const struct nf_hook_state *state)
{
	struct iphdr *ip;

	nft_set_pktinfo(pkt, skb, state);

	ip = ip_hdr(pkt->skb);
	pkt->tprot_set = true;
	pkt->tprot = ip->protocol;
	pkt->xt.thoff = ip_hdrlen(pkt->skb);
	pkt->xt.fragoff = ntohs(ip->frag_off) & IP_OFFSET;
}

static inline int
__nft_set_pktinfo_ipv4_validate(struct nft_pktinfo *pkt,
				struct sk_buff *skb,
				const struct nf_hook_state *state)
{
	struct iphdr *iph, _iph;
	u32 len, thoff;

	iph = skb_header_pointer(skb, skb_network_offset(skb), sizeof(*iph),
				 &_iph);
	if (!iph)
		return -1;

	if (iph->ihl < 5 || iph->version != 4)
		return -1;

	len = ntohs(iph->tot_len);
	thoff = iph->ihl * 4;
	if (skb->len < len)
		return -1;
	else if (len < thoff)
		return -1;

	pkt->tprot_set = true;
	pkt->tprot = iph->protocol;
	pkt->xt.thoff = thoff;
	pkt->xt.fragoff = ntohs(iph->frag_off) & IP_OFFSET;

	return 0;
}

static inline void
nft_set_pktinfo_ipv4_validate(struct nft_pktinfo *pkt,
			      struct sk_buff *skb,
			      const struct nf_hook_state *state)
{
	nft_set_pktinfo(pkt, skb, state);
	if (__nft_set_pktinfo_ipv4_validate(pkt, skb, state) < 0)
		nft_set_pktinfo_proto_unspec(pkt, skb);
}

extern struct nft_af_info nft_af_ipv4;

#endif
Commit	Line	Data
b2441318	1	/* SPDX-License-Identifier: GPL-2.0 */
0ca743a5 PNA	2	#ifndef _NF_TABLES_IPV4_H_
	3	#define _NF_TABLES_IPV4_H_
	4
	5	#include <net/netfilter/nf_tables.h>
	6	#include <net/ip.h>
	7
	8	static inline void
	9	nft_set_pktinfo_ipv4(struct nft_pktinfo *pkt,
0ca743a5	10	struct sk_buff *skb,
073bfd56	11	const struct nf_hook_state *state)
0ca743a5 PNA	12	{
	13	struct iphdr *ip;
	14
6aa187f2	15	nft_set_pktinfo(pkt, skb, state);
0ca743a5	16
0ca743a5	17	ip = ip_hdr(pkt->skb);
beac5afa	18	pkt->tprot_set = true;
4566bf27 PM	19	pkt->tprot = ip->protocol;
4566bf27 PM	20	pkt->xt.thoff = ip_hdrlen(pkt->skb);
0ca743a5 PNA	21	pkt->xt.fragoff = ntohs(ip->frag_off) & IP_OFFSET;
	22	}
	23
ddc8b602 PNA	24	static inline int
	25	__nft_set_pktinfo_ipv4_validate(struct nft_pktinfo *pkt,
	26	struct sk_buff *skb,
	27	const struct nf_hook_state *state)
	28	{
	29	struct iphdr *iph, _iph;
	30	u32 len, thoff;
	31
	32	iph = skb_header_pointer(skb, skb_network_offset(skb), sizeof(*iph),
	33	&_iph);
	34	if (!iph)
	35	return -1;
	36
ddc8b602 PNA	37	if (iph->ihl < 5 \|\| iph->version != 4)
	38	return -1;
	39
	40	len = ntohs(iph->tot_len);
	41	thoff = iph->ihl * 4;
	42	if (skb->len < len)
	43	return -1;
	44	else if (len < thoff)
	45	return -1;
	46
	47	pkt->tprot_set = true;
	48	pkt->tprot = iph->protocol;
	49	pkt->xt.thoff = thoff;
	50	pkt->xt.fragoff = ntohs(iph->frag_off) & IP_OFFSET;
	51
	52	return 0;
	53	}
	54
	55	static inline void
	56	nft_set_pktinfo_ipv4_validate(struct nft_pktinfo *pkt,
	57	struct sk_buff *skb,
	58	const struct nf_hook_state *state)
	59	{
	60	nft_set_pktinfo(pkt, skb, state);
	61	if (__nft_set_pktinfo_ipv4_validate(pkt, skb, state) < 0)
	62	nft_set_pktinfo_proto_unspec(pkt, skb);
	63	}
	64
1d49144c PM	65	extern struct nft_af_info nft_af_ipv4;
1d49144c PM	66
0ca743a5	67	#endif