]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* iptables module for the IPv4 and TCP ECN bits, Version 1.5 |
2 | * | |
3 | * (C) 2002 by Harald Welte <laforge@netfilter.org> | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License version 2 as | |
7 | * published by the Free Software Foundation. | |
8 | * | |
9 | * ipt_ECN.c,v 1.5 2002/08/18 19:36:51 laforge Exp | |
10 | */ | |
11 | ||
12 | #include <linux/module.h> | |
13 | #include <linux/skbuff.h> | |
14 | #include <linux/ip.h> | |
15 | #include <linux/tcp.h> | |
16 | #include <net/checksum.h> | |
17 | ||
18 | #include <linux/netfilter_ipv4/ip_tables.h> | |
19 | #include <linux/netfilter_ipv4/ipt_ECN.h> | |
20 | ||
21 | MODULE_LICENSE("GPL"); | |
22 | MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); | |
23 | MODULE_DESCRIPTION("iptables ECN modification module"); | |
24 | ||
25 | /* set ECT codepoint from IP header. | |
26 | * return 0 if there was an error. */ | |
27 | static inline int | |
28 | set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo) | |
29 | { | |
30 | if (((*pskb)->nh.iph->tos & IPT_ECN_IP_MASK) | |
31 | != (einfo->ip_ect & IPT_ECN_IP_MASK)) { | |
32 | u_int16_t diffs[2]; | |
33 | ||
34 | if (!skb_ip_make_writable(pskb, sizeof(struct iphdr))) | |
35 | return 0; | |
36 | ||
37 | diffs[0] = htons((*pskb)->nh.iph->tos) ^ 0xFFFF; | |
38 | (*pskb)->nh.iph->tos &= ~IPT_ECN_IP_MASK; | |
39 | (*pskb)->nh.iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK); | |
40 | diffs[1] = htons((*pskb)->nh.iph->tos); | |
41 | (*pskb)->nh.iph->check | |
42 | = csum_fold(csum_partial((char *)diffs, | |
43 | sizeof(diffs), | |
44 | (*pskb)->nh.iph->check | |
45 | ^0xFFFF)); | |
1da177e4 LT |
46 | } |
47 | return 1; | |
48 | } | |
49 | ||
50 | /* Return 0 if there was an error. */ | |
51 | static inline int | |
52 | set_ect_tcp(struct sk_buff **pskb, const struct ipt_ECN_info *einfo, int inward) | |
53 | { | |
54 | struct tcphdr _tcph, *tcph; | |
55 | u_int16_t diffs[2]; | |
56 | ||
57 | /* Not enought header? */ | |
58 | tcph = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4, | |
59 | sizeof(_tcph), &_tcph); | |
60 | if (!tcph) | |
61 | return 0; | |
62 | ||
fd841326 PM |
63 | if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) || |
64 | tcph->ece == einfo->proto.tcp.ece) && | |
65 | ((!(einfo->operation & IPT_ECN_OP_SET_CWR) || | |
66 | tcph->cwr == einfo->proto.tcp.cwr))) | |
1da177e4 LT |
67 | return 1; |
68 | ||
69 | if (!skb_ip_make_writable(pskb, (*pskb)->nh.iph->ihl*4+sizeof(*tcph))) | |
70 | return 0; | |
71 | tcph = (void *)(*pskb)->nh.iph + (*pskb)->nh.iph->ihl*4; | |
72 | ||
f93592ff PM |
73 | if ((*pskb)->ip_summed == CHECKSUM_HW && |
74 | skb_checksum_help(*pskb, inward)) | |
75 | return 0; | |
76 | ||
1da177e4 LT |
77 | diffs[0] = ((u_int16_t *)tcph)[6]; |
78 | if (einfo->operation & IPT_ECN_OP_SET_ECE) | |
79 | tcph->ece = einfo->proto.tcp.ece; | |
80 | if (einfo->operation & IPT_ECN_OP_SET_CWR) | |
81 | tcph->cwr = einfo->proto.tcp.cwr; | |
82 | diffs[1] = ((u_int16_t *)tcph)[6]; | |
83 | diffs[0] = diffs[0] ^ 0xFFFF; | |
84 | ||
f93592ff | 85 | if ((*pskb)->ip_summed != CHECKSUM_UNNECESSARY) |
1da177e4 LT |
86 | tcph->check = csum_fold(csum_partial((char *)diffs, |
87 | sizeof(diffs), | |
88 | tcph->check^0xFFFF)); | |
1da177e4 LT |
89 | return 1; |
90 | } | |
91 | ||
92 | static unsigned int | |
93 | target(struct sk_buff **pskb, | |
94 | const struct net_device *in, | |
95 | const struct net_device *out, | |
96 | unsigned int hooknum, | |
97 | const void *targinfo, | |
98 | void *userinfo) | |
99 | { | |
100 | const struct ipt_ECN_info *einfo = targinfo; | |
101 | ||
102 | if (einfo->operation & IPT_ECN_OP_SET_IP) | |
103 | if (!set_ect_ip(pskb, einfo)) | |
104 | return NF_DROP; | |
105 | ||
106 | if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) | |
107 | && (*pskb)->nh.iph->protocol == IPPROTO_TCP) | |
108 | if (!set_ect_tcp(pskb, einfo, (out == NULL))) | |
109 | return NF_DROP; | |
110 | ||
111 | return IPT_CONTINUE; | |
112 | } | |
113 | ||
114 | static int | |
115 | checkentry(const char *tablename, | |
116 | const struct ipt_entry *e, | |
117 | void *targinfo, | |
118 | unsigned int targinfosize, | |
119 | unsigned int hook_mask) | |
120 | { | |
121 | const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo; | |
122 | ||
123 | if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ECN_info))) { | |
124 | printk(KERN_WARNING "ECN: targinfosize %u != %Zu\n", | |
125 | targinfosize, | |
126 | IPT_ALIGN(sizeof(struct ipt_ECN_info))); | |
127 | return 0; | |
128 | } | |
129 | ||
130 | if (strcmp(tablename, "mangle") != 0) { | |
131 | printk(KERN_WARNING "ECN: can only be called from \"mangle\" table, not \"%s\"\n", tablename); | |
132 | return 0; | |
133 | } | |
134 | ||
135 | if (einfo->operation & IPT_ECN_OP_MASK) { | |
136 | printk(KERN_WARNING "ECN: unsupported ECN operation %x\n", | |
137 | einfo->operation); | |
138 | return 0; | |
139 | } | |
140 | if (einfo->ip_ect & ~IPT_ECN_IP_MASK) { | |
141 | printk(KERN_WARNING "ECN: new ECT codepoint %x out of mask\n", | |
142 | einfo->ip_ect); | |
143 | return 0; | |
144 | } | |
145 | ||
146 | if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) | |
147 | && (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & IPT_INV_PROTO))) { | |
148 | printk(KERN_WARNING "ECN: cannot use TCP operations on a " | |
149 | "non-tcp rule\n"); | |
150 | return 0; | |
151 | } | |
152 | ||
153 | return 1; | |
154 | } | |
155 | ||
156 | static struct ipt_target ipt_ecn_reg = { | |
157 | .name = "ECN", | |
158 | .target = target, | |
159 | .checkentry = checkentry, | |
160 | .me = THIS_MODULE, | |
161 | }; | |
162 | ||
163 | static int __init init(void) | |
164 | { | |
165 | return ipt_register_target(&ipt_ecn_reg); | |
166 | } | |
167 | ||
168 | static void __exit fini(void) | |
169 | { | |
170 | ipt_unregister_target(&ipt_ecn_reg); | |
171 | } | |
172 | ||
173 | module_init(init); | |
174 | module_exit(fini); |