]>
Commit | Line | Data |
---|---|---|
2e4e6a17 HW |
1 | /* Kernel module to match packet length. */ |
2 | /* (C) 1999-2001 James Morris <jmorros@intercode.com.au> | |
3 | * | |
4 | * This program is free software; you can redistribute it and/or modify | |
5 | * it under the terms of the GNU General Public License version 2 as | |
6 | * published by the Free Software Foundation. | |
7 | */ | |
8 | ||
9 | #include <linux/module.h> | |
10 | #include <linux/skbuff.h> | |
37d8dc82 | 11 | #include <linux/ipv6.h> |
2e4e6a17 HW |
12 | #include <net/ip.h> |
13 | ||
14 | #include <linux/netfilter/xt_length.h> | |
15 | #include <linux/netfilter/x_tables.h> | |
16 | ||
17 | MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>"); | |
18 | MODULE_DESCRIPTION("IP tables packet length matching module"); | |
19 | MODULE_LICENSE("GPL"); | |
20 | MODULE_ALIAS("ipt_length"); | |
21 | MODULE_ALIAS("ip6t_length"); | |
22 | ||
1d93a9cb | 23 | static bool |
d3c5ee6d JE |
24 | length_mt(const struct sk_buff *skb, const struct net_device *in, |
25 | const struct net_device *out, const struct xt_match *match, | |
26 | const void *matchinfo, int offset, unsigned int protoff, | |
27 | bool *hotdrop) | |
2e4e6a17 HW |
28 | { |
29 | const struct xt_length_info *info = matchinfo; | |
eddc9ec5 | 30 | u_int16_t pktlen = ntohs(ip_hdr(skb)->tot_len); |
601e68e1 | 31 | |
2e4e6a17 HW |
32 | return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; |
33 | } | |
34 | ||
1d93a9cb | 35 | static bool |
d3c5ee6d JE |
36 | length_mt6(const struct sk_buff *skb, const struct net_device *in, |
37 | const struct net_device *out, const struct xt_match *match, | |
38 | const void *matchinfo, int offset, unsigned int protoff, | |
39 | bool *hotdrop) | |
2e4e6a17 HW |
40 | { |
41 | const struct xt_length_info *info = matchinfo; | |
7c4e36bc JE |
42 | const u_int16_t pktlen = ntohs(ipv6_hdr(skb)->payload_len) + |
43 | sizeof(struct ipv6hdr); | |
601e68e1 | 44 | |
2e4e6a17 HW |
45 | return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; |
46 | } | |
47 | ||
d3c5ee6d | 48 | static struct xt_match length_mt_reg[] __read_mostly = { |
4470bbc7 PM |
49 | { |
50 | .name = "length", | |
51 | .family = AF_INET, | |
d3c5ee6d | 52 | .match = length_mt, |
4470bbc7 PM |
53 | .matchsize = sizeof(struct xt_length_info), |
54 | .me = THIS_MODULE, | |
55 | }, | |
56 | { | |
57 | .name = "length", | |
58 | .family = AF_INET6, | |
d3c5ee6d | 59 | .match = length_mt6, |
4470bbc7 PM |
60 | .matchsize = sizeof(struct xt_length_info), |
61 | .me = THIS_MODULE, | |
62 | }, | |
2e4e6a17 HW |
63 | }; |
64 | ||
d3c5ee6d | 65 | static int __init length_mt_init(void) |
2e4e6a17 | 66 | { |
d3c5ee6d | 67 | return xt_register_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg)); |
2e4e6a17 HW |
68 | } |
69 | ||
d3c5ee6d | 70 | static void __exit length_mt_exit(void) |
2e4e6a17 | 71 | { |
d3c5ee6d | 72 | xt_unregister_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg)); |
2e4e6a17 HW |
73 | } |
74 | ||
d3c5ee6d JE |
75 | module_init(length_mt_init); |
76 | module_exit(length_mt_exit); |