projects / mirror_ubuntu-bionic-kernel.git / blame
| Commit | Line | Data |
|---|---|---|
| 2e4e6a17 HW |
1 | /* Kernel module to match packet length. */ |
| 2 | /* (C) 1999-2001 James Morris <jmorros@intercode.com.au> | |
| 3 | * | |
| 4 | * This program is free software; you can redistribute it and/or modify | |
| 5 | * it under the terms of the GNU General Public License version 2 as | |
| 6 | * published by the Free Software Foundation. | |
| 7 | */ | |
| 8 | ||
| 9 | #include <linux/module.h> | |
| 10 | #include <linux/skbuff.h> | |
| 11 | #include <net/ip.h> | |
| 12 | ||
| 13 | #include <linux/netfilter/xt_length.h> | |
| 14 | #include <linux/netfilter/x_tables.h> | |
| 15 | ||
| 16 | MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>"); | |
| 17 | MODULE_DESCRIPTION("IP tables packet length matching module"); | |
| 18 | MODULE_LICENSE("GPL"); | |
| 19 | MODULE_ALIAS("ipt_length"); | |
| 20 | MODULE_ALIAS("ip6t_length"); | |
| 21 | ||
| 22 | static int | |
| 23 | match(const struct sk_buff *skb, | |
| 24 | const struct net_device *in, | |
| 25 | const struct net_device *out, | |
| 26 | const void *matchinfo, | |
| 27 | int offset, | |
| 28 | unsigned int protoff, | |
| 29 | int *hotdrop) | |
| 30 | { | |
| 31 | const struct xt_length_info *info = matchinfo; | |
| 32 | u_int16_t pktlen = ntohs(skb->nh.iph->tot_len); | |
| 33 | ||
| 34 | return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; | |
| 35 | } | |
| 36 | ||
| 37 | static int | |
| 38 | match6(const struct sk_buff *skb, | |
| 39 | const struct net_device *in, | |
| 40 | const struct net_device *out, | |
| 41 | const void *matchinfo, | |
| 42 | int offset, | |
| 43 | unsigned int protoff, | |
| 44 | int *hotdrop) | |
| 45 | { | |
| 46 | const struct xt_length_info *info = matchinfo; | |
| 47 | u_int16_t pktlen = ntohs(skb->nh.ipv6h->payload_len) + sizeof(struct ipv6hdr); | |
| 48 | ||
| 49 | return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; | |
| 50 | } | |
| 51 | ||
| 52 | static int | |
| 53 | checkentry(const char *tablename, | |
| 54 | const void *ip, | |
| 55 | void *matchinfo, | |
| 56 | unsigned int matchsize, | |
| 57 | unsigned int hook_mask) | |
| 58 | { | |
| 59 | if (matchsize != XT_ALIGN(sizeof(struct xt_length_info))) | |
| 60 | return 0; | |
| 61 | ||
| 62 | return 1; | |
| 63 | } | |
| 64 | ||
| 65 | static struct xt_match length_match = { | |
| 66 | .name = "length", | |
| 67 | .match = &match, | |
| 68 | .checkentry = &checkentry, | |
| 69 | .me = THIS_MODULE, | |
| 70 | }; | |
| 71 | static struct xt_match length6_match = { | |
| 72 | .name = "length", | |
| 73 | .match = &match6, | |
| 74 | .checkentry = &checkentry, | |
| 75 | .me = THIS_MODULE, | |
| 76 | }; | |
| 77 | ||
| 78 | static int __init init(void) | |
| 79 | { | |
| 80 | int ret; | |
| 81 | ret = xt_register_match(AF_INET, &length_match); | |
| 82 | if (ret) | |
| 83 | return ret; | |
| 84 | ret = xt_register_match(AF_INET6, &length6_match); | |
| 85 | if (ret) | |
| 86 | xt_unregister_match(AF_INET, &length_match); | |
| 87 | ||
| 88 | return ret; | |
| 89 | } | |
| 90 | ||
| 91 | static void __exit fini(void) | |
| 92 | { | |
| 93 | xt_unregister_match(AF_INET, &length_match); | |
| 94 | xt_unregister_match(AF_INET6, &length6_match); | |
| 95 | } | |
| 96 | ||
| 97 | module_init(init); | |
| 98 | module_exit(fini); |