Skip to content

C
clone-Linux

gsplhtlxg / clone-Linux

通知 2
Star 0
Fork 1
C
clone-Linux

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
ip6t_frag.c 4.3 KB
Newer Older
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 
/* Kernel module to match FRAG parameters. */

/* (C) 2001-2002 Andras Kis-Szabo <kisza@sch.bme.hu>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/ipv6.h>
#include <linux/types.h>
#include <net/checksum.h>
#include <net/ipv6.h>
J
[NETFILTER]: {ip,ip6}_tables: remove x_tables wrapper functions  
Jan Engelhardt 已提交
17 
#include <linux/netfilter/x_tables.h>
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 
#include <linux/netfilter_ipv6/ip6_tables.h>
#include <linux/netfilter_ipv6/ip6t_frag.h>

MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("IPv6 FRAG match");
MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");

#if 0
#define DEBUGP printk
#else
#define DEBUGP(format, args...)
#endif

/* Returns 1 if the id is matched by the range, 0 otherwise */
static inline int
id_match(u_int32_t min, u_int32_t max, u_int32_t id, int invert)
{
Y
[NETFILTER] ip6tables: whitespace and indent cosmetic cleanup  
Yasuyuki Kozakai 已提交
35 36 37 38 39 40 
	int r = 0;
	DEBUGP("frag id_match:%c 0x%x <= 0x%x <= 0x%x", invert ? '!' : ' ',
	       min, id, max);
	r = (id >= min && id <= max) ^ invert;
	DEBUGP(" result %s\n", r ? "PASS" : "FAILED");
	return r;
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
41 42 43 44 45 46 
}

static int
match(const struct sk_buff *skb,
      const struct net_device *in,
      const struct net_device *out,
P
[NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions  
Patrick McHardy 已提交
47 
      const struct xt_match *match,
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
48 49 50 51 52 
      const void *matchinfo,
      int offset,
      unsigned int protoff,
      int *hotdrop)
{
Y
[NETFILTER] ip6tables: whitespace and indent cosmetic cleanup  
Yasuyuki Kozakai 已提交
53 54 55 
	struct frag_hdr _frag, *fh;
	const struct ip6t_frag *fraginfo = matchinfo;
	unsigned int ptr;
P
[NETFILTER]: Fix ip6_tables extension header bypass bug  
Patrick McHardy 已提交
56 
	int err;
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
57
P
[NETFILTER]: Fix ip6_tables extension header bypass bug  
Patrick McHardy 已提交
58 59 60 61 
	err = ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL);
	if (err < 0) {
		if (err != -ENOENT)
			*hotdrop = 1;
Y
[NETFILTER] ip6tables: remove duplicate code  
Yasuyuki Kozakai 已提交
62 
		return 0;
P
[NETFILTER]: Fix ip6_tables extension header bypass bug  
Patrick McHardy 已提交
63 
	}
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
64
Y
[NETFILTER] ip6tables: remove duplicate code  
Yasuyuki Kozakai 已提交
65 
	fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
Y
[NETFILTER] ip6tables: whitespace and indent cosmetic cleanup  
Yasuyuki Kozakai 已提交
66 
	if (fh == NULL) {
Y
[NETFILTER] ip6tables: remove duplicate code  
Yasuyuki Kozakai 已提交
67 68 69 
		*hotdrop = 1;
		return 0;
	}
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
70
Y
[NETFILTER] ip6tables: whitespace and indent cosmetic cleanup  
Yasuyuki Kozakai 已提交
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 
	DEBUGP("INFO %04X ", fh->frag_off);
	DEBUGP("OFFSET %04X ", ntohs(fh->frag_off) & ~0x7);
	DEBUGP("RES %02X %04X", fh->reserved, ntohs(fh->frag_off) & 0x6);
	DEBUGP("MF %04X ", fh->frag_off & htons(IP6_MF));
	DEBUGP("ID %u %08X\n", ntohl(fh->identification),
	       ntohl(fh->identification));

	DEBUGP("IPv6 FRAG id %02X ",
	       (id_match(fraginfo->ids[0], fraginfo->ids[1],
			 ntohl(fh->identification),
			 !!(fraginfo->invflags & IP6T_FRAG_INV_IDS))));
	DEBUGP("res %02X %02X%04X %02X ",
	       (fraginfo->flags & IP6T_FRAG_RES), fh->reserved,
	       ntohs(fh->frag_off) & 0x6,
	       !((fraginfo->flags & IP6T_FRAG_RES)
		 && (fh->reserved || (ntohs(fh->frag_off) & 0x06))));
	DEBUGP("first %02X %02X %02X ",
	       (fraginfo->flags & IP6T_FRAG_FST),
	       ntohs(fh->frag_off) & ~0x7,
	       !((fraginfo->flags & IP6T_FRAG_FST)
		 && (ntohs(fh->frag_off) & ~0x7)));
	DEBUGP("mf %02X %02X %02X ",
	       (fraginfo->flags & IP6T_FRAG_MF),
	       ntohs(fh->frag_off) & IP6_MF,
	       !((fraginfo->flags & IP6T_FRAG_MF)
		 && !((ntohs(fh->frag_off) & IP6_MF))));
	DEBUGP("last %02X %02X %02X\n",
	       (fraginfo->flags & IP6T_FRAG_NMF),
	       ntohs(fh->frag_off) & IP6_MF,
	       !((fraginfo->flags & IP6T_FRAG_NMF)
		 && (ntohs(fh->frag_off) & IP6_MF)));

	return (fh != NULL)
	       &&
	       (id_match(fraginfo->ids[0], fraginfo->ids[1],
			 ntohl(fh->identification),
			 !!(fraginfo->invflags & IP6T_FRAG_INV_IDS)))
	       &&
	       !((fraginfo->flags & IP6T_FRAG_RES)
		 && (fh->reserved || (ntohs(fh->frag_off) & 0x6)))
	       &&
	       !((fraginfo->flags & IP6T_FRAG_FST)
		 && (ntohs(fh->frag_off) & ~0x7))
	       &&
	       !((fraginfo->flags & IP6T_FRAG_MF)
		 && !(ntohs(fh->frag_off) & IP6_MF))
	       &&
	       !((fraginfo->flags & IP6T_FRAG_NMF)
		 && (ntohs(fh->frag_off) & IP6_MF));
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
120 121 122 123 124 
}

/* Called when user tries to insert an entry of this type. */
static int
checkentry(const char *tablename,
Y
[NETFILTER] ip6tables: whitespace and indent cosmetic cleanup  
Yasuyuki Kozakai 已提交
125 
	   const void *ip,
P
[NETFILTER]: x_tables: add xt_{match,target} arguments to match/target functions  
Patrick McHardy 已提交
126 
	   const struct xt_match *match,
Y
[NETFILTER] ip6tables: whitespace and indent cosmetic cleanup  
Yasuyuki Kozakai 已提交
127 128 
	   void *matchinfo,
	   unsigned int hook_mask)
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
129 
{
Y
[NETFILTER] ip6tables: whitespace and indent cosmetic cleanup  
Yasuyuki Kozakai 已提交
130 131 132 133 134 135 136 
	const struct ip6t_frag *fraginfo = matchinfo;

	if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) {
		DEBUGP("ip6t_frag: unknown flags %X\n", fraginfo->invflags);
		return 0;
	}
	return 1;
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
137 138 
}
J
[NETFILTER]: {ip,ip6}_tables: remove x_tables wrapper functions  
Jan Engelhardt 已提交
139 
static struct xt_match frag_match = {
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
140 
	.name		= "frag",
J
[NETFILTER]: {ip,ip6}_tables: remove x_tables wrapper functions  
Jan Engelhardt 已提交
141 
	.family		= AF_INET6,
P
[NETFILTER]: Convert ip6_tables matches/targets to centralized error checking  
Patrick McHardy 已提交
142 143 144 
	.match		= match,
	.matchsize	= sizeof(struct ip6t_frag),
	.checkentry	= checkentry,
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
145 146 147 
	.me		= THIS_MODULE,
};
A
[NETFILTER]: Rename init functions.  
Andrew Morton 已提交
148 
static int __init ip6t_frag_init(void)
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
149 
{
J
[NETFILTER]: {ip,ip6}_tables: remove x_tables wrapper functions  
Jan Engelhardt 已提交
150 
	return xt_register_match(&frag_match);
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
151 152 
}
A
[NETFILTER]: Rename init functions.  
Andrew Morton 已提交
153 
static void __exit ip6t_frag_fini(void)
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
154 
{
J
[NETFILTER]: {ip,ip6}_tables: remove x_tables wrapper functions  
Jan Engelhardt 已提交
155 
	xt_unregister_match(&frag_match);
L
Linux-2.6.12-rc2  
Linus Torvalds 已提交
156 157 
}
A
[NETFILTER]: Rename init functions.  
Andrew Morton 已提交
158 159 
module_init(ip6t_frag_init);
module_exit(ip6t_frag_fini);