17 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
20 #include <linux/module.h>
22 #include <linux/icmpv6.h>
23 #include <linux/netdevice.h>
31 #include <linux/netfilter/x_tables.h>
32 #include <linux/netfilter_ipv6/ip6_tables.h>
40 static void send_reset(
struct net *
net,
struct sk_buff *oldskb)
43 struct tcphdr otcph, *tcph;
44 unsigned int otcplen, hh_len;
45 int tcphoff, needs_ack;
46 const struct ipv6hdr *oip6h = ipv6_hdr(oldskb);
48 #define DEFAULT_TOS_VALUE 0x0U
64 if ((tcphoff < 0) || (tcphoff > oldskb->
len)) {
65 pr_debug(
"Cannot get TCP header.\n");
69 otcplen = oldskb->
len - tcphoff;
73 pr_debug(
"proto(%d) != IPPROTO_TCP, "
74 "or too short. otcplen = %d\n",
91 pr_debug(
"TCP checksum is invalid\n");
95 memset(&fl6, 0,
sizeof(fl6));
97 fl6.saddr = oip6h->
daddr;
98 fl6.daddr = oip6h->
saddr;
99 fl6.fl6_sport = otcph.dest;
100 fl6.fl6_dport = otcph.source;
101 security_skb_classify_flow(oldskb, flowi6_to_flowi(&fl6));
111 hh_len = (dst->
dev->hard_header_len + 15)&~15;
122 skb_dst_set(nskb, dst);
127 skb_reset_network_header(nskb);
128 ip6h = ipv6_hdr(nskb);
129 *(
__be32 *)ip6h =
htonl(0x60000000 | (tclass << 20));
137 tcph->doff =
sizeof(
struct tcphdr)/4;
138 tcph->
source = otcph.dest;
139 tcph->
dest = otcph.source;
143 tcph->
seq = otcph.ack_seq;
148 + otcplen - (otcph.doff<<2));
155 tcph->ack = needs_ack;
162 &ipv6_hdr(nskb)->
daddr,
165 sizeof(
struct tcphdr), 0));
167 nf_ct_attach(nskb, oldskb);
173 send_unreach(
struct net *net,
struct sk_buff *skb_in,
unsigned char code,
186 struct net *net = dev_net((par->
in !=
NULL) ? par->
in : par->
out);
188 pr_debug(
"%s: medium point\n", __func__);
189 switch (reject->
with) {
209 send_reset(net, skb);
225 pr_info(
"ECHOREPLY is not supported.\n");
231 pr_info(
"TCP_RESET illegal for non-tcp\n");
241 .target = reject_tg6,
246 .checkentry = reject_tg6_check,
250 static int __init reject_tg6_init(
void)
255 static void __exit reject_tg6_exit(
void)