Linux Kernel
3.7.1
Main Page
Related Pages
Modules
Namespaces
Data Structures
Files
File List
Globals
All
Data Structures
Namespaces
Files
Functions
Variables
Typedefs
Enumerations
Enumerator
Macros
Groups
Pages
net
ipv6
netfilter
ip6t_mh.c
Go to the documentation of this file.
1
/*
2
* Copyright (C)2006 USAGI/WIDE Project
3
*
4
* This program is free software; you can redistribute it and/or modify
5
* it under the terms of the GNU General Public License version 2 as
6
* published by the Free Software Foundation.
7
*
8
* Author:
9
* Masahide NAKAMURA @USAGI <
[email protected]
>
10
*
11
* Based on net/netfilter/xt_tcpudp.c
12
*
13
*/
14
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15
#include <linux/types.h>
16
#include <linux/module.h>
17
#include <
net/ip.h
>
18
#include <linux/ipv6.h>
19
#include <
net/ipv6.h
>
20
#include <
net/mip6.h
>
21
22
#include <linux/netfilter/x_tables.h>
23
#include <
linux/netfilter_ipv6/ip6t_mh.h
>
24
25
MODULE_DESCRIPTION
(
"Xtables: IPv6 Mobility Header match"
);
26
MODULE_LICENSE
(
"GPL"
);
27
28
/* Returns 1 if the type is matched by the range, 0 otherwise */
29
static
inline
bool
30
type_match(
u_int8_t
min
,
u_int8_t
max
,
u_int8_t
type
,
bool
invert)
31
{
32
return
(type >= min && type <= max) ^ invert;
33
}
34
35
static
bool
mh_mt6(
const
struct
sk_buff
*
skb
,
struct
xt_action_param
*par)
36
{
37
struct
ip6_mh
_mh;
38
const
struct
ip6_mh
*mh;
39
const
struct
ip6t_mh
*mhinfo = par->
matchinfo
;
40
41
/* Must not be a fragment. */
42
if
(par->
fragoff
!= 0)
43
return
false
;
44
45
mh = skb_header_pointer(skb, par->
thoff
,
sizeof
(_mh), &_mh);
46
if
(mh ==
NULL
) {
47
/* We've been asked to examine this packet, and we
48
can't. Hence, no choice but to drop. */
49
pr_debug
(
"Dropping evil MH tinygram.\n"
);
50
par->
hotdrop
=
true
;
51
return
false
;
52
}
53
54
if
(mh->
ip6mh_proto
!=
IPPROTO_NONE
) {
55
pr_debug
(
"Dropping invalid MH Payload Proto: %u\n"
,
56
mh->
ip6mh_proto
);
57
par->
hotdrop
=
true
;
58
return
false
;
59
}
60
61
return
type_match(mhinfo->
types
[0], mhinfo->
types
[1], mh->
ip6mh_type
,
62
!!(mhinfo->
invflags
&
IP6T_MH_INV_TYPE
));
63
}
64
65
static
int
mh_mt6_check(
const
struct
xt_mtchk_param
*par)
66
{
67
const
struct
ip6t_mh
*mhinfo = par->
matchinfo
;
68
69
/* Must specify no unknown invflags */
70
return
(mhinfo->
invflags
& ~
IP6T_MH_INV_MASK
) ? -
EINVAL
: 0;
71
}
72
73
static
struct
xt_match
mh_mt6_reg
__read_mostly
= {
74
.name =
"mh"
,
75
.family =
NFPROTO_IPV6
,
76
.checkentry = mh_mt6_check,
77
.match = mh_mt6,
78
.matchsize =
sizeof
(
struct
ip6t_mh
),
79
.
proto
=
IPPROTO_MH
,
80
.me =
THIS_MODULE
,
81
};
82
83
static
int
__init
mh_mt6_init(
void
)
84
{
85
return
xt_register_match
(&mh_mt6_reg);
86
}
87
88
static
void
__exit
mh_mt6_exit(
void
)
89
{
90
xt_unregister_match
(&mh_mt6_reg);
91
}
92
93
module_init
(mh_mt6_init);
94
module_exit
(mh_mt6_exit);
Generated on Thu Jan 10 2013 14:59:24 for Linux Kernel by
1.8.2
1.8.2