Linux Kernel  3.7.1
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
ip6t_mh.c
Go to the documentation of this file.
1 /*
2  * Copyright (C)2006 USAGI/WIDE Project
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License version 2 as
6  * published by the Free Software Foundation.
7  *
8  * Author:
9  * Masahide NAKAMURA @USAGI <masahide.nakamura.cz@hitachi.com>
10  *
11  * Based on net/netfilter/xt_tcpudp.c
12  *
13  */
14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
15 #include <linux/types.h>
16 #include <linux/module.h>
17 #include <net/ip.h>
18 #include <linux/ipv6.h>
19 #include <net/ipv6.h>
20 #include <net/mip6.h>
21 
22 #include <linux/netfilter/x_tables.h>
23 #include <linux/netfilter_ipv6/ip6t_mh.h>
24 
25 MODULE_DESCRIPTION("Xtables: IPv6 Mobility Header match");
26 MODULE_LICENSE("GPL");
27 
28 /* Returns 1 if the type is matched by the range, 0 otherwise */
29 static inline bool
30 type_match(u_int8_t min, u_int8_t max, u_int8_t type, bool invert)
31 {
32  return (type >= min && type <= max) ^ invert;
33 }
34 
35 static bool mh_mt6(const struct sk_buff *skb, struct xt_action_param *par)
36 {
37  struct ip6_mh _mh;
38  const struct ip6_mh *mh;
39  const struct ip6t_mh *mhinfo = par->matchinfo;
40 
41  /* Must not be a fragment. */
42  if (par->fragoff != 0)
43  return false;
44 
45  mh = skb_header_pointer(skb, par->thoff, sizeof(_mh), &_mh);
46  if (mh == NULL) {
47  /* We've been asked to examine this packet, and we
48  can't. Hence, no choice but to drop. */
49  pr_debug("Dropping evil MH tinygram.\n");
50  par->hotdrop = true;
51  return false;
52  }
53 
54  if (mh->ip6mh_proto != IPPROTO_NONE) {
55  pr_debug("Dropping invalid MH Payload Proto: %u\n",
56  mh->ip6mh_proto);
57  par->hotdrop = true;
58  return false;
59  }
60 
61  return type_match(mhinfo->types[0], mhinfo->types[1], mh->ip6mh_type,
62  !!(mhinfo->invflags & IP6T_MH_INV_TYPE));
63 }
64 
65 static int mh_mt6_check(const struct xt_mtchk_param *par)
66 {
67  const struct ip6t_mh *mhinfo = par->matchinfo;
68 
69  /* Must specify no unknown invflags */
70  return (mhinfo->invflags & ~IP6T_MH_INV_MASK) ? -EINVAL : 0;
71 }
72 
73 static struct xt_match mh_mt6_reg __read_mostly = {
74  .name = "mh",
75  .family = NFPROTO_IPV6,
76  .checkentry = mh_mt6_check,
77  .match = mh_mt6,
78  .matchsize = sizeof(struct ip6t_mh),
79  .proto = IPPROTO_MH,
80  .me = THIS_MODULE,
81 };
82 
83 static int __init mh_mt6_init(void)
84 {
85  return xt_register_match(&mh_mt6_reg);
86 }
87 
88 static void __exit mh_mt6_exit(void)
89 {
90  xt_unregister_match(&mh_mt6_reg);
91 }
92 
93 module_init(mh_mt6_init);
94 module_exit(mh_mt6_exit);
Generated on Thu Jan 10 2013 14:59:24 for Linux Kernel by   doxygen 1.8.2