Linux Kernel
3.7.1
Main Page
Related Pages
Modules
Namespaces
Data Structures
Files
File List
Globals
All
Data Structures
Namespaces
Files
Functions
Variables
Typedefs
Enumerations
Enumerator
Macros
Groups
Pages
net
netfilter
xt_u32.c
Go to the documentation of this file.
1
/*
2
* xt_u32 - kernel module to match u32 packet content
3
*
4
* Original author: Don Cohen <
[email protected]
>
5
* (C) CC Computer Consultants GmbH, 2007
6
*/
7
8
#include <linux/module.h>
9
#include <
linux/moduleparam.h
>
10
#include <
linux/spinlock.h
>
11
#include <
linux/skbuff.h
>
12
#include <linux/types.h>
13
#include <linux/netfilter/x_tables.h>
14
#include <
linux/netfilter/xt_u32.h
>
15
16
static
bool
u32_match_it(
const
struct
xt_u32
*
data
,
17
const
struct
sk_buff
*
skb
)
18
{
19
const
struct
xt_u32_test
*
ct
;
20
unsigned
int
testind;
21
unsigned
int
nnums
;
22
unsigned
int
nvals;
23
unsigned
int
i
;
24
__be32
n
;
25
u_int32_t
pos
;
26
u_int32_t
val
;
27
u_int32_t
at
;
28
29
/*
30
* Small example: "0 >> 28 == 4 && 8 & 0xFF0000 >> 16 = 6, 17"
31
* (=IPv4 and (TCP or UDP)). Outer loop runs over the "&&" operands.
32
*/
33
for
(testind = 0; testind < data->
ntests
; ++testind) {
34
ct = &data->
tests
[testind];
35
at = 0;
36
pos = ct->
location
[0].number;
37
38
if
(skb->
len
< 4 || pos > skb->
len
- 4)
39
return
false
;
40
41
if
(
skb_copy_bits
(skb, pos, &n,
sizeof
(n)) < 0)
42
BUG
();
43
val =
ntohl
(n);
44
nnums = ct->
nnums
;
45
46
/* Inner loop runs over "&", "<<", ">>" and "@" operands */
47
for
(i = 1; i <
nnums
; ++
i
) {
48
u_int32_t
number
= ct->
location
[
i
].number;
49
switch
(ct->
location
[i].nextop) {
50
case
XT_U32_AND
:
51
val &= number;
52
break
;
53
case
XT_U32_LEFTSH
:
54
val <<= number;
55
break
;
56
case
XT_U32_RIGHTSH
:
57
val >>= number;
58
break
;
59
case
XT_U32_AT
:
60
if
(at + val < at)
61
return
false
;
62
at +=
val
;
63
pos = number;
64
if
(at + 4 < at || skb->
len
< at + 4 ||
65
pos > skb->
len
- at - 4)
66
return
false
;
67
68
if
(
skb_copy_bits
(skb, at + pos, &n,
69
sizeof
(n)) < 0)
70
BUG
();
71
val =
ntohl
(n);
72
break
;
73
}
74
}
75
76
/* Run over the "," and ":" operands */
77
nvals = ct->
nvalues
;
78
for
(i = 0; i < nvals; ++
i
)
79
if
(ct->
value
[i].min <= val && val <= ct->
value
[i].max)
80
break
;
81
82
if
(i >= ct->
nvalues
)
83
return
false
;
84
}
85
86
return
true
;
87
}
88
89
static
bool
u32_mt(
const
struct
sk_buff
*skb,
struct
xt_action_param
*par)
90
{
91
const
struct
xt_u32
*data = par->
matchinfo
;
92
bool
ret
;
93
94
ret = u32_match_it(data, skb);
95
return
ret ^ data->
invert
;
96
}
97
98
static
struct
xt_match
xt_u32_mt_reg
__read_mostly
= {
99
.name =
"u32"
,
100
.revision = 0,
101
.family =
NFPROTO_UNSPEC
,
102
.match = u32_mt,
103
.matchsize =
sizeof
(
struct
xt_u32
),
104
.me =
THIS_MODULE
,
105
};
106
107
static
int
__init
u32_mt_init(
void
)
108
{
109
return
xt_register_match
(&xt_u32_mt_reg);
110
}
111
112
static
void
__exit
u32_mt_exit(
void
)
113
{
114
xt_unregister_match
(&xt_u32_mt_reg);
115
}
116
117
module_init
(u32_mt_init);
118
module_exit
(u32_mt_exit);
119
MODULE_AUTHOR
(
"Jan Engelhardt <
[email protected]
>"
);
120
MODULE_DESCRIPTION
(
"Xtables: arbitrary byte matching"
);
121
MODULE_LICENSE
(
"GPL"
);
122
MODULE_ALIAS
(
"ipt_u32"
);
123
MODULE_ALIAS
(
"ip6t_u32"
);
Generated on Thu Jan 10 2013 15:01:01 for Linux Kernel by
1.8.2
1.8.2