SAFE public projects git trees. - safe/jmp/linux-2.6/blob - net/ipv6/netfilter/ip6t_HL.c

   1 /*
   2  * Hop Limit modification target for ip6tables
   3  * Maciej Soltysiak <solt@dns.toxicfilms.tv>
   4  * Based on HW's TTL module
   5  *
   6  * This software is distributed under the terms of GNU GPL
   7  */
   8
   9 #include <linux/module.h>
  10 #include <linux/skbuff.h>
  11 #include <linux/ip.h>
  12 #include <linux/ipv6.h>
  13
  14 #include <linux/netfilter/x_tables.h>
  15 #include <linux/netfilter_ipv6/ip6t_HL.h>
  16
  17 MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
  18 MODULE_DESCRIPTION("IP6 tables Hop Limit modification module");
  19 MODULE_LICENSE("GPL");
  20
  21 static unsigned int
  22 hl_tg6(struct sk_buff *skb, const struct net_device *in,
  23        const struct net_device *out, unsigned int hooknum,
  24        const struct xt_target *target, const void *targinfo)
  25 {
  26         struct ipv6hdr *ip6h;
  27         const struct ip6t_HL_info *info = targinfo;
  28         int new_hl;
  29
  30         if (!skb_make_writable(skb, skb->len))
  31                 return NF_DROP;
  32
  33         ip6h = ipv6_hdr(skb);
  34
  35         switch (info->mode) {
  36                 case IP6T_HL_SET:
  37                         new_hl = info->hop_limit;
  38                         break;
  39                 case IP6T_HL_INC:
  40                         new_hl = ip6h->hop_limit + info->hop_limit;
  41                         if (new_hl > 255)
  42                                 new_hl = 255;
  43                         break;
  44                 case IP6T_HL_DEC:
  45                         new_hl = ip6h->hop_limit - info->hop_limit;
  46                         if (new_hl < 0)
  47                                 new_hl = 0;
  48                         break;
  49                 default:
  50                         new_hl = ip6h->hop_limit;
  51                         break;
  52         }
  53
  54         ip6h->hop_limit = new_hl;
  55
  56         return XT_CONTINUE;
  57 }
  58
  59 static bool
  60 hl_tg6_check(const char *tablename, const void *entry,
  61              const struct xt_target *target, void *targinfo,
  62              unsigned int hook_mask)
  63 {
  64         const struct ip6t_HL_info *info = targinfo;
  65
  66         if (info->mode > IP6T_HL_MAXMODE) {
  67                 printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
  68                         info->mode);
  69                 return false;
  70         }
  71         if (info->mode != IP6T_HL_SET && info->hop_limit == 0) {
  72                 printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
  73                         "make sense with value 0\n");
  74                 return false;
  75         }
  76         return true;
  77 }
  78
  79 static struct xt_target hl_tg6_reg __read_mostly = {
  80         .name           = "HL",
  81         .family         = AF_INET6,
  82         .target         = hl_tg6,
  83         .targetsize     = sizeof(struct ip6t_HL_info),
  84         .table          = "mangle",
  85         .checkentry     = hl_tg6_check,
  86         .me             = THIS_MODULE
  87 };
  88
  89 static int __init hl_tg6_init(void)
  90 {
  91         return xt_register_target(&hl_tg6_reg);
  92 }
  93
  94 static void __exit hl_tg6_exit(void)
  95 {
  96         xt_unregister_target(&hl_tg6_reg);
  97 }
  98
  99 module_init(hl_tg6_init);
 100 module_exit(hl_tg6_exit);