1 /* Kernel module to match Hop-by-Hop and Destination parameters. */
3 /* (C) 2001-2002 Andras Kis-Szabo <kisza@sch.bme.hu>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
10 #include <linux/module.h>
11 #include <linux/skbuff.h>
12 #include <linux/ipv6.h>
13 #include <linux/types.h>
14 #include <net/checksum.h>
17 #include <asm/byteorder.h>
19 #include <linux/netfilter/x_tables.h>
20 #include <linux/netfilter_ipv6/ip6_tables.h>
21 #include <linux/netfilter_ipv6/ip6t_opts.h>
23 MODULE_LICENSE("GPL");
24 MODULE_DESCRIPTION("IPv6 opts match");
25 MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
26 MODULE_ALIAS("ip6t_dst");
31 #define DEBUGP(format, args...)
37 * 1 -> must drop the packet
38 * 2 -> send ICMP PARM PROB regardless and drop packet
39 * 3 -> Send ICMP if not a multicast address and drop packet
42 * 1 -> can change the routing
44 * 0 -> Pad1 (only 1 byte!)
45 * 1 -> PadN LENGTH info (total length = length + 2)
46 * C0 | 2 -> JUMBO 4 x x x x ( xxxx > 64k )
51 match(const struct sk_buff *skb,
52 const struct net_device *in,
53 const struct net_device *out,
54 const struct xt_match *match,
55 const void *matchinfo,
60 struct ipv6_opt_hdr _optsh;
61 const struct ipv6_opt_hdr *oh;
62 const struct ip6t_opts *optinfo = matchinfo;
65 unsigned int hdrlen = 0;
69 const u_int8_t *tp = NULL;
70 const u_int8_t *lp = NULL;
74 err = ipv6_find_hdr(skb, &ptr, match->data, NULL);
81 oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
87 hdrlen = ipv6_optlen(oh);
88 if (skb->len - ptr < hdrlen) {
89 /* Packet smaller than it's length field */
93 DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
95 DEBUGP("len %02X %04X %02X ",
96 optinfo->hdrlen, hdrlen,
97 (!(optinfo->flags & IP6T_OPTS_LEN) ||
98 ((optinfo->hdrlen == hdrlen) ^
99 !!(optinfo->invflags & IP6T_OPTS_INV_LEN))));
101 ret = (oh != NULL) &&
102 (!(optinfo->flags & IP6T_OPTS_LEN) ||
103 ((optinfo->hdrlen == hdrlen) ^
104 !!(optinfo->invflags & IP6T_OPTS_INV_LEN)));
108 if (!(optinfo->flags & IP6T_OPTS_OPTS)) {
110 } else if (optinfo->flags & IP6T_OPTS_NSTRICT) {
111 DEBUGP("Not strict - not implemented");
114 DEBUGP("#%d ", optinfo->optsnr);
115 for (temp = 0; temp < optinfo->optsnr; temp++) {
116 /* type field exists ? */
119 tp = skb_header_pointer(skb, ptr, sizeof(_opttype),
125 if (*tp != (optinfo->opts[temp] & 0xFF00) >> 8) {
126 DEBUGP("Tbad %02X %02X\n",
128 (optinfo->opts[temp] & 0xFF00) >> 8);
137 /* length field exists ? */
140 lp = skb_header_pointer(skb, ptr + 1,
145 spec_len = optinfo->opts[temp] & 0x00FF;
147 if (spec_len != 0x00FF && spec_len != *lp) {
148 DEBUGP("Lbad %02X %04X\n", *lp,
159 /* Step to the next */
160 DEBUGP("len%04X \n", optlen);
162 if ((ptr > skb->len - optlen || hdrlen < optlen) &&
163 temp < optinfo->optsnr - 1) {
164 DEBUGP("new pointer is too large! \n");
170 if (temp == optinfo->optsnr)
179 /* Called when user tries to insert an entry of this type. */
181 checkentry(const char *tablename,
183 const struct xt_match *match,
185 unsigned int hook_mask)
187 const struct ip6t_opts *optsinfo = matchinfo;
189 if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
190 DEBUGP("ip6t_opts: unknown flags %X\n", optsinfo->invflags);
196 static struct xt_match opts_match[] = {
201 .matchsize = sizeof(struct ip6t_opts),
202 .checkentry = checkentry,
210 .matchsize = sizeof(struct ip6t_opts),
211 .checkentry = checkentry,
213 .data = NEXTHDR_DEST,
217 static int __init ip6t_hbh_init(void)
219 return xt_register_matches(opts_match, ARRAY_SIZE(opts_match));
222 static void __exit ip6t_hbh_fini(void)
224 xt_unregister_matches(opts_match, ARRAY_SIZE(opts_match));
227 module_init(ip6t_hbh_init);
228 module_exit(ip6t_hbh_fini);
git://ftp.safe.ca / safe / jmp / linux-2.6 / blob