1 /* Kernel module to match Hop-by-Hop and Destination parameters. */
3 /* (C) 2001-2002 Andras Kis-Szabo <kisza@sch.bme.hu>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
10 #include <linux/module.h>
11 #include <linux/skbuff.h>
12 #include <linux/ipv6.h>
13 #include <linux/types.h>
14 #include <net/checksum.h>
17 #include <asm/byteorder.h>
19 #include <linux/netfilter_ipv6/ip6_tables.h>
20 #include <linux/netfilter_ipv6/ip6t_opts.h>
22 MODULE_LICENSE("GPL");
23 MODULE_DESCRIPTION("IPv6 opts match");
24 MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
25 MODULE_ALIAS("ip6t_dst");
30 #define DEBUGP(format, args...)
36 * 1 -> must drop the packet
37 * 2 -> send ICMP PARM PROB regardless and drop packet
38 * 3 -> Send ICMP if not a multicast address and drop packet
41 * 1 -> can change the routing
43 * 0 -> Pad1 (only 1 byte!)
44 * 1 -> PadN LENGTH info (total length = length + 2)
45 * C0 | 2 -> JUMBO 4 x x x x ( xxxx > 64k )
50 match(const struct sk_buff *skb,
51 const struct net_device *in,
52 const struct net_device *out,
53 const struct xt_match *match,
54 const void *matchinfo,
59 struct ipv6_opt_hdr _optsh, *oh;
60 const struct ip6t_opts *optinfo = matchinfo;
63 unsigned int hdrlen = 0;
65 u8 _opttype, *tp = NULL;
66 u8 _optlen, *lp = NULL;
70 err = ipv6_find_hdr(skb, &ptr, match->data, NULL);
77 oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
83 hdrlen = ipv6_optlen(oh);
84 if (skb->len - ptr < hdrlen) {
85 /* Packet smaller than it's length field */
89 DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
91 DEBUGP("len %02X %04X %02X ",
92 optinfo->hdrlen, hdrlen,
93 (!(optinfo->flags & IP6T_OPTS_LEN) ||
94 ((optinfo->hdrlen == hdrlen) ^
95 !!(optinfo->invflags & IP6T_OPTS_INV_LEN))));
98 (!(optinfo->flags & IP6T_OPTS_LEN) ||
99 ((optinfo->hdrlen == hdrlen) ^
100 !!(optinfo->invflags & IP6T_OPTS_INV_LEN)));
104 if (!(optinfo->flags & IP6T_OPTS_OPTS)) {
106 } else if (optinfo->flags & IP6T_OPTS_NSTRICT) {
107 DEBUGP("Not strict - not implemented");
110 DEBUGP("#%d ", optinfo->optsnr);
111 for (temp = 0; temp < optinfo->optsnr; temp++) {
112 /* type field exists ? */
115 tp = skb_header_pointer(skb, ptr, sizeof(_opttype),
121 if (*tp != (optinfo->opts[temp] & 0xFF00) >> 8) {
122 DEBUGP("Tbad %02X %02X\n",
124 (optinfo->opts[temp] & 0xFF00) >> 8);
133 /* length field exists ? */
136 lp = skb_header_pointer(skb, ptr + 1,
141 spec_len = optinfo->opts[temp] & 0x00FF;
143 if (spec_len != 0x00FF && spec_len != *lp) {
144 DEBUGP("Lbad %02X %04X\n", *lp,
155 /* Step to the next */
156 DEBUGP("len%04X \n", optlen);
158 if ((ptr > skb->len - optlen || hdrlen < optlen) &&
159 (temp < optinfo->optsnr - 1)) {
160 DEBUGP("new pointer is too large! \n");
166 if (temp == optinfo->optsnr)
175 /* Called when user tries to insert an entry of this type. */
177 checkentry(const char *tablename,
179 const struct xt_match *match,
181 unsigned int hook_mask)
183 const struct ip6t_opts *optsinfo = matchinfo;
185 if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
186 DEBUGP("ip6t_opts: unknown flags %X\n", optsinfo->invflags);
192 static struct xt_match opts_match[] = {
197 .matchsize = sizeof(struct ip6t_opts),
198 .checkentry = checkentry,
206 .matchsize = sizeof(struct ip6t_opts),
207 .checkentry = checkentry,
209 .data = NEXTHDR_DEST,
213 static int __init ip6t_hbh_init(void)
215 return xt_register_matches(opts_match, ARRAY_SIZE(opts_match));
218 static void __exit ip6t_hbh_fini(void)
220 xt_unregister_matches(opts_match, ARRAY_SIZE(opts_match));
223 module_init(ip6t_hbh_init);
224 module_exit(ip6t_hbh_fini);
git://git.onelab.eu / linux-2.6.git / blob