URL https://opencores.org/ocsvn/or1k/or1k/trunk

Subversion Repositories or1k

[/] [or1k/] [trunk/] [linux/] [linux-2.4/] [net/] [ipv6/] [netfilter/] [ip6t_esp.c] - Blame information for rev 1275

Go to most recent revision | Details | Compare with Previous | View Log


/* Kernel module to match ESP parameters. */
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/ipv6.h>
#include <linux/types.h>
#include <net/checksum.h>
#include <net/ipv6.h>
 
#include <linux/netfilter_ipv6/ip6_tables.h>
#include <linux/netfilter_ipv6/ip6t_esp.h>
 
EXPORT_NO_SYMBOLS;
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("IPv6 ESP match");
MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
 
#if 0
#define DEBUGP printk
#else
#define DEBUGP(format, args...)
#endif
 
struct esphdr {
        __u32   spi;
};
 
/* Returns 1 if the spi is matched by the range, 0 otherwise */
static inline int
spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
{
        int r=0;
        DEBUGP("esp spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ',
                min,spi,max);
        r=(spi >= min && spi <= max) ^ invert;
        DEBUGP(" result %s\n",r? "PASS\n" : "FAILED\n");
        return r;
}
 
static int
match(const struct sk_buff *skb,
      const struct net_device *in,
      const struct net_device *out,
      const void *matchinfo,
      int offset,
      const void *protohdr,
      u_int16_t datalen,
      int *hotdrop)
{
        struct esphdr *esp = NULL;
        const struct ip6t_esp *espinfo = matchinfo;
        unsigned int temp;
        int len;
        u8 nexthdr;
        unsigned int ptr;
 
        /* Make sure this isn't an evil packet */
        /*DEBUGP("ipv6_esp entered \n");*/
 
        /* type of the 1st exthdr */
        nexthdr = skb->nh.ipv6h->nexthdr;
        /* pointer to the 1st exthdr */
        ptr = sizeof(struct ipv6hdr);
        /* available length */
        len = skb->len - ptr;
        temp = 0;
 
        while (ip6t_ext_hdr(nexthdr)) {
                struct ipv6_opt_hdr *hdr;
                int hdrlen;
 
                DEBUGP("ipv6_esp header iteration \n");
 
                /* Is there enough space for the next ext header? */
                if (len < (int)sizeof(struct ipv6_opt_hdr))
                        return 0;
                /* No more exthdr -> evaluate */
                if (nexthdr == NEXTHDR_NONE) {
                        break;
                }
                /* ESP -> evaluate */
                if (nexthdr == NEXTHDR_ESP) {
                        temp |= MASK_ESP;
                        break;
                }
 
                hdr=(struct ipv6_opt_hdr *)skb->data+ptr;
 
                /* Calculate the header length */
                if (nexthdr == NEXTHDR_FRAGMENT) {
                        hdrlen = 8;
                } else if (nexthdr == NEXTHDR_AUTH)
                        hdrlen = (hdr->hdrlen+2)<<2;
                else
                        hdrlen = ipv6_optlen(hdr);
 
                /* set the flag */
                switch (nexthdr){
                        case NEXTHDR_HOP:
                        case NEXTHDR_ROUTING:
                        case NEXTHDR_FRAGMENT:
                        case NEXTHDR_AUTH:
                        case NEXTHDR_DEST:
                                break;
                        default:
                                DEBUGP("ipv6_esp match: unknown nextheader %u\n",nexthdr);
                                return 0;
                                break;
                }
 
                nexthdr = hdr->nexthdr;
                len -= hdrlen;
                ptr += hdrlen;
                if ( ptr > skb->len ) {
                        DEBUGP("ipv6_esp: new pointer too large! \n");
                        break;
                }
        }
 
        /* ESP header not found */
        if ( temp != MASK_ESP ) return 0;
 
       if (len < (int)sizeof(struct esphdr)){
               *hotdrop = 1;
                return 0;
       }
 
        esp = (struct esphdr *) (skb->data + ptr);
 
        DEBUGP("IPv6 ESP SPI %u %08X\n", ntohl(esp->spi), ntohl(esp->spi));
 
        return (esp != NULL)
                && spi_match(espinfo->spis[0], espinfo->spis[1],
                              ntohl(esp->spi),
                              !!(espinfo->invflags & IP6T_ESP_INV_SPI));
}
 
/* Called when user tries to insert an entry of this type. */
static int
checkentry(const char *tablename,
           const struct ip6t_ip6 *ip,
           void *matchinfo,
           unsigned int matchinfosize,
           unsigned int hook_mask)
{
        const struct ip6t_esp *espinfo = matchinfo;
 
        if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_esp))) {
                DEBUGP("ip6t_esp: matchsize %u != %u\n",
                         matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_esp)));
                return 0;
        }
        if (espinfo->invflags & ~IP6T_ESP_INV_MASK) {
                DEBUGP("ip6t_esp: unknown flags %X\n",
                         espinfo->invflags);
                return 0;
        }
 
        return 1;
}
 
static struct ip6t_match esp_match
= { { NULL, NULL }, "esp", &match, &checkentry, NULL, THIS_MODULE };
 
static int __init init(void)
{
        return ip6t_register_match(&esp_match);
}
 
static void __exit cleanup(void)
{
        ip6t_unregister_match(&esp_match);
}
 
module_init(init);
module_exit(cleanup);

Line No.	Rev	Author	Line
1	1275	phoenix	`/* Kernel module to match ESP parameters. */`
2			`#include <linux/module.h>`
3			`#include <linux/skbuff.h>`
4			`#include <linux/ipv6.h>`
5			`#include <linux/types.h>`
6			`#include <net/checksum.h>`
7			`#include <net/ipv6.h>`
8
9			`#include <linux/netfilter_ipv6/ip6_tables.h>`
10			`#include <linux/netfilter_ipv6/ip6t_esp.h>`
11
12			`EXPORT_NO_SYMBOLS;`
13			`MODULE_LICENSE("GPL");`
14			`MODULE_DESCRIPTION("IPv6 ESP match");`
15			`MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");`
16
17			`#if 0`
18			`#define DEBUGP printk`
19			`#else`
20			`#define DEBUGP(format, args...)`
21			`#endif`
22
23			`struct esphdr {`
24			`__u32 spi;`
25			`};`
26
27			`/* Returns 1 if the spi is matched by the range, 0 otherwise */`
28			`static inline int`
29			`spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)`
30			`{`
31			`int r=0;`
32			`DEBUGP("esp spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ',`
33			`min,spi,max);`
34			`r=(spi >= min && spi <= max) ^ invert;`
35			`DEBUGP(" result %s\n",r? "PASS\n" : "FAILED\n");`
36			`return r;`
37			`}`
38
39			`static int`
40			`match(const struct sk_buff *skb,`
41			`const struct net_device *in,`
42			`const struct net_device *out,`
43			`const void *matchinfo,`
44			`int offset,`
45			`const void *protohdr,`
46			`u_int16_t datalen,`
47			`int *hotdrop)`
48			`{`
49			`struct esphdr *esp = NULL;`
50			`const struct ip6t_esp *espinfo = matchinfo;`
51			`unsigned int temp;`
52			`int len;`
53			`u8 nexthdr;`
54			`unsigned int ptr;`
55
56			`/* Make sure this isn't an evil packet */`
57			`/DEBUGP("ipv6_esp entered \n");/`
58
59			`/* type of the 1st exthdr */`
60			`nexthdr = skb->nh.ipv6h->nexthdr;`
61			`/* pointer to the 1st exthdr */`
62			`ptr = sizeof(struct ipv6hdr);`
63			`/* available length */`
64			`len = skb->len - ptr;`
65			`temp = 0;`
66
67			`while (ip6t_ext_hdr(nexthdr)) {`
68			`struct ipv6_opt_hdr *hdr;`
69			`int hdrlen;`
70
71			`DEBUGP("ipv6_esp header iteration \n");`
72
73			`/* Is there enough space for the next ext header? */`
74			`if (len < (int)sizeof(struct ipv6_opt_hdr))`
75			`return 0;`
76			`/* No more exthdr -> evaluate */`
77			`if (nexthdr == NEXTHDR_NONE) {`
78			`break;`
79			`}`
80			`/* ESP -> evaluate */`
81			`if (nexthdr == NEXTHDR_ESP) {`
82			`temp \|= MASK_ESP;`
83			`break;`
84			`}`
85
86			`hdr=(struct ipv6_opt_hdr *)skb->data+ptr;`
87
88			`/* Calculate the header length */`
89			`if (nexthdr == NEXTHDR_FRAGMENT) {`
90			`hdrlen = 8;`
91			`} else if (nexthdr == NEXTHDR_AUTH)`
92			`hdrlen = (hdr->hdrlen+2)<<2;`
93			`else`
94			`hdrlen = ipv6_optlen(hdr);`
95
96			`/* set the flag */`
97			`switch (nexthdr){`
98			`case NEXTHDR_HOP:`
99			`case NEXTHDR_ROUTING:`
100			`case NEXTHDR_FRAGMENT:`
101			`case NEXTHDR_AUTH:`
102			`case NEXTHDR_DEST:`
103			`break;`
104			`default:`
105			`DEBUGP("ipv6_esp match: unknown nextheader %u\n",nexthdr);`
106			`return 0;`
107			`break;`
108			`}`
109
110			`nexthdr = hdr->nexthdr;`
111			`len -= hdrlen;`
112			`ptr += hdrlen;`
113			`if ( ptr > skb->len ) {`
114			`DEBUGP("ipv6_esp: new pointer too large! \n");`
115			`break;`
116			`}`
117			`}`
118
119			`/* ESP header not found */`
120			`if ( temp != MASK_ESP ) return 0;`
121
122			`if (len < (int)sizeof(struct esphdr)){`
123			`*hotdrop = 1;`
124			`return 0;`
125			`}`
126
127			`esp = (struct esphdr *) (skb->data + ptr);`
128
129			`DEBUGP("IPv6 ESP SPI %u %08X\n", ntohl(esp->spi), ntohl(esp->spi));`
130
131			`return (esp != NULL)`
132			`&& spi_match(espinfo->spis[0], espinfo->spis[1],`
133			`ntohl(esp->spi),`
134			`!!(espinfo->invflags & IP6T_ESP_INV_SPI));`
135			`}`
136
137			`/* Called when user tries to insert an entry of this type. */`
138			`static int`
139			`checkentry(const char *tablename,`
140			`const struct ip6t_ip6 *ip,`
141			`void *matchinfo,`
142			`unsigned int matchinfosize,`
143			`unsigned int hook_mask)`
144			`{`
145			`const struct ip6t_esp *espinfo = matchinfo;`
146
147			`if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_esp))) {`
148			`DEBUGP("ip6t_esp: matchsize %u != %u\n",`
149			`matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_esp)));`
150			`return 0;`
151			`}`
152			`if (espinfo->invflags & ~IP6T_ESP_INV_MASK) {`
153			`DEBUGP("ip6t_esp: unknown flags %X\n",`
154			`espinfo->invflags);`
155			`return 0;`
156			`}`
157
158			`return 1;`
159			`}`
160
161			`static struct ip6t_match esp_match`
162			`= { { NULL, NULL }, "esp", &match, &checkentry, NULL, THIS_MODULE };`
163
164			`static int __init init(void)`
165			`{`
166			`return ip6t_register_match(&esp_match);`
167			`}`
168
169			`static void __exit cleanup(void)`
170			`{`
171			`ip6t_unregister_match(&esp_match);`
172			`}`
173
174			`module_init(init);`
175			`module_exit(cleanup);`

Browse

Tools

Subversion Repositories or1k

[/] [or1k/] [trunk/] [linux/] [linux-2.4/] [net/] [ipv6/] [netfilter/] [ip6t_esp.c] - Blame information for rev 1275