URL https://opencores.org/ocsvn/or1k/or1k/trunk

Subversion Repositories or1k

[/] [or1k/] [trunk/] [linux/] [linux-2.4/] [net/] [ipv6/] [netfilter/] [ip6table_mangle.c] - Blame information for rev 1765

Details | Compare with Previous | View Log


/*
 * IPv6 packet mangling table, a port of the IPv4 mangle table to IPv6
 *
 * Copyright (C) 2000-2001 by Harald Welte <laforge@gnumonks.org>
 */
#include <linux/module.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
 
#define MANGLE_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) | \
                            (1 << NF_IP6_LOCAL_IN) | \
                            (1 << NF_IP6_FORWARD) | \
                            (1 << NF_IP6_LOCAL_OUT) | \
                            (1 << NF_IP6_POST_ROUTING))
 
#if 0
#define DEBUGP(x, args...)      printk(KERN_DEBUG x, ## args)
#else
#define DEBUGP(x, args...)
#endif
 
/* Standard entry. */
struct ip6t_standard
{
        struct ip6t_entry entry;
        struct ip6t_standard_target target;
};
 
struct ip6t_error_target
{
        struct ip6t_entry_target target;
        char errorname[IP6T_FUNCTION_MAXNAMELEN];
};
 
struct ip6t_error
{
        struct ip6t_entry entry;
        struct ip6t_error_target target;
};
 
static struct
{
        struct ip6t_replace repl;
        struct ip6t_standard entries[5];
        struct ip6t_error term;
} initial_table __initdata
= { { "mangle", MANGLE_VALID_HOOKS, 6,
      sizeof(struct ip6t_standard) * 5 + sizeof(struct ip6t_error),
      { [NF_IP6_PRE_ROUTING]    0,
        [NF_IP6_LOCAL_IN]       sizeof(struct ip6t_standard),
        [NF_IP6_FORWARD]        sizeof(struct ip6t_standard) * 2,
        [NF_IP6_LOCAL_OUT]      sizeof(struct ip6t_standard) * 3,
        [NF_IP6_POST_ROUTING]   sizeof(struct ip6t_standard) * 4},
      { [NF_IP6_PRE_ROUTING]    0,
        [NF_IP6_LOCAL_IN]       sizeof(struct ip6t_standard),
        [NF_IP6_FORWARD]        sizeof(struct ip6t_standard) * 2,
        [NF_IP6_LOCAL_OUT]      sizeof(struct ip6t_standard) * 3,
        [NF_IP6_POST_ROUTING]   sizeof(struct ip6t_standard) * 4},
      0, NULL, { } },
    {
            /* PRE_ROUTING */
            { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
                0,
                sizeof(struct ip6t_entry),
                sizeof(struct ip6t_standard),
                0, { 0, 0 }, { } },
              { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },
                -NF_ACCEPT - 1 } },
            /* LOCAL_IN */
            { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
                0,
                sizeof(struct ip6t_entry),
                sizeof(struct ip6t_standard),
                0, { 0, 0 }, { } },
              { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },
                -NF_ACCEPT - 1 } },
            /* FORWARD */
            { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
                0,
                sizeof(struct ip6t_entry),
                sizeof(struct ip6t_standard),
                0, { 0, 0 }, { } },
              { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },
                -NF_ACCEPT - 1 } },
            /* LOCAL_OUT */
            { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
                0,
                sizeof(struct ip6t_entry),
                sizeof(struct ip6t_standard),
                0, { 0, 0 }, { } },
              { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },
                -NF_ACCEPT - 1 } },
            /* POST_ROUTING */
            { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
                0,
                sizeof(struct ip6t_entry),
                sizeof(struct ip6t_standard),
                0, { 0, 0 }, { } },
              { { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },
                -NF_ACCEPT - 1 } }
    },
    /* ERROR */
    { { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },
        0,
        sizeof(struct ip6t_entry),
        sizeof(struct ip6t_error),
        0, { 0, 0 }, { } },
      { { { { IP6T_ALIGN(sizeof(struct ip6t_error_target)), IP6T_ERROR_TARGET } },
          { } },
        "ERROR"
      }
    }
};
 
static struct ip6t_table packet_mangler
= { { NULL, NULL }, "mangle", &initial_table.repl,
    MANGLE_VALID_HOOKS, RW_LOCK_UNLOCKED, NULL, THIS_MODULE };
 
/* The work comes in here from netfilter.c. */
static unsigned int
ip6t_route_hook(unsigned int hook,
         struct sk_buff **pskb,
         const struct net_device *in,
         const struct net_device *out,
         int (*okfn)(struct sk_buff *))
{
        return ip6t_do_table(pskb, hook, in, out, &packet_mangler, NULL);
}
 
static unsigned int
ip6t_local_hook(unsigned int hook,
                   struct sk_buff **pskb,
                   const struct net_device *in,
                   const struct net_device *out,
                   int (*okfn)(struct sk_buff *))
{
 
        unsigned long nfmark;
        unsigned int ret;
        struct in6_addr saddr, daddr;
        u_int8_t hop_limit;
        u_int32_t flowlabel;
 
#if 0
        /* root is playing with raw sockets. */
        if ((*pskb)->len < sizeof(struct iphdr)
            || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr)) {
                if (net_ratelimit())
                        printk("ip6t_hook: happy cracking.\n");
                return NF_ACCEPT;
        }
#endif
 
        /* save source/dest address, nfmark, hoplimit, flowlabel, priority,  */
        memcpy(&saddr, &(*pskb)->nh.ipv6h->saddr, sizeof(saddr));
        memcpy(&daddr, &(*pskb)->nh.ipv6h->daddr, sizeof(daddr));
        nfmark = (*pskb)->nfmark;
        hop_limit = (*pskb)->nh.ipv6h->hop_limit;
 
        /* flowlabel and prio (includes version, which shouldn't change either */
        flowlabel = *((u_int32_t *) (*pskb)->nh.ipv6h);
 
        ret = ip6t_do_table(pskb, hook, in, out, &packet_mangler, NULL);
 
        if (ret != NF_DROP && ret != NF_STOLEN
                && (memcmp(&(*pskb)->nh.ipv6h->saddr, &saddr, sizeof(saddr))
                    || memcmp(&(*pskb)->nh.ipv6h->daddr, &daddr, sizeof(daddr))
                    || (*pskb)->nfmark != nfmark
                    || (*pskb)->nh.ipv6h->hop_limit != hop_limit)) {
 
                /* something which could affect routing has changed */
 
                DEBUGP("ip6table_mangle: we'd need to re-route a packet\n");
        }
 
        return ret;
}
 
static struct nf_hook_ops ip6t_ops[]
= { { { NULL, NULL }, ip6t_route_hook, PF_INET6, NF_IP6_PRE_ROUTING,  NF_IP6_PRI_MANGLE },
    { { NULL, NULL }, ip6t_local_hook, PF_INET6, NF_IP6_LOCAL_IN,     NF_IP6_PRI_MANGLE },
    { { NULL, NULL }, ip6t_route_hook, PF_INET6, NF_IP6_FORWARD,      NF_IP6_PRI_MANGLE },
    { { NULL, NULL }, ip6t_local_hook, PF_INET6, NF_IP6_LOCAL_OUT,    NF_IP6_PRI_MANGLE },
    { { NULL, NULL }, ip6t_route_hook, PF_INET6, NF_IP6_POST_ROUTING, NF_IP6_PRI_MANGLE }
};
 
static int __init init(void)
{
        int ret;
 
        /* Register table */
        ret = ip6t_register_table(&packet_mangler);
        if (ret < 0)
                return ret;
 
        /* Register hooks */
        ret = nf_register_hook(&ip6t_ops[0]);
        if (ret < 0)
                goto cleanup_table;
 
        ret = nf_register_hook(&ip6t_ops[1]);
        if (ret < 0)
                goto cleanup_hook0;
 
        ret = nf_register_hook(&ip6t_ops[2]);
        if (ret < 0)
                goto cleanup_hook1;
 
        ret = nf_register_hook(&ip6t_ops[3]);
        if (ret < 0)
                goto cleanup_hook2;
 
        ret = nf_register_hook(&ip6t_ops[4]);
        if (ret < 0)
                goto cleanup_hook3;
 
        return ret;
 
 cleanup_hook3:
        nf_unregister_hook(&ip6t_ops[3]);
 cleanup_hook2:
        nf_unregister_hook(&ip6t_ops[2]);
 cleanup_hook1:
        nf_unregister_hook(&ip6t_ops[1]);
 cleanup_hook0:
        nf_unregister_hook(&ip6t_ops[0]);
 cleanup_table:
        ip6t_unregister_table(&packet_mangler);
 
        return ret;
}
 
static void __exit fini(void)
{
        unsigned int i;
 
        for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++)
                nf_unregister_hook(&ip6t_ops[i]);
 
        ip6t_unregister_table(&packet_mangler);
}
 
module_init(init);
module_exit(fini);
MODULE_LICENSE("GPL");

Browse

Tools

Subversion Repositories or1k

[/] [or1k/] [trunk/] [linux/] [linux-2.4/] [net/] [ipv6/] [netfilter/] [ip6table_mangle.c] - Blame information for rev 1765

Line No.	Rev	Author	Line
1	1275	phoenix	`/*`
2			`* IPv6 packet mangling table, a port of the IPv4 mangle table to IPv6`
3			`*`
4			`* Copyright (C) 2000-2001 by Harald Welte <laforge@gnumonks.org>`
5			`*/`
6			`#include <linux/module.h>`
7			`#include <linux/netfilter_ipv6/ip6_tables.h>`
8
9			`#define MANGLE_VALID_HOOKS ((1 << NF_IP6_PRE_ROUTING) \| \`
10			`(1 << NF_IP6_LOCAL_IN) \| \`
11			`(1 << NF_IP6_FORWARD) \| \`
12			`(1 << NF_IP6_LOCAL_OUT) \| \`
13			`(1 << NF_IP6_POST_ROUTING))`
14
15			`#if 0`
16			`#define DEBUGP(x, args...) printk(KERN_DEBUG x, ## args)`
17			`#else`
18			`#define DEBUGP(x, args...)`
19			`#endif`
20
21			`/* Standard entry. */`
22			`struct ip6t_standard`
23			`{`
24			`struct ip6t_entry entry;`
25			`struct ip6t_standard_target target;`
26			`};`
27
28			`struct ip6t_error_target`
29			`{`
30			`struct ip6t_entry_target target;`
31			`char errorname[IP6T_FUNCTION_MAXNAMELEN];`
32			`};`
33
34			`struct ip6t_error`
35			`{`
36			`struct ip6t_entry entry;`
37			`struct ip6t_error_target target;`
38			`};`
39
40			`static struct`
41			`{`
42			`struct ip6t_replace repl;`
43			`struct ip6t_standard entries[5];`
44			`struct ip6t_error term;`
45			`} initial_table __initdata`
46			`= { { "mangle", MANGLE_VALID_HOOKS, 6,`
47			`sizeof(struct ip6t_standard) * 5 + sizeof(struct ip6t_error),`
48			`{ [NF_IP6_PRE_ROUTING] 0,`
49			`[NF_IP6_LOCAL_IN] sizeof(struct ip6t_standard),`
50			`[NF_IP6_FORWARD] sizeof(struct ip6t_standard) * 2,`
51			`[NF_IP6_LOCAL_OUT] sizeof(struct ip6t_standard) * 3,`
52			`[NF_IP6_POST_ROUTING] sizeof(struct ip6t_standard) * 4},`
53			`{ [NF_IP6_PRE_ROUTING] 0,`
54			`[NF_IP6_LOCAL_IN] sizeof(struct ip6t_standard),`
55			`[NF_IP6_FORWARD] sizeof(struct ip6t_standard) * 2,`
56			`[NF_IP6_LOCAL_OUT] sizeof(struct ip6t_standard) * 3,`
57			`[NF_IP6_POST_ROUTING] sizeof(struct ip6t_standard) * 4},`
58			`0, NULL, { } },`
59			`{`
60			`/* PRE_ROUTING */`
61			`{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },`
62			`0,`
63			`sizeof(struct ip6t_entry),`
64			`sizeof(struct ip6t_standard),`
65			`0, { 0, 0 }, { } },`
66			`{ { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },`
67			`-NF_ACCEPT - 1 } },`
68			`/* LOCAL_IN */`
69			`{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },`
70			`0,`
71			`sizeof(struct ip6t_entry),`
72			`sizeof(struct ip6t_standard),`
73			`0, { 0, 0 }, { } },`
74			`{ { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },`
75			`-NF_ACCEPT - 1 } },`
76			`/* FORWARD */`
77			`{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },`
78			`0,`
79			`sizeof(struct ip6t_entry),`
80			`sizeof(struct ip6t_standard),`
81			`0, { 0, 0 }, { } },`
82			`{ { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },`
83			`-NF_ACCEPT - 1 } },`
84			`/* LOCAL_OUT */`
85			`{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },`
86			`0,`
87			`sizeof(struct ip6t_entry),`
88			`sizeof(struct ip6t_standard),`
89			`0, { 0, 0 }, { } },`
90			`{ { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },`
91			`-NF_ACCEPT - 1 } },`
92			`/* POST_ROUTING */`
93			`{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },`
94			`0,`
95			`sizeof(struct ip6t_entry),`
96			`sizeof(struct ip6t_standard),`
97			`0, { 0, 0 }, { } },`
98			`{ { { { IP6T_ALIGN(sizeof(struct ip6t_standard_target)), "" } }, { } },`
99			`-NF_ACCEPT - 1 } }`
100			`},`
101			`/* ERROR */`
102			`{ { { { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, { { { 0 } } }, "", "", { 0 }, { 0 }, 0, 0, 0 },`
103			`0,`
104			`sizeof(struct ip6t_entry),`
105			`sizeof(struct ip6t_error),`
106			`0, { 0, 0 }, { } },`
107			`{ { { { IP6T_ALIGN(sizeof(struct ip6t_error_target)), IP6T_ERROR_TARGET } },`
108			`{ } },`
109			`"ERROR"`
110			`}`
111			`}`
112			`};`
113
114			`static struct ip6t_table packet_mangler`
115			`= { { NULL, NULL }, "mangle", &initial_table.repl,`
116			`MANGLE_VALID_HOOKS, RW_LOCK_UNLOCKED, NULL, THIS_MODULE };`
117
118			`/* The work comes in here from netfilter.c. */`
119			`static unsigned int`
120			`ip6t_route_hook(unsigned int hook,`
121			`struct sk_buff **pskb,`
122			`const struct net_device *in,`
123			`const struct net_device *out,`
124			`int (okfn)(struct sk_buff ))`
125			`{`
126			`return ip6t_do_table(pskb, hook, in, out, &packet_mangler, NULL);`
127			`}`
128
129			`static unsigned int`
130			`ip6t_local_hook(unsigned int hook,`
131			`struct sk_buff **pskb,`
132			`const struct net_device *in,`
133			`const struct net_device *out,`
134			`int (okfn)(struct sk_buff ))`
135			`{`
136
137			`unsigned long nfmark;`
138			`unsigned int ret;`
139			`struct in6_addr saddr, daddr;`
140			`u_int8_t hop_limit;`
141			`u_int32_t flowlabel;`
142
143			`#if 0`
144			`/* root is playing with raw sockets. */`
145			`if ((*pskb)->len < sizeof(struct iphdr)`
146			`\|\| (pskb)->nh.iph->ihl 4 < sizeof(struct iphdr)) {`
147			`if (net_ratelimit())`
148			`printk("ip6t_hook: happy cracking.\n");`
149			`return NF_ACCEPT;`
150			`}`
151			`#endif`
152
153			`/* save source/dest address, nfmark, hoplimit, flowlabel, priority, */`
154			`memcpy(&saddr, &(*pskb)->nh.ipv6h->saddr, sizeof(saddr));`
155			`memcpy(&daddr, &(*pskb)->nh.ipv6h->daddr, sizeof(daddr));`
156			`nfmark = (*pskb)->nfmark;`
157			`hop_limit = (*pskb)->nh.ipv6h->hop_limit;`
158
159			`/* flowlabel and prio (includes version, which shouldn't change either */`
160			`flowlabel = ((u_int32_t ) (*pskb)->nh.ipv6h);`
161
162			`ret = ip6t_do_table(pskb, hook, in, out, &packet_mangler, NULL);`
163
164			`if (ret != NF_DROP && ret != NF_STOLEN`
165			`&& (memcmp(&(*pskb)->nh.ipv6h->saddr, &saddr, sizeof(saddr))`
166			`\|\| memcmp(&(*pskb)->nh.ipv6h->daddr, &daddr, sizeof(daddr))`
167			`\|\| (*pskb)->nfmark != nfmark`
168			`\|\| (*pskb)->nh.ipv6h->hop_limit != hop_limit)) {`
169
170			`/* something which could affect routing has changed */`
171
172			`DEBUGP("ip6table_mangle: we'd need to re-route a packet\n");`
173			`}`
174
175			`return ret;`
176			`}`
177
178			`static struct nf_hook_ops ip6t_ops[]`
179			`= { { { NULL, NULL }, ip6t_route_hook, PF_INET6, NF_IP6_PRE_ROUTING, NF_IP6_PRI_MANGLE },`
180			`{ { NULL, NULL }, ip6t_local_hook, PF_INET6, NF_IP6_LOCAL_IN, NF_IP6_PRI_MANGLE },`
181			`{ { NULL, NULL }, ip6t_route_hook, PF_INET6, NF_IP6_FORWARD, NF_IP6_PRI_MANGLE },`
182			`{ { NULL, NULL }, ip6t_local_hook, PF_INET6, NF_IP6_LOCAL_OUT, NF_IP6_PRI_MANGLE },`
183			`{ { NULL, NULL }, ip6t_route_hook, PF_INET6, NF_IP6_POST_ROUTING, NF_IP6_PRI_MANGLE }`
184			`};`
185
186			`static int __init init(void)`
187			`{`
188			`int ret;`
189
190			`/* Register table */`
191			`ret = ip6t_register_table(&packet_mangler);`
192			`if (ret < 0)`
193			`return ret;`
194
195			`/* Register hooks */`
196			`ret = nf_register_hook(&ip6t_ops[0]);`
197			`if (ret < 0)`
198			`goto cleanup_table;`
199
200			`ret = nf_register_hook(&ip6t_ops[1]);`
201			`if (ret < 0)`
202			`goto cleanup_hook0;`
203
204			`ret = nf_register_hook(&ip6t_ops[2]);`
205			`if (ret < 0)`
206			`goto cleanup_hook1;`
207
208			`ret = nf_register_hook(&ip6t_ops[3]);`
209			`if (ret < 0)`
210			`goto cleanup_hook2;`
211
212			`ret = nf_register_hook(&ip6t_ops[4]);`
213			`if (ret < 0)`
214			`goto cleanup_hook3;`
215
216			`return ret;`
217
218			`cleanup_hook3:`
219			`nf_unregister_hook(&ip6t_ops[3]);`
220			`cleanup_hook2:`
221			`nf_unregister_hook(&ip6t_ops[2]);`
222			`cleanup_hook1:`
223			`nf_unregister_hook(&ip6t_ops[1]);`
224			`cleanup_hook0:`
225			`nf_unregister_hook(&ip6t_ops[0]);`
226			`cleanup_table:`
227			`ip6t_unregister_table(&packet_mangler);`
228
229			`return ret;`
230			`}`
231
232			`static void __exit fini(void)`
233			`{`
234			`unsigned int i;`
235
236			`for (i = 0; i < sizeof(ip6t_ops)/sizeof(struct nf_hook_ops); i++)`
237			`nf_unregister_hook(&ip6t_ops[i]);`
238
239			`ip6t_unregister_table(&packet_mangler);`
240			`}`
241
242			`module_init(init);`
243			`module_exit(fini);`
244			`MODULE_LICENSE("GPL");`