URL https://opencores.org/ocsvn/or1k_soc_on_altera_embedded_dev_kit/or1k_soc_on_altera_embedded_dev_kit/trunk

Subversion Repositories or1k_soc_on_altera_embedded_dev_kit

[/] [or1k_soc_on_altera_embedded_dev_kit/] [trunk/] [linux-2.6/] [linux-2.6.24/] [net/] [ipv6/] [netfilter/] [ip6t_hbh.c] - Blame information for rev 3

Details | Compare with Previous | View Log


/* Kernel module to match Hop-by-Hop and Destination parameters. */
 
/* (C) 2001-2002 Andras Kis-Szabo <kisza@sch.bme.hu>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */
 
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/ipv6.h>
#include <linux/types.h>
#include <net/checksum.h>
#include <net/ipv6.h>
 
#include <asm/byteorder.h>
 
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
#include <linux/netfilter_ipv6/ip6t_opts.h>
 
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("IPv6 opts match");
MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
MODULE_ALIAS("ip6t_dst");
 
/*
 *  (Type & 0xC0) >> 6
 *      0        -> ignorable
 *      1       -> must drop the packet
 *      2       -> send ICMP PARM PROB regardless and drop packet
 *      3       -> Send ICMP if not a multicast address and drop packet
 *  (Type & 0x20) >> 5
 *      0        -> invariant
 *      1       -> can change the routing
 *  (Type & 0x1F) Type
 *      0        -> Pad1 (only 1 byte!)
 *      1       -> PadN LENGTH info (total length = length + 2)
 *      C0 | 2  -> JUMBO 4 x x x x ( xxxx > 64k )
 *      5       -> RTALERT 2 x x
 */
 
static bool
match(const struct sk_buff *skb,
      const struct net_device *in,
      const struct net_device *out,
      const struct xt_match *match,
      const void *matchinfo,
      int offset,
      unsigned int protoff,
      bool *hotdrop)
{
        struct ipv6_opt_hdr _optsh;
        const struct ipv6_opt_hdr *oh;
        const struct ip6t_opts *optinfo = matchinfo;
        unsigned int temp;
        unsigned int ptr;
        unsigned int hdrlen = 0;
        bool ret = false;
        u8 _opttype;
        u8 _optlen;
        const u_int8_t *tp = NULL;
        const u_int8_t *lp = NULL;
        unsigned int optlen;
        int err;
 
        err = ipv6_find_hdr(skb, &ptr, match->data, NULL);
        if (err < 0) {
                if (err != -ENOENT)
                        *hotdrop = true;
                return false;
        }
 
        oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
        if (oh == NULL) {
                *hotdrop = true;
                return false;
        }
 
        hdrlen = ipv6_optlen(oh);
        if (skb->len - ptr < hdrlen) {
                /* Packet smaller than it's length field */
                return false;
        }
 
        pr_debug("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
 
        pr_debug("len %02X %04X %02X ",
                 optinfo->hdrlen, hdrlen,
                 (!(optinfo->flags & IP6T_OPTS_LEN) ||
                  ((optinfo->hdrlen == hdrlen) ^
                   !!(optinfo->invflags & IP6T_OPTS_INV_LEN))));
 
        ret = (oh != NULL) &&
              (!(optinfo->flags & IP6T_OPTS_LEN) ||
               ((optinfo->hdrlen == hdrlen) ^
                !!(optinfo->invflags & IP6T_OPTS_INV_LEN)));
 
        ptr += 2;
        hdrlen -= 2;
        if (!(optinfo->flags & IP6T_OPTS_OPTS)) {
                return ret;
        } else if (optinfo->flags & IP6T_OPTS_NSTRICT) {
                pr_debug("Not strict - not implemented");
        } else {
                pr_debug("Strict ");
                pr_debug("#%d ", optinfo->optsnr);
                for (temp = 0; temp < optinfo->optsnr; temp++) {
                        /* type field exists ? */
                        if (hdrlen < 1)
                                break;
                        tp = skb_header_pointer(skb, ptr, sizeof(_opttype),
                                                &_opttype);
                        if (tp == NULL)
                                break;
 
                        /* Type check */
                        if (*tp != (optinfo->opts[temp] & 0xFF00) >> 8) {
                                pr_debug("Tbad %02X %02X\n", *tp,
                                         (optinfo->opts[temp] & 0xFF00) >> 8);
                                return false;
                        } else {
                                pr_debug("Tok ");
                        }
                        /* Length check */
                        if (*tp) {
                                u16 spec_len;
 
                                /* length field exists ? */
                                if (hdrlen < 2)
                                        break;
                                lp = skb_header_pointer(skb, ptr + 1,
                                                        sizeof(_optlen),
                                                        &_optlen);
                                if (lp == NULL)
                                        break;
                                spec_len = optinfo->opts[temp] & 0x00FF;
 
                                if (spec_len != 0x00FF && spec_len != *lp) {
                                        pr_debug("Lbad %02X %04X\n", *lp,
                                                 spec_len);
                                        return false;
                                }
                                pr_debug("Lok ");
                                optlen = *lp + 2;
                        } else {
                                pr_debug("Pad1\n");
                                optlen = 1;
                        }
 
                        /* Step to the next */
                        pr_debug("len%04X \n", optlen);
 
                        if ((ptr > skb->len - optlen || hdrlen < optlen) &&
                            temp < optinfo->optsnr - 1) {
                                pr_debug("new pointer is too large! \n");
                                break;
                        }
                        ptr += optlen;
                        hdrlen -= optlen;
                }
                if (temp == optinfo->optsnr)
                        return ret;
                else
                        return false;
        }
 
        return false;
}
 
/* Called when user tries to insert an entry of this type. */
static bool
checkentry(const char *tablename,
           const void *entry,
           const struct xt_match *match,
           void *matchinfo,
           unsigned int hook_mask)
{
        const struct ip6t_opts *optsinfo = matchinfo;
 
        if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
                pr_debug("ip6t_opts: unknown flags %X\n", optsinfo->invflags);
                return false;
        }
        return true;
}
 
static struct xt_match opts_match[] __read_mostly = {
        {
                .name           = "hbh",
                .family         = AF_INET6,
                .match          = match,
                .matchsize      = sizeof(struct ip6t_opts),
                .checkentry     = checkentry,
                .me             = THIS_MODULE,
                .data           = NEXTHDR_HOP,
        },
        {
                .name           = "dst",
                .family         = AF_INET6,
                .match          = match,
                .matchsize      = sizeof(struct ip6t_opts),
                .checkentry     = checkentry,
                .me             = THIS_MODULE,
                .data           = NEXTHDR_DEST,
        },
};
 
static int __init ip6t_hbh_init(void)
{
        return xt_register_matches(opts_match, ARRAY_SIZE(opts_match));
}
 
static void __exit ip6t_hbh_fini(void)
{
        xt_unregister_matches(opts_match, ARRAY_SIZE(opts_match));
}
 
module_init(ip6t_hbh_init);
module_exit(ip6t_hbh_fini);

Browse

Tools

Subversion Repositories or1k_soc_on_altera_embedded_dev_kit

[/] [or1k_soc_on_altera_embedded_dev_kit/] [trunk/] [linux-2.6/] [linux-2.6.24/] [net/] [ipv6/] [netfilter/] [ip6t_hbh.c] - Blame information for rev 3

Line No.	Rev	Author	Line
1	3	xianfeng	`/* Kernel module to match Hop-by-Hop and Destination parameters. */`
2
3			`/* (C) 2001-2002 Andras Kis-Szabo <kisza@sch.bme.hu>`
4			`*`
5			`* This program is free software; you can redistribute it and/or modify`
6			`* it under the terms of the GNU General Public License version 2 as`
7			`* published by the Free Software Foundation.`
8			`*/`
9
10			`#include <linux/module.h>`
11			`#include <linux/skbuff.h>`
12			`#include <linux/ipv6.h>`
13			`#include <linux/types.h>`
14			`#include <net/checksum.h>`
15			`#include <net/ipv6.h>`
16
17			`#include <asm/byteorder.h>`
18
19			`#include <linux/netfilter/x_tables.h>`
20			`#include <linux/netfilter_ipv6/ip6_tables.h>`
21			`#include <linux/netfilter_ipv6/ip6t_opts.h>`
22
23			`MODULE_LICENSE("GPL");`
24			`MODULE_DESCRIPTION("IPv6 opts match");`
25			`MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");`
26			`MODULE_ALIAS("ip6t_dst");`
27
28			`/*`
29			`* (Type & 0xC0) >> 6`
30			`* 0 -> ignorable`
31			`* 1 -> must drop the packet`
32			`* 2 -> send ICMP PARM PROB regardless and drop packet`
33			`* 3 -> Send ICMP if not a multicast address and drop packet`
34			`* (Type & 0x20) >> 5`
35			`* 0 -> invariant`
36			`* 1 -> can change the routing`
37			`* (Type & 0x1F) Type`
38			`* 0 -> Pad1 (only 1 byte!)`
39			`* 1 -> PadN LENGTH info (total length = length + 2)`
40			`* C0 \| 2 -> JUMBO 4 x x x x ( xxxx > 64k )`
41			`* 5 -> RTALERT 2 x x`
42			`*/`
43
44			`static bool`
45			`match(const struct sk_buff *skb,`
46			`const struct net_device *in,`
47			`const struct net_device *out,`
48			`const struct xt_match *match,`
49			`const void *matchinfo,`
50			`int offset,`
51			`unsigned int protoff,`
52			`bool *hotdrop)`
53			`{`
54			`struct ipv6_opt_hdr _optsh;`
55			`const struct ipv6_opt_hdr *oh;`
56			`const struct ip6t_opts *optinfo = matchinfo;`
57			`unsigned int temp;`
58			`unsigned int ptr;`
59			`unsigned int hdrlen = 0;`
60			`bool ret = false;`
61			`u8 _opttype;`
62			`u8 _optlen;`
63			`const u_int8_t *tp = NULL;`
64			`const u_int8_t *lp = NULL;`
65			`unsigned int optlen;`
66			`int err;`
67
68			`err = ipv6_find_hdr(skb, &ptr, match->data, NULL);`
69			`if (err < 0) {`
70			`if (err != -ENOENT)`
71			`*hotdrop = true;`
72			`return false;`
73			`}`
74
75			`oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);`
76			`if (oh == NULL) {`
77			`*hotdrop = true;`
78			`return false;`
79			`}`
80
81			`hdrlen = ipv6_optlen(oh);`
82			`if (skb->len - ptr < hdrlen) {`
83			`/* Packet smaller than it's length field */`
84			`return false;`
85			`}`
86
87			`pr_debug("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);`
88
89			`pr_debug("len %02X %04X %02X ",`
90			`optinfo->hdrlen, hdrlen,`
91			`(!(optinfo->flags & IP6T_OPTS_LEN) \|\|`
92			`((optinfo->hdrlen == hdrlen) ^`
93			`!!(optinfo->invflags & IP6T_OPTS_INV_LEN))));`
94
95			`ret = (oh != NULL) &&`
96			`(!(optinfo->flags & IP6T_OPTS_LEN) \|\|`
97			`((optinfo->hdrlen == hdrlen) ^`
98			`!!(optinfo->invflags & IP6T_OPTS_INV_LEN)));`
99
100			`ptr += 2;`
101			`hdrlen -= 2;`
102			`if (!(optinfo->flags & IP6T_OPTS_OPTS)) {`
103			`return ret;`
104			`} else if (optinfo->flags & IP6T_OPTS_NSTRICT) {`
105			`pr_debug("Not strict - not implemented");`
106			`} else {`
107			`pr_debug("Strict ");`
108			`pr_debug("#%d ", optinfo->optsnr);`
109			`for (temp = 0; temp < optinfo->optsnr; temp++) {`
110			`/* type field exists ? */`
111			`if (hdrlen < 1)`
112			`break;`
113			`tp = skb_header_pointer(skb, ptr, sizeof(_opttype),`
114			`&_opttype);`
115			`if (tp == NULL)`
116			`break;`
117
118			`/* Type check */`
119			`if (*tp != (optinfo->opts[temp] & 0xFF00) >> 8) {`
120			`pr_debug("Tbad %02X %02X\n", *tp,`
121			`(optinfo->opts[temp] & 0xFF00) >> 8);`
122			`return false;`
123			`} else {`
124			`pr_debug("Tok ");`
125			`}`
126			`/* Length check */`
127			`if (*tp) {`
128			`u16 spec_len;`
129
130			`/* length field exists ? */`
131			`if (hdrlen < 2)`
132			`break;`
133			`lp = skb_header_pointer(skb, ptr + 1,`
134			`sizeof(_optlen),`
135			`&_optlen);`
136			`if (lp == NULL)`
137			`break;`
138			`spec_len = optinfo->opts[temp] & 0x00FF;`
139
140			`if (spec_len != 0x00FF && spec_len != *lp) {`
141			`pr_debug("Lbad %02X %04X\n", *lp,`
142			`spec_len);`
143			`return false;`
144			`}`
145			`pr_debug("Lok ");`
146			`optlen = *lp + 2;`
147			`} else {`
148			`pr_debug("Pad1\n");`
149			`optlen = 1;`
150			`}`
151
152			`/* Step to the next */`
153			`pr_debug("len%04X \n", optlen);`
154
155			`if ((ptr > skb->len - optlen \|\| hdrlen < optlen) &&`
156			`temp < optinfo->optsnr - 1) {`
157			`pr_debug("new pointer is too large! \n");`
158			`break;`
159			`}`
160			`ptr += optlen;`
161			`hdrlen -= optlen;`
162			`}`
163			`if (temp == optinfo->optsnr)`
164			`return ret;`
165			`else`
166			`return false;`
167			`}`
168
169			`return false;`
170			`}`
171
172			`/* Called when user tries to insert an entry of this type. */`
173			`static bool`
174			`checkentry(const char *tablename,`
175			`const void *entry,`
176			`const struct xt_match *match,`
177			`void *matchinfo,`
178			`unsigned int hook_mask)`
179			`{`
180			`const struct ip6t_opts *optsinfo = matchinfo;`
181
182			`if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {`
183			`pr_debug("ip6t_opts: unknown flags %X\n", optsinfo->invflags);`
184			`return false;`
185			`}`
186			`return true;`
187			`}`
188
189			`static struct xt_match opts_match[] __read_mostly = {`
190			`{`
191			`.name = "hbh",`
192			`.family = AF_INET6,`
193			`.match = match,`
194			`.matchsize = sizeof(struct ip6t_opts),`
195			`.checkentry = checkentry,`
196			`.me = THIS_MODULE,`
197			`.data = NEXTHDR_HOP,`
198			`},`
199			`{`
200			`.name = "dst",`
201			`.family = AF_INET6,`
202			`.match = match,`
203			`.matchsize = sizeof(struct ip6t_opts),`
204			`.checkentry = checkentry,`
205			`.me = THIS_MODULE,`
206			`.data = NEXTHDR_DEST,`
207			`},`
208			`};`
209
210			`static int __init ip6t_hbh_init(void)`
211			`{`
212			`return xt_register_matches(opts_match, ARRAY_SIZE(opts_match));`
213			`}`
214
215			`static void __exit ip6t_hbh_fini(void)`
216			`{`
217			`xt_unregister_matches(opts_match, ARRAY_SIZE(opts_match));`
218			`}`
219
220			`module_init(ip6t_hbh_init);`
221			`module_exit(ip6t_hbh_fini);`