2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Generic frame diversion
8 * Version: @(#)eth.c 0.41 09/09/2000
11 * Benoit LOCHER: initial integration within the kernel with support for ethernet
12 * Dave Miller: improvement on the code (correctness, performance and source files)
15 #include <linux/types.h>
16 #include <linux/kernel.h>
17 #include <linux/sched.h>
18 #include <linux/string.h>
20 #include <linux/socket.h>
22 #include <linux/inet.h>
24 #include <linux/udp.h>
25 #include <linux/netdevice.h>
26 #include <linux/etherdevice.h>
27 #include <linux/skbuff.h>
28 #include <linux/errno.h>
29 #include <linux/init.h>
35 #include <asm/uaccess.h>
36 #include <asm/system.h>
37 #include <asm/checksum.h>
38 #include <linux/divert.h>
39 #include <linux/sockios.h>
41 const char sysctl_divert_version[32]="0.46"; /* Current version */
43 int __init dv_init(void)
45 printk(KERN_INFO "NET4: Frame Diverter %s\n", sysctl_divert_version);
50 * Allocate a divert_blk for a device. This must be an ethernet nic.
52 int alloc_divert_blk(struct net_device *dev)
54 int alloc_size = (sizeof(struct divert_blk) + 3) & ~3;
56 if (dev->type == ARPHRD_ETHER) {
57 printk(KERN_DEBUG "divert: allocating divert_blk for %s\n",
60 dev->divert = (struct divert_blk *)
61 kmalloc(alloc_size, GFP_KERNEL);
62 if (dev->divert == NULL) {
63 printk(KERN_DEBUG "divert: unable to allocate divert_blk for %s\n",
67 memset(dev->divert, 0, sizeof(struct divert_blk));
71 printk(KERN_DEBUG "divert: not allocating divert_blk for non-ethernet device %s\n",
80 * Free a divert_blk allocated by the above function, if it was
81 * allocated on that device.
83 void free_divert_blk(struct net_device *dev)
89 printk(KERN_DEBUG "divert: freeing divert_blk for %s\n",
92 printk(KERN_DEBUG "divert: no divert_blk to free, %s not ethernet\n",
98 * Adds a tcp/udp (source or dest) port to an array
100 int add_port(u16 ports[], u16 port)
107 /* Storing directly in network format for performance,
112 for (i = 0; i < MAX_DIVERT_PORTS; i++) {
113 if (ports[i] == port)
117 for (i = 0; i < MAX_DIVERT_PORTS; i++) {
128 * Removes a port from an array tcp/udp (source or dest)
130 int remove_port(u16 ports[], u16 port)
137 /* Storing directly in network format for performance,
142 for (i = 0; i < MAX_DIVERT_PORTS; i++) {
143 if (ports[i] == port) {
152 /* Some basic sanity checks on the arguments passed to divert_ioctl() */
153 int check_args(struct divert_cf *div_cf, struct net_device **dev)
161 /* GETVERSION: all other args are unused */
162 if (div_cf->cmd == DIVCMD_GETVERSION)
165 /* Network device index should reasonably be between 0 and 1000 :) */
166 if (div_cf->dev_index < 0 || div_cf->dev_index > 1000)
169 /* Let's try to find the ifname */
170 sprintf(devname, "eth%d", div_cf->dev_index);
171 *dev = dev_get_by_name(devname);
173 /* dev should NOT be null */
179 /* user issuing the ioctl must be a super one :) */
180 if (!capable(CAP_SYS_ADMIN)) {
185 /* Device must have a divert_blk member NOT null */
186 if ((*dev)->divert == NULL)
194 * control function of the diverter
197 printk(KERN_DEBUG "divert_ioctl() line %d %s\n", __LINE__, (a))
199 int divert_ioctl(unsigned int cmd, struct divert_cf *arg)
201 struct divert_cf div_cf;
202 struct divert_blk *div_blk;
203 struct net_device *dev;
208 DVDBG("SIOCGIFDIVERT, copy_from_user");
209 if (copy_from_user(&div_cf, arg, sizeof(struct divert_cf)))
211 DVDBG("before check_args");
212 ret = check_args(&div_cf, &dev);
215 DVDBG("after checkargs");
216 div_blk = dev->divert;
218 DVDBG("befre switch()");
219 switch (div_cf.cmd) {
220 case DIVCMD_GETSTATUS:
221 /* Now, just give the user the raw divert block
222 * for him to play with :)
224 if (copy_to_user(div_cf.arg1.ptr, dev->divert,
225 sizeof(struct divert_blk)))
229 case DIVCMD_GETVERSION:
230 DVDBG("GETVERSION: checking ptr");
231 if (div_cf.arg1.ptr == NULL)
233 DVDBG("GETVERSION: copying data to userland");
234 if (copy_to_user(div_cf.arg1.ptr,
235 sysctl_divert_version, 32))
237 DVDBG("GETVERSION: data copied");
247 if (copy_from_user(&div_cf, arg, sizeof(struct divert_cf)))
250 ret = check_args(&div_cf, &dev);
254 div_blk = dev->divert;
259 div_blk->protos = DIVERT_PROTO_NONE;
260 memset(div_blk->tcp_dst, 0,
261 MAX_DIVERT_PORTS * sizeof(u16));
262 memset(div_blk->tcp_src, 0,
263 MAX_DIVERT_PORTS * sizeof(u16));
264 memset(div_blk->udp_dst, 0,
265 MAX_DIVERT_PORTS * sizeof(u16));
266 memset(div_blk->udp_src, 0,
267 MAX_DIVERT_PORTS * sizeof(u16));
271 switch(div_cf.arg1.int32) {
278 case DIVARG1_DISABLE:
279 if (!div_blk->divert)
291 switch(div_cf.arg1.int32) {
293 if (div_blk->protos & DIVERT_PROTO_IP)
295 div_blk->protos |= DIVERT_PROTO_IP;
298 case DIVARG1_DISABLE:
299 if (!(div_blk->protos & DIVERT_PROTO_IP))
301 div_blk->protos &= ~DIVERT_PROTO_IP;
311 switch(div_cf.arg1.int32) {
313 if (div_blk->protos & DIVERT_PROTO_TCP)
315 div_blk->protos |= DIVERT_PROTO_TCP;
318 case DIVARG1_DISABLE:
319 if (!(div_blk->protos & DIVERT_PROTO_TCP))
321 div_blk->protos &= ~DIVERT_PROTO_TCP;
331 switch(div_cf.arg1.int32) {
333 return add_port(div_blk->tcp_dst,
337 return remove_port(div_blk->tcp_dst,
347 switch(div_cf.arg1.int32) {
349 return add_port(div_blk->tcp_src,
353 return remove_port(div_blk->tcp_src,
363 switch(div_cf.arg1.int32) {
365 if (div_blk->protos & DIVERT_PROTO_UDP)
367 div_blk->protos |= DIVERT_PROTO_UDP;
370 case DIVARG1_DISABLE:
371 if (!(div_blk->protos & DIVERT_PROTO_UDP))
373 div_blk->protos &= ~DIVERT_PROTO_UDP;
383 switch(div_cf.arg1.int32) {
385 return add_port(div_blk->udp_dst,
389 return remove_port(div_blk->udp_dst,
399 switch(div_cf.arg1.int32) {
401 return add_port(div_blk->udp_src,
405 return remove_port(div_blk->udp_src,
415 switch(div_cf.arg1.int32) {
417 if (div_blk->protos & DIVERT_PROTO_ICMP)
419 div_blk->protos |= DIVERT_PROTO_ICMP;
422 case DIVARG1_DISABLE:
423 if (!(div_blk->protos & DIVERT_PROTO_ICMP))
425 div_blk->protos &= ~DIVERT_PROTO_ICMP;
449 * Check if packet should have its dest mac address set to the box itself
453 #define ETH_DIVERT_FRAME(skb) \
454 memcpy(skb->mac.ethernet, skb->dev->dev_addr, ETH_ALEN); \
455 skb->pkt_type=PACKET_HOST
457 void divert_frame(struct sk_buff *skb)
459 struct ethhdr *eth = skb->mac.ethernet;
463 struct divert_blk *divert = skb->dev->divert;
465 unsigned char *skb_data_end = skb->data + skb->len;
467 /* Packet is already aimed at us, return */
468 if (!memcmp(eth, skb->dev->dev_addr, ETH_ALEN))
471 /* proto is not IP, do nothing */
472 if (eth->h_proto != htons(ETH_P_IP))
475 /* Divert all IP frames ? */
476 if (divert->protos & DIVERT_PROTO_IP) {
477 ETH_DIVERT_FRAME(skb);
481 /* Check for possible (maliciously) malformed IP frame (thanks Dave) */
482 iph = (struct iphdr *) skb->data;
483 if (((iph->ihl<<2)+(unsigned char*)(iph)) >= skb_data_end) {
484 printk(KERN_INFO "divert: malformed IP packet !\n");
488 switch (iph->protocol) {
489 /* Divert all ICMP frames ? */
491 if (divert->protos & DIVERT_PROTO_ICMP) {
492 ETH_DIVERT_FRAME(skb);
497 /* Divert all TCP frames ? */
499 if (divert->protos & DIVERT_PROTO_TCP) {
500 ETH_DIVERT_FRAME(skb);
504 /* Check for possible (maliciously) malformed IP
507 tcph = (struct tcphdr *)
508 (((unsigned char *)iph) + (iph->ihl<<2));
509 if (((unsigned char *)(tcph+1)) >= skb_data_end) {
510 printk(KERN_INFO "divert: malformed TCP packet !\n");
514 /* Divert some tcp dst/src ports only ?*/
515 for (i = 0; i < MAX_DIVERT_PORTS; i++) {
516 dst = divert->tcp_dst[i];
517 src = divert->tcp_src[i];
518 if ((dst && dst == tcph->dest) ||
519 (src && src == tcph->source)) {
520 ETH_DIVERT_FRAME(skb);
526 /* Divert all UDP frames ? */
528 if (divert->protos & DIVERT_PROTO_UDP) {
529 ETH_DIVERT_FRAME(skb);
533 /* Check for possible (maliciously) malformed IP
534 * packet (thanks Dave)
536 udph = (struct udphdr *)
537 (((unsigned char *)iph) + (iph->ihl<<2));
538 if (((unsigned char *)(udph+1)) >= skb_data_end) {
540 "divert: malformed UDP packet !\n");
544 /* Divert some udp dst/src ports only ? */
545 for (i = 0; i < MAX_DIVERT_PORTS; i++) {
546 dst = divert->udp_dst[i];
547 src = divert->udp_src[i];
548 if ((dst && dst == udph->dest) ||
549 (src && src == udph->source)) {
550 ETH_DIVERT_FRAME(skb);
projects / linux-2.4.21-pre4.git / blob