1 /* Kernel module to match Hop-by-Hop and Destination parameters. */
3 /* (C) 2001-2002 Andras Kis-Szabo <kisza@sch.bme.hu>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
10 #include <linux/module.h>
11 #include <linux/skbuff.h>
12 #include <linux/ipv6.h>
13 #include <linux/types.h>
14 #include <net/checksum.h>
17 #include <asm/byteorder.h>
19 #include <linux/netfilter_ipv6/ip6_tables.h>
20 #include <linux/netfilter_ipv6/ip6t_opts.h>
22 MODULE_LICENSE("GPL");
23 MODULE_DESCRIPTION("IPv6 opts match");
24 MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
25 MODULE_ALIAS("ip6t_dst");
30 #define DEBUGP(format, args...)
36 * 1 -> must drop the packet
37 * 2 -> send ICMP PARM PROB regardless and drop packet
38 * 3 -> Send ICMP if not a multicast address and drop packet
41 * 1 -> can change the routing
43 * 0 -> Pad1 (only 1 byte!)
44 * 1 -> PadN LENGTH info (total length = length + 2)
45 * C0 | 2 -> JUMBO 4 x x x x ( xxxx > 64k )
50 match(const struct sk_buff *skb,
51 const struct net_device *in,
52 const struct net_device *out,
53 const struct xt_match *match,
54 const void *matchinfo,
59 struct ipv6_opt_hdr _optsh, *oh;
60 const struct ip6t_opts *optinfo = matchinfo;
63 unsigned int hdrlen = 0;
65 u8 _opttype, *tp = NULL;
66 u8 _optlen, *lp = NULL;
69 if (ipv6_find_hdr(skb, &ptr, match->data, NULL) < 0)
72 oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
78 hdrlen = ipv6_optlen(oh);
79 if (skb->len - ptr < hdrlen) {
80 /* Packet smaller than it's length field */
84 DEBUGP("IPv6 OPTS LEN %u %u ", hdrlen, oh->hdrlen);
86 DEBUGP("len %02X %04X %02X ",
87 optinfo->hdrlen, hdrlen,
88 (!(optinfo->flags & IP6T_OPTS_LEN) ||
89 ((optinfo->hdrlen == hdrlen) ^
90 !!(optinfo->invflags & IP6T_OPTS_INV_LEN))));
93 (!(optinfo->flags & IP6T_OPTS_LEN) ||
94 ((optinfo->hdrlen == hdrlen) ^
95 !!(optinfo->invflags & IP6T_OPTS_INV_LEN)));
99 if (!(optinfo->flags & IP6T_OPTS_OPTS)) {
101 } else if (optinfo->flags & IP6T_OPTS_NSTRICT) {
102 DEBUGP("Not strict - not implemented");
105 DEBUGP("#%d ", optinfo->optsnr);
106 for (temp = 0; temp < optinfo->optsnr; temp++) {
107 /* type field exists ? */
110 tp = skb_header_pointer(skb, ptr, sizeof(_opttype),
116 if (*tp != (optinfo->opts[temp] & 0xFF00) >> 8) {
117 DEBUGP("Tbad %02X %02X\n",
119 (optinfo->opts[temp] & 0xFF00) >> 8);
128 /* length field exists ? */
131 lp = skb_header_pointer(skb, ptr + 1,
136 spec_len = optinfo->opts[temp] & 0x00FF;
138 if (spec_len != 0x00FF && spec_len != *lp) {
139 DEBUGP("Lbad %02X %04X\n", *lp,
150 /* Step to the next */
151 DEBUGP("len%04X \n", optlen);
153 if ((ptr > skb->len - optlen || hdrlen < optlen) &&
154 (temp < optinfo->optsnr - 1)) {
155 DEBUGP("new pointer is too large! \n");
161 if (temp == optinfo->optsnr)
170 /* Called when user tries to insert an entry of this type. */
172 checkentry(const char *tablename,
174 const struct xt_match *match,
176 unsigned int hook_mask)
178 const struct ip6t_opts *optsinfo = matchinfo;
180 if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
181 DEBUGP("ip6t_opts: unknown flags %X\n", optsinfo->invflags);
187 static struct xt_match opts_match[] = {
192 .matchsize = sizeof(struct ip6t_opts),
193 .checkentry = checkentry,
201 .matchsize = sizeof(struct ip6t_opts),
202 .checkentry = checkentry,
204 .data = NEXTHDR_DEST,
208 static int __init ip6t_hbh_init(void)
210 return xt_register_matches(opts_match, ARRAY_SIZE(opts_match));
213 static void __exit ip6t_hbh_fini(void)
215 xt_unregister_matches(opts_match, ARRAY_SIZE(opts_match));
218 module_init(ip6t_hbh_init);
219 module_exit(ip6t_hbh_fini);
projects / powerpc.git / blob