1 /* ipv6header match - matches IPv6 packets based
2 on whether they contain certain headers */
4 /* Original idea: Brad Chapman
5 * Rewritten by: Andras Kis-Szabo <kisza@sch.bme.hu> */
7 #include <linux/module.h>
8 #include <linux/skbuff.h>
9 #include <linux/ipv6.h>
10 #include <linux/types.h>
11 #include <net/checksum.h>
14 #include <linux/netfilter_ipv6/ip6_tables.h>
15 #include <linux/netfilter_ipv6/ip6t_ipv6header.h>
18 MODULE_LICENSE("GPL");
19 MODULE_DESCRIPTION("IPv6 headers match");
20 MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>");
23 ipv6header_match(const struct sk_buff *skb,
24 const struct net_device *in,
25 const struct net_device *out,
26 const void *matchinfo,
32 const struct ip6t_ipv6header_info *info = matchinfo;
38 /* Make sure this isn't an evil packet */
40 /* type of the 1st exthdr */
41 nexthdr = skb->nh.ipv6h->nexthdr;
42 /* pointer to the 1st exthdr */
43 ptr = sizeof(struct ipv6hdr);
44 /* available length */
48 while (ip6t_ext_hdr(nexthdr)) {
49 struct ipv6_opt_hdr *hdr;
52 /* Is there enough space for the next ext header? */
53 if (len < (int)sizeof(struct ipv6_opt_hdr))
55 /* No more exthdr -> evaluate */
56 if (nexthdr == NEXTHDR_NONE) {
61 if (nexthdr == NEXTHDR_ESP) {
66 hdr=(struct ipv6_opt_hdr *)(skb->data+ptr);
68 /* Calculate the header length */
69 if (nexthdr == NEXTHDR_FRAGMENT) {
71 } else if (nexthdr == NEXTHDR_AUTH)
72 hdrlen = (hdr->hdrlen+2)<<2;
74 hdrlen = ipv6_optlen(hdr);
84 case NEXTHDR_FRAGMENT:
85 temp |= MASK_FRAGMENT;
98 nexthdr = hdr->nexthdr;
101 if ( ptr > skb->len ) {
106 if ( (nexthdr != NEXTHDR_NONE ) && (nexthdr != NEXTHDR_ESP) )
110 return !((temp ^ info->matchflags ^ info->invflags)
114 return temp != info->matchflags;
116 return temp == info->matchflags;
121 ipv6header_checkentry(const char *tablename,
122 const struct ip6t_ip6 *ip,
124 unsigned int matchsize,
125 unsigned int hook_mask)
127 const struct ip6t_ipv6header_info *info = matchinfo;
129 /* Check for obvious errors */
130 /* This match is valid in all hooks! */
131 if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info)))
134 /* invflags is 0 or 0xff in hard mode */
135 if ((!info->modeflag) && info->invflags != 0x00
136 && info->invflags != 0xFF)
142 static struct ip6t_match
143 ip6t_ipv6header_match = {
147 &ipv6header_checkentry,
152 static int __init ipv6header_init(void)
154 return ip6t_register_match(&ip6t_ipv6header_match);
157 static void __exit ipv6header_exit(void)
159 ip6t_unregister_match(&ip6t_ipv6header_match);
162 module_init(ipv6header_init);
163 module_exit(ipv6header_exit);