Commit | Line | Data |
---|---|---|
cfac5ef7 JE |
1 | /* |
2 | * IP tables module for matching the value of the TTL | |
3 | * (C) 2000,2001 by Harald Welte <laforge@netfilter.org> | |
4 | * | |
5 | * Hop Limit matching module | |
6 | * (C) 2001-2002 Maciej Soltysiak <solt@dns.toxicfilms.tv> | |
7 | * | |
8 | * This program is free software; you can redistribute it and/or modify | |
9 | * it under the terms of the GNU General Public License version 2 as | |
10 | * published by the Free Software Foundation. | |
11 | */ | |
12 | ||
13 | #include <linux/ip.h> | |
14 | #include <linux/ipv6.h> | |
15 | #include <linux/module.h> | |
16 | #include <linux/skbuff.h> | |
17 | ||
18 | #include <linux/netfilter/x_tables.h> | |
19 | #include <linux/netfilter_ipv4/ipt_ttl.h> | |
20 | #include <linux/netfilter_ipv6/ip6t_hl.h> | |
21 | ||
22 | MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>"); | |
23 | MODULE_DESCRIPTION("Xtables: Hoplimit/TTL field match"); | |
24 | MODULE_LICENSE("GPL"); | |
25 | MODULE_ALIAS("ipt_ttl"); | |
26 | MODULE_ALIAS("ip6t_hl"); | |
27 | ||
28 | static bool ttl_mt(const struct sk_buff *skb, const struct xt_match_param *par) | |
29 | { | |
30 | const struct ipt_ttl_info *info = par->matchinfo; | |
31 | const u8 ttl = ip_hdr(skb)->ttl; | |
32 | ||
33 | switch (info->mode) { | |
34 | case IPT_TTL_EQ: | |
35 | return ttl == info->ttl; | |
36 | case IPT_TTL_NE: | |
37 | return ttl != info->ttl; | |
38 | case IPT_TTL_LT: | |
39 | return ttl < info->ttl; | |
40 | case IPT_TTL_GT: | |
41 | return ttl > info->ttl; | |
42 | default: | |
43 | printk(KERN_WARNING "ipt_ttl: unknown mode %d\n", | |
44 | info->mode); | |
45 | return false; | |
46 | } | |
47 | ||
48 | return false; | |
49 | } | |
50 | ||
51 | static bool hl_mt6(const struct sk_buff *skb, const struct xt_match_param *par) | |
52 | { | |
53 | const struct ip6t_hl_info *info = par->matchinfo; | |
54 | const struct ipv6hdr *ip6h = ipv6_hdr(skb); | |
55 | ||
56 | switch (info->mode) { | |
57 | case IP6T_HL_EQ: | |
58 | return ip6h->hop_limit == info->hop_limit; | |
59 | break; | |
60 | case IP6T_HL_NE: | |
61 | return ip6h->hop_limit != info->hop_limit; | |
62 | break; | |
63 | case IP6T_HL_LT: | |
64 | return ip6h->hop_limit < info->hop_limit; | |
65 | break; | |
66 | case IP6T_HL_GT: | |
67 | return ip6h->hop_limit > info->hop_limit; | |
68 | break; | |
69 | default: | |
70 | printk(KERN_WARNING "ip6t_hl: unknown mode %d\n", | |
71 | info->mode); | |
72 | return false; | |
73 | } | |
74 | ||
75 | return false; | |
76 | } | |
77 | ||
78 | static struct xt_match hl_mt_reg[] __read_mostly = { | |
79 | { | |
80 | .name = "ttl", | |
81 | .revision = 0, | |
82 | .family = NFPROTO_IPV4, | |
83 | .match = ttl_mt, | |
84 | .matchsize = sizeof(struct ipt_ttl_info), | |
85 | .me = THIS_MODULE, | |
86 | }, | |
87 | { | |
88 | .name = "hl", | |
89 | .revision = 0, | |
90 | .family = NFPROTO_IPV6, | |
91 | .match = hl_mt6, | |
92 | .matchsize = sizeof(struct ip6t_hl_info), | |
93 | .me = THIS_MODULE, | |
94 | }, | |
95 | }; | |
96 | ||
97 | static int __init hl_mt_init(void) | |
98 | { | |
99 | return xt_register_matches(hl_mt_reg, ARRAY_SIZE(hl_mt_reg)); | |
100 | } | |
101 | ||
102 | static void __exit hl_mt_exit(void) | |
103 | { | |
104 | xt_unregister_matches(hl_mt_reg, ARRAY_SIZE(hl_mt_reg)); | |
105 | } | |
106 | ||
107 | module_init(hl_mt_init); | |
108 | module_exit(hl_mt_exit); |