Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 72b270323dee45ccf4aafff7118dcc46caaed22e / . / net / ipv6 / netfilter / ip6t_mh.c
blob: 0c90c66b199257dfd6123c1cc6a2ec904aa0053a [file] [log] [blame]
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]1/*
2 * Copyright (C)2006 USAGI/WIDE Project
3 *
4 * This program is free software; you can redistribute it and/or modify
5 * it under the terms of the GNU General Public License version 2 as
6 * published by the Free Software Foundation.
7 *
8 * Author:
9 * Masahide NAKAMURA @USAGI <masahide.nakamura.cz@hitachi.com>
10 *
11 * Based on net/netfilter/xt_tcpudp.c
12 *
13 */
Jan Engelhardtbe91fd52010-03-18 02:22:32 +0100[diff] [blame]14#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]15#include <linux/types.h>
16#include <linux/module.h>
17#include <net/ip.h>
18#include <linux/ipv6.h>
19#include <net/ipv6.h>
20#include <net/mip6.h>
21
22#include <linux/netfilter/x_tables.h>
23#include <linux/netfilter_ipv6/ip6t_mh.h>
24
Jan Engelhardt2ae15b62008-01-14 23:42:28 -0800[diff] [blame]25MODULE_DESCRIPTION("Xtables: IPv6 Mobility Header match");
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]26MODULE_LICENSE("GPL");
27
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]28/* Returns 1 if the type is matched by the range, 0 otherwise */
Jan Engelhardt1d93a9c2007-07-07 22:15:35 -0700[diff] [blame]29static inline bool
30type_match(u_int8_t min, u_int8_t max, u_int8_t type, bool invert)
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]31{
Jan Engelhardt1d93a9c2007-07-07 22:15:35 -0700[diff] [blame]32 return (type >= min && type <= max) ^ invert;
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]33}
34
Jan Engelhardt62fc8052009-07-07 20:42:08 +0200[diff] [blame]35static bool mh_mt6(const struct sk_buff *skb, struct xt_action_param *par)
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]36{
Jan Engelhardta47362a2007-07-07 22:16:55 -0700[diff] [blame]37 struct ip6_mh _mh;
38 const struct ip6_mh *mh;
Jan Engelhardtf7108a22008-10-08 11:35:18 +0200[diff] [blame]39 const struct ip6t_mh *mhinfo = par->matchinfo;
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]40
41 /* Must not be a fragment. */
Jan Engelhardtf7108a22008-10-08 11:35:18 +0200[diff] [blame]42 if (par->fragoff != 0)
Jan Engelhardt1d93a9c2007-07-07 22:15:35 -0700[diff] [blame]43 return false;
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]44
Jan Engelhardtf7108a22008-10-08 11:35:18 +0200[diff] [blame]45 mh = skb_header_pointer(skb, par->thoff, sizeof(_mh), &_mh);
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]46 if (mh == NULL) {
47 /* We've been asked to examine this packet, and we
48 can't. Hence, no choice but to drop. */
Jan Engelhardtbe91fd52010-03-18 02:22:32 +0100[diff] [blame]49 pr_debug("Dropping evil MH tinygram.\n");
Jan Engelhardtb4ba2612009-07-07 20:54:30 +0200[diff] [blame]50 par->hotdrop = true;
Jan Engelhardt1d93a9c2007-07-07 22:15:35 -0700[diff] [blame]51 return false;
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]52 }
53
Masahide NAKAMURA138939e2007-02-12 11:16:17 -0800[diff] [blame]54 if (mh->ip6mh_proto != IPPROTO_NONE) {
Jan Engelhardtbe91fd52010-03-18 02:22:32 +0100[diff] [blame]55 pr_debug("Dropping invalid MH Payload Proto: %u\n",
Masahide NAKAMURA138939e2007-02-12 11:16:17 -0800[diff] [blame]56 mh->ip6mh_proto);
Jan Engelhardtb4ba2612009-07-07 20:54:30 +0200[diff] [blame]57 par->hotdrop = true;
Jan Engelhardt1d93a9c2007-07-07 22:15:35 -0700[diff] [blame]58 return false;
Masahide NAKAMURA138939e2007-02-12 11:16:17 -0800[diff] [blame]59 }
60
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]61 return type_match(mhinfo->types[0], mhinfo->types[1], mh->ip6mh_type,
62 !!(mhinfo->invflags & IP6T_MH_INV_TYPE));
63}
64
Jan Engelhardtb0f38452010-03-19 17:16:42 +0100[diff] [blame]65static int mh_mt6_check(const struct xt_mtchk_param *par)
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]66{
Jan Engelhardt9b4fce72008-10-08 11:35:18 +0200[diff] [blame]67 const struct ip6t_mh *mhinfo = par->matchinfo;
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]68
69 /* Must specify no unknown invflags */
Jan Engelhardtbd414ee2010-03-23 16:35:56 +0100[diff] [blame]70 return (mhinfo->invflags & ~IP6T_MH_INV_MASK) ? -EINVAL : 0;
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]71}
72
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]73static struct xt_match mh_mt6_reg __read_mostly = {
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]74 .name = "mh",
Jan Engelhardtee999d82008-10-08 11:35:01 +0200[diff] [blame]75 .family = NFPROTO_IPV6,
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]76 .checkentry = mh_mt6_check,
77 .match = mh_mt6,
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]78 .matchsize = sizeof(struct ip6t_mh),
79 .proto = IPPROTO_MH,
80 .me = THIS_MODULE,
81};
82
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]83static int __init mh_mt6_init(void)
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]84{
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]85 return xt_register_match(&mh_mt6_reg);
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]86}
87
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]88static void __exit mh_mt6_exit(void)
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]89{
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]90 xt_unregister_match(&mh_mt6_reg);
Masahide NAKAMURAa0ca2152007-02-07 15:12:57 -0800[diff] [blame]91}
92
Jan Engelhardtd3c5ee62007-12-04 23:24:03 -0800[diff] [blame]93module_init(mh_mt6_init);
94module_exit(mh_mt6_exit);