Pablo Neira Ayuso | 0ca743a | 2013-10-14 00:06:06 +0200 | [diff] [blame] | 1 | #ifndef _NF_TABLES_IPV6_H_ |
| 2 | #define _NF_TABLES_IPV6_H_ |
| 3 | |
| 4 | #include <linux/netfilter_ipv6/ip6_tables.h> |
| 5 | #include <net/ipv6.h> |
| 6 | |
Pablo Neira Ayuso | 71212c9 | 2016-09-09 12:42:53 +0200 | [diff] [blame] | 7 | static inline void |
Pablo Neira Ayuso | 0ca743a | 2013-10-14 00:06:06 +0200 | [diff] [blame] | 8 | nft_set_pktinfo_ipv6(struct nft_pktinfo *pkt, |
Pablo Neira Ayuso | 0ca743a | 2013-10-14 00:06:06 +0200 | [diff] [blame] | 9 | struct sk_buff *skb, |
David S. Miller | 073bfd5 | 2015-04-03 21:16:25 -0400 | [diff] [blame] | 10 | const struct nf_hook_state *state) |
Pablo Neira Ayuso | 0ca743a | 2013-10-14 00:06:06 +0200 | [diff] [blame] | 11 | { |
| 12 | int protohdr, thoff = 0; |
| 13 | unsigned short frag_off; |
| 14 | |
Eric W. Biederman | 6aa187f | 2015-09-18 14:32:57 -0500 | [diff] [blame] | 15 | nft_set_pktinfo(pkt, skb, state); |
Pablo Neira Ayuso | 0ca743a | 2013-10-14 00:06:06 +0200 | [diff] [blame] | 16 | |
| 17 | protohdr = ipv6_find_hdr(pkt->skb, &thoff, -1, &frag_off, NULL); |
Pablo Neira Ayuso | 8df9e32 | 2016-09-09 12:42:50 +0200 | [diff] [blame] | 18 | if (protohdr < 0) { |
| 19 | nft_set_pktinfo_proto_unspec(pkt, skb); |
Pablo Neira Ayuso | 71212c9 | 2016-09-09 12:42:53 +0200 | [diff] [blame] | 20 | return; |
Pablo Neira Ayuso | 8df9e32 | 2016-09-09 12:42:50 +0200 | [diff] [blame] | 21 | } |
Pablo Neira Ayuso | 0ca743a | 2013-10-14 00:06:06 +0200 | [diff] [blame] | 22 | |
Pablo Neira Ayuso | beac5af | 2016-09-09 12:42:49 +0200 | [diff] [blame] | 23 | pkt->tprot_set = true; |
Patrick McHardy | 4566bf2 | 2014-01-03 12:16:18 +0000 | [diff] [blame] | 24 | pkt->tprot = protohdr; |
Pablo Neira Ayuso | 0ca743a | 2013-10-14 00:06:06 +0200 | [diff] [blame] | 25 | pkt->xt.thoff = thoff; |
| 26 | pkt->xt.fragoff = frag_off; |
Pablo Neira Ayuso | 0ca743a | 2013-10-14 00:06:06 +0200 | [diff] [blame] | 27 | } |
| 28 | |
Pablo Neira Ayuso | ddc8b60 | 2016-09-09 12:42:51 +0200 | [diff] [blame] | 29 | static inline int |
| 30 | __nft_set_pktinfo_ipv6_validate(struct nft_pktinfo *pkt, |
| 31 | struct sk_buff *skb, |
| 32 | const struct nf_hook_state *state) |
| 33 | { |
| 34 | #if IS_ENABLED(CONFIG_IPV6) |
| 35 | struct ipv6hdr *ip6h, _ip6h; |
| 36 | unsigned int thoff = 0; |
| 37 | unsigned short frag_off; |
| 38 | int protohdr; |
| 39 | u32 pkt_len; |
| 40 | |
| 41 | ip6h = skb_header_pointer(skb, skb_network_offset(skb), sizeof(*ip6h), |
| 42 | &_ip6h); |
| 43 | if (!ip6h) |
| 44 | return -1; |
| 45 | |
| 46 | if (ip6h->version != 6) |
| 47 | return -1; |
| 48 | |
| 49 | pkt_len = ntohs(ip6h->payload_len); |
| 50 | if (pkt_len + sizeof(*ip6h) > skb->len) |
| 51 | return -1; |
| 52 | |
| 53 | protohdr = ipv6_find_hdr(pkt->skb, &thoff, -1, &frag_off, NULL); |
| 54 | if (protohdr < 0) |
| 55 | return -1; |
| 56 | |
| 57 | pkt->tprot_set = true; |
| 58 | pkt->tprot = protohdr; |
| 59 | pkt->xt.thoff = thoff; |
| 60 | pkt->xt.fragoff = frag_off; |
| 61 | |
| 62 | return 0; |
| 63 | #else |
| 64 | return -1; |
| 65 | #endif |
| 66 | } |
| 67 | |
| 68 | static inline void |
| 69 | nft_set_pktinfo_ipv6_validate(struct nft_pktinfo *pkt, |
| 70 | struct sk_buff *skb, |
| 71 | const struct nf_hook_state *state) |
| 72 | { |
| 73 | nft_set_pktinfo(pkt, skb, state); |
| 74 | if (__nft_set_pktinfo_ipv6_validate(pkt, skb, state) < 0) |
| 75 | nft_set_pktinfo_proto_unspec(pkt, skb); |
| 76 | } |
| 77 | |
Patrick McHardy | 1d49144 | 2014-01-03 12:16:16 +0000 | [diff] [blame] | 78 | extern struct nft_af_info nft_af_ipv6; |
| 79 | |
Pablo Neira Ayuso | 0ca743a | 2013-10-14 00:06:06 +0200 | [diff] [blame] | 80 | #endif |