~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv4/netfilter/ipt_ECN.c

Version: ~ [ linux-5.5-rc7 ] ~ [ linux-5.4.13 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.97 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.166 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.210 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.210 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.81 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* iptables module for the IPv4 and TCP ECN bits, Version 1.5
  2  *
  3  * (C) 2002 by Harald Welte <laforge@netfilter.org>
  4  *
  5  * This program is free software; you can redistribute it and/or modify
  6  * it under the terms of the GNU General Public License version 2 as
  7  * published by the Free Software Foundation.
  8 */
  9 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 10 #include <linux/in.h>
 11 #include <linux/module.h>
 12 #include <linux/skbuff.h>
 13 #include <linux/ip.h>
 14 #include <net/ip.h>
 15 #include <linux/tcp.h>
 16 #include <net/checksum.h>
 17 
 18 #include <linux/netfilter/x_tables.h>
 19 #include <linux/netfilter_ipv4/ip_tables.h>
 20 #include <linux/netfilter_ipv4/ipt_ECN.h>
 21 
 22 MODULE_LICENSE("GPL");
 23 MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
 24 MODULE_DESCRIPTION("Xtables: Explicit Congestion Notification (ECN) flag modification");
 25 
 26 /* set ECT codepoint from IP header.
 27  *      return false if there was an error. */
 28 static inline bool
 29 set_ect_ip(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
 30 {
 31         struct iphdr *iph = ip_hdr(skb);
 32 
 33         if ((iph->tos & IPT_ECN_IP_MASK) != (einfo->ip_ect & IPT_ECN_IP_MASK)) {
 34                 __u8 oldtos;
 35                 if (!skb_make_writable(skb, sizeof(struct iphdr)))
 36                         return false;
 37                 iph = ip_hdr(skb);
 38                 oldtos = iph->tos;
 39                 iph->tos &= ~IPT_ECN_IP_MASK;
 40                 iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
 41                 csum_replace2(&iph->check, htons(oldtos), htons(iph->tos));
 42         }
 43         return true;
 44 }
 45 
 46 /* Return false if there was an error. */
 47 static inline bool
 48 set_ect_tcp(struct sk_buff *skb, const struct ipt_ECN_info *einfo)
 49 {
 50         struct tcphdr _tcph, *tcph;
 51         __be16 oldval;
 52 
 53         /* Not enough header? */
 54         tcph = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
 55         if (!tcph)
 56                 return false;
 57 
 58         if ((!(einfo->operation & IPT_ECN_OP_SET_ECE) ||
 59              tcph->ece == einfo->proto.tcp.ece) &&
 60             (!(einfo->operation & IPT_ECN_OP_SET_CWR) ||
 61              tcph->cwr == einfo->proto.tcp.cwr))
 62                 return true;
 63 
 64         if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph)))
 65                 return false;
 66         tcph = (void *)ip_hdr(skb) + ip_hdrlen(skb);
 67 
 68         oldval = ((__be16 *)tcph)[6];
 69         if (einfo->operation & IPT_ECN_OP_SET_ECE)
 70                 tcph->ece = einfo->proto.tcp.ece;
 71         if (einfo->operation & IPT_ECN_OP_SET_CWR)
 72                 tcph->cwr = einfo->proto.tcp.cwr;
 73 
 74         inet_proto_csum_replace2(&tcph->check, skb,
 75                                  oldval, ((__be16 *)tcph)[6], false);
 76         return true;
 77 }
 78 
 79 static unsigned int
 80 ecn_tg(struct sk_buff *skb, const struct xt_action_param *par)
 81 {
 82         const struct ipt_ECN_info *einfo = par->targinfo;
 83 
 84         if (einfo->operation & IPT_ECN_OP_SET_IP)
 85                 if (!set_ect_ip(skb, einfo))
 86                         return NF_DROP;
 87 
 88         if (einfo->operation & (IPT_ECN_OP_SET_ECE | IPT_ECN_OP_SET_CWR) &&
 89             ip_hdr(skb)->protocol == IPPROTO_TCP)
 90                 if (!set_ect_tcp(skb, einfo))
 91                         return NF_DROP;
 92 
 93         return XT_CONTINUE;
 94 }
 95 
 96 static int ecn_tg_check(const struct xt_tgchk_param *par)
 97 {
 98         const struct ipt_ECN_info *einfo = par->targinfo;
 99         const struct ipt_entry *e = par->entryinfo;
100 
101         if (einfo->operation & IPT_ECN_OP_MASK)
102                 return -EINVAL;
103 
104         if (einfo->ip_ect & ~IPT_ECN_IP_MASK)
105                 return -EINVAL;
106 
107         if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR)) &&
108             (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) {
109                 pr_info_ratelimited("cannot use operation on non-tcp rule\n");
110                 return -EINVAL;
111         }
112         return 0;
113 }
114 
115 static struct xt_target ecn_tg_reg __read_mostly = {
116         .name           = "ECN",
117         .family         = NFPROTO_IPV4,
118         .target         = ecn_tg,
119         .targetsize     = sizeof(struct ipt_ECN_info),
120         .table          = "mangle",
121         .checkentry     = ecn_tg_check,
122         .me             = THIS_MODULE,
123 };
124 
125 static int __init ecn_tg_init(void)
126 {
127         return xt_register_target(&ecn_tg_reg);
128 }
129 
130 static void __exit ecn_tg_exit(void)
131 {
132         xt_unregister_target(&ecn_tg_reg);
133 }
134 
135 module_init(ecn_tg_init);
136 module_exit(ecn_tg_exit);
137 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp