~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/ipv6/netfilter/ip6t_mh.c

Version: ~ [ linux-6.0-rc1 ] ~ [ linux-5.19.1 ] ~ [ linux-5.18.17 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.60 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.136 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.210 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.255 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.290 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.325 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.302 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * Copyright (C)2006 USAGI/WIDE Project
  3  *
  4  * This program is free software; you can redistribute it and/or modify
  5  * it under the terms of the GNU General Public License version 2 as
  6  * published by the Free Software Foundation.
  7  *
  8  * Author:
  9  *      Masahide NAKAMURA @USAGI <masahide.nakamura.cz@hitachi.com>
 10  *
 11  * Based on net/netfilter/xt_tcpudp.c
 12  *
 13  */
 14 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 15 #include <linux/types.h>
 16 #include <linux/module.h>
 17 #include <net/ip.h>
 18 #include <linux/ipv6.h>
 19 #include <net/ipv6.h>
 20 #include <net/mip6.h>
 21 
 22 #include <linux/netfilter/x_tables.h>
 23 #include <linux/netfilter_ipv6/ip6t_mh.h>
 24 
 25 MODULE_DESCRIPTION("Xtables: IPv6 Mobility Header match");
 26 MODULE_LICENSE("GPL");
 27 
 28 /* Returns 1 if the type is matched by the range, 0 otherwise */
 29 static inline bool
 30 type_match(u_int8_t min, u_int8_t max, u_int8_t type, bool invert)
 31 {
 32         return (type >= min && type <= max) ^ invert;
 33 }
 34 
 35 static bool mh_mt6(const struct sk_buff *skb, struct xt_action_param *par)
 36 {
 37         struct ip6_mh _mh;
 38         const struct ip6_mh *mh;
 39         const struct ip6t_mh *mhinfo = par->matchinfo;
 40 
 41         /* Must not be a fragment. */
 42         if (par->fragoff != 0)
 43                 return false;
 44 
 45         mh = skb_header_pointer(skb, par->thoff, sizeof(_mh), &_mh);
 46         if (mh == NULL) {
 47                 /* We've been asked to examine this packet, and we
 48                    can't.  Hence, no choice but to drop. */
 49                 pr_debug("Dropping evil MH tinygram.\n");
 50                 par->hotdrop = true;
 51                 return false;
 52         }
 53 
 54         if (mh->ip6mh_proto != IPPROTO_NONE) {
 55                 pr_debug("Dropping invalid MH Payload Proto: %u\n",
 56                          mh->ip6mh_proto);
 57                 par->hotdrop = true;
 58                 return false;
 59         }
 60 
 61         return type_match(mhinfo->types[0], mhinfo->types[1], mh->ip6mh_type,
 62                           !!(mhinfo->invflags & IP6T_MH_INV_TYPE));
 63 }
 64 
 65 static int mh_mt6_check(const struct xt_mtchk_param *par)
 66 {
 67         const struct ip6t_mh *mhinfo = par->matchinfo;
 68 
 69         /* Must specify no unknown invflags */
 70         return (mhinfo->invflags & ~IP6T_MH_INV_MASK) ? -EINVAL : 0;
 71 }
 72 
 73 static struct xt_match mh_mt6_reg __read_mostly = {
 74         .name           = "mh",
 75         .family         = NFPROTO_IPV6,
 76         .checkentry     = mh_mt6_check,
 77         .match          = mh_mt6,
 78         .matchsize      = sizeof(struct ip6t_mh),
 79         .proto          = IPPROTO_MH,
 80         .me             = THIS_MODULE,
 81 };
 82 
 83 static int __init mh_mt6_init(void)
 84 {
 85         return xt_register_match(&mh_mt6_reg);
 86 }
 87 
 88 static void __exit mh_mt6_exit(void)
 89 {
 90         xt_unregister_match(&mh_mt6_reg);
 91 }
 92 
 93 module_init(mh_mt6_init);
 94 module_exit(mh_mt6_exit);
 95 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp