Blame view
net/netfilter/xt_iprange.c
3.63 KB
d2912cb15 treewide: Replace... |
1 |
// SPDX-License-Identifier: GPL-2.0-only |
1da177e4c Linux-2.6.12-rc2 |
2 |
/* |
f72e25a89 [NETFILTER]: Rena... |
3 |
* xt_iprange - Netfilter module to match IP address ranges |
1da177e4c Linux-2.6.12-rc2 |
4 |
* |
fe03d4745 Update my email a... |
5 |
* (C) 2003 Jozsef Kadlecsik <kadlec@netfilter.org> |
1a50c5a1f [NETFILTER]: xt_i... |
6 |
* (C) CC Computer Consultants GmbH, 2008 |
1da177e4c Linux-2.6.12-rc2 |
7 |
*/ |
ff67e4e42 netfilter: xt ext... |
8 |
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
1da177e4c Linux-2.6.12-rc2 |
9 10 11 |
#include <linux/module.h> #include <linux/skbuff.h> #include <linux/ip.h> |
1a50c5a1f [NETFILTER]: xt_i... |
12 |
#include <linux/ipv6.h> |
6709dbbb1 [NETFILTER]: {ip,... |
13 |
#include <linux/netfilter/x_tables.h> |
5da621f1c [NETFILTER]: xt_i... |
14 |
#include <linux/netfilter/xt_iprange.h> |
1da177e4c Linux-2.6.12-rc2 |
15 |
|
1a50c5a1f [NETFILTER]: xt_i... |
16 |
static bool |
62fc80510 netfilter: xtable... |
17 |
iprange_mt4(const struct sk_buff *skb, struct xt_action_param *par) |
1a50c5a1f [NETFILTER]: xt_i... |
18 |
{ |
f7108a20d netfilter: xtable... |
19 |
const struct xt_iprange_mtinfo *info = par->matchinfo; |
1a50c5a1f [NETFILTER]: xt_i... |
20 21 22 23 24 25 |
const struct iphdr *iph = ip_hdr(skb); bool m; if (info->flags & IPRANGE_SRC) { m = ntohl(iph->saddr) < ntohl(info->src_min.ip); m |= ntohl(iph->saddr) > ntohl(info->src_max.ip); |
6def1eb48 netfilter: xt_ipr... |
26 |
m ^= !!(info->flags & IPRANGE_SRC_INV); |
1a50c5a1f [NETFILTER]: xt_i... |
27 |
if (m) { |
14d5e834f net: replace NIPQ... |
28 29 30 |
pr_debug("src IP %pI4 NOT in range %s%pI4-%pI4 ", &iph->saddr, |
1a50c5a1f [NETFILTER]: xt_i... |
31 |
(info->flags & IPRANGE_SRC_INV) ? "(INV) " : "", |
705ca1471 netfilter: xt_ipr... |
32 |
&info->src_min.ip, |
14d5e834f net: replace NIPQ... |
33 |
&info->src_max.ip); |
1a50c5a1f [NETFILTER]: xt_i... |
34 35 36 37 38 39 |
return false; } } if (info->flags & IPRANGE_DST) { m = ntohl(iph->daddr) < ntohl(info->dst_min.ip); m |= ntohl(iph->daddr) > ntohl(info->dst_max.ip); |
6def1eb48 netfilter: xt_ipr... |
40 |
m ^= !!(info->flags & IPRANGE_DST_INV); |
1a50c5a1f [NETFILTER]: xt_i... |
41 |
if (m) { |
14d5e834f net: replace NIPQ... |
42 43 44 |
pr_debug("dst IP %pI4 NOT in range %s%pI4-%pI4 ", &iph->daddr, |
1a50c5a1f [NETFILTER]: xt_i... |
45 |
(info->flags & IPRANGE_DST_INV) ? "(INV) " : "", |
14d5e834f net: replace NIPQ... |
46 47 |
&info->dst_min.ip, &info->dst_max.ip); |
1a50c5a1f [NETFILTER]: xt_i... |
48 49 50 51 52 53 54 |
return false; } } return true; } static inline int |
08b5194b5 netfilter: xt_ipr... |
55 |
iprange_ipv6_lt(const struct in6_addr *a, const struct in6_addr *b) |
1a50c5a1f [NETFILTER]: xt_i... |
56 57 |
{ unsigned int i; |
1a50c5a1f [NETFILTER]: xt_i... |
58 59 |
for (i = 0; i < 4; ++i) { |
08b5194b5 netfilter: xt_ipr... |
60 61 |
if (a->s6_addr32[i] != b->s6_addr32[i]) return ntohl(a->s6_addr32[i]) < ntohl(b->s6_addr32[i]); |
1a50c5a1f [NETFILTER]: xt_i... |
62 63 64 65 66 67 |
} return 0; } static bool |
62fc80510 netfilter: xtable... |
68 |
iprange_mt6(const struct sk_buff *skb, struct xt_action_param *par) |
1a50c5a1f [NETFILTER]: xt_i... |
69 |
{ |
f7108a20d netfilter: xtable... |
70 |
const struct xt_iprange_mtinfo *info = par->matchinfo; |
1a50c5a1f [NETFILTER]: xt_i... |
71 72 73 74 |
const struct ipv6hdr *iph = ipv6_hdr(skb); bool m; if (info->flags & IPRANGE_SRC) { |
08b5194b5 netfilter: xt_ipr... |
75 76 |
m = iprange_ipv6_lt(&iph->saddr, &info->src_min.in6); m |= iprange_ipv6_lt(&info->src_max.in6, &iph->saddr); |
6def1eb48 netfilter: xt_ipr... |
77 |
m ^= !!(info->flags & IPRANGE_SRC_INV); |
6a4ddef2a netfilter: xt_ipr... |
78 79 80 81 82 83 84 |
if (m) { pr_debug("src IP %pI6 NOT in range %s%pI6-%pI6 ", &iph->saddr, (info->flags & IPRANGE_SRC_INV) ? "(INV) " : "", &info->src_min.in6, &info->src_max.in6); |
1a50c5a1f [NETFILTER]: xt_i... |
85 |
return false; |
6a4ddef2a netfilter: xt_ipr... |
86 |
} |
1a50c5a1f [NETFILTER]: xt_i... |
87 88 |
} if (info->flags & IPRANGE_DST) { |
08b5194b5 netfilter: xt_ipr... |
89 90 |
m = iprange_ipv6_lt(&iph->daddr, &info->dst_min.in6); m |= iprange_ipv6_lt(&info->dst_max.in6, &iph->daddr); |
6def1eb48 netfilter: xt_ipr... |
91 |
m ^= !!(info->flags & IPRANGE_DST_INV); |
6a4ddef2a netfilter: xt_ipr... |
92 93 94 95 96 97 98 |
if (m) { pr_debug("dst IP %pI6 NOT in range %s%pI6-%pI6 ", &iph->daddr, (info->flags & IPRANGE_DST_INV) ? "(INV) " : "", &info->dst_min.in6, &info->dst_max.in6); |
1a50c5a1f [NETFILTER]: xt_i... |
99 |
return false; |
6a4ddef2a netfilter: xt_ipr... |
100 |
} |
1a50c5a1f [NETFILTER]: xt_i... |
101 102 103 104 105 106 107 |
} return true; } static struct xt_match iprange_mt_reg[] __read_mostly = { { .name = "iprange", |
1a50c5a1f [NETFILTER]: xt_i... |
108 |
.revision = 1, |
ee999d8b9 netfilter: x_tabl... |
109 |
.family = NFPROTO_IPV4, |
1a50c5a1f [NETFILTER]: xt_i... |
110 111 112 113 114 115 116 |
.match = iprange_mt4, .matchsize = sizeof(struct xt_iprange_mtinfo), .me = THIS_MODULE, }, { .name = "iprange", .revision = 1, |
ee999d8b9 netfilter: x_tabl... |
117 |
.family = NFPROTO_IPV6, |
1a50c5a1f [NETFILTER]: xt_i... |
118 119 120 121 |
.match = iprange_mt6, .matchsize = sizeof(struct xt_iprange_mtinfo), .me = THIS_MODULE, }, |
1da177e4c Linux-2.6.12-rc2 |
122 |
}; |
d3c5ee6d5 [NETFILTER]: x_ta... |
123 |
static int __init iprange_mt_init(void) |
1da177e4c Linux-2.6.12-rc2 |
124 |
{ |
1a50c5a1f [NETFILTER]: xt_i... |
125 |
return xt_register_matches(iprange_mt_reg, ARRAY_SIZE(iprange_mt_reg)); |
1da177e4c Linux-2.6.12-rc2 |
126 |
} |
d3c5ee6d5 [NETFILTER]: x_ta... |
127 |
static void __exit iprange_mt_exit(void) |
1da177e4c Linux-2.6.12-rc2 |
128 |
{ |
1a50c5a1f [NETFILTER]: xt_i... |
129 |
xt_unregister_matches(iprange_mt_reg, ARRAY_SIZE(iprange_mt_reg)); |
1da177e4c Linux-2.6.12-rc2 |
130 |
} |
d3c5ee6d5 [NETFILTER]: x_ta... |
131 132 |
module_init(iprange_mt_init); module_exit(iprange_mt_exit); |
f72e25a89 [NETFILTER]: Rena... |
133 |
MODULE_LICENSE("GPL"); |
fe03d4745 Update my email a... |
134 |
MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@netfilter.org>"); |
36d4084dc netfilter: xtable... |
135 |
MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>"); |
f72e25a89 [NETFILTER]: Rena... |
136 |
MODULE_DESCRIPTION("Xtables: arbitrary IPv4 range matching"); |
01b7a3142 netfilter: xt_ipr... |
137 138 |
MODULE_ALIAS("ipt_iprange"); MODULE_ALIAS("ip6t_iprange"); |