Eric Lee / smarc-fsl-linux-kernel

Blame view

net/netfilter/xt_tcpmss.c 2.55 KB

1da177e4c Linus Torvalds Linux-2.6.12-rc2	1 2 3	/* Kernel module to match TCP MSS values. / / Copyright (C) 2000 Marc Boucher <marc@mbsi.ca>
2e4e6a17a Harald Welte [NETFILTER] x_tab...	4	* Portions (C) 2005 by Harald Welte <laforge@netfilter.org>
1da177e4c Linus Torvalds Linux-2.6.12-rc2	5 6 7 8 9 10 11 12 13	* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. */ #include <linux/module.h> #include <linux/skbuff.h> #include <net/tcp.h>
2e4e6a17a Harald Welte [NETFILTER] x_tab...	14 15	#include <linux/netfilter/xt_tcpmss.h> #include <linux/netfilter/x_tables.h>
1da177e4c Linus Torvalds Linux-2.6.12-rc2	16	#include <linux/netfilter_ipv4/ip_tables.h>
2e4e6a17a Harald Welte [NETFILTER] x_tab...	17	#include <linux/netfilter_ipv6/ip6_tables.h>
1da177e4c Linus Torvalds Linux-2.6.12-rc2	18
1da177e4c Linus Torvalds Linux-2.6.12-rc2	19 20	MODULE_LICENSE("GPL"); MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
2ae15b64e Jan Engelhardt [NETFILTER]: Upda...	21	MODULE_DESCRIPTION("Xtables: TCP MSS match");
2e4e6a17a Harald Welte [NETFILTER] x_tab...	22	MODULE_ALIAS("ipt_tcpmss");
73aaf9355 Jan Engelhardt [NETFILTER]: x_ta...	23	MODULE_ALIAS("ip6t_tcpmss");
1da177e4c Linus Torvalds Linux-2.6.12-rc2	24
1d93a9cba Jan Engelhardt [NETFILTER]: x_ta...	25	static bool
62fc80510 Jan Engelhardt netfilter: xtable...	26	tcpmss_mt(const struct sk_buff skb, struct xt_action_param par)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	27	{
f7108a20d Jan Engelhardt netfilter: xtable...	28	const struct xt_tcpmss_match_info *info = par->matchinfo;
3cf93c96a Jan Engelhardt [NETFILTER]: anno...	29 30	const struct tcphdr *th; struct tcphdr _tcph;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	31	/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
3cf93c96a Jan Engelhardt [NETFILTER]: anno...	32 33	const u_int8_t op; u8 _opt[15 4 - sizeof(_tcph)];
1da177e4c Linus Torvalds Linux-2.6.12-rc2	34 35 36	unsigned int i, optlen; /* If we don't have the whole header, drop packet. */
f7108a20d Jan Engelhardt netfilter: xtable...	37	th = skb_header_pointer(skb, par->thoff, sizeof(_tcph), &_tcph);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	38 39 40 41 42 43 44 45 46 47 48 49	if (th == NULL) goto dropit; /* Malformed. / if (th->doff4 < sizeof(th)) goto dropit; optlen = th->doff4 - sizeof(th); if (!optlen) goto out; / Truncated options. */
f7108a20d Jan Engelhardt netfilter: xtable...	50	op = skb_header_pointer(skb, par->thoff + sizeof(*th), optlen, _opt);
1da177e4c Linus Torvalds Linux-2.6.12-rc2	51 52 53 54 55 56 57 58 59 60	if (op == NULL) goto dropit; for (i = 0; i < optlen; ) { if (op[i] == TCPOPT_MSS && (optlen - i) >= TCPOLEN_MSS && op[i+1] == TCPOLEN_MSS) { u_int16_t mssval; mssval = (op[i+2] << 8) \| op[i+3];
601e68e10 YOSHIFUJI Hideaki [NETFILTER]: Fix ...	61
ce556b3a5 Patrick McHardy [NETFILTER]: xt_t...	62	return (mssval >= info->mss_min &&
601e68e10 YOSHIFUJI Hideaki [NETFILTER]: Fix ...	63	mssval <= info->mss_max) ^ info->invert;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	64	}
ce556b3a5 Patrick McHardy [NETFILTER]: xt_t...	65 66 67 68	if (op[i] < 2) i++; else i += op[i+1] ? : 1;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	69 70	} out:
ce556b3a5 Patrick McHardy [NETFILTER]: xt_t...	71	return info->invert;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	72
ce556b3a5 Patrick McHardy [NETFILTER]: xt_t...	73	dropit:
b4ba26119 Jan Engelhardt netfilter: xtable...	74	par->hotdrop = true;
1d93a9cba Jan Engelhardt [NETFILTER]: x_ta...	75	return false;
1da177e4c Linus Torvalds Linux-2.6.12-rc2	76	}
d3c5ee6d5 Jan Engelhardt [NETFILTER]: x_ta...	77	static struct xt_match tcpmss_mt_reg[] __read_mostly = {
4470bbc74 Patrick McHardy [NETFILTER]: x_ta...	78 79	{ .name = "tcpmss",
ee999d8b9 Jan Engelhardt netfilter: x_tabl...	80	.family = NFPROTO_IPV4,
d3c5ee6d5 Jan Engelhardt [NETFILTER]: x_ta...	81	.match = tcpmss_mt,
4470bbc74 Patrick McHardy [NETFILTER]: x_ta...	82 83 84 85 86 87	.matchsize = sizeof(struct xt_tcpmss_match_info), .proto = IPPROTO_TCP, .me = THIS_MODULE, }, { .name = "tcpmss",
ee999d8b9 Jan Engelhardt netfilter: x_tabl...	88	.family = NFPROTO_IPV6,
d3c5ee6d5 Jan Engelhardt [NETFILTER]: x_ta...	89	.match = tcpmss_mt,
4470bbc74 Patrick McHardy [NETFILTER]: x_ta...	90 91 92 93	.matchsize = sizeof(struct xt_tcpmss_match_info), .proto = IPPROTO_TCP, .me = THIS_MODULE, },
1da177e4c Linus Torvalds Linux-2.6.12-rc2	94	};
d3c5ee6d5 Jan Engelhardt [NETFILTER]: x_ta...	95	static int __init tcpmss_mt_init(void)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	96	{
d3c5ee6d5 Jan Engelhardt [NETFILTER]: x_ta...	97	return xt_register_matches(tcpmss_mt_reg, ARRAY_SIZE(tcpmss_mt_reg));
1da177e4c Linus Torvalds Linux-2.6.12-rc2	98	}
d3c5ee6d5 Jan Engelhardt [NETFILTER]: x_ta...	99	static void __exit tcpmss_mt_exit(void)
1da177e4c Linus Torvalds Linux-2.6.12-rc2	100	{
d3c5ee6d5 Jan Engelhardt [NETFILTER]: x_ta...	101	xt_unregister_matches(tcpmss_mt_reg, ARRAY_SIZE(tcpmss_mt_reg));
1da177e4c Linus Torvalds Linux-2.6.12-rc2	102	}
d3c5ee6d5 Jan Engelhardt [NETFILTER]: x_ta...	103 104	module_init(tcpmss_mt_init); module_exit(tcpmss_mt_exit);