search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
netfilter: ipset: add missing break statemtns in ip_set_get_ip_port()
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / net / netfilter / ipset / ip_set_getport.c
blob4dd2785a5c72cdf70d9cfe1141aa6d5ad6f87e7a
1 /* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
2 *
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License version 2 as
5 * published by the Free Software Foundation.
6 */
7
8 /* Get Layer-4 data from the packets */
9
10 #include <linux/ip.h>
11 #include <linux/skbuff.h>
12 #include <linux/icmp.h>
13 #include <linux/icmpv6.h>
14 #include <linux/netfilter_ipv6/ip6_tables.h>
15 #include <net/ip.h>
16
17 #include <linux/netfilter/ipset/ip_set_getport.h>
18
19 /* We must handle non-linear skbs */
20 static bool
21 get_port(const struct sk_buff *skb, int protocol, unsigned int protooff,
22 bool src, __be16 *port, u8 *proto)
23 {
24 switch (protocol) {
25 case IPPROTO_TCP: {
26 struct tcphdr _tcph;
27 const struct tcphdr *th;
28
29 th = skb_header_pointer(skb, protooff, sizeof(_tcph), &_tcph);
30 if (th == NULL)
31 /* No choice either */
32 return false;
33
34 *port = src ? th->source : th->dest;
35 break;
36 }
37 case IPPROTO_UDP: {
38 struct udphdr _udph;
39 const struct udphdr *uh;
40
41 uh = skb_header_pointer(skb, protooff, sizeof(_udph), &_udph);
42 if (uh == NULL)
43 /* No choice either */
44 return false;
45
46 *port = src ? uh->source : uh->dest;
47 break;
48 }
49 case IPPROTO_ICMP: {
50 struct icmphdr _ich;
51 const struct icmphdr *ic;
52
53 ic = skb_header_pointer(skb, protooff, sizeof(_ich), &_ich);
54 if (ic == NULL)
55 return false;
56
57 *port = (__force __be16)htons((ic->type << 8) | ic->code);
58 break;
59 }
60 case IPPROTO_ICMPV6: {
61 struct icmp6hdr _ich;
62 const struct icmp6hdr *ic;
63
64 ic = skb_header_pointer(skb, protooff, sizeof(_ich), &_ich);
65 if (ic == NULL)
66 return false;
67
68 *port = (__force __be16)
69 htons((ic->icmp6_type << 8) | ic->icmp6_code);
70 break;
71 }
72 default:
73 break;
74 }
75 *proto = protocol;
76
77 return true;
78 }
79
80 bool
81 ip_set_get_ip4_port(const struct sk_buff *skb, bool src,
82 __be16 *port, u8 *proto)
83 {
84 const struct iphdr *iph = ip_hdr(skb);
85 unsigned int protooff = ip_hdrlen(skb);
86 int protocol = iph->protocol;
87
88 /* See comments at tcp_match in ip_tables.c */
89 if (protocol <= 0 || (ntohs(iph->frag_off) & IP_OFFSET))
90 return false;
91
92 return get_port(skb, protocol, protooff, src, port, proto);
93 }
94 EXPORT_SYMBOL_GPL(ip_set_get_ip4_port);
95
96 bool
97 ip_set_get_ip6_port(const struct sk_buff *skb, bool src,
98 __be16 *port, u8 *proto)
99 {
100 unsigned int protooff = 0;
101 int protocol;
102 unsigned short fragoff;
103
104 protocol = ipv6_find_hdr(skb, &protooff, -1, &fragoff);
105 if (protocol <= 0 || fragoff)
106 return false;
107
108 return get_port(skb, protocol, protooff, src, port, proto);
109 }
110 EXPORT_SYMBOL_GPL(ip_set_get_ip6_port);
111
112 bool
113 ip_set_get_ip_port(const struct sk_buff *skb, u8 pf, bool src, __be16 *port)
114 {
115 bool ret;
116 u8 proto;
117
118 switch (pf) {
119 case AF_INET:
120 ret = ip_set_get_ip4_port(skb, src, port, &proto);
121 break;
122 case AF_INET6:
123 ret = ip_set_get_ip6_port(skb, src, port, &proto);
124 break;
125 default:
126 return false;
127 }
128 if (!ret)
129 return ret;
130 switch (proto) {
131 case IPPROTO_TCP:
132 case IPPROTO_UDP:
133 return true;
134 default:
135 return false;
136 }
137 }
138 EXPORT_SYMBOL_GPL(ip_set_get_ip_port);
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree