net/ipv4/netfilter/ip_nat_proto_icmp.c

   1 /* (C) 1999-2001 Paul `Rusty' Russell
   2  * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
   3  *
   4  * This program is free software; you can redistribute it and/or modify
   5  * it under the terms of the GNU General Public License version 2 as
   6  * published by the Free Software Foundation.
   7  */
   8
   9 #include <linux/types.h>
  10 #include <linux/init.h>
  11 #include <linux/netfilter.h>
  12 #include <linux/ip.h>
  13 #include <linux/icmp.h>
  14 #include <linux/if.h>
  15
  16 #include <linux/netfilter_ipv4/ip_nat.h>
  17 #include <linux/netfilter_ipv4/ip_nat_core.h>
  18 #include <linux/netfilter_ipv4/ip_nat_rule.h>
  19 #include <linux/netfilter_ipv4/ip_nat_protocol.h>
  20
  21 static int
  22 icmp_in_range(const struct ip_conntrack_tuple *tuple,
  23               enum ip_nat_manip_type maniptype,
  24               const union ip_conntrack_manip_proto *min,
  25               const union ip_conntrack_manip_proto *max)
  26 {
  27         return (tuple->src.u.icmp.id >= min->icmp.id
  28                 && tuple->src.u.icmp.id <= max->icmp.id);
  29 }
  30
  31 static int
  32 icmp_unique_tuple(struct ip_conntrack_tuple *tuple,
  33                   const struct ip_nat_range *range,
  34                   enum ip_nat_manip_type maniptype,
  35                   const struct ip_conntrack *conntrack)
  36 {
  37         static u_int16_t id;
  38         unsigned int range_size;
  39         unsigned int i;
  40
  41         range_size = ntohs(range->max.icmp.id) - ntohs(range->min.icmp.id) + 1;
  42         /* If no range specified... */
  43         if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED))
  44                 range_size = 0xFFFF;
  45
  46         for (i = 0; i < range_size; i++, id++) {
  47                 tuple->src.u.icmp.id = htons(ntohs(range->min.icmp.id) +
  48                                              (id % range_size));
  49                 if (!ip_nat_used_tuple(tuple, conntrack))
  50                         return 1;
  51         }
  52         return 0;
  53 }
  54
  55 static int
  56 icmp_manip_pkt(struct sk_buff **pskb,
  57                unsigned int iphdroff,
  58                const struct ip_conntrack_tuple *tuple,
  59                enum ip_nat_manip_type maniptype)
  60 {
  61         struct iphdr *iph = (struct iphdr *)((*pskb)->data + iphdroff);
  62         struct icmphdr *hdr;
  63         unsigned int hdroff = iphdroff + iph->ihl*4;
  64
  65         if (!skb_make_writable(pskb, hdroff + sizeof(*hdr)))
  66                 return 0;
  67
  68         hdr = (struct icmphdr *)((*pskb)->data + hdroff);
  69         hdr->checksum = nf_proto_csum_update(*pskb,
  70                                              hdr->un.echo.id ^ htons(0xFFFF),
  71                                              tuple->src.u.icmp.id,
  72                                              hdr->checksum, 0);
  73         hdr->un.echo.id = tuple->src.u.icmp.id;
  74         return 1;
  75 }
  76
  77 struct ip_nat_protocol ip_nat_protocol_icmp = {
  78         .name                   = "ICMP",
  79         .protonum               = IPPROTO_ICMP,
  80         .me                     = THIS_MODULE,
  81         .manip_pkt              = icmp_manip_pkt,
  82         .in_range               = icmp_in_range,
  83         .unique_tuple           = icmp_unique_tuple,
  84 #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
  85     defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
  86         .range_to_nfattr        = ip_nat_port_range_to_nfattr,
  87         .nfattr_to_range        = ip_nat_port_nfattr_to_range,
  88 #endif
  89 };