search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge branch 'sched/core'
[linux-2.6/x86.git] / net / netfilter / ipset / ip_set_getport.c
blob757143b2240af36395e71f6561e3809f3394e688
1 /* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
2 *
3 * This program is free software; you can redistribute it and/or modify
4 * it under the terms of the GNU General Public License version 2 as
5 * published by the Free Software Foundation.
6 */
7
8 /* Get Layer-4 data from the packets */
9
10 #include <linux/ip.h>
11 #include <linux/skbuff.h>
12 #include <linux/icmp.h>
13 #include <linux/icmpv6.h>
14 #include <linux/sctp.h>
15 #include <linux/netfilter_ipv6/ip6_tables.h>
16 #include <net/ip.h>
17 #include <net/ipv6.h>
18
19 #include <linux/netfilter/ipset/ip_set_getport.h>
20
21 /* We must handle non-linear skbs */
22 static bool
23 get_port(const struct sk_buff *skb, int protocol, unsigned int protooff,
24 bool src, __be16 *port, u8 *proto)
25 {
26 switch (protocol) {
27 case IPPROTO_TCP: {
28 struct tcphdr _tcph;
29 const struct tcphdr *th;
30
31 th = skb_header_pointer(skb, protooff, sizeof(_tcph), &_tcph);
32 if (th == NULL)
33 /* No choice either */
34 return false;
35
36 *port = src ? th->source : th->dest;
37 break;
38 }
39 case IPPROTO_SCTP: {
40 sctp_sctphdr_t _sh;
41 const sctp_sctphdr_t *sh;
42
43 sh = skb_header_pointer(skb, protooff, sizeof(_sh), &_sh);
44 if (sh == NULL)
45 /* No choice either */
46 return false;
47
48 *port = src ? sh->source : sh->dest;
49 break;
50 }
51 case IPPROTO_UDP:
52 case IPPROTO_UDPLITE: {
53 struct udphdr _udph;
54 const struct udphdr *uh;
55
56 uh = skb_header_pointer(skb, protooff, sizeof(_udph), &_udph);
57 if (uh == NULL)
58 /* No choice either */
59 return false;
60
61 *port = src ? uh->source : uh->dest;
62 break;
63 }
64 case IPPROTO_ICMP: {
65 struct icmphdr _ich;
66 const struct icmphdr *ic;
67
68 ic = skb_header_pointer(skb, protooff, sizeof(_ich), &_ich);
69 if (ic == NULL)
70 return false;
71
72 *port = (__force __be16)htons((ic->type << 8) | ic->code);
73 break;
74 }
75 case IPPROTO_ICMPV6: {
76 struct icmp6hdr _ich;
77 const struct icmp6hdr *ic;
78
79 ic = skb_header_pointer(skb, protooff, sizeof(_ich), &_ich);
80 if (ic == NULL)
81 return false;
82
83 *port = (__force __be16)
84 htons((ic->icmp6_type << 8) | ic->icmp6_code);
85 break;
86 }
87 default:
88 break;
89 }
90 *proto = protocol;
91
92 return true;
93 }
94
95 bool
96 ip_set_get_ip4_port(const struct sk_buff *skb, bool src,
97 __be16 *port, u8 *proto)
98 {
99 const struct iphdr *iph = ip_hdr(skb);
100 unsigned int protooff = ip_hdrlen(skb);
101 int protocol = iph->protocol;
102
103 /* See comments at tcp_match in ip_tables.c */
104 if (protocol <= 0 || (ntohs(iph->frag_off) & IP_OFFSET))
105 return false;
106
107 return get_port(skb, protocol, protooff, src, port, proto);
108 }
109 EXPORT_SYMBOL_GPL(ip_set_get_ip4_port);
110
111 #if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
112 bool
113 ip_set_get_ip6_port(const struct sk_buff *skb, bool src,
114 __be16 *port, u8 *proto)
115 {
116 int protoff;
117 u8 nexthdr;
118
119 nexthdr = ipv6_hdr(skb)->nexthdr;
120 protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr);
121 if (protoff < 0)
122 return false;
123
124 return get_port(skb, nexthdr, protoff, src, port, proto);
125 }
126 EXPORT_SYMBOL_GPL(ip_set_get_ip6_port);
127 #endif
128
129 bool
130 ip_set_get_ip_port(const struct sk_buff *skb, u8 pf, bool src, __be16 *port)
131 {
132 bool ret;
133 u8 proto;
134
135 switch (pf) {
136 case AF_INET:
137 ret = ip_set_get_ip4_port(skb, src, port, &proto);
138 break;
139 case AF_INET6:
140 ret = ip_set_get_ip6_port(skb, src, port, &proto);
141 break;
142 default:
143 return false;
144 }
145 if (!ret)
146 return ret;
147 switch (proto) {
148 case IPPROTO_TCP:
149 case IPPROTO_UDP:
150 return true;
151 default:
152 return false;
153 }
154 }
155 EXPORT_SYMBOL_GPL(ip_set_get_ip_port);
x86 "subsystem" repository