Root/
1 | /* |
2 | * A module for stripping a specific TCP option from TCP packets. |
3 | * |
4 | * Copyright (C) 2007 Sven Schnelle <svens@bitebene.org> |
5 | * Copyright © CC Computer Consultants GmbH, 2007 |
6 | * Contact: Jan Engelhardt <jengelh@computergmbh.de> |
7 | * |
8 | * This program is free software; you can redistribute it and/or modify |
9 | * it under the terms of the GNU General Public License version 2 as |
10 | * published by the Free Software Foundation. |
11 | */ |
12 | |
13 | #include <linux/module.h> |
14 | #include <linux/skbuff.h> |
15 | #include <linux/ip.h> |
16 | #include <linux/ipv6.h> |
17 | #include <linux/tcp.h> |
18 | #include <net/ipv6.h> |
19 | #include <net/tcp.h> |
20 | #include <linux/netfilter/x_tables.h> |
21 | #include <linux/netfilter/xt_TCPOPTSTRIP.h> |
22 | |
23 | static inline unsigned int optlen(const u_int8_t *opt, unsigned int offset) |
24 | { |
25 | /* Beware zero-length options: make finite progress */ |
26 | if (opt[offset] <= TCPOPT_NOP || opt[offset+1] == 0) |
27 | return 1; |
28 | else |
29 | return opt[offset+1]; |
30 | } |
31 | |
32 | static unsigned int |
33 | tcpoptstrip_mangle_packet(struct sk_buff *skb, |
34 | const struct xt_tcpoptstrip_target_info *info, |
35 | unsigned int tcphoff, unsigned int minlen) |
36 | { |
37 | unsigned int optl, i, j; |
38 | struct tcphdr *tcph; |
39 | u_int16_t n, o; |
40 | u_int8_t *opt; |
41 | |
42 | if (!skb_make_writable(skb, skb->len)) |
43 | return NF_DROP; |
44 | |
45 | tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff); |
46 | opt = (u_int8_t *)tcph; |
47 | |
48 | /* |
49 | * Walk through all TCP options - if we find some option to remove, |
50 | * set all octets to %TCPOPT_NOP and adjust checksum. |
51 | */ |
52 | for (i = sizeof(struct tcphdr); i < tcp_hdrlen(skb); i += optl) { |
53 | optl = optlen(opt, i); |
54 | |
55 | if (i + optl > tcp_hdrlen(skb)) |
56 | break; |
57 | |
58 | if (!tcpoptstrip_test_bit(info->strip_bmap, opt[i])) |
59 | continue; |
60 | |
61 | for (j = 0; j < optl; ++j) { |
62 | o = opt[i+j]; |
63 | n = TCPOPT_NOP; |
64 | if ((i + j) % 2 == 0) { |
65 | o <<= 8; |
66 | n <<= 8; |
67 | } |
68 | inet_proto_csum_replace2(&tcph->check, skb, htons(o), |
69 | htons(n), 0); |
70 | } |
71 | memset(opt + i, TCPOPT_NOP, optl); |
72 | } |
73 | |
74 | return XT_CONTINUE; |
75 | } |
76 | |
77 | static unsigned int |
78 | tcpoptstrip_tg4(struct sk_buff *skb, const struct xt_target_param *par) |
79 | { |
80 | return tcpoptstrip_mangle_packet(skb, par->targinfo, ip_hdrlen(skb), |
81 | sizeof(struct iphdr) + sizeof(struct tcphdr)); |
82 | } |
83 | |
84 | #if defined(CONFIG_IP6_NF_MANGLE) || defined(CONFIG_IP6_NF_MANGLE_MODULE) |
85 | static unsigned int |
86 | tcpoptstrip_tg6(struct sk_buff *skb, const struct xt_target_param *par) |
87 | { |
88 | struct ipv6hdr *ipv6h = ipv6_hdr(skb); |
89 | int tcphoff; |
90 | u_int8_t nexthdr; |
91 | |
92 | nexthdr = ipv6h->nexthdr; |
93 | tcphoff = ipv6_skip_exthdr(skb, sizeof(*ipv6h), &nexthdr); |
94 | if (tcphoff < 0) |
95 | return NF_DROP; |
96 | |
97 | return tcpoptstrip_mangle_packet(skb, par->targinfo, tcphoff, |
98 | sizeof(*ipv6h) + sizeof(struct tcphdr)); |
99 | } |
100 | #endif |
101 | |
102 | static struct xt_target tcpoptstrip_tg_reg[] __read_mostly = { |
103 | { |
104 | .name = "TCPOPTSTRIP", |
105 | .family = NFPROTO_IPV4, |
106 | .table = "mangle", |
107 | .proto = IPPROTO_TCP, |
108 | .target = tcpoptstrip_tg4, |
109 | .targetsize = sizeof(struct xt_tcpoptstrip_target_info), |
110 | .me = THIS_MODULE, |
111 | }, |
112 | #if defined(CONFIG_IP6_NF_MANGLE) || defined(CONFIG_IP6_NF_MANGLE_MODULE) |
113 | { |
114 | .name = "TCPOPTSTRIP", |
115 | .family = NFPROTO_IPV6, |
116 | .table = "mangle", |
117 | .proto = IPPROTO_TCP, |
118 | .target = tcpoptstrip_tg6, |
119 | .targetsize = sizeof(struct xt_tcpoptstrip_target_info), |
120 | .me = THIS_MODULE, |
121 | }, |
122 | #endif |
123 | }; |
124 | |
125 | static int __init tcpoptstrip_tg_init(void) |
126 | { |
127 | return xt_register_targets(tcpoptstrip_tg_reg, |
128 | ARRAY_SIZE(tcpoptstrip_tg_reg)); |
129 | } |
130 | |
131 | static void __exit tcpoptstrip_tg_exit(void) |
132 | { |
133 | xt_unregister_targets(tcpoptstrip_tg_reg, |
134 | ARRAY_SIZE(tcpoptstrip_tg_reg)); |
135 | } |
136 | |
137 | module_init(tcpoptstrip_tg_init); |
138 | module_exit(tcpoptstrip_tg_exit); |
139 | MODULE_AUTHOR("Sven Schnelle <svens@bitebene.org>, Jan Engelhardt <jengelh@computergmbh.de>"); |
140 | MODULE_DESCRIPTION("Xtables: TCP option stripping"); |
141 | MODULE_LICENSE("GPL"); |
142 | MODULE_ALIAS("ipt_TCPOPTSTRIP"); |
143 | MODULE_ALIAS("ip6t_TCPOPTSTRIP"); |
144 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9