Root/
1 | /* Kernel module to match TCP MSS values. */ |
2 | |
3 | /* Copyright (C) 2000 Marc Boucher <marc@mbsi.ca> |
4 | * Portions (C) 2005 by Harald Welte <laforge@netfilter.org> |
5 | * |
6 | * This program is free software; you can redistribute it and/or modify |
7 | * it under the terms of the GNU General Public License version 2 as |
8 | * published by the Free Software Foundation. |
9 | */ |
10 | |
11 | #include <linux/module.h> |
12 | #include <linux/skbuff.h> |
13 | #include <net/tcp.h> |
14 | |
15 | #include <linux/netfilter/xt_tcpmss.h> |
16 | #include <linux/netfilter/x_tables.h> |
17 | |
18 | #include <linux/netfilter_ipv4/ip_tables.h> |
19 | #include <linux/netfilter_ipv6/ip6_tables.h> |
20 | |
21 | MODULE_LICENSE("GPL"); |
22 | MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); |
23 | MODULE_DESCRIPTION("Xtables: TCP MSS match"); |
24 | MODULE_ALIAS("ipt_tcpmss"); |
25 | MODULE_ALIAS("ip6t_tcpmss"); |
26 | |
27 | static bool |
28 | tcpmss_mt(const struct sk_buff *skb, struct xt_action_param *par) |
29 | { |
30 | const struct xt_tcpmss_match_info *info = par->matchinfo; |
31 | const struct tcphdr *th; |
32 | struct tcphdr _tcph; |
33 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ |
34 | const u_int8_t *op; |
35 | u8 _opt[15 * 4 - sizeof(_tcph)]; |
36 | unsigned int i, optlen; |
37 | |
38 | /* If we don't have the whole header, drop packet. */ |
39 | th = skb_header_pointer(skb, par->thoff, sizeof(_tcph), &_tcph); |
40 | if (th == NULL) |
41 | goto dropit; |
42 | |
43 | /* Malformed. */ |
44 | if (th->doff*4 < sizeof(*th)) |
45 | goto dropit; |
46 | |
47 | optlen = th->doff*4 - sizeof(*th); |
48 | if (!optlen) |
49 | goto out; |
50 | |
51 | /* Truncated options. */ |
52 | op = skb_header_pointer(skb, par->thoff + sizeof(*th), optlen, _opt); |
53 | if (op == NULL) |
54 | goto dropit; |
55 | |
56 | for (i = 0; i < optlen; ) { |
57 | if (op[i] == TCPOPT_MSS |
58 | && (optlen - i) >= TCPOLEN_MSS |
59 | && op[i+1] == TCPOLEN_MSS) { |
60 | u_int16_t mssval; |
61 | |
62 | mssval = (op[i+2] << 8) | op[i+3]; |
63 | |
64 | return (mssval >= info->mss_min && |
65 | mssval <= info->mss_max) ^ info->invert; |
66 | } |
67 | if (op[i] < 2) |
68 | i++; |
69 | else |
70 | i += op[i+1] ? : 1; |
71 | } |
72 | out: |
73 | return info->invert; |
74 | |
75 | dropit: |
76 | par->hotdrop = true; |
77 | return false; |
78 | } |
79 | |
80 | static struct xt_match tcpmss_mt_reg[] __read_mostly = { |
81 | { |
82 | .name = "tcpmss", |
83 | .family = NFPROTO_IPV4, |
84 | .match = tcpmss_mt, |
85 | .matchsize = sizeof(struct xt_tcpmss_match_info), |
86 | .proto = IPPROTO_TCP, |
87 | .me = THIS_MODULE, |
88 | }, |
89 | { |
90 | .name = "tcpmss", |
91 | .family = NFPROTO_IPV6, |
92 | .match = tcpmss_mt, |
93 | .matchsize = sizeof(struct xt_tcpmss_match_info), |
94 | .proto = IPPROTO_TCP, |
95 | .me = THIS_MODULE, |
96 | }, |
97 | }; |
98 | |
99 | static int __init tcpmss_mt_init(void) |
100 | { |
101 | return xt_register_matches(tcpmss_mt_reg, ARRAY_SIZE(tcpmss_mt_reg)); |
102 | } |
103 | |
104 | static void __exit tcpmss_mt_exit(void) |
105 | { |
106 | xt_unregister_matches(tcpmss_mt_reg, ARRAY_SIZE(tcpmss_mt_reg)); |
107 | } |
108 | |
109 | module_init(tcpmss_mt_init); |
110 | module_exit(tcpmss_mt_exit); |
111 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9