[deliverable/linux.git] / net / netfilter / ipset / ip_set_getport.c

/* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */

/* Get Layer-4 data from the packets */

#include <linux/ip.h>
#include <linux/skbuff.h>
#include <linux/icmp.h>
#include <linux/icmpv6.h>
#include <linux/sctp.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
#include <net/ip.h>
#include <net/ipv6.h>

#include <linux/netfilter/ipset/ip_set_getport.h>
#include <linux/export.h>

/* We must handle non-linear skbs */
static bool
get_port(const struct sk_buff *skb, int protocol, unsigned int protooff,
	 bool src, __be16 *port, u8 *proto)
{
	switch (protocol) {
	case IPPROTO_TCP: {
		struct tcphdr _tcph;
		const struct tcphdr *th;

		th = skb_header_pointer(skb, protooff, sizeof(_tcph), &_tcph);
		if (th == NULL)
			/* No choice either */
			return false;

		*port = src ? th->source : th->dest;
		break;
	}
	case IPPROTO_SCTP: {
		sctp_sctphdr_t _sh;
		const sctp_sctphdr_t *sh;

		sh = skb_header_pointer(skb, protooff, sizeof(_sh), &_sh);
		if (sh == NULL)
			/* No choice either */
			return false;

		*port = src ? sh->source : sh->dest;
		break;
	}
	case IPPROTO_UDP:
	case IPPROTO_UDPLITE: {
		struct udphdr _udph;
		const struct udphdr *uh;

		uh = skb_header_pointer(skb, protooff, sizeof(_udph), &_udph);
		if (uh == NULL)
			/* No choice either */
			return false;

		*port = src ? uh->source : uh->dest;
		break;
	}
	case IPPROTO_ICMP: {
		struct icmphdr _ich;
		const struct icmphdr *ic;

		ic = skb_header_pointer(skb, protooff, sizeof(_ich), &_ich);
		if (ic == NULL)
			return false;

		*port = (__force __be16)htons((ic->type << 8) | ic->code);
		break;
	}
	case IPPROTO_ICMPV6: {
		struct icmp6hdr _ich;
		const struct icmp6hdr *ic;

		ic = skb_header_pointer(skb, protooff, sizeof(_ich), &_ich);
		if (ic == NULL)
			return false;

		*port = (__force __be16)
			htons((ic->icmp6_type << 8) | ic->icmp6_code);
		break;
	}
	default:
		break;
	}
	*proto = protocol;

	return true;
}

bool
ip_set_get_ip4_port(const struct sk_buff *skb, bool src,
		    __be16 *port, u8 *proto)
{
	const struct iphdr *iph = ip_hdr(skb);
	unsigned int protooff = ip_hdrlen(skb);
	int protocol = iph->protocol;

	/* See comments at tcp_match in ip_tables.c */
	if (protocol <= 0 || (ntohs(iph->frag_off) & IP_OFFSET))
		return false;

	return get_port(skb, protocol, protooff, src, port, proto);
}
EXPORT_SYMBOL_GPL(ip_set_get_ip4_port);

#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
bool
ip_set_get_ip6_port(const struct sk_buff *skb, bool src,
		    __be16 *port, u8 *proto)
{
	int protoff;
	u8 nexthdr;
	__be16 frag_off = 0;

	nexthdr = ipv6_hdr(skb)->nexthdr;
	protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr,
				   &frag_off);
	if (protoff < 0 || (frag_off & htons(~0x7)) != 0)
		return false;

	return get_port(skb, nexthdr, protoff, src, port, proto);
}
EXPORT_SYMBOL_GPL(ip_set_get_ip6_port);
#endif

bool
ip_set_get_ip_port(const struct sk_buff *skb, u8 pf, bool src, __be16 *port)
{
	bool ret;
	u8 proto;

	switch (pf) {
	case NFPROTO_IPV4:
		ret = ip_set_get_ip4_port(skb, src, port, &proto);
		break;
	case NFPROTO_IPV6:
		ret = ip_set_get_ip6_port(skb, src, port, &proto);
		break;
	default:
		return false;
	}
	if (!ret)
		return ret;
	switch (proto) {
	case IPPROTO_TCP:
	case IPPROTO_UDP:
		return true;
	default:
		return false;
	}
}
EXPORT_SYMBOL_GPL(ip_set_get_ip_port);
Commit	Line	Data
a7b4f989 JK	1	/* Copyright (C) 2003-2011 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	2	*
	3	* This program is free software; you can redistribute it and/or modify
	4	* it under the terms of the GNU General Public License version 2 as
	5	* published by the Free Software Foundation.
	6	*/
	7
	8	/* Get Layer-4 data from the packets */
	9
	10	#include <linux/ip.h>
	11	#include <linux/skbuff.h>
	12	#include <linux/icmp.h>
	13	#include <linux/icmpv6.h>
91eb7c08	14	#include <linux/sctp.h>
a7b4f989 JK	15	#include <linux/netfilter_ipv6/ip6_tables.h>
a7b4f989 JK	16	#include <net/ip.h>
724bab47	17	#include <net/ipv6.h>
a7b4f989 JK	18
a7b4f989 JK	19	#include <linux/netfilter/ipset/ip_set_getport.h>
bc3b2d7f	20	#include <linux/export.h>
a7b4f989 JK	21
	22	/* We must handle non-linear skbs */
	23	static bool
	24	get_port(const struct sk_buff *skb, int protocol, unsigned int protooff,
	25	bool src, __be16 port, u8 proto)
	26	{
	27	switch (protocol) {
	28	case IPPROTO_TCP: {
	29	struct tcphdr _tcph;
	30	const struct tcphdr *th;
	31
	32	th = skb_header_pointer(skb, protooff, sizeof(_tcph), &_tcph);
	33	if (th == NULL)
	34	/* No choice either */
	35	return false;
	36
	37	*port = src ? th->source : th->dest;
	38	break;
	39	}
91eb7c08 JK	40	case IPPROTO_SCTP: {
	41	sctp_sctphdr_t _sh;
	42	const sctp_sctphdr_t *sh;
	43
	44	sh = skb_header_pointer(skb, protooff, sizeof(_sh), &_sh);
	45	if (sh == NULL)
	46	/* No choice either */
	47	return false;
	48
	49	*port = src ? sh->source : sh->dest;
	50	break;
	51	}
	52	case IPPROTO_UDP:
	53	case IPPROTO_UDPLITE: {
a7b4f989 JK	54	struct udphdr _udph;
	55	const struct udphdr *uh;
	56
	57	uh = skb_header_pointer(skb, protooff, sizeof(_udph), &_udph);
	58	if (uh == NULL)
	59	/* No choice either */
	60	return false;
	61
	62	*port = src ? uh->source : uh->dest;
	63	break;
	64	}
	65	case IPPROTO_ICMP: {
	66	struct icmphdr _ich;
	67	const struct icmphdr *ic;
	68
	69	ic = skb_header_pointer(skb, protooff, sizeof(_ich), &_ich);
	70	if (ic == NULL)
	71	return false;
	72
	73	*port = (__force __be16)htons((ic->type << 8) \| ic->code);
	74	break;
	75	}
	76	case IPPROTO_ICMPV6: {
	77	struct icmp6hdr _ich;
	78	const struct icmp6hdr *ic;
	79
	80	ic = skb_header_pointer(skb, protooff, sizeof(_ich), &_ich);
	81	if (ic == NULL)
	82	return false;
	83
	84	*port = (__force __be16)
	85	htons((ic->icmp6_type << 8) \| ic->icmp6_code);
	86	break;
	87	}
	88	default:
	89	break;
	90	}
	91	*proto = protocol;
	92
	93	return true;
	94	}
	95
	96	bool
	97	ip_set_get_ip4_port(const struct sk_buff *skb, bool src,
	98	__be16 port, u8 proto)
	99	{
	100	const struct iphdr *iph = ip_hdr(skb);
	101	unsigned int protooff = ip_hdrlen(skb);
	102	int protocol = iph->protocol;
	103
	104	/* See comments at tcp_match in ip_tables.c */
	105	if (protocol <= 0 \|\| (ntohs(iph->frag_off) & IP_OFFSET))
	106	return false;
	107
	108	return get_port(skb, protocol, protooff, src, port, proto);
	109	}
	110	EXPORT_SYMBOL_GPL(ip_set_get_ip4_port);
	111
c0cd1156	112	#if IS_ENABLED(CONFIG_IP6_NF_IPTABLES)
a7b4f989 JK	113	bool
	114	ip_set_get_ip6_port(const struct sk_buff *skb, bool src,
	115	__be16 port, u8 proto)
	116	{
724bab47 PM	117	int protoff;
724bab47 PM	118	u8 nexthdr;
55524c21	119	__be16 frag_off = 0;
a7b4f989	120
724bab47	121	nexthdr = ipv6_hdr(skb)->nexthdr;
75f2811c JG	122	protoff = ipv6_skip_exthdr(skb, sizeof(struct ipv6hdr), &nexthdr,
75f2811c JG	123	&frag_off);
55524c21	124	if (protoff < 0 \|\| (frag_off & htons(~0x7)) != 0)
a7b4f989 JK	125	return false;
a7b4f989 JK	126
724bab47	127	return get_port(skb, nexthdr, protoff, src, port, proto);
a7b4f989 JK	128	}
a7b4f989 JK	129	EXPORT_SYMBOL_GPL(ip_set_get_ip6_port);
724bab47	130	#endif
a7b4f989 JK	131
	132	bool
	133	ip_set_get_ip_port(const struct sk_buff skb, u8 pf, bool src, __be16 port)
	134	{
	135	bool ret;
	136	u8 proto;
	137
	138	switch (pf) {
c15f1c83	139	case NFPROTO_IPV4:
a7b4f989	140	ret = ip_set_get_ip4_port(skb, src, port, &proto);
316ed388	141	break;
c15f1c83	142	case NFPROTO_IPV6:
a7b4f989	143	ret = ip_set_get_ip6_port(skb, src, port, &proto);
316ed388	144	break;
a7b4f989 JK	145	default:
	146	return false;
	147	}
	148	if (!ret)
	149	return ret;
	150	switch (proto) {
	151	case IPPROTO_TCP:
	152	case IPPROTO_UDP:
	153	return true;
	154	default:
	155	return false;
	156	}
	157	}
	158	EXPORT_SYMBOL_GPL(ip_set_get_ip_port);