net/ipv6/netfilter/ip6t_HL.c

   1 /*
   2  * Hop Limit modification target for ip6tables
   3  * Maciej Soltysiak <solt@dns.toxicfilms.tv>
   4  * Based on HW's TTL module
   5  *
   6  * This software is distributed under the terms of GNU GPL
   7  */
   8
   9 #include <linux/module.h>
  10 #include <linux/skbuff.h>
  11 #include <linux/ip.h>
  12
  13 #include <linux/netfilter_ipv6/ip6_tables.h>
  14 #include <linux/netfilter_ipv6/ip6t_HL.h>
  15
  16 MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
  17 MODULE_DESCRIPTION("IP tables Hop Limit modification module");
  18 MODULE_LICENSE("GPL");
  19
  20 static unsigned int ip6t_hl_target(struct sk_buff **pskb,
  21                                    const struct net_device *in,
  22                                    const struct net_device *out,
  23                                    unsigned int hooknum,
  24                                    const struct xt_target *target,
  25                                    const void *targinfo, void *userinfo)
  26 {
  27         struct ipv6hdr *ip6h;
  28         const struct ip6t_HL_info *info = targinfo;
  29         u_int16_t diffs[2];
  30         int new_hl;
  31
  32         if (!skb_make_writable(pskb, (*pskb)->len))
  33                 return NF_DROP;
  34
  35         ip6h = (*pskb)->nh.ipv6h;
  36
  37         switch (info->mode) {
  38                 case IP6T_HL_SET:
  39                         new_hl = info->hop_limit;
  40                         break;
  41                 case IP6T_HL_INC:
  42                         new_hl = ip6h->hop_limit + info->hop_limit;
  43                         if (new_hl > 255)
  44                                 new_hl = 255;
  45                         break;
  46                 case IP6T_HL_DEC:
  47                         new_hl = ip6h->hop_limit - info->hop_limit;
  48                         if (new_hl < 0)
  49                                 new_hl = 0;
  50                         break;
  51                 default:
  52                         new_hl = ip6h->hop_limit;
  53                         break;
  54         }
  55
  56         if (new_hl != ip6h->hop_limit) {
  57                 diffs[0] = htons(((unsigned)ip6h->hop_limit) << 8) ^ 0xFFFF;
  58                 ip6h->hop_limit = new_hl;
  59                 diffs[1] = htons(((unsigned)ip6h->hop_limit) << 8);
  60         }
  61
  62         return IP6T_CONTINUE;
  63 }
  64
  65 static int ip6t_hl_checkentry(const char *tablename,
  66                 const void *entry,
  67                 const struct xt_target *target,
  68                 void *targinfo,
  69                 unsigned int targinfosize,
  70                 unsigned int hook_mask)
  71 {
  72         struct ip6t_HL_info *info = targinfo;
  73
  74         if (info->mode > IP6T_HL_MAXMODE) {
  75                 printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
  76                         info->mode);
  77                 return 0;
  78         }
  79         if ((info->mode != IP6T_HL_SET) && (info->hop_limit == 0)) {
  80                 printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
  81                         "make sense with value 0\n");
  82                 return 0;
  83         }
  84         return 1;
  85 }
  86
  87 static struct ip6t_target ip6t_HL = {
  88         .name           = "HL",
  89         .target         = ip6t_hl_target,
  90         .targetsize     = sizeof(struct ip6t_HL_info),
  91         .table          = "mangle",
  92         .checkentry     = ip6t_hl_checkentry,
  93         .me             = THIS_MODULE
  94 };
  95
  96 static int __init init(void)
  97 {
  98         return ip6t_register_target(&ip6t_HL);
  99 }
 100
 101 static void __exit fini(void)
 102 {
 103         ip6t_unregister_target(&ip6t_HL);
 104 }
 105
 106 module_init(init);
 107 module_exit(fini);