• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Hop Limit modification target for ip6tables
3  * Maciej Soltysiak <solt@dns.toxicfilms.tv>
4  * Based on HW's TTL module
5  *
6  * This software is distributed under the terms of GNU GPL
7  */
8 
9 #include <linux/module.h>
10 #include <linux/skbuff.h>
11 #include <linux/ip.h>
12 #include <linux/ipv6.h>
13 
14 #include <linux/netfilter/x_tables.h>
15 #include <linux/netfilter_ipv6/ip6t_HL.h>
16 
17 MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
18 MODULE_DESCRIPTION("Xtables: IPv6 Hop Limit field modification target");
19 MODULE_LICENSE("GPL");
20 
21 static unsigned int
hl_tg6(struct sk_buff * skb,const struct xt_target_param * par)22 hl_tg6(struct sk_buff *skb, const struct xt_target_param *par)
23 {
24 	struct ipv6hdr *ip6h;
25 	const struct ip6t_HL_info *info = par->targinfo;
26 	int new_hl;
27 
28 	if (!skb_make_writable(skb, skb->len))
29 		return NF_DROP;
30 
31 	ip6h = ipv6_hdr(skb);
32 
33 	switch (info->mode) {
34 		case IP6T_HL_SET:
35 			new_hl = info->hop_limit;
36 			break;
37 		case IP6T_HL_INC:
38 			new_hl = ip6h->hop_limit + info->hop_limit;
39 			if (new_hl > 255)
40 				new_hl = 255;
41 			break;
42 		case IP6T_HL_DEC:
43 			new_hl = ip6h->hop_limit - info->hop_limit;
44 			if (new_hl < 0)
45 				new_hl = 0;
46 			break;
47 		default:
48 			new_hl = ip6h->hop_limit;
49 			break;
50 	}
51 
52 	ip6h->hop_limit = new_hl;
53 
54 	return XT_CONTINUE;
55 }
56 
hl_tg6_check(const struct xt_tgchk_param * par)57 static bool hl_tg6_check(const struct xt_tgchk_param *par)
58 {
59 	const struct ip6t_HL_info *info = par->targinfo;
60 
61 	if (info->mode > IP6T_HL_MAXMODE) {
62 		printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
63 			info->mode);
64 		return false;
65 	}
66 	if (info->mode != IP6T_HL_SET && info->hop_limit == 0) {
67 		printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
68 			"make sense with value 0\n");
69 		return false;
70 	}
71 	return true;
72 }
73 
74 static struct xt_target hl_tg6_reg __read_mostly = {
75 	.name 		= "HL",
76 	.family		= NFPROTO_IPV6,
77 	.target		= hl_tg6,
78 	.targetsize	= sizeof(struct ip6t_HL_info),
79 	.table		= "mangle",
80 	.checkentry	= hl_tg6_check,
81 	.me		= THIS_MODULE
82 };
83 
hl_tg6_init(void)84 static int __init hl_tg6_init(void)
85 {
86 	return xt_register_target(&hl_tg6_reg);
87 }
88 
hl_tg6_exit(void)89 static void __exit hl_tg6_exit(void)
90 {
91 	xt_unregister_target(&hl_tg6_reg);
92 }
93 
94 module_init(hl_tg6_init);
95 module_exit(hl_tg6_exit);
96