1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
/*
* Hop Limit modification target for ip6tables
* Maciej Soltysiak <solt@dns.toxicfilms.tv>
* Based on HW's TTL module
*
* This software is distributed under the terms of GNU GPL
*/
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/netfilter_ipv6/ip6_tables.h>
#include <linux/netfilter_ipv6/ip6t_HL.h>
MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
MODULE_DESCRIPTION("IP tables Hop Limit modification module");
MODULE_LICENSE("GPL");
static unsigned int ip6t_hl_target(struct sk_buff **pskb,
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
const void *targinfo, void *userinfo)
{
struct ipv6hdr *ip6h;
const struct ip6t_HL_info *info = targinfo;
u_int16_t diffs[2];
int new_hl;
if (!skb_make_writable(pskb, (*pskb)->len))
return NF_DROP;
ip6h = (*pskb)->nh.ipv6h;
switch (info->mode) {
case IP6T_HL_SET:
new_hl = info->hop_limit;
break;
case IP6T_HL_INC:
new_hl = ip6h->hop_limit + info->hop_limit;
if (new_hl > 255)
new_hl = 255;
break;
case IP6T_HL_DEC:
new_hl = ip6h->hop_limit - info->hop_limit;
if (new_hl < 0)
new_hl = 0;
break;
default:
new_hl = ip6h->hop_limit;
break;
}
if (new_hl != ip6h->hop_limit) {
diffs[0] = htons(((unsigned)ip6h->hop_limit) << 8) ^ 0xFFFF;
ip6h->hop_limit = new_hl;
diffs[1] = htons(((unsigned)ip6h->hop_limit) << 8);
}
return IP6T_CONTINUE;
}
static int ip6t_hl_checkentry(const char *tablename,
const void *entry,
const struct xt_target *target,
void *targinfo,
unsigned int targinfosize,
unsigned int hook_mask)
{
struct ip6t_HL_info *info = targinfo;
if (info->mode > IP6T_HL_MAXMODE) {
printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
info->mode);
return 0;
}
if ((info->mode != IP6T_HL_SET) && (info->hop_limit == 0)) {
printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
"make sense with value 0\n");
return 0;
}
return 1;
}
static struct ip6t_target ip6t_HL = {
.name = "HL",
.target = ip6t_hl_target,
.targetsize = sizeof(struct ip6t_HL_info),
.table = "mangle",
.checkentry = ip6t_hl_checkentry,
.me = THIS_MODULE
};
static int __init ip6t_hl_init(void)
{
return ip6t_register_target(&ip6t_HL);
}
static void __exit ip6t_hl_fini(void)
{
ip6t_unregister_target(&ip6t_HL);
}
module_init(ip6t_hl_init);
module_exit(ip6t_hl_fini);
|
