Linux/net/ipv6/netfilter/ip6t

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C)2006 USAGI/WIDE Project 4 * 5 * Author: 6 * Masahide NAKAMURA @USAGI <masahide.nakamura.cz@hitachi.com> 7 * 8 * Based on net/netfilter/xt_tcpudp.c 9 */ 10 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 11 #include <linux/types.h> 12 #include <linux/module.h> 13 #include <net/ip.h> 14 #include <linux/ipv6.h> 15 #include <net/ipv6.h> 16 #include <net/mip6.h> 17 18 #include <linux/netfilter/x_tables.h> 19 #include <linux/netfilter_ipv6/ip6t_mh.h> 20 21 MODULE_DESCRIPTION("Xtables: IPv6 Mobility Header match"); 22 MODULE_LICENSE("GPL"); 23 24 /* Returns 1 if the type is matched by the range, 0 otherwise */ 25 static inline bool 26 type_match(u_int8_t min, u_int8_t max, u_int8_t type, bool invert) 27 { 28 return (type >= min && type <= max) ^ invert; 29 } 30 31 static bool mh_mt6(const struct sk_buff *skb, struct xt_action_param *par) 32 { 33 struct ip6_mh _mh; 34 const struct ip6_mh *mh; 35 const struct ip6t_mh *mhinfo = par->matchinfo; 36 37 /* Must not be a fragment. */ 38 if (par->fragoff != 0) 39 return false; 40 41 mh = skb_header_pointer(skb, par->thoff, sizeof(_mh), &_mh); 42 if (mh == NULL) { 43 /* We've been asked to examine this packet, and we 44 can't. Hence, no choice but to drop. */ 45 pr_debug("Dropping evil MH tinygram.\n"); 46 par->hotdrop = true; 47 return false; 48 } 49 50 if (mh->ip6mh_proto != IPPROTO_NONE) { 51 pr_debug("Dropping invalid MH Payload Proto: %u\n", 52 mh->ip6mh_proto); 53 par->hotdrop = true; 54 return false; 55 } 56 57 return type_match(mhinfo->types[0], mhinfo->types[1], mh->ip6mh_type, 58 !!(mhinfo->invflags & IP6T_MH_INV_TYPE)); 59 } 60 61 static int mh_mt6_check(const struct xt_mtchk_param *par) 62 { 63 const struct ip6t_mh *mhinfo = par->matchinfo; 64 65 /* Must specify no unknown invflags */ 66 return (mhinfo->invflags & ~IP6T_MH_INV_MASK) ? -EINVAL : 0; 67 } 68 69 static struct xt_match mh_mt6_reg __read_mostly = { 70 .name = "mh", 71 .family = NFPROTO_IPV6, 72 .checkentry = mh_mt6_check, 73 .match = mh_mt6, 74 .matchsize = sizeof(struct ip6t_mh), 75 .proto = IPPROTO_MH, 76 .me = THIS_MODULE, 77 }; 78 79 static int __init mh_mt6_init(void) 80 { 81 return xt_register_match(&mh_mt6_reg); 82 } 83 84 static void __exit mh_mt6_exit(void) 85 { 86 xt_unregister_match(&mh_mt6_reg); 87 } 88 89 module_init(mh_mt6_init); 90 module_exit(mh_mt6_exit); 91

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/net/ipv6/netfilter/ip6t_mh.c

TOMOYO Linux Cross Reference
Linux/net/ipv6/netfilter/ip6t_mh.c