1/* Kernel module to match packet length. */ 2/* (C) 1999-2001 James Morris <jmorros@intercode.com.au> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License version 2 as 6 * published by the Free Software Foundation. 7 */ 8 9#include <linux/module.h> 10#include <linux/skbuff.h> 11#include <linux/ipv6.h> 12#include <net/ip.h> 13 14#include <linux/netfilter/xt_length.h> 15#include <linux/netfilter/x_tables.h> 16 17MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>"); 18MODULE_DESCRIPTION("Xtables: Packet length (Layer3,4,5) match"); 19MODULE_LICENSE("GPL"); 20MODULE_ALIAS("ipt_length"); 21MODULE_ALIAS("ip6t_length"); 22 23static bool 24length_mt(const struct sk_buff *skb, struct xt_action_param *par) 25{ 26 const struct xt_length_info *info = par->matchinfo; 27 u_int16_t pktlen = ntohs(ip_hdr(skb)->tot_len); 28 29 return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; 30} 31 32static bool 33length_mt6(const struct sk_buff *skb, struct xt_action_param *par) 34{ 35 const struct xt_length_info *info = par->matchinfo; 36 const u_int16_t pktlen = ntohs(ipv6_hdr(skb)->payload_len) + 37 sizeof(struct ipv6hdr); 38 39 return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; 40} 41 42static struct xt_match length_mt_reg[] __read_mostly = { 43 { 44 .name = "length", 45 .family = NFPROTO_IPV4, 46 .match = length_mt, 47 .matchsize = sizeof(struct xt_length_info), 48 .me = THIS_MODULE, 49 }, 50 { 51 .name = "length", 52 .family = NFPROTO_IPV6, 53 .match = length_mt6, 54 .matchsize = sizeof(struct xt_length_info), 55 .me = THIS_MODULE, 56 }, 57}; 58 59static int __init length_mt_init(void) 60{ 61 return xt_register_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg)); 62} 63 64static void __exit length_mt_exit(void) 65{ 66 xt_unregister_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg)); 67} 68 69module_init(length_mt_init); 70module_exit(length_mt_exit); 71