1/* Kernel module to match EUI64 address parameters. */ 2 3/* (C) 2001-2002 Andras Kis-Szabo <kisza@sch.bme.hu> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 */ 9 10#include <linux/module.h> 11#include <linux/skbuff.h> 12#include <linux/ipv6.h> 13#include <linux/if_ether.h> 14 15#include <linux/netfilter/x_tables.h> 16#include <linux/netfilter_ipv6/ip6_tables.h> 17 18MODULE_DESCRIPTION("Xtables: IPv6 EUI64 address match"); 19MODULE_LICENSE("GPL"); 20MODULE_AUTHOR("Andras Kis-Szabo <kisza@sch.bme.hu>"); 21 22static bool 23eui64_mt6(const struct sk_buff *skb, struct xt_action_param *par) 24{ 25 unsigned char eui64[8]; 26 27 if (!(skb_mac_header(skb) >= skb->head && 28 skb_mac_header(skb) + ETH_HLEN <= skb->data) && 29 par->fragoff != 0) { 30 par->hotdrop = true; 31 return false; 32 } 33 34 memset(eui64, 0, sizeof(eui64)); 35 36 if (eth_hdr(skb)->h_proto == htons(ETH_P_IPV6)) { 37 if (ipv6_hdr(skb)->version == 0x6) { 38 memcpy(eui64, eth_hdr(skb)->h_source, 3); 39 memcpy(eui64 + 5, eth_hdr(skb)->h_source + 3, 3); 40 eui64[3] = 0xff; 41 eui64[4] = 0xfe; 42 eui64[0] ^= 0x02; 43 44 if (!memcmp(ipv6_hdr(skb)->saddr.s6_addr + 8, eui64, 45 sizeof(eui64))) 46 return true; 47 } 48 } 49 50 return false; 51} 52 53static struct xt_match eui64_mt6_reg __read_mostly = { 54 .name = "eui64", 55 .family = NFPROTO_IPV6, 56 .match = eui64_mt6, 57 .matchsize = sizeof(int), 58 .hooks = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_IN) | 59 (1 << NF_INET_FORWARD), 60 .me = THIS_MODULE, 61}; 62 63static int __init eui64_mt6_init(void) 64{ 65 return xt_register_match(&eui64_mt6_reg); 66} 67 68static void __exit eui64_mt6_exit(void) 69{ 70 xt_unregister_match(&eui64_mt6_reg); 71} 72 73module_init(eui64_mt6_init); 74module_exit(eui64_mt6_exit); 75