This source file includes following definitions.
- length_mt
- length_mt6
- length_mt_init
- length_mt_exit
1
2
3
4
5
6 #include <linux/module.h>
7 #include <linux/skbuff.h>
8 #include <linux/ipv6.h>
9 #include <net/ip.h>
10
11 #include <linux/netfilter/xt_length.h>
12 #include <linux/netfilter/x_tables.h>
13
14 MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>");
15 MODULE_DESCRIPTION("Xtables: Packet length (Layer3,4,5) match");
16 MODULE_LICENSE("GPL");
17 MODULE_ALIAS("ipt_length");
18 MODULE_ALIAS("ip6t_length");
19
20 static bool
21 length_mt(const struct sk_buff *skb, struct xt_action_param *par)
22 {
23 const struct xt_length_info *info = par->matchinfo;
24 u_int16_t pktlen = ntohs(ip_hdr(skb)->tot_len);
25
26 return (pktlen >= info->min && pktlen <= info->max) ^ info->invert;
27 }
28
29 static bool
30 length_mt6(const struct sk_buff *skb, struct xt_action_param *par)
31 {
32 const struct xt_length_info *info = par->matchinfo;
33 const u_int16_t pktlen = ntohs(ipv6_hdr(skb)->payload_len) +
34 sizeof(struct ipv6hdr);
35
36 return (pktlen >= info->min && pktlen <= info->max) ^ info->invert;
37 }
38
39 static struct xt_match length_mt_reg[] __read_mostly = {
40 {
41 .name = "length",
42 .family = NFPROTO_IPV4,
43 .match = length_mt,
44 .matchsize = sizeof(struct xt_length_info),
45 .me = THIS_MODULE,
46 },
47 {
48 .name = "length",
49 .family = NFPROTO_IPV6,
50 .match = length_mt6,
51 .matchsize = sizeof(struct xt_length_info),
52 .me = THIS_MODULE,
53 },
54 };
55
56 static int __init length_mt_init(void)
57 {
58 return xt_register_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg));
59 }
60
61 static void __exit length_mt_exit(void)
62 {
63 xt_unregister_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg));
64 }
65
66 module_init(length_mt_init);
67 module_exit(length_mt_exit);