Commit | Line | Data |
---|---|---|
0ca743a5 PNA |
1 | #ifndef _NF_TABLES_IPV4_H_ |
2 | #define _NF_TABLES_IPV4_H_ | |
3 | ||
4 | #include <net/netfilter/nf_tables.h> | |
5 | #include <net/ip.h> | |
6 | ||
7 | static inline void | |
8 | nft_set_pktinfo_ipv4(struct nft_pktinfo *pkt, | |
0ca743a5 | 9 | struct sk_buff *skb, |
073bfd56 | 10 | const struct nf_hook_state *state) |
0ca743a5 PNA |
11 | { |
12 | struct iphdr *ip; | |
13 | ||
6aa187f2 | 14 | nft_set_pktinfo(pkt, skb, state); |
0ca743a5 | 15 | |
0ca743a5 | 16 | ip = ip_hdr(pkt->skb); |
beac5afa | 17 | pkt->tprot_set = true; |
4566bf27 PM |
18 | pkt->tprot = ip->protocol; |
19 | pkt->xt.thoff = ip_hdrlen(pkt->skb); | |
0ca743a5 PNA |
20 | pkt->xt.fragoff = ntohs(ip->frag_off) & IP_OFFSET; |
21 | } | |
22 | ||
ddc8b602 PNA |
23 | static inline int |
24 | __nft_set_pktinfo_ipv4_validate(struct nft_pktinfo *pkt, | |
25 | struct sk_buff *skb, | |
26 | const struct nf_hook_state *state) | |
27 | { | |
28 | struct iphdr *iph, _iph; | |
29 | u32 len, thoff; | |
30 | ||
31 | iph = skb_header_pointer(skb, skb_network_offset(skb), sizeof(*iph), | |
32 | &_iph); | |
33 | if (!iph) | |
34 | return -1; | |
35 | ||
ddc8b602 PNA |
36 | if (iph->ihl < 5 || iph->version != 4) |
37 | return -1; | |
38 | ||
39 | len = ntohs(iph->tot_len); | |
40 | thoff = iph->ihl * 4; | |
41 | if (skb->len < len) | |
42 | return -1; | |
43 | else if (len < thoff) | |
44 | return -1; | |
45 | ||
46 | pkt->tprot_set = true; | |
47 | pkt->tprot = iph->protocol; | |
48 | pkt->xt.thoff = thoff; | |
49 | pkt->xt.fragoff = ntohs(iph->frag_off) & IP_OFFSET; | |
50 | ||
51 | return 0; | |
52 | } | |
53 | ||
54 | static inline void | |
55 | nft_set_pktinfo_ipv4_validate(struct nft_pktinfo *pkt, | |
56 | struct sk_buff *skb, | |
57 | const struct nf_hook_state *state) | |
58 | { | |
59 | nft_set_pktinfo(pkt, skb, state); | |
60 | if (__nft_set_pktinfo_ipv4_validate(pkt, skb, state) < 0) | |
61 | nft_set_pktinfo_proto_unspec(pkt, skb); | |
62 | } | |
63 | ||
1d49144c PM |
64 | extern struct nft_af_info nft_af_ipv4; |
65 | ||
0ca743a5 | 66 | #endif |