[deliverable/linux.git] / net / ipv4 / netfilter / ipt_TTL.c

/* TTL modification target for IP tables
 * (C) 2000,2005 by Harald Welte <laforge@netfilter.org>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 */

#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <net/checksum.h>

#include <linux/netfilter/x_tables.h>
#include <linux/netfilter_ipv4/ipt_TTL.h>

MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
MODULE_DESCRIPTION("IP tables TTL modification module");
MODULE_LICENSE("GPL");

static unsigned int
ipt_ttl_target(struct sk_buff *skb,
	       const struct net_device *in, const struct net_device *out,
	       unsigned int hooknum, const struct xt_target *target,
	       const void *targinfo)
{
	struct iphdr *iph;
	const struct ipt_TTL_info *info = targinfo;
	int new_ttl;

	if (!skb_make_writable(skb, skb->len))
		return NF_DROP;

	iph = ip_hdr(skb);

	switch (info->mode) {
		case IPT_TTL_SET:
			new_ttl = info->ttl;
			break;
		case IPT_TTL_INC:
			new_ttl = iph->ttl + info->ttl;
			if (new_ttl > 255)
				new_ttl = 255;
			break;
		case IPT_TTL_DEC:
			new_ttl = iph->ttl - info->ttl;
			if (new_ttl < 0)
				new_ttl = 0;
			break;
		default:
			new_ttl = iph->ttl;
			break;
	}

	if (new_ttl != iph->ttl) {
		nf_csum_replace2(&iph->check, htons(iph->ttl << 8),
					      htons(new_ttl << 8));
		iph->ttl = new_ttl;
	}

	return XT_CONTINUE;
}

static bool ipt_ttl_checkentry(const char *tablename,
		const void *e,
		const struct xt_target *target,
		void *targinfo,
		unsigned int hook_mask)
{
	const struct ipt_TTL_info *info = targinfo;

	if (info->mode > IPT_TTL_MAXMODE) {
		printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n",
			info->mode);
		return false;
	}
	if (info->mode != IPT_TTL_SET && info->ttl == 0)
		return false;
	return true;
}

static struct xt_target ipt_TTL __read_mostly = {
	.name 		= "TTL",
	.family		= AF_INET,
	.target 	= ipt_ttl_target,
	.targetsize	= sizeof(struct ipt_TTL_info),
	.table		= "mangle",
	.checkentry 	= ipt_ttl_checkentry,
	.me 		= THIS_MODULE,
};

static int __init ipt_ttl_init(void)
{
	return xt_register_target(&ipt_TTL);
}

static void __exit ipt_ttl_fini(void)
{
	xt_unregister_target(&ipt_TTL);
}

module_init(ipt_ttl_init);
module_exit(ipt_ttl_fini);
Commit	Line	Data
5f2c3b91 HW	1	/* TTL modification target for IP tables
	2	* (C) 2000,2005 by Harald Welte <laforge@netfilter.org>
	3	*
	4	* This program is free software; you can redistribute it and/or modify
	5	* it under the terms of the GNU General Public License version 2 as
	6	* published by the Free Software Foundation.
	7	*
	8	*/
	9
	10	#include <linux/module.h>
	11	#include <linux/skbuff.h>
	12	#include <linux/ip.h>
	13	#include <net/checksum.h>
	14
6709dbbb	15	#include <linux/netfilter/x_tables.h>
5f2c3b91 HW	16	#include <linux/netfilter_ipv4/ipt_TTL.h>
	17
	18	MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
	19	MODULE_DESCRIPTION("IP tables TTL modification module");
	20	MODULE_LICENSE("GPL");
	21
e905a9ed	22	static unsigned int
3db05fea	23	ipt_ttl_target(struct sk_buff *skb,
c4986734 PM	24	const struct net_device in, const struct net_device out,
c4986734 PM	25	unsigned int hooknum, const struct xt_target *target,
fe1cb108	26	const void *targinfo)
5f2c3b91 HW	27	{
	28	struct iphdr *iph;
	29	const struct ipt_TTL_info *info = targinfo;
5f2c3b91 HW	30	int new_ttl;
5f2c3b91 HW	31
3db05fea	32	if (!skb_make_writable(skb, skb->len))
5f2c3b91 HW	33	return NF_DROP;
5f2c3b91 HW	34
3db05fea	35	iph = ip_hdr(skb);
5f2c3b91 HW	36
	37	switch (info->mode) {
	38	case IPT_TTL_SET:
	39	new_ttl = info->ttl;
	40	break;
	41	case IPT_TTL_INC:
	42	new_ttl = iph->ttl + info->ttl;
	43	if (new_ttl > 255)
	44	new_ttl = 255;
	45	break;
	46	case IPT_TTL_DEC:
	47	new_ttl = iph->ttl - info->ttl;
	48	if (new_ttl < 0)
	49	new_ttl = 0;
	50	break;
	51	default:
	52	new_ttl = iph->ttl;
	53	break;
	54	}
	55
	56	if (new_ttl != iph->ttl) {
43bc0ca7 AV	57	nf_csum_replace2(&iph->check, htons(iph->ttl << 8),
43bc0ca7 AV	58	htons(new_ttl << 8));
5f2c3b91	59	iph->ttl = new_ttl;
5f2c3b91 HW	60	}
5f2c3b91 HW	61
6709dbbb	62	return XT_CONTINUE;
5f2c3b91 HW	63	}
5f2c3b91 HW	64
e1931b78	65	static bool ipt_ttl_checkentry(const char *tablename,
2e4e6a17	66	const void *e,
c4986734	67	const struct xt_target *target,
5f2c3b91	68	void *targinfo,
5f2c3b91 HW	69	unsigned int hook_mask)
5f2c3b91 HW	70	{
a47362a2	71	const struct ipt_TTL_info *info = targinfo;
5f2c3b91	72
5f2c3b91	73	if (info->mode > IPT_TTL_MAXMODE) {
e905a9ed	74	printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n",
5f2c3b91	75	info->mode);
e1931b78	76	return false;
5f2c3b91	77	}
7c4e36bc	78	if (info->mode != IPT_TTL_SET && info->ttl == 0)
e1931b78 JE	79	return false;
e1931b78 JE	80	return true;
5f2c3b91 HW	81	}
5f2c3b91 HW	82
9f15c530	83	static struct xt_target ipt_TTL __read_mostly = {
5f2c3b91	84	.name = "TTL",
6709dbbb	85	.family = AF_INET,
e905a9ed	86	.target = ipt_ttl_target,
1d5cd909 PM	87	.targetsize = sizeof(struct ipt_TTL_info),
1d5cd909 PM	88	.table = "mangle",
e905a9ed	89	.checkentry = ipt_ttl_checkentry,
5f2c3b91 HW	90	.me = THIS_MODULE,
	91	};
	92
65b4b4e8	93	static int __init ipt_ttl_init(void)
5f2c3b91	94	{
6709dbbb	95	return xt_register_target(&ipt_TTL);
5f2c3b91 HW	96	}
5f2c3b91 HW	97
65b4b4e8	98	static void __exit ipt_ttl_fini(void)
5f2c3b91	99	{
6709dbbb	100	xt_unregister_target(&ipt_TTL);
5f2c3b91 HW	101	}
5f2c3b91 HW	102
65b4b4e8 AM	103	module_init(ipt_ttl_init);
65b4b4e8 AM	104	module_exit(ipt_ttl_fini);