From ffa83b5968b534f679bc34acc506801db3d28d58 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 31 May 2012 10:52:46 +0200 Subject: add mangle functions for IPv4/TCP and IPv4/UDP Signed-off-by: Pablo Neira Ayuso --- src/extra/tcp.c | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) (limited to 'src/extra/tcp.c') diff --git a/src/extra/tcp.c b/src/extra/tcp.c index 9de3748..2ea0d8a 100644 --- a/src/extra/tcp.c +++ b/src/extra/tcp.c @@ -11,6 +11,7 @@ #include #include /* for memcpy */ +#include #include #include #include @@ -18,6 +19,7 @@ #include #include +#include #include #include "internal.h" @@ -134,12 +136,12 @@ int nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph) #define TCP_RESERVED_BITS htonl(0x0F000000) ret = snprintf(buf, size, "SPT=%u DPT=%u SEQ=%u ACK=%u " - "WINDOW=%u RES=%0x%02x ", + "WINDOW=%u RES=0x%02x ", ntohs(tcph->source), ntohs(tcph->dest), ntohl(tcph->seq), ntohl(tcph->ack_seq), ntohs(tcph->window), - (uint8_t)(ntohl(tcp_flag_word(tcph) & - TCP_RESERVED_BITS) >> 22)); + (uint8_t) + (ntohl(tcp_flag_word(tcph) & TCP_RESERVED_BITS) >> 22)); len += ret; if (tcph->urg) { @@ -166,10 +168,33 @@ int nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph) ret = snprintf(buf+len, size-len, "FIN "); len += ret; } - /* Not TCP options implemented yet, sorry. */ + /* XXX: Not TCP options implemented yet, sorry. */ + + return ret; } EXPORT_SYMBOL(nfq_tcp_snprintf); +int +nfq_tcp_mangle_ipv4(struct pkt_buff *pkt, + unsigned int match_offset, unsigned int match_len, + const char *rep_buffer, unsigned int rep_len) +{ + struct iphdr *iph; + struct tcphdr *tcph; + + iph = (struct iphdr *)pkt->network_header; + tcph = (struct tcphdr *)(pkt->network_header + iph->ihl*4); + + if (!nfq_ip_mangle(pkt, iph->ihl*4 + tcph->doff*4, + match_offset, match_len, rep_buffer, rep_len)) + return 0; + + nfq_tcp_compute_checksum_ipv4(tcph, iph); + + return 1; +} +EXPORT_SYMBOL(nfq_tcp_mangle_ipv4); + /** * @} */ -- cgit v1.2.3