1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
/*
* (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This code has been sponsored by Vyatta Inc. <http://www.vyatta.com>
*/
#include <stdio.h>
#include <arpa/inet.h>
#include <netinet/ip.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
#include <libnetfilter_queue/libnetfilter_queue_ipv4.h>
#include <libnetfilter_queue/pktbuff.h>
#include "internal.h"
/**
* \defgroup ipv4 IPv4 helper functions
* @{
*/
/**
* nfq_ip_get_hdr - get IPv4 header
* \param pktb: pointer to network packet buffer
*
* This funcion returns NULL if the IPv4 is malformed or the protocol version
* is not 4. On success, it returns a valid pointer to the IPv4 header.
*/
struct iphdr *nfq_ip_get_hdr(struct pkt_buff *pktb)
{
struct iphdr *iph;
unsigned int pktlen = pktb->tail - pktb->network_header;
/* Not enough room for IPv4 header. */
if (pktlen < sizeof(struct iphdr))
return NULL;
iph = (struct iphdr *)pktb->network_header;
/* Not IPv4 packet. */
if (iph->version != 4)
return NULL;
/* Malformed IPv4 total length field. */
if (ntohs(iph->tot_len) > pktlen)
return NULL;
return iph;
}
EXPORT_SYMBOL(nfq_ip_get_hdr);
/**
* nfq_ip_get_payload - get the IPv4 packet payload
* \param pktb: pointer to network packet buffer
* \param iph: the pointer to the IPv4 header
*/
int nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph)
{
int doff = iph->ihl * 4;
/* Wrong offset to IPv4 payload. */
if ((int)pktb->len - doff <= 0)
return -1;
pktb->transport_header = pktb->network_header + doff;
return 0;
}
EXPORT_SYMBOL(nfq_ip_set_transport_header);
/**
* nfq_ip_set_checksum - set IPv4 checksum
* \param iph: pointer to the IPv4 header
*
* \returns the checksum of the ip packet.
*
* \note Call to this function if you modified the IPv4 header to update the
* checksum.
*/
void nfq_ip_set_checksum(struct iphdr *iph)
{
uint32_t iph_len = iph->ihl * 4;
iph->check = 0;
iph->check = checksum(0, (uint16_t *)iph, iph_len);
}
EXPORT_SYMBOL(nfq_ip_set_checksum);
/**
* nfq_pkt_snprintf_ip - print IPv4 header into buffer in iptables LOG format
* \param buf: pointer to buffer that will be used to print the header
* \param size: size of the buffer (or remaining room in it)
* \param ip: pointer to a valid IPv4 header
*
* This function returns the number of bytes that would have been written in
* case that there is enough room in the buffer. Read snprintf manpage for more
* information to know more about this strange behaviour.
*/
int nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph)
{
int ret;
struct in_addr src = { iph->saddr };
struct in_addr dst = { iph->daddr };
ret = snprintf(buf, size, "SRC=%s DST=%s LEN=%u TOS=0x%X "
"PREC=0x%X TTL=%u ID=%u PROTO=%u ",
inet_ntoa(src), inet_ntoa(dst),
ntohs(iph->tot_len), IPTOS_TOS(iph->tos),
IPTOS_PREC(iph->tos), iph->ttl, ntohs(iph->id),
iph->protocol);
return ret;
}
EXPORT_SYMBOL(nfq_ip_snprintf);
/**
* @}
*/
|
