summaryrefslogtreecommitdiffstats
path: root/src/extra/ipv4.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2012-05-14 13:14:14 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2012-08-06 14:49:55 +0200
commitf40eabb01163f383e2471942da45f32361031e39 (patch)
tree1a27a16cac2e83bb6fada0db0a8e0deb1b68f5ac /src/extra/ipv4.c
parenta0c885ae5a79457aa592cb70c27a7dee619762a4 (diff)
add pkt_buff and protocol helper functions
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/extra/ipv4.c')
-rw-r--r--src/extra/ipv4.c122
1 files changed, 122 insertions, 0 deletions
diff --git a/src/extra/ipv4.c b/src/extra/ipv4.c
new file mode 100644
index 0000000..200a20e
--- /dev/null
+++ b/src/extra/ipv4.c
@@ -0,0 +1,122 @@
+/*
+ * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This code has been sponsored by Vyatta Inc. <http://www.vyatta.com>
+ */
+
+#include <stdio.h>
+#include <arpa/inet.h>
+#include <netinet/ip.h>
+
+#include <libnetfilter_queue/libnetfilter_queue.h>
+#include <libnetfilter_queue/libnetfilter_queue_ipv4.h>
+#include <libnetfilter_queue/pktbuff.h>
+
+#include "internal.h"
+
+/**
+ * \defgroup ipv4 IPv4 helper functions
+ * @{
+ */
+
+/**
+ * nfq_ip_get_hdr - get IPv4 header
+ * \param pktb: pointer to network packet buffer
+ *
+ * This funcion returns NULL if the IPv4 is malformed or the protocol version
+ * is not 4. On success, it returns a valid pointer to the IPv4 header.
+ */
+struct iphdr *nfq_ip_get_hdr(struct pkt_buff *pktb)
+{
+ struct iphdr *iph;
+ unsigned int pktlen = pktb->tail - pktb->network_header;
+
+ /* Not enough room for IPv4 header. */
+ if (pktlen < sizeof(struct iphdr))
+ return NULL;
+
+ iph = (struct iphdr *)pktb->network_header;
+
+ /* Not IPv4 packet. */
+ if (iph->version != 4)
+ return NULL;
+
+ /* Malformed IPv4 total length field. */
+ if (ntohs(iph->tot_len) > pktlen)
+ return NULL;
+
+ return iph;
+}
+EXPORT_SYMBOL(nfq_ip_get_hdr);
+
+/**
+ * nfq_ip_get_payload - get the IPv4 packet payload
+ * \param pktb: pointer to network packet buffer
+ * \param iph: the pointer to the IPv4 header
+ */
+int nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph)
+{
+ int doff = iph->ihl * 4;
+
+ /* Wrong offset to IPv4 payload. */
+ if ((int)pktb->len - doff <= 0)
+ return -1;
+
+ pktb->transport_header = pktb->network_header + doff;
+ return 0;
+}
+EXPORT_SYMBOL(nfq_ip_set_transport_header);
+
+/**
+ * nfq_ip_set_checksum - set IPv4 checksum
+ * \param iph: pointer to the IPv4 header
+ *
+ * \returns the checksum of the ip packet.
+ *
+ * \note Call to this function if you modified the IPv4 header to update the
+ * checksum.
+ */
+void nfq_ip_set_checksum(struct iphdr *iph)
+{
+ uint32_t iph_len = iph->ihl * 4;
+
+ iph->check = 0;
+ iph->check = checksum(0, (uint16_t *)iph, iph_len);
+}
+EXPORT_SYMBOL(nfq_ip_set_checksum);
+
+/**
+ * nfq_pkt_snprintf_ip - print IPv4 header into buffer in iptables LOG format
+ * \param buf: pointer to buffer that will be used to print the header
+ * \param size: size of the buffer (or remaining room in it)
+ * \param ip: pointer to a valid IPv4 header
+ *
+ * This function returns the number of bytes that would have been written in
+ * case that there is enough room in the buffer. Read snprintf manpage for more
+ * information to know more about this strange behaviour.
+ */
+int nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph)
+{
+ int ret;
+ struct in_addr src = { iph->saddr };
+ struct in_addr dst = { iph->daddr };
+
+ ret = snprintf(buf, size, "SRC=%s DST=%s LEN=%u TOS=0x%X "
+ "PREC=0x%X TTL=%u ID=%u PROTO=%u ",
+ inet_ntoa(src), inet_ntoa(dst),
+ ntohs(iph->tot_len), IPTOS_TOS(iph->tos),
+ IPTOS_PREC(iph->tos), iph->ttl, ntohs(iph->id),
+ iph->protocol);
+
+ return ret;
+}
+EXPORT_SYMBOL(nfq_ip_snprintf);
+
+/**
+ * @}
+ */