diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-05-31 10:52:46 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-08-06 14:54:27 +0200 |
commit | ffa83b5968b534f679bc34acc506801db3d28d58 (patch) | |
tree | ced3718e02b9e43e3174c55146bf967e9bd5ffce /src/extra/tcp.c | |
parent | f40eabb01163f383e2471942da45f32361031e39 (diff) |
add mangle functions for IPv4/TCP and IPv4/UDP
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/extra/tcp.c')
-rw-r--r-- | src/extra/tcp.c | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/src/extra/tcp.c b/src/extra/tcp.c index 9de3748..2ea0d8a 100644 --- a/src/extra/tcp.c +++ b/src/extra/tcp.c @@ -11,6 +11,7 @@ #include <stdio.h> #include <string.h> /* for memcpy */ +#include <stdbool.h> #include <arpa/inet.h> #include <netinet/ip.h> #include <netinet/ip6.h> @@ -18,6 +19,7 @@ #include <libnetfilter_queue/libnetfilter_queue.h> #include <libnetfilter_queue/libnetfilter_queue_tcp.h> +#include <libnetfilter_queue/libnetfilter_queue_ipv4.h> #include <libnetfilter_queue/pktbuff.h> #include "internal.h" @@ -134,12 +136,12 @@ int nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph) #define TCP_RESERVED_BITS htonl(0x0F000000) ret = snprintf(buf, size, "SPT=%u DPT=%u SEQ=%u ACK=%u " - "WINDOW=%u RES=%0x%02x ", + "WINDOW=%u RES=0x%02x ", ntohs(tcph->source), ntohs(tcph->dest), ntohl(tcph->seq), ntohl(tcph->ack_seq), ntohs(tcph->window), - (uint8_t)(ntohl(tcp_flag_word(tcph) & - TCP_RESERVED_BITS) >> 22)); + (uint8_t) + (ntohl(tcp_flag_word(tcph) & TCP_RESERVED_BITS) >> 22)); len += ret; if (tcph->urg) { @@ -166,10 +168,33 @@ int nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph) ret = snprintf(buf+len, size-len, "FIN "); len += ret; } - /* Not TCP options implemented yet, sorry. */ + /* XXX: Not TCP options implemented yet, sorry. */ + + return ret; } EXPORT_SYMBOL(nfq_tcp_snprintf); +int +nfq_tcp_mangle_ipv4(struct pkt_buff *pkt, + unsigned int match_offset, unsigned int match_len, + const char *rep_buffer, unsigned int rep_len) +{ + struct iphdr *iph; + struct tcphdr *tcph; + + iph = (struct iphdr *)pkt->network_header; + tcph = (struct tcphdr *)(pkt->network_header + iph->ihl*4); + + if (!nfq_ip_mangle(pkt, iph->ihl*4 + tcph->doff*4, + match_offset, match_len, rep_buffer, rep_len)) + return 0; + + nfq_tcp_compute_checksum_ipv4(tcph, iph); + + return 1; +} +EXPORT_SYMBOL(nfq_tcp_mangle_ipv4); + /** * @} */ |