diff options
Diffstat (limited to 'src/extra/ipv4.c')
-rw-r--r-- | src/extra/ipv4.c | 122 |
1 files changed, 122 insertions, 0 deletions
diff --git a/src/extra/ipv4.c b/src/extra/ipv4.c new file mode 100644 index 0000000..200a20e --- /dev/null +++ b/src/extra/ipv4.c @@ -0,0 +1,122 @@ +/* + * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This code has been sponsored by Vyatta Inc. <http://www.vyatta.com> + */ + +#include <stdio.h> +#include <arpa/inet.h> +#include <netinet/ip.h> + +#include <libnetfilter_queue/libnetfilter_queue.h> +#include <libnetfilter_queue/libnetfilter_queue_ipv4.h> +#include <libnetfilter_queue/pktbuff.h> + +#include "internal.h" + +/** + * \defgroup ipv4 IPv4 helper functions + * @{ + */ + +/** + * nfq_ip_get_hdr - get IPv4 header + * \param pktb: pointer to network packet buffer + * + * This funcion returns NULL if the IPv4 is malformed or the protocol version + * is not 4. On success, it returns a valid pointer to the IPv4 header. + */ +struct iphdr *nfq_ip_get_hdr(struct pkt_buff *pktb) +{ + struct iphdr *iph; + unsigned int pktlen = pktb->tail - pktb->network_header; + + /* Not enough room for IPv4 header. */ + if (pktlen < sizeof(struct iphdr)) + return NULL; + + iph = (struct iphdr *)pktb->network_header; + + /* Not IPv4 packet. */ + if (iph->version != 4) + return NULL; + + /* Malformed IPv4 total length field. */ + if (ntohs(iph->tot_len) > pktlen) + return NULL; + + return iph; +} +EXPORT_SYMBOL(nfq_ip_get_hdr); + +/** + * nfq_ip_get_payload - get the IPv4 packet payload + * \param pktb: pointer to network packet buffer + * \param iph: the pointer to the IPv4 header + */ +int nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph) +{ + int doff = iph->ihl * 4; + + /* Wrong offset to IPv4 payload. */ + if ((int)pktb->len - doff <= 0) + return -1; + + pktb->transport_header = pktb->network_header + doff; + return 0; +} +EXPORT_SYMBOL(nfq_ip_set_transport_header); + +/** + * nfq_ip_set_checksum - set IPv4 checksum + * \param iph: pointer to the IPv4 header + * + * \returns the checksum of the ip packet. + * + * \note Call to this function if you modified the IPv4 header to update the + * checksum. + */ +void nfq_ip_set_checksum(struct iphdr *iph) +{ + uint32_t iph_len = iph->ihl * 4; + + iph->check = 0; + iph->check = checksum(0, (uint16_t *)iph, iph_len); +} +EXPORT_SYMBOL(nfq_ip_set_checksum); + +/** + * nfq_pkt_snprintf_ip - print IPv4 header into buffer in iptables LOG format + * \param buf: pointer to buffer that will be used to print the header + * \param size: size of the buffer (or remaining room in it) + * \param ip: pointer to a valid IPv4 header + * + * This function returns the number of bytes that would have been written in + * case that there is enough room in the buffer. Read snprintf manpage for more + * information to know more about this strange behaviour. + */ +int nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph) +{ + int ret; + struct in_addr src = { iph->saddr }; + struct in_addr dst = { iph->daddr }; + + ret = snprintf(buf, size, "SRC=%s DST=%s LEN=%u TOS=0x%X " + "PREC=0x%X TTL=%u ID=%u PROTO=%u ", + inet_ntoa(src), inet_ntoa(dst), + ntohs(iph->tot_len), IPTOS_TOS(iph->tos), + IPTOS_PREC(iph->tos), iph->ttl, ntohs(iph->id), + iph->protocol); + + return ret; +} +EXPORT_SYMBOL(nfq_ip_snprintf); + +/** + * @} + */ |