summaryrefslogtreecommitdiffstats
path: root/src/extra/ipv4.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/extra/ipv4.c')
-rw-r--r--src/extra/ipv4.c109
1 files changed, 72 insertions, 37 deletions
diff --git a/src/extra/ipv4.c b/src/extra/ipv4.c
index 3eb1054..58fb471 100644
--- a/src/extra/ipv4.c
+++ b/src/extra/ipv4.c
@@ -14,6 +14,7 @@
#include <arpa/inet.h>
#include <netinet/ip.h>
+#include <linux/netfilter/nfnetlink_queue.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
#include <libnetfilter_queue/libnetfilter_queue_ipv4.h>
#include <libnetfilter_queue/pktbuff.h>
@@ -22,21 +23,34 @@
/**
* \defgroup ipv4 IPv4 helper functions
+ *
+ * \manonly
+.SH SYNOPSIS
+.nf
+\fB
+#include <libmnl/libmnl.h>
+#include <libnetfilter_queue/libnetfilter_queue_ipv4.h>
+\endmanonly
+ *
* @{
*/
/**
- * nfq_ip_get_hdr - get IPv4 header
- * \param pktb: pointer to network packet buffer
+ * nfq_ip_get_hdr - get the IPv4 header
+ * \param pktb: Pointer to user-space network packet buffer
+ * \returns validated pointer to the IPv4 header or NULL if IP is malformed or
+ * not version 4
*
- * This funcion returns NULL if the IPv4 is malformed or the protocol version
- * is not 4. On success, it returns a valid pointer to the IPv4 header.
+ * Many programs will not need to call this function. A possible use is to
+ * determine the layer 4 protocol. The validation is that the buffer is big
+ * enough for the declared lengths in the header, i.e. an extra check for packet
+ * truncation.
*/
EXPORT_SYMBOL
struct iphdr *nfq_ip_get_hdr(struct pkt_buff *pktb)
{
struct iphdr *iph;
- unsigned int pktlen = pktb->tail - pktb->network_header;
+ unsigned int pktlen = pktb_tail(pktb) - pktb->network_header;
/* Not enough room for IPv4 header. */
if (pktlen < sizeof(struct iphdr))
@@ -56,13 +70,14 @@ struct iphdr *nfq_ip_get_hdr(struct pkt_buff *pktb)
}
/**
- * nfq_ip_set_transport_header - set transport header
- * \param pktb: pointer to network packet buffer
- * \param iph: pointer to the IPv4 header
- *
- * Sets the \b transport_header field in \b pktb
- *
- * Level 4 helper functions need this to be set.
+ * nfq_ip_set_transport_header - set the \b transport_header field in \b pktb
+ * \param pktb: Pointer to user-space network packet buffer
+ * \param iph: Pointer to the IPv4 header
+ * \returns 0 on success or -1 if a minimal validation check fails
+ * \note
+ * Most programs should call __nfq_ip_set_transport_header__ as soon as
+ * possible, since most layer 4 helper functions assume the
+ * \b transport_header field is valid.
*/
EXPORT_SYMBOL
int nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph)
@@ -78,11 +93,29 @@ int nfq_ip_set_transport_header(struct pkt_buff *pktb, struct iphdr *iph)
}
/**
- * nfq_ip_set_checksum - set IPv4 checksum
- * \param iph: pointer to the IPv4 header
+ * \defgroup ip_internals Internal IP functions
+ *
+ * Most user-space programs will never need these.
+ *
+ *
+ * \manonly
+.SH SYNOPSIS
+.nf
+\fB
+#include <libmnl/libmnl.h>
+#include <libnetfilter_queue/libnetfilter_queue_ipv4.h>
+\endmanonly
*
- * \note Call to this function if you modified the IPv4 header to update the
- * checksum.
+ * @{
+ */
+
+/**
+ * nfq_ip_set_checksum - set IPv4 checksum
+ * \param iph: Pointer to the IPv4 header
+ * \note
+ * nfq_ip_mangle() invokes this function.
+ * As long as developers always use the appropriate mangler for the layer being
+ * mangled, there is no need to call __nfq_ip_set_checksum__.
*/
EXPORT_SYMBOL
void nfq_ip_set_checksum(struct iphdr *iph)
@@ -94,44 +127,46 @@ void nfq_ip_set_checksum(struct iphdr *iph)
}
/**
+ * @}
+ */
+
+/**
* nfq_ip_mangle - mangle IPv4 packet buffer
- * \param pktb: pointer to network packet buffer
- * \param dataoff: offset to layer 4 header
- * \param match_offset: offset to content that you want to mangle
- * \param match_len: length of the existing content you want to mangle
- * \param rep_buffer: pointer to data you want to use to replace current content
- * \param rep_len: length of data you want to use to replace current content
+ * \param pktb: Pointer to user-space network packet buffer
+ * \param dataoff: Offset to layer 4 header, or zero to mangle IP header
+ * \param match_offset: Offset to content that you want to mangle
+ * \param match_len: Length of the existing content you want to mangle
+ * \param rep_buffer: Pointer to data you want to use to replace current content
+ * \param rep_len: Length of data you want to use to replace current content
* \returns 1 for success and 0 for failure. See pktb_mangle() for failure case
- * \note This function updates the IPv4 length and recalculates the IPv4
- * checksum (if necessary)
+ * \note This function updates the IPv4 length if necessary and recalculates the
+ * IPv4 checksum.
*/
EXPORT_SYMBOL
-int nfq_ip_mangle(struct pkt_buff *pkt, unsigned int dataoff,
+int nfq_ip_mangle(struct pkt_buff *pktb, unsigned int dataoff,
unsigned int match_offset, unsigned int match_len,
const char *rep_buffer, unsigned int rep_len)
{
- struct iphdr *iph = (struct iphdr *) pkt->network_header;
+ struct iphdr *iph = (struct iphdr *) pktb->network_header;
- if (!pktb_mangle(pkt, dataoff, match_offset, match_len,
- rep_buffer, rep_len))
+ if (!pktb_mangle(pktb, dataoff, match_offset, match_len, rep_buffer,
+ rep_len))
return 0;
/* fix IP hdr checksum information */
- iph->tot_len = htons(pkt->len);
+ iph->tot_len = htons(pktb_tail(pktb) - pktb->network_header);
nfq_ip_set_checksum(iph);
return 1;
}
/**
- * nfq_pkt_snprintf_ip - print IPv4 header into buffer in iptables LOG format
- * \param buf: pointer to buffer that will be used to print the header
- * \param size: size of the buffer (or remaining room in it)
- * \param ip: pointer to a valid IPv4 header
- *
- * This function returns the number of bytes that would have been written in
- * case that there is enough room in the buffer. Read snprintf manpage for more
- * information to know more about this strange behaviour.
+ * nfq_ip_snprintf - print IPv4 header into buffer in iptables LOG format
+ * \param buf: Pointer to buffer that will be used to print the header
+ * \param size: Size of the buffer (or remaining room in it)
+ * \param iph: Pointer to a valid IPv4 header
+ * \returns same as snprintf
+ * \sa **snprintf**(3)
*/
EXPORT_SYMBOL
int nfq_ip_snprintf(char *buf, size_t size, const struct iphdr *iph)