1 /* 2 * IPv6 Hop Limit matching module 3 * Maciej Soltysiak <solt (at) dns.toxicfilms.tv> 4 * Based on HW's ttl match 5 * This program is released under the terms of GNU GPL 6 * Cleanups by Stephane Ouellette <ouellettes (at) videotron.ca> 7 */ 8 #include <stdio.h> 9 #include <xtables.h> 10 #include <linux/netfilter_ipv6/ip6t_hl.h> 11 12 enum { 13 O_HL_EQ = 0, 14 O_HL_LT, 15 O_HL_GT, 16 F_HL_EQ = 1 << O_HL_EQ, 17 F_HL_LT = 1 << O_HL_LT, 18 F_HL_GT = 1 << O_HL_GT, 19 F_ANY = F_HL_EQ | F_HL_LT | F_HL_GT, 20 }; 21 22 static void hl_help(void) 23 { 24 printf( 25 "hl match options:\n" 26 "[!] --hl-eq value Match hop limit value\n" 27 " --hl-lt value Match HL < value\n" 28 " --hl-gt value Match HL > value\n"); 29 } 30 31 static void hl_parse(struct xt_option_call *cb) 32 { 33 struct ip6t_hl_info *info = cb->data; 34 35 xtables_option_parse(cb); 36 switch (cb->entry->id) { 37 case O_HL_EQ: 38 info->mode = cb->invert ? IP6T_HL_NE : IP6T_HL_EQ; 39 break; 40 case O_HL_LT: 41 info->mode = IP6T_HL_LT; 42 break; 43 case O_HL_GT: 44 info->mode = IP6T_HL_GT; 45 break; 46 } 47 } 48 49 static void hl_check(struct xt_fcheck_call *cb) 50 { 51 if (!(cb->xflags & F_ANY)) 52 xtables_error(PARAMETER_PROBLEM, 53 "HL match: You must specify one of " 54 "`--hl-eq', `--hl-lt', `--hl-gt'"); 55 } 56 57 static void hl_print(const void *ip, const struct xt_entry_match *match, 58 int numeric) 59 { 60 static const char *const op[] = { 61 [IP6T_HL_EQ] = "==", 62 [IP6T_HL_NE] = "!=", 63 [IP6T_HL_LT] = "<", 64 [IP6T_HL_GT] = ">" }; 65 66 const struct ip6t_hl_info *info = 67 (struct ip6t_hl_info *) match->data; 68 69 printf(" HL match HL %s %u", op[info->mode], info->hop_limit); 70 } 71 72 static void hl_save(const void *ip, const struct xt_entry_match *match) 73 { 74 static const char *const op[] = { 75 [IP6T_HL_EQ] = "--hl-eq", 76 [IP6T_HL_NE] = "! --hl-eq", 77 [IP6T_HL_LT] = "--hl-lt", 78 [IP6T_HL_GT] = "--hl-gt" }; 79 80 const struct ip6t_hl_info *info = 81 (struct ip6t_hl_info *) match->data; 82 83 printf(" %s %u", op[info->mode], info->hop_limit); 84 } 85 86 #define s struct ip6t_hl_info 87 static const struct xt_option_entry hl_opts[] = { 88 {.name = "hl-lt", .id = O_HL_LT, .excl = F_ANY, .type = XTTYPE_UINT8, 89 .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)}, 90 {.name = "hl-gt", .id = O_HL_GT, .excl = F_ANY, .type = XTTYPE_UINT8, 91 .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)}, 92 {.name = "hl-eq", .id = O_HL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8, 93 .flags = XTOPT_INVERT | XTOPT_PUT, XTOPT_POINTER(s, hop_limit)}, 94 {.name = "hl", .id = O_HL_EQ, .excl = F_ANY, .type = XTTYPE_UINT8, 95 .flags = XTOPT_PUT, XTOPT_POINTER(s, hop_limit)}, 96 XTOPT_TABLEEND, 97 }; 98 #undef s 99 100 static struct xtables_match hl_mt6_reg = { 101 .name = "hl", 102 .version = XTABLES_VERSION, 103 .family = NFPROTO_IPV6, 104 .size = XT_ALIGN(sizeof(struct ip6t_hl_info)), 105 .userspacesize = XT_ALIGN(sizeof(struct ip6t_hl_info)), 106 .help = hl_help, 107 .print = hl_print, 108 .save = hl_save, 109 .x6_parse = hl_parse, 110 .x6_fcheck = hl_check, 111 .x6_options = hl_opts, 112 }; 113 114 115 void _init(void) 116 { 117 xtables_register_match(&hl_mt6_reg); 118 } 119
