1// SPDX-License-Identifier: GPL-2.0-only 2/* Kernel module to match packet length. */ 3/* (C) 1999-2001 James Morris <jmorros@intercode.com.au> 4 */ 5 6#include <linux/module.h> 7#include <linux/skbuff.h> 8#include <linux/ipv6.h> 9#include <net/ip.h> 10 11#include <linux/netfilter/xt_length.h> 12#include <linux/netfilter/x_tables.h> 13 14MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>"); 15MODULE_DESCRIPTION("Xtables: Packet length (Layer3,4,5) match"); 16MODULE_LICENSE("GPL"); 17MODULE_ALIAS("ipt_length"); 18MODULE_ALIAS("ip6t_length"); 19 20static bool 21length_mt(const struct sk_buff *skb, struct xt_action_param *par) 22{ 23 const struct xt_length_info *info = par->matchinfo; 24 u32 pktlen = skb_ip_totlen(skb); 25 26 return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; 27} 28 29static bool 30length_mt6(const struct sk_buff *skb, struct xt_action_param *par) 31{ 32 const struct xt_length_info *info = par->matchinfo; 33 u32 pktlen = skb->len; 34 35 return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; 36} 37 38static struct xt_match length_mt_reg[] __read_mostly = { 39 { 40 .name = "length", 41 .family = NFPROTO_IPV4, 42 .match = length_mt, 43 .matchsize = sizeof(struct xt_length_info), 44 .me = THIS_MODULE, 45 }, 46 { 47 .name = "length", 48 .family = NFPROTO_IPV6, 49 .match = length_mt6, 50 .matchsize = sizeof(struct xt_length_info), 51 .me = THIS_MODULE, 52 }, 53}; 54 55static int __init length_mt_init(void) 56{ 57 return xt_register_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg)); 58} 59 60static void __exit length_mt_exit(void) 61{ 62 xt_unregister_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg)); 63} 64 65module_init(length_mt_init); 66module_exit(length_mt_exit); 67