1/* IP tables module for matching the value of the TTL 2 * 3 * (C) 2000,2001 by Harald Welte <laforge@netfilter.org> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 */ 9 10#include <linux/ip.h> 11#include <linux/module.h> 12#include <linux/skbuff.h> 13 14#include <linux/netfilter_ipv4/ipt_ttl.h> 15#include <linux/netfilter/x_tables.h> 16 17MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); 18MODULE_DESCRIPTION("IP tables TTL matching module"); 19MODULE_LICENSE("GPL"); 20 21static int match(const struct sk_buff *skb, 22 const struct net_device *in, const struct net_device *out, 23 const struct xt_match *match, const void *matchinfo, 24 int offset, unsigned int protoff, int *hotdrop) 25{ 26 const struct ipt_ttl_info *info = matchinfo; 27 const u8 ttl = ip_hdr(skb)->ttl; 28 29 switch (info->mode) { 30 case IPT_TTL_EQ: 31 return (ttl == info->ttl); 32 break; 33 case IPT_TTL_NE: 34 return (!(ttl == info->ttl)); 35 break; 36 case IPT_TTL_LT: 37 return (ttl < info->ttl); 38 break; 39 case IPT_TTL_GT: 40 return (ttl > info->ttl); 41 break; 42 default: 43 printk(KERN_WARNING "ipt_ttl: unknown mode %d\n", 44 info->mode); 45 return 0; 46 } 47 48 return 0; 49} 50 51static struct xt_match ttl_match = { 52 .name = "ttl", 53 .family = AF_INET, 54 .match = match, 55 .matchsize = sizeof(struct ipt_ttl_info), 56 .me = THIS_MODULE, 57}; 58 59static int __init ipt_ttl_init(void) 60{ 61 return xt_register_match(&ttl_match); 62} 63 64static void __exit ipt_ttl_fini(void) 65{ 66 xt_unregister_match(&ttl_match); 67} 68 69module_init(ipt_ttl_init); 70module_exit(ipt_ttl_fini); 71