1/* Kernel module to match packet length. */ 2/* (C) 1999-2001 James Morris <jmorros@intercode.com.au> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License version 2 as 6 * published by the Free Software Foundation. 7 */ 8 9#include <linux/module.h> 10#include <linux/skbuff.h> 11#include <linux/ipv6.h> 12#include <net/ip.h> 13 14#include <linux/netfilter/xt_length.h> 15#include <linux/netfilter/x_tables.h> 16 17MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>"); 18MODULE_DESCRIPTION("IP tables packet length matching module"); 19MODULE_LICENSE("GPL"); 20MODULE_ALIAS("ipt_length"); 21MODULE_ALIAS("ip6t_length"); 22 23static int 24match(const struct sk_buff *skb, 25 const struct net_device *in, 26 const struct net_device *out, 27 const struct xt_match *match, 28 const void *matchinfo, 29 int offset, 30 unsigned int protoff, 31 int *hotdrop) 32{ 33 const struct xt_length_info *info = matchinfo; 34 u_int16_t pktlen = ntohs(ip_hdr(skb)->tot_len); 35 36 return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; 37} 38 39static int 40match6(const struct sk_buff *skb, 41 const struct net_device *in, 42 const struct net_device *out, 43 const struct xt_match *match, 44 const void *matchinfo, 45 int offset, 46 unsigned int protoff, 47 int *hotdrop) 48{ 49 const struct xt_length_info *info = matchinfo; 50 const u_int16_t pktlen = (ntohs(ipv6_hdr(skb)->payload_len) + 51 sizeof(struct ipv6hdr)); 52 53 return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; 54} 55 56static struct xt_match xt_length_match[] = { 57 { 58 .name = "length", 59 .family = AF_INET, 60 .match = match, 61 .matchsize = sizeof(struct xt_length_info), 62 .me = THIS_MODULE, 63 }, 64 { 65 .name = "length", 66 .family = AF_INET6, 67 .match = match6, 68 .matchsize = sizeof(struct xt_length_info), 69 .me = THIS_MODULE, 70 }, 71}; 72 73static int __init xt_length_init(void) 74{ 75 return xt_register_matches(xt_length_match, 76 ARRAY_SIZE(xt_length_match)); 77} 78 79static void __exit xt_length_fini(void) 80{ 81 xt_unregister_matches(xt_length_match, ARRAY_SIZE(xt_length_match)); 82} 83 84module_init(xt_length_init); 85module_exit(xt_length_fini); 86