static void PROTO_save(const void *ip, const struct xt_entry_target *target)
{
- const struct xt_PROTO_info *info =
- (struct xt_PROTO_info *) target->data;
+ const struct xt_PROTO_info *info = (void *)target->data;
- if(info->mode & (1 << XT_PROTO_SET)){
+ if (info->mode & (1 << XT_PROTO_SET))
printf(" --proto-set %u", info->proto);
- }
- if(info->mode & (1 << XT_PROTO_STOP_AT_FRAG)){
+ if (info->mode & (1 << XT_PROTO_STOP_AT_FRAG))
printf(" --stop-at-frag");
- }
- if(info->mode & (1 << XT_PROTO_STOP_AT_AUTH)){
+ if (info->mode & (1 << XT_PROTO_STOP_AT_AUTH))
printf(" --stop-at-auth");
- }
}
static void PROTO_print(const void *ip, const struct xt_entry_target *target,
int numeric)
{
- const struct xt_PROTO_info *info =
- (struct xt_PROTO_info *) target->data;
+ const struct xt_PROTO_info *info = (void *)target->data;
printf(" PROTO ");
- if(info->mode & (1 << XT_PROTO_SET)){
+ if (info->mode & (1 << XT_PROTO_SET))
printf("set to %u", info->proto);
- }
- if(info->mode & (1 << XT_PROTO_STOP_AT_FRAG)){
+ if (info->mode & (1 << XT_PROTO_STOP_AT_FRAG))
printf(" stop-at-frag");
- }
- if(info->mode & (1 << XT_PROTO_STOP_AT_AUTH)){
+ if (info->mode & (1 << XT_PROTO_STOP_AT_AUTH))
printf(" stop-at-auth");
- }
}
static struct xtables_target proto_tg_reg = {
#include <linux/ipv6.h>
#include <net/ipv6.h>
#include <net/checksum.h>
-
-
#include <linux/netfilter/x_tables.h>
#include "xt_PROTO.h"
return NF_DROP;
iph = ip_hdr(skb);
-
new_proto = iph->protocol;
- if(info->mode & (1 << XT_PROTO_SET)){
+ if (info->mode & (1 << XT_PROTO_SET))
new_proto = info->proto;
- }
if (new_proto != iph->protocol) {
csum_replace2(&iph->check, htons(iph->protocol & 0xff),
- htons(new_proto & 0xff));
+ htons(new_proto & 0xff));
iph->protocol = new_proto;
}
{
struct ipv6hdr *ip6h;
const struct xt_PROTO_info *info = par->targinfo;
- u8 *nexthdr;
+ u8 *nexthdr;
unsigned int hdr_offset;
__be16 *fp;
ip6h = ipv6_hdr(skb);
nexthdr = &ip6h->nexthdr;
-
hdr_offset = sizeof(struct ipv6hdr);
- for(;;){
+ for (;;) {
struct ipv6_opt_hdr _opthdr, *opthp;
unsigned int hdrlen;
unsigned short _frag_off;
- if ((!ipv6_ext_hdr(*nexthdr)) || *nexthdr == NEXTHDR_NONE) {
+ if (!ipv6_ext_hdr(*nexthdr) || *nexthdr == NEXTHDR_NONE)
break;
- }
opthp = skb_header_pointer(skb, skb_network_offset(skb) + hdr_offset, sizeof(_opthdr), &_opthdr);
- if(!opthp){
+ if (!opthp)
return NF_DROP;
- }
- if(*nexthdr == NEXTHDR_FRAGMENT){
- if(info->mode & (1 << XT_PROTO_STOP_AT_FRAG)){
+ if (*nexthdr == NEXTHDR_FRAGMENT) {
+ if (info->mode & (1 << XT_PROTO_STOP_AT_FRAG))
break;
- }
- fp = skb_header_pointer(skb,
- skb_network_offset(skb) + hdr_offset +
- offsetof(struct frag_hdr,
- frag_off),
- sizeof(_frag_off),
- &_frag_off);
+ fp = skb_header_pointer(skb, skb_network_offset(skb) +
+ hdr_offset + offsetof(struct frag_hdr, frag_off),
+ sizeof(_frag_off), &_frag_off);
if (!fp)
return NF_DROP;
_frag_off = ntohs(*fp) & ~0x7;
- if(_frag_off){ // if the packet is not the first fragment
- if ((!ipv6_ext_hdr(opthp->nexthdr)) || opthp->nexthdr == NEXTHDR_NONE ||
- ((info->mode & (1 << XT_PROTO_STOP_AT_AUTH)) && opthp->nexthdr == NEXTHDR_AUTH)
- ) {
- nexthdr = &((struct ipv6_opt_hdr*)(skb_network_header(skb) + hdr_offset))->nexthdr;
+ if (_frag_off) { // if the packet is not the first fragment
+ if (!ipv6_ext_hdr(opthp->nexthdr) || opthp->nexthdr == NEXTHDR_NONE ||
+ (info->mode & (1 << XT_PROTO_STOP_AT_AUTH) && opthp->nexthdr == NEXTHDR_AUTH)) {
+ nexthdr = &((struct ipv6_opt_hdr *)(skb_network_header(skb) + hdr_offset))->nexthdr;
break;
- }else{
+ } else {
return XT_CONTINUE;
}
}
hdrlen = 8;
- }else if(*nexthdr == NEXTHDR_AUTH){
- if(info->mode & (1 << XT_PROTO_STOP_AT_AUTH)){
+ } else if(*nexthdr == NEXTHDR_AUTH) {
+ if (info->mode & (1 << XT_PROTO_STOP_AT_AUTH))
break;
- }
hdrlen = (opthp->hdrlen + 2) << 2;
- }else{
+ } else {
hdrlen = ipv6_optlen(opthp);
}
- nexthdr = &((struct ipv6_opt_hdr*)(skb_network_header(skb) + hdr_offset))->nexthdr;
+ nexthdr = &((struct ipv6_opt_hdr *)(skb_network_header(skb) + hdr_offset))->nexthdr;
hdr_offset += hdrlen;
}
- if(info->mode & (1 << XT_PROTO_SET)){
+ if (info->mode & (1 << XT_PROTO_SET))
*nexthdr = info->proto;
- }
-
return XT_CONTINUE;
}
{
const struct xt_PROTO_info *info = par->targinfo;
- if ((info->mode & (1 << XT_PROTO_SET)) == 0){
+ if ((info->mode & (1 << XT_PROTO_SET)) == 0) {
pr_info_ratelimited("Did not specify any proto to set\n");
return -EINVAL;
}
- if ((par->family != NFPROTO_IPV6) && ((info->mode & ((1 << XT_PROTO_STOP_AT_FRAG) | (1 << XT_PROTO_STOP_AT_AUTH))) != 0)){
- pr_info_ratelimited("Must not specify stop-at-frag and stop-at-auth on non-ipv6 targets\n");
+ if (par->family != NFPROTO_IPV6 && (info->mode & ((1 << XT_PROTO_STOP_AT_FRAG) | (1 << XT_PROTO_STOP_AT_AUTH))) != 0) {
+ pr_info_ratelimited("Must not specify stop-at-frag and stop-at-auth on non-ipv6 targets\n");
return -EPROTOTYPE;
}
return 0;
module_exit(proto_tg_exit);
MODULE_ALIAS("ipt_PROTO");
MODULE_ALIAS("ip6t_PROTO");
-
projects / thirdparty / xtables-addons.git / commitdiff
