libnetfilter_queue  1.0.5
ipv6.c
1 /*
2  * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This code has been sponsored by Vyatta Inc. <http://www.vyatta.com>
10  */
11 
12 #include <stdio.h>
13 #include <stddef.h>
14 #include <stdbool.h>
15 #include <arpa/inet.h>
16 #include <netinet/ip6.h>
17 
18 #include <libnetfilter_queue/libnetfilter_queue.h>
19 #include <libnetfilter_queue/libnetfilter_queue_ipv6.h>
20 #include <libnetfilter_queue/pktbuff.h>
21 
22 #include "internal.h"
23 
35 EXPORT_SYMBOL
36 struct ip6_hdr *nfq_ip6_get_hdr(struct pkt_buff *pktb)
37 {
38  struct ip6_hdr *ip6h;
39  unsigned int pktlen = pktb_tail(pktb) - pktb->network_header;
40 
41  /* Not enough room for IPv6 header. */
42  if (pktlen < sizeof(struct ip6_hdr))
43  return NULL;
44 
45  ip6h = (struct ip6_hdr *)pktb->network_header;
46 
47  /* Not IPv6 packet. */
48  if ((*(uint8_t *)ip6h & 0xf0) != 0x60)
49  return NULL;
50 
51  return ip6h;
52 }
53 
63 EXPORT_SYMBOL
64 int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h,
65  uint8_t target)
66 {
67  uint8_t nexthdr = ip6h->ip6_nxt;
68  uint8_t *cur = (uint8_t *)ip6h + sizeof(struct ip6_hdr);
69 
70  while (nexthdr != target) {
71  struct ip6_ext *ip6_ext;
72  uint32_t hdrlen;
73 
74  /* No more extensions, we're done. */
75  if (nexthdr == IPPROTO_NONE) {
76  cur = NULL;
77  break;
78  }
79  /* No room for extension, bad packet. */
80  if (pktb_tail(pktb) - cur < sizeof(struct ip6_ext)) {
81  cur = NULL;
82  break;
83  }
84  ip6_ext = (struct ip6_ext *)cur;
85 
86  if (nexthdr == IPPROTO_FRAGMENT) {
87  uint16_t *frag_off;
88 
89  /* No room for full fragment header, bad packet. */
90  if (pktb_tail(pktb) - cur < sizeof(struct ip6_frag)) {
91  cur = NULL;
92  break;
93  }
94 
95  frag_off = (uint16_t *)cur +
96  offsetof(struct ip6_frag, ip6f_offlg);
97 
98  /* Fragment offset is only 13 bits long. */
99  if (htons(*frag_off & ~0x7)) {
100  /* Not the first fragment, it does not contain
101  * any headers.
102  */
103  cur = NULL;
104  break;
105  }
106  hdrlen = sizeof(struct ip6_frag);
107  } else if (nexthdr == IPPROTO_AH)
108  hdrlen = (ip6_ext->ip6e_len + 2) << 2;
109  else
110  hdrlen = ip6_ext->ip6e_len;
111 
112  nexthdr = ip6_ext->ip6e_nxt;
113  cur += hdrlen;
114  }
115  pktb->transport_header = cur;
116  return cur ? 1 : 0;
117 }
118 
130 EXPORT_SYMBOL
131 int nfq_ip6_mangle(struct pkt_buff *pktb, unsigned int dataoff,
132  unsigned int match_offset, unsigned int match_len,
133  const char *rep_buffer, unsigned int rep_len)
134 {
135  struct ip6_hdr *ip6h = (struct ip6_hdr *)pktb->network_header;
136 
137  if (!pktb_mangle(pktb, dataoff, match_offset, match_len, rep_buffer,
138  rep_len))
139  return 0;
140 
141  /* Fix IPv6 hdr length information */
142  ip6h->ip6_plen =
143  htons(pktb_tail(pktb) - pktb->network_header - sizeof *ip6h);
144 
145  return 1;
146 }
147 
157 EXPORT_SYMBOL
158 int nfq_ip6_snprintf(char *buf, size_t size, const struct ip6_hdr *ip6h)
159 {
160  int ret;
161  char src[INET6_ADDRSTRLEN];
162  char dst[INET6_ADDRSTRLEN];
163 
164  inet_ntop(AF_INET6, &ip6h->ip6_src, src, INET6_ADDRSTRLEN);
165  inet_ntop(AF_INET6, &ip6h->ip6_dst, dst, INET6_ADDRSTRLEN);
166 
167  ret = snprintf(buf, size, "SRC=%s DST=%s LEN=%zu TC=0x%X "
168  "HOPLIMIT=%u FLOWLBL=%u ",
169  src, dst,
170  ntohs(ip6h->ip6_plen) + sizeof(struct ip6_hdr),
171  (ip6h->ip6_flow & 0x0ff00000) >> 20,
172  ip6h->ip6_hlim,
173  (ip6h->ip6_flow & 0x000fffff));
174 
175  return ret;
176 }
177 
int nfq_ip6_mangle(struct pkt_buff *pktb, unsigned int dataoff, unsigned int match_offset, unsigned int match_len, const char *rep_buffer, unsigned int rep_len)
Definition: ipv6.c:131
struct ip6_hdr * nfq_ip6_get_hdr(struct pkt_buff *pktb)
Definition: ipv6.c:36
int nfq_ip6_snprintf(char *buf, size_t size, const struct ip6_hdr *ip6h)
Definition: ipv6.c:158
int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h, uint8_t target)
Definition: ipv6.c:64
int pktb_mangle(struct pkt_buff *pktb, int dataoff, unsigned int match_offset, unsigned int match_len, const char *rep_buffer, unsigned int rep_len)
Definition: pktbuff.c:314