diff options
Diffstat (limited to 'net/netfilter/xt_tcpudp.c')
-rw-r--r-- | net/netfilter/xt_tcpudp.c | 36 |
1 files changed, 15 insertions, 21 deletions
diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c index 5a6268cbb9f..66cf71b1d59 100644 --- a/net/netfilter/xt_tcpudp.c +++ b/net/netfilter/xt_tcpudp.c | |||
@@ -68,25 +68,22 @@ tcp_find_option(u_int8_t option, | |||
68 | return invert; | 68 | return invert; |
69 | } | 69 | } |
70 | 70 | ||
71 | static bool | 71 | static bool tcp_mt(const struct sk_buff *skb, const struct xt_match_param *par) |
72 | tcp_mt(const struct sk_buff *skb, const struct net_device *in, | ||
73 | const struct net_device *out, const struct xt_match *match, | ||
74 | const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) | ||
75 | { | 72 | { |
76 | const struct tcphdr *th; | 73 | const struct tcphdr *th; |
77 | struct tcphdr _tcph; | 74 | struct tcphdr _tcph; |
78 | const struct xt_tcp *tcpinfo = matchinfo; | 75 | const struct xt_tcp *tcpinfo = par->matchinfo; |
79 | 76 | ||
80 | if (offset) { | 77 | if (par->fragoff != 0) { |
81 | /* To quote Alan: | 78 | /* To quote Alan: |
82 | 79 | ||
83 | Don't allow a fragment of TCP 8 bytes in. Nobody normal | 80 | Don't allow a fragment of TCP 8 bytes in. Nobody normal |
84 | causes this. Its a cracker trying to break in by doing a | 81 | causes this. Its a cracker trying to break in by doing a |
85 | flag overwrite to pass the direction checks. | 82 | flag overwrite to pass the direction checks. |
86 | */ | 83 | */ |
87 | if (offset == 1) { | 84 | if (par->fragoff == 1) { |
88 | duprintf("Dropping evil TCP offset=1 frag.\n"); | 85 | duprintf("Dropping evil TCP offset=1 frag.\n"); |
89 | *hotdrop = true; | 86 | *par->hotdrop = true; |
90 | } | 87 | } |
91 | /* Must not be a fragment. */ | 88 | /* Must not be a fragment. */ |
92 | return false; | 89 | return false; |
@@ -94,12 +91,12 @@ tcp_mt(const struct sk_buff *skb, const struct net_device *in, | |||
94 | 91 | ||
95 | #define FWINVTCP(bool, invflg) ((bool) ^ !!(tcpinfo->invflags & (invflg))) | 92 | #define FWINVTCP(bool, invflg) ((bool) ^ !!(tcpinfo->invflags & (invflg))) |
96 | 93 | ||
97 | th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); | 94 | th = skb_header_pointer(skb, par->thoff, sizeof(_tcph), &_tcph); |
98 | if (th == NULL) { | 95 | if (th == NULL) { |
99 | /* We've been asked to examine this packet, and we | 96 | /* We've been asked to examine this packet, and we |
100 | can't. Hence, no choice but to drop. */ | 97 | can't. Hence, no choice but to drop. */ |
101 | duprintf("Dropping evil TCP offset=0 tinygram.\n"); | 98 | duprintf("Dropping evil TCP offset=0 tinygram.\n"); |
102 | *hotdrop = true; | 99 | *par->hotdrop = true; |
103 | return false; | 100 | return false; |
104 | } | 101 | } |
105 | 102 | ||
@@ -117,13 +114,13 @@ tcp_mt(const struct sk_buff *skb, const struct net_device *in, | |||
117 | return false; | 114 | return false; |
118 | if (tcpinfo->option) { | 115 | if (tcpinfo->option) { |
119 | if (th->doff * 4 < sizeof(_tcph)) { | 116 | if (th->doff * 4 < sizeof(_tcph)) { |
120 | *hotdrop = true; | 117 | *par->hotdrop = true; |
121 | return false; | 118 | return false; |
122 | } | 119 | } |
123 | if (!tcp_find_option(tcpinfo->option, skb, protoff, | 120 | if (!tcp_find_option(tcpinfo->option, skb, par->thoff, |
124 | th->doff*4 - sizeof(_tcph), | 121 | th->doff*4 - sizeof(_tcph), |
125 | tcpinfo->invflags & XT_TCP_INV_OPTION, | 122 | tcpinfo->invflags & XT_TCP_INV_OPTION, |
126 | hotdrop)) | 123 | par->hotdrop)) |
127 | return false; | 124 | return false; |
128 | } | 125 | } |
129 | return true; | 126 | return true; |
@@ -141,25 +138,22 @@ tcp_mt_check(const char *tablename, const void *info, | |||
141 | return !(tcpinfo->invflags & ~XT_TCP_INV_MASK); | 138 | return !(tcpinfo->invflags & ~XT_TCP_INV_MASK); |
142 | } | 139 | } |
143 | 140 | ||
144 | static bool | 141 | static bool udp_mt(const struct sk_buff *skb, const struct xt_match_param *par) |
145 | udp_mt(const struct sk_buff *skb, const struct net_device *in, | ||
146 | const struct net_device *out, const struct xt_match *match, | ||
147 | const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) | ||
148 | { | 142 | { |
149 | const struct udphdr *uh; | 143 | const struct udphdr *uh; |
150 | struct udphdr _udph; | 144 | struct udphdr _udph; |
151 | const struct xt_udp *udpinfo = matchinfo; | 145 | const struct xt_udp *udpinfo = par->matchinfo; |
152 | 146 | ||
153 | /* Must not be a fragment. */ | 147 | /* Must not be a fragment. */ |
154 | if (offset) | 148 | if (par->fragoff != 0) |
155 | return false; | 149 | return false; |
156 | 150 | ||
157 | uh = skb_header_pointer(skb, protoff, sizeof(_udph), &_udph); | 151 | uh = skb_header_pointer(skb, par->thoff, sizeof(_udph), &_udph); |
158 | if (uh == NULL) { | 152 | if (uh == NULL) { |
159 | /* We've been asked to examine this packet, and we | 153 | /* We've been asked to examine this packet, and we |
160 | can't. Hence, no choice but to drop. */ | 154 | can't. Hence, no choice but to drop. */ |
161 | duprintf("Dropping evil UDP tinygram.\n"); | 155 | duprintf("Dropping evil UDP tinygram.\n"); |
162 | *hotdrop = true; | 156 | *par->hotdrop = true; |
163 | return false; | 157 | return false; |
164 | } | 158 | } |
165 | 159 | ||