diff options
Diffstat (limited to 'net/netfilter/xt_tcpudp.c')
| -rw-r--r-- | net/netfilter/xt_tcpudp.c | 36 |
1 files changed, 15 insertions, 21 deletions
diff --git a/net/netfilter/xt_tcpudp.c b/net/netfilter/xt_tcpudp.c index 5a6268cbb9f..66cf71b1d59 100644 --- a/net/netfilter/xt_tcpudp.c +++ b/net/netfilter/xt_tcpudp.c | |||
| @@ -68,25 +68,22 @@ tcp_find_option(u_int8_t option, | |||
| 68 | return invert; | 68 | return invert; |
| 69 | } | 69 | } |
| 70 | 70 | ||
| 71 | static bool | 71 | static bool tcp_mt(const struct sk_buff *skb, const struct xt_match_param *par) |
| 72 | tcp_mt(const struct sk_buff *skb, const struct net_device *in, | ||
| 73 | const struct net_device *out, const struct xt_match *match, | ||
| 74 | const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) | ||
| 75 | { | 72 | { |
| 76 | const struct tcphdr *th; | 73 | const struct tcphdr *th; |
| 77 | struct tcphdr _tcph; | 74 | struct tcphdr _tcph; |
| 78 | const struct xt_tcp *tcpinfo = matchinfo; | 75 | const struct xt_tcp *tcpinfo = par->matchinfo; |
| 79 | 76 | ||
| 80 | if (offset) { | 77 | if (par->fragoff != 0) { |
| 81 | /* To quote Alan: | 78 | /* To quote Alan: |
| 82 | 79 | ||
| 83 | Don't allow a fragment of TCP 8 bytes in. Nobody normal | 80 | Don't allow a fragment of TCP 8 bytes in. Nobody normal |
| 84 | causes this. Its a cracker trying to break in by doing a | 81 | causes this. Its a cracker trying to break in by doing a |
| 85 | flag overwrite to pass the direction checks. | 82 | flag overwrite to pass the direction checks. |
| 86 | */ | 83 | */ |
| 87 | if (offset == 1) { | 84 | if (par->fragoff == 1) { |
| 88 | duprintf("Dropping evil TCP offset=1 frag.\n"); | 85 | duprintf("Dropping evil TCP offset=1 frag.\n"); |
| 89 | *hotdrop = true; | 86 | *par->hotdrop = true; |
| 90 | } | 87 | } |
| 91 | /* Must not be a fragment. */ | 88 | /* Must not be a fragment. */ |
| 92 | return false; | 89 | return false; |
| @@ -94,12 +91,12 @@ tcp_mt(const struct sk_buff *skb, const struct net_device *in, | |||
| 94 | 91 | ||
| 95 | #define FWINVTCP(bool, invflg) ((bool) ^ !!(tcpinfo->invflags & (invflg))) | 92 | #define FWINVTCP(bool, invflg) ((bool) ^ !!(tcpinfo->invflags & (invflg))) |
| 96 | 93 | ||
| 97 | th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph); | 94 | th = skb_header_pointer(skb, par->thoff, sizeof(_tcph), &_tcph); |
| 98 | if (th == NULL) { | 95 | if (th == NULL) { |
| 99 | /* We've been asked to examine this packet, and we | 96 | /* We've been asked to examine this packet, and we |
| 100 | can't. Hence, no choice but to drop. */ | 97 | can't. Hence, no choice but to drop. */ |
| 101 | duprintf("Dropping evil TCP offset=0 tinygram.\n"); | 98 | duprintf("Dropping evil TCP offset=0 tinygram.\n"); |
| 102 | *hotdrop = true; | 99 | *par->hotdrop = true; |
| 103 | return false; | 100 | return false; |
| 104 | } | 101 | } |
| 105 | 102 | ||
| @@ -117,13 +114,13 @@ tcp_mt(const struct sk_buff *skb, const struct net_device *in, | |||
| 117 | return false; | 114 | return false; |
| 118 | if (tcpinfo->option) { | 115 | if (tcpinfo->option) { |
| 119 | if (th->doff * 4 < sizeof(_tcph)) { | 116 | if (th->doff * 4 < sizeof(_tcph)) { |
| 120 | *hotdrop = true; | 117 | *par->hotdrop = true; |
| 121 | return false; | 118 | return false; |
| 122 | } | 119 | } |
| 123 | if (!tcp_find_option(tcpinfo->option, skb, protoff, | 120 | if (!tcp_find_option(tcpinfo->option, skb, par->thoff, |
| 124 | th->doff*4 - sizeof(_tcph), | 121 | th->doff*4 - sizeof(_tcph), |
| 125 | tcpinfo->invflags & XT_TCP_INV_OPTION, | 122 | tcpinfo->invflags & XT_TCP_INV_OPTION, |
| 126 | hotdrop)) | 123 | par->hotdrop)) |
| 127 | return false; | 124 | return false; |
| 128 | } | 125 | } |
| 129 | return true; | 126 | return true; |
| @@ -141,25 +138,22 @@ tcp_mt_check(const char *tablename, const void *info, | |||
| 141 | return !(tcpinfo->invflags & ~XT_TCP_INV_MASK); | 138 | return !(tcpinfo->invflags & ~XT_TCP_INV_MASK); |
| 142 | } | 139 | } |
| 143 | 140 | ||
| 144 | static bool | 141 | static bool udp_mt(const struct sk_buff *skb, const struct xt_match_param *par) |
| 145 | udp_mt(const struct sk_buff *skb, const struct net_device *in, | ||
| 146 | const struct net_device *out, const struct xt_match *match, | ||
| 147 | const void *matchinfo, int offset, unsigned int protoff, bool *hotdrop) | ||
| 148 | { | 142 | { |
| 149 | const struct udphdr *uh; | 143 | const struct udphdr *uh; |
| 150 | struct udphdr _udph; | 144 | struct udphdr _udph; |
| 151 | const struct xt_udp *udpinfo = matchinfo; | 145 | const struct xt_udp *udpinfo = par->matchinfo; |
| 152 | 146 | ||
| 153 | /* Must not be a fragment. */ | 147 | /* Must not be a fragment. */ |
| 154 | if (offset) | 148 | if (par->fragoff != 0) |
| 155 | return false; | 149 | return false; |
| 156 | 150 | ||
| 157 | uh = skb_header_pointer(skb, protoff, sizeof(_udph), &_udph); | 151 | uh = skb_header_pointer(skb, par->thoff, sizeof(_udph), &_udph); |
| 158 | if (uh == NULL) { | 152 | if (uh == NULL) { |
| 159 | /* We've been asked to examine this packet, and we | 153 | /* We've been asked to examine this packet, and we |
| 160 | can't. Hence, no choice but to drop. */ | 154 | can't. Hence, no choice but to drop. */ |
| 161 | duprintf("Dropping evil UDP tinygram.\n"); | 155 | duprintf("Dropping evil UDP tinygram.\n"); |
| 162 | *hotdrop = true; | 156 | *par->hotdrop = true; |
| 163 | return false; | 157 | return false; |
| 164 | } | 158 | } |
| 165 | 159 | ||