netfilter: Combine ipt_TTL and ip6t_HL source

Suggested by: James King <t.james.king@gmail.com> Similarly to commit c9fd49680954714473d6cbd2546d6ff120f96840, merge TTL and HL. Since HL does not depend on any IPv6-specific function, no new module dependencies would arise. With slight adjustments to the Kconfig help text. Signed-off-by: Jan Engelhardt <jengelh@medozas.de> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Jan Engelhardt <jengelh@medozas.de> 2009-02-18 12:38:40 -0500
committer: Patrick McHardy <kaber@trash.net> 2009-02-18 12:38:40 -0500
commit: 563d36eb3fb22dd04da9aa6f12e1b9ba0ac115f3 (patch)
tree: 9ff10949c9382b98756fa8da6ded257f00249b84
parent: ddc214c43a923e89741e04da2f10e3037a64e222 (diff)
9 files changed, 187 insertions, 226 deletions
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 3816e1dc9295..3ad9f43b4c45 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -322,21 +322,6 @@ config IP_NF_TARGET_ECN
          To compile it as a module, choose M here.  If unsure, say N.
-config IP_NF_TARGET_TTL
-        tristate  'TTL target support'
-        depends on IP_NF_MANGLE
-        depends on NETFILTER_ADVANCED
-        help
-          This option adds a `TTL' target, which enables the user to modify
-          the TTL value of the IP header.
-          While it is safe to decrement/lower the TTL, this target also enables
-          functionality to increment and set the TTL value of the IP header to
-          arbitrary values.  This is EXTREMELY DANGEROUS since you can easily
-          create immortal packets that loop forever on the network.
-          To compile it as a module, choose M here.  If unsure, say N.
 # raw + specific targets
 config IP_NF_RAW
        tristate  'raw table support (required for NOTRACK/TRACE)'
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 5f9b650d90fc..20b0c37155fb 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -61,7 +61,6 @@ obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
 obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
 obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
 obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
-obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
 obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
 # generic ARP tables
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c
deleted file mode 100644
index 6d76aae90cc0..000000000000
--- a/net/ipv4/netfilter/ipt_TTL.c
+++ /dev/null
@@ -1,97 +0,0 @@
-/* TTL modification target for IP tables
- * (C) 2000,2005 by Harald Welte <laforge@netfilter.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- */
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/ip.h>
-#include <net/checksum.h>
-#include <linux/netfilter/x_tables.h>
-#include <linux/netfilter_ipv4/ipt_TTL.h>
-MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
-MODULE_DESCRIPTION("Xtables: IPv4 TTL field modification target");
-MODULE_LICENSE("GPL");
-static unsigned int
-ttl_tg(struct sk_buff *skb, const struct xt_target_param *par)
-{
-        struct iphdr *iph;
-        const struct ipt_TTL_info *info = par->targinfo;
-        int new_ttl;
-        if (!skb_make_writable(skb, skb->len))
-                return NF_DROP;
-        iph = ip_hdr(skb);
-        switch (info->mode) {
-                case IPT_TTL_SET:
-                        new_ttl = info->ttl;
-                        break;
-                case IPT_TTL_INC:
-                        new_ttl = iph->ttl + info->ttl;
-                        if (new_ttl > 255)
-                                new_ttl = 255;
-                        break;
-                case IPT_TTL_DEC:
-                        new_ttl = iph->ttl - info->ttl;
-                        if (new_ttl < 0)
-                                new_ttl = 0;
-                        break;
-                default:
-                        new_ttl = iph->ttl;
-                        break;
-        }
-        if (new_ttl != iph->ttl) {
-                csum_replace2(&iph->check, htons(iph->ttl << 8),
-                                           htons(new_ttl << 8));
-                iph->ttl = new_ttl;
-        }
-        return XT_CONTINUE;
-}
-static bool ttl_tg_check(const struct xt_tgchk_param *par)
-{
-        const struct ipt_TTL_info *info = par->targinfo;
-        if (info->mode > IPT_TTL_MAXMODE) {
-                printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n",
-                        info->mode);
-                return false;
-        }
-        if (info->mode != IPT_TTL_SET && info->ttl == 0)
-                return false;
-        return true;
-}
-static struct xt_target ttl_tg_reg __read_mostly = {
-        .name           = "TTL",
-        .family         = NFPROTO_IPV4,
-        .target         = ttl_tg,
-        .targetsize     = sizeof(struct ipt_TTL_info),
-        .table          = "mangle",
-        .checkentry     = ttl_tg_check,
-        .me             = THIS_MODULE,
-};
-static int __init ttl_tg_init(void)
-{
-        return xt_register_target(&ttl_tg_reg);
-}
-static void __exit ttl_tg_exit(void)
-{
-        xt_unregister_target(&ttl_tg_reg);
-}
-module_init(ttl_tg_init);
-module_exit(ttl_tg_exit);
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index 53ea512c4608..6a42a968c498 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -170,23 +170,6 @@ config IP6_NF_MANGLE
          To compile it as a module, choose M here.  If unsure, say N.
-config IP6_NF_TARGET_HL
-        tristate  'HL (hoplimit) target support'
-        depends on IP6_NF_MANGLE
-        depends on NETFILTER_ADVANCED
-        help
-          This option adds a `HL' target, which enables the user to decrement
-          the hoplimit value of the IPv6 header or set it to a given (lower)
-          value.
-          While it is safe to decrement the hoplimit value, this option also
-          enables functionality to increment and set the hoplimit value of the
-          IPv6 header to arbitrary values.  This is EXTREMELY DANGEROUS since
-          you can easily create immortal packets that loop forever on the
-          network.
-          To compile it as a module, choose M here.  If unsure, say N.
 config IP6_NF_RAW
        tristate  'raw table support (required for TRACE)'
        depends on NETFILTER_ADVANCED
diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile
index 3f17c948eefb..61a4570d0ede 100644
--- a/net/ipv6/netfilter/Makefile
+++ b/net/ipv6/netfilter/Makefile
@@ -27,6 +27,5 @@ obj-$(CONFIG_IP6_NF_MATCH_OPTS) += ip6t_hbh.o
 obj-$(CONFIG_IP6_NF_MATCH_RT) += ip6t_rt.o
 # targets
-obj-$(CONFIG_IP6_NF_TARGET_HL) += ip6t_HL.o
 obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o
 obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c
deleted file mode 100644
index 27b5adf670a2..000000000000
--- a/net/ipv6/netfilter/ip6t_HL.c
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Hop Limit modification target for ip6tables
- * Maciej Soltysiak <solt@dns.toxicfilms.tv>
- * Based on HW's TTL module
- *
- * This software is distributed under the terms of GNU GPL
- */
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/ip.h>
-#include <linux/ipv6.h>
-#include <linux/netfilter/x_tables.h>
-#include <linux/netfilter_ipv6/ip6t_HL.h>
-MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
-MODULE_DESCRIPTION("Xtables: IPv6 Hop Limit field modification target");
-MODULE_LICENSE("GPL");
-static unsigned int
-hl_tg6(struct sk_buff *skb, const struct xt_target_param *par)
-{
-        struct ipv6hdr *ip6h;
-        const struct ip6t_HL_info *info = par->targinfo;
-        int new_hl;
-        if (!skb_make_writable(skb, skb->len))
-                return NF_DROP;
-        ip6h = ipv6_hdr(skb);
-        switch (info->mode) {
-                case IP6T_HL_SET:
-                        new_hl = info->hop_limit;
-                        break;
-                case IP6T_HL_INC:
-                        new_hl = ip6h->hop_limit + info->hop_limit;
-                        if (new_hl > 255)
-                                new_hl = 255;
-                        break;
-                case IP6T_HL_DEC:
-                        new_hl = ip6h->hop_limit - info->hop_limit;
-                        if (new_hl < 0)
-                                new_hl = 0;
-                        break;
-                default:
-                        new_hl = ip6h->hop_limit;
-                        break;
-        }
-        ip6h->hop_limit = new_hl;
-        return XT_CONTINUE;
-}
-static bool hl_tg6_check(const struct xt_tgchk_param *par)
-{
-        const struct ip6t_HL_info *info = par->targinfo;
-        if (info->mode > IP6T_HL_MAXMODE) {
-                printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
-                        info->mode);
-                return false;
-        }
-        if (info->mode != IP6T_HL_SET && info->hop_limit == 0) {
-                printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
-                        "make sense with value 0\n");
-                return false;
-        }
-        return true;
-}
-static struct xt_target hl_tg6_reg __read_mostly = {
-        .name           = "HL",
-        .family         = NFPROTO_IPV6,
-        .target         = hl_tg6,
-        .targetsize     = sizeof(struct ip6t_HL_info),
-        .table          = "mangle",
-        .checkentry     = hl_tg6_check,
-        .me             = THIS_MODULE
-};
-static int __init hl_tg6_init(void)
-{
-        return xt_register_target(&hl_tg6_reg);
-}
-static void __exit hl_tg6_exit(void)
-{
-        xt_unregister_target(&hl_tg6_reg);
-}
-module_init(hl_tg6_init);
-module_exit(hl_tg6_exit);
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index c2bac9cd0caf..d99f29b7b980 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -357,6 +357,21 @@ config NETFILTER_XT_TARGET_DSCP
          To compile it as a module, choose M here.  If unsure, say N.
+config NETFILTER_XT_TARGET_HL
+        tristate '"HL" hoplimit target support'
+        depends on IP_NF_MANGLE || IP6_NF_MANGLE
+        depends on NETFILTER_ADVANCED
+        ---help---
+        This option adds the "HL" (for IPv6) and "TTL" (for IPv4)
+        targets, which enable the user to change the
+        hoplimit/time-to-live value of the IP header.
+        While it is safe to decrement the hoplimit/TTL value, the
+        modules also allow to increment and set the hoplimit value of
+        the header to arbitrary values. This is EXTREMELY DANGEROUS
+        since you can easily create immortal packets that loop
+        forever on the network.
 config NETFILTER_XT_TARGET_MARK
        tristate '"MARK" target support'
        default m if NETFILTER_ADVANCED=n
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index da3d909e053f..6ebe0482265b 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -45,6 +45,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
+obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o
diff --git a/net/netfilter/xt_HL.c b/net/netfilter/xt_HL.c
new file mode 100644
index 000000000000..10e789e2d12a
--- /dev/null
+++ b/net/netfilter/xt_HL.c
@@ -0,0 +1,171 @@
+/*
+ * TTL modification target for IP tables
+ * (C) 2000,2005 by Harald Welte <laforge@netfilter.org>
+ *
+ * Hop Limit modification target for ip6tables
+ * Maciej Soltysiak <solt@dns.toxicfilms.tv>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ */
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/ip.h>
+#include <linux/ipv6.h>
+#include <net/checksum.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter_ipv4/ipt_TTL.h>
+#include <linux/netfilter_ipv6/ip6t_HL.h>
+MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
+MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
+MODULE_DESCRIPTION("Xtables: Hoplimit/TTL Limit field modification target");
+MODULE_LICENSE("GPL");
+static unsigned int
+ttl_tg(struct sk_buff *skb, const struct xt_target_param *par)
+{
+        struct iphdr *iph;
+        const struct ipt_TTL_info *info = par->targinfo;
+        int new_ttl;
+        if (!skb_make_writable(skb, skb->len))
+                return NF_DROP;
+        iph = ip_hdr(skb);
+        switch (info->mode) {
+                case IPT_TTL_SET:
+                        new_ttl = info->ttl;
+                        break;
+                case IPT_TTL_INC:
+                        new_ttl = iph->ttl + info->ttl;
+                        if (new_ttl > 255)
+                                new_ttl = 255;
+                        break;
+                case IPT_TTL_DEC:
+                        new_ttl = iph->ttl - info->ttl;
+                        if (new_ttl < 0)
+                                new_ttl = 0;
+                        break;
+                default:
+                        new_ttl = iph->ttl;
+                        break;
+        }
+        if (new_ttl != iph->ttl) {
+                csum_replace2(&iph->check, htons(iph->ttl << 8),
+                                           htons(new_ttl << 8));
+                iph->ttl = new_ttl;
+        }
+        return XT_CONTINUE;
+}
+static unsigned int
+hl_tg6(struct sk_buff *skb, const struct xt_target_param *par)
+{
+        struct ipv6hdr *ip6h;
+        const struct ip6t_HL_info *info = par->targinfo;
+        int new_hl;
+        if (!skb_make_writable(skb, skb->len))
+                return NF_DROP;
+        ip6h = ipv6_hdr(skb);
+        switch (info->mode) {
+                case IP6T_HL_SET:
+                        new_hl = info->hop_limit;
+                        break;
+                case IP6T_HL_INC:
+                        new_hl = ip6h->hop_limit + info->hop_limit;
+                        if (new_hl > 255)
+                                new_hl = 255;
+                        break;
+                case IP6T_HL_DEC:
+                        new_hl = ip6h->hop_limit - info->hop_limit;
+                        if (new_hl < 0)
+                                new_hl = 0;
+                        break;
+                default:
+                        new_hl = ip6h->hop_limit;
+                        break;
+        }
+        ip6h->hop_limit = new_hl;
+        return XT_CONTINUE;
+}
+static bool ttl_tg_check(const struct xt_tgchk_param *par)
+{
+        const struct ipt_TTL_info *info = par->targinfo;
+        if (info->mode > IPT_TTL_MAXMODE) {
+                printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n",
+                        info->mode);
+                return false;
+        }
+        if (info->mode != IPT_TTL_SET && info->ttl == 0)
+                return false;
+        return true;
+}
+static bool hl_tg6_check(const struct xt_tgchk_param *par)
+{
+        const struct ip6t_HL_info *info = par->targinfo;
+        if (info->mode > IP6T_HL_MAXMODE) {
+                printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
+                        info->mode);
+                return false;
+        }
+        if (info->mode != IP6T_HL_SET && info->hop_limit == 0) {
+                printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
+                        "make sense with value 0\n");
+                return false;
+        }
+        return true;
+}
+static struct xt_target hl_tg_reg[] __read_mostly = {
+        {
+                .name       = "TTL",
+                .revision   = 0,
+                .family     = NFPROTO_IPV4,
+                .target     = ttl_tg,
+                .targetsize = sizeof(struct ipt_TTL_info),
+                .table      = "mangle",
+                .checkentry = ttl_tg_check,
+                .me         = THIS_MODULE,
+        },
+        {
+                .name       = "HL",
+                .revision   = 0,
+                .family     = NFPROTO_IPV6,
+                .target     = hl_tg6,
+                .targetsize = sizeof(struct ip6t_HL_info),
+                .table      = "mangle",
+                .checkentry = hl_tg6_check,
+                .me         = THIS_MODULE,
+        },
+};
+static int __init hl_tg_init(void)
+{
+        return xt_register_targets(hl_tg_reg, ARRAY_SIZE(hl_tg_reg));
+}
+static void __exit hl_tg_exit(void)
+{
+        xt_unregister_targets(hl_tg_reg, ARRAY_SIZE(hl_tg_reg));
+}
+module_init(hl_tg_init);
+module_exit(hl_tg_exit);
+MODULE_ALIAS("ipt_TTL");
+MODULE_ALIAS("ip6t_HL");
author	Jan Engelhardt <jengelh@medozas.de>	2009-02-18 12:38:40 -0500
committer	Patrick McHardy <kaber@trash.net>	2009-02-18 12:38:40 -0500
commit	563d36eb3fb22dd04da9aa6f12e1b9ba0ac115f3 (patch)
tree	9ff10949c9382b98756fa8da6ded257f00249b84
parent	ddc214c43a923e89741e04da2f10e3037a64e222 (diff)

diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index 3816e1dc9295..3ad9f43b4c45 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig
@@ -322,21 +322,6 @@ config IP_NF_TARGET_ECN
322		322
323	To compile it as a module, choose M here. If unsure, say N.	323	To compile it as a module, choose M here. If unsure, say N.
324		324
325	config IP_NF_TARGET_TTL
326	tristate 'TTL target support'
327	depends on IP_NF_MANGLE
328	depends on NETFILTER_ADVANCED
329	help
330	This option adds a `TTL' target, which enables the user to modify
331	the TTL value of the IP header.
332
333	While it is safe to decrement/lower the TTL, this target also enables
334	functionality to increment and set the TTL value of the IP header to
335	arbitrary values. This is EXTREMELY DANGEROUS since you can easily
336	create immortal packets that loop forever on the network.
337
338	To compile it as a module, choose M here. If unsure, say N.
339
340	# raw + specific targets	325	# raw + specific targets
341	config IP_NF_RAW	326	config IP_NF_RAW
342	tristate 'raw table support (required for NOTRACK/TRACE)'	327	tristate 'raw table support (required for NOTRACK/TRACE)'


diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile index 5f9b650d90fc..20b0c37155fb 100644 --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile
@@ -61,7 +61,6 @@ obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
61	obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o	61	obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
62	obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o	62	obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
63	obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o	63	obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
64	obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
65	obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o	64	obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
66		65
67	# generic ARP tables	66	# generic ARP tables


diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c deleted file mode 100644 index 6d76aae90cc0..000000000000 --- a/net/ipv4/netfilter/ipt_TTL.c +++ /dev/null
@@ -1,97 +0,0 @@
1	/* TTL modification target for IP tables
2	* (C) 2000,2005 by Harald Welte <laforge@netfilter.org>
3	*
4	* This program is free software; you can redistribute it and/or modify
5	* it under the terms of the GNU General Public License version 2 as
6	* published by the Free Software Foundation.
7	*
8	*/
9
10	#include <linux/module.h>
11	#include <linux/skbuff.h>
12	#include <linux/ip.h>
13	#include <net/checksum.h>
14
15	#include <linux/netfilter/x_tables.h>
16	#include <linux/netfilter_ipv4/ipt_TTL.h>
17
18	MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
19	MODULE_DESCRIPTION("Xtables: IPv4 TTL field modification target");
20	MODULE_LICENSE("GPL");
21
22	static unsigned int
23	ttl_tg(struct sk_buff skb, const struct xt_target_param par)
24	{
25	struct iphdr *iph;
26	const struct ipt_TTL_info *info = par->targinfo;
27	int new_ttl;
28
29	if (!skb_make_writable(skb, skb->len))
30	return NF_DROP;
31
32	iph = ip_hdr(skb);
33
34	switch (info->mode) {
35	case IPT_TTL_SET:
36	new_ttl = info->ttl;
37	break;
38	case IPT_TTL_INC:
39	new_ttl = iph->ttl + info->ttl;
40	if (new_ttl > 255)
41	new_ttl = 255;
42	break;
43	case IPT_TTL_DEC:
44	new_ttl = iph->ttl - info->ttl;
45	if (new_ttl < 0)
46	new_ttl = 0;
47	break;
48	default:
49	new_ttl = iph->ttl;
50	break;
51	}
52
53	if (new_ttl != iph->ttl) {
54	csum_replace2(&iph->check, htons(iph->ttl << 8),
55	htons(new_ttl << 8));
56	iph->ttl = new_ttl;
57	}
58
59	return XT_CONTINUE;
60	}
61
62	static bool ttl_tg_check(const struct xt_tgchk_param *par)
63	{
64	const struct ipt_TTL_info *info = par->targinfo;
65
66	if (info->mode > IPT_TTL_MAXMODE) {
67	printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n",
68	info->mode);
69	return false;
70	}
71	if (info->mode != IPT_TTL_SET && info->ttl == 0)
72	return false;
73	return true;
74	}
75
76	static struct xt_target ttl_tg_reg __read_mostly = {
77	.name = "TTL",
78	.family = NFPROTO_IPV4,
79	.target = ttl_tg,
80	.targetsize = sizeof(struct ipt_TTL_info),
81	.table = "mangle",
82	.checkentry = ttl_tg_check,
83	.me = THIS_MODULE,
84	};
85
86	static int __init ttl_tg_init(void)
87	{
88	return xt_register_target(&ttl_tg_reg);
89	}
90
91	static void __exit ttl_tg_exit(void)
92	{
93	xt_unregister_target(&ttl_tg_reg);
94	}
95
96	module_init(ttl_tg_init);
97	module_exit(ttl_tg_exit);


diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig index 53ea512c4608..6a42a968c498 100644 --- a/net/ipv6/netfilter/Kconfig +++ b/net/ipv6/netfilter/Kconfig
@@ -170,23 +170,6 @@ config IP6_NF_MANGLE
170		170
171	To compile it as a module, choose M here. If unsure, say N.	171	To compile it as a module, choose M here. If unsure, say N.
172		172
173	config IP6_NF_TARGET_HL
174	tristate 'HL (hoplimit) target support'
175	depends on IP6_NF_MANGLE
176	depends on NETFILTER_ADVANCED
177	help
178	This option adds a `HL' target, which enables the user to decrement
179	the hoplimit value of the IPv6 header or set it to a given (lower)
180	value.
181
182	While it is safe to decrement the hoplimit value, this option also
183	enables functionality to increment and set the hoplimit value of the
184	IPv6 header to arbitrary values. This is EXTREMELY DANGEROUS since
185	you can easily create immortal packets that loop forever on the
186	network.
187
188	To compile it as a module, choose M here. If unsure, say N.
189
190	config IP6_NF_RAW	173	config IP6_NF_RAW
191	tristate 'raw table support (required for TRACE)'	174	tristate 'raw table support (required for TRACE)'
192	depends on NETFILTER_ADVANCED	175	depends on NETFILTER_ADVANCED


diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile index 3f17c948eefb..61a4570d0ede 100644 --- a/net/ipv6/netfilter/Makefile +++ b/net/ipv6/netfilter/Makefile
@@ -27,6 +27,5 @@ obj-$(CONFIG_IP6_NF_MATCH_OPTS) += ip6t_hbh.o
27	obj-$(CONFIG_IP6_NF_MATCH_RT) += ip6t_rt.o	27	obj-$(CONFIG_IP6_NF_MATCH_RT) += ip6t_rt.o
28		28
29	# targets	29	# targets
30	obj-$(CONFIG_IP6_NF_TARGET_HL) += ip6t_HL.o
31	obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o	30	obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o
32	obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o	31	obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o


diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c deleted file mode 100644 index 27b5adf670a2..000000000000 --- a/net/ipv6/netfilter/ip6t_HL.c +++ /dev/null
@@ -1,95 +0,0 @@
1	/*
2	* Hop Limit modification target for ip6tables
3	* Maciej Soltysiak <solt@dns.toxicfilms.tv>
4	* Based on HW's TTL module
5	*
6	* This software is distributed under the terms of GNU GPL
7	*/
8
9	#include <linux/module.h>
10	#include <linux/skbuff.h>
11	#include <linux/ip.h>
12	#include <linux/ipv6.h>
13
14	#include <linux/netfilter/x_tables.h>
15	#include <linux/netfilter_ipv6/ip6t_HL.h>
16
17	MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
18	MODULE_DESCRIPTION("Xtables: IPv6 Hop Limit field modification target");
19	MODULE_LICENSE("GPL");
20
21	static unsigned int
22	hl_tg6(struct sk_buff skb, const struct xt_target_param par)
23	{
24	struct ipv6hdr *ip6h;
25	const struct ip6t_HL_info *info = par->targinfo;
26	int new_hl;
27
28	if (!skb_make_writable(skb, skb->len))
29	return NF_DROP;
30
31	ip6h = ipv6_hdr(skb);
32
33	switch (info->mode) {
34	case IP6T_HL_SET:
35	new_hl = info->hop_limit;
36	break;
37	case IP6T_HL_INC:
38	new_hl = ip6h->hop_limit + info->hop_limit;
39	if (new_hl > 255)
40	new_hl = 255;
41	break;
42	case IP6T_HL_DEC:
43	new_hl = ip6h->hop_limit - info->hop_limit;
44	if (new_hl < 0)
45	new_hl = 0;
46	break;
47	default:
48	new_hl = ip6h->hop_limit;
49	break;
50	}
51
52	ip6h->hop_limit = new_hl;
53
54	return XT_CONTINUE;
55	}
56
57	static bool hl_tg6_check(const struct xt_tgchk_param *par)
58	{
59	const struct ip6t_HL_info *info = par->targinfo;
60
61	if (info->mode > IP6T_HL_MAXMODE) {
62	printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
63	info->mode);
64	return false;
65	}
66	if (info->mode != IP6T_HL_SET && info->hop_limit == 0) {
67	printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
68	"make sense with value 0\n");
69	return false;
70	}
71	return true;
72	}
73
74	static struct xt_target hl_tg6_reg __read_mostly = {
75	.name = "HL",
76	.family = NFPROTO_IPV6,
77	.target = hl_tg6,
78	.targetsize = sizeof(struct ip6t_HL_info),
79	.table = "mangle",
80	.checkentry = hl_tg6_check,
81	.me = THIS_MODULE
82	};
83
84	static int __init hl_tg6_init(void)
85	{
86	return xt_register_target(&hl_tg6_reg);
87	}
88
89	static void __exit hl_tg6_exit(void)
90	{
91	xt_unregister_target(&hl_tg6_reg);
92	}
93
94	module_init(hl_tg6_init);
95	module_exit(hl_tg6_exit);


diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig index c2bac9cd0caf..d99f29b7b980 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig
@@ -357,6 +357,21 @@ config NETFILTER_XT_TARGET_DSCP
357		357
358	To compile it as a module, choose M here. If unsure, say N.	358	To compile it as a module, choose M here. If unsure, say N.
359		359
		360	config NETFILTER_XT_TARGET_HL
		361	tristate '"HL" hoplimit target support'
		362	depends on IP_NF_MANGLE \|\| IP6_NF_MANGLE
		363	depends on NETFILTER_ADVANCED
		364	---help---
		365	This option adds the "HL" (for IPv6) and "TTL" (for IPv4)
		366	targets, which enable the user to change the
		367	hoplimit/time-to-live value of the IP header.
		368
		369	While it is safe to decrement the hoplimit/TTL value, the
		370	modules also allow to increment and set the hoplimit value of
		371	the header to arbitrary values. This is EXTREMELY DANGEROUS
		372	since you can easily create immortal packets that loop
		373	forever on the network.
		374
360	config NETFILTER_XT_TARGET_MARK	375	config NETFILTER_XT_TARGET_MARK
361	tristate '"MARK" target support'	376	tristate '"MARK" target support'
362	default m if NETFILTER_ADVANCED=n	377	default m if NETFILTER_ADVANCED=n


diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile index da3d909e053f..6ebe0482265b 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile
@@ -45,6 +45,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CLASSIFY) += xt_CLASSIFY.o
45	obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o	45	obj-$(CONFIG_NETFILTER_XT_TARGET_CONNMARK) += xt_CONNMARK.o
46	obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o	46	obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o
47	obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o	47	obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
		48	obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o
48	obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o	49	obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o
49	obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o	50	obj-$(CONFIG_NETFILTER_XT_TARGET_NFLOG) += xt_NFLOG.o
50	obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o	51	obj-$(CONFIG_NETFILTER_XT_TARGET_NFQUEUE) += xt_NFQUEUE.o


diff --git a/net/netfilter/xt_HL.c b/net/netfilter/xt_HL.c new file mode 100644 index 000000000000..10e789e2d12a --- /dev/null +++ b/net/netfilter/xt_HL.c
@@ -0,0 +1,171 @@
		1	/*
		2	* TTL modification target for IP tables
		3	* (C) 2000,2005 by Harald Welte <laforge@netfilter.org>
		4	*
		5	* Hop Limit modification target for ip6tables
		6	* Maciej Soltysiak <solt@dns.toxicfilms.tv>
		7	*
		8	* This program is free software; you can redistribute it and/or modify
		9	* it under the terms of the GNU General Public License version 2 as
		10	* published by the Free Software Foundation.
		11	*/
		12
		13	#include <linux/module.h>
		14	#include <linux/skbuff.h>
		15	#include <linux/ip.h>
		16	#include <linux/ipv6.h>
		17	#include <net/checksum.h>
		18
		19	#include <linux/netfilter/x_tables.h>
		20	#include <linux/netfilter_ipv4/ipt_TTL.h>
		21	#include <linux/netfilter_ipv6/ip6t_HL.h>
		22
		23	MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
		24	MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
		25	MODULE_DESCRIPTION("Xtables: Hoplimit/TTL Limit field modification target");
		26	MODULE_LICENSE("GPL");
		27
		28	static unsigned int
		29	ttl_tg(struct sk_buff skb, const struct xt_target_param par)
		30	{
		31	struct iphdr *iph;
		32	const struct ipt_TTL_info *info = par->targinfo;
		33	int new_ttl;
		34
		35	if (!skb_make_writable(skb, skb->len))
		36	return NF_DROP;
		37
		38	iph = ip_hdr(skb);
		39
		40	switch (info->mode) {
		41	case IPT_TTL_SET:
		42	new_ttl = info->ttl;
		43	break;
		44	case IPT_TTL_INC:
		45	new_ttl = iph->ttl + info->ttl;
		46	if (new_ttl > 255)
		47	new_ttl = 255;
		48	break;
		49	case IPT_TTL_DEC:
		50	new_ttl = iph->ttl - info->ttl;
		51	if (new_ttl < 0)
		52	new_ttl = 0;
		53	break;
		54	default:
		55	new_ttl = iph->ttl;
		56	break;
		57	}
		58
		59	if (new_ttl != iph->ttl) {
		60	csum_replace2(&iph->check, htons(iph->ttl << 8),
		61	htons(new_ttl << 8));
		62	iph->ttl = new_ttl;
		63	}
		64
		65	return XT_CONTINUE;
		66	}
		67
		68	static unsigned int
		69	hl_tg6(struct sk_buff skb, const struct xt_target_param par)
		70	{
		71	struct ipv6hdr *ip6h;
		72	const struct ip6t_HL_info *info = par->targinfo;
		73	int new_hl;
		74
		75	if (!skb_make_writable(skb, skb->len))
		76	return NF_DROP;
		77
		78	ip6h = ipv6_hdr(skb);
		79
		80	switch (info->mode) {
		81	case IP6T_HL_SET:
		82	new_hl = info->hop_limit;
		83	break;
		84	case IP6T_HL_INC:
		85	new_hl = ip6h->hop_limit + info->hop_limit;
		86	if (new_hl > 255)
		87	new_hl = 255;
		88	break;
		89	case IP6T_HL_DEC:
		90	new_hl = ip6h->hop_limit - info->hop_limit;
		91	if (new_hl < 0)
		92	new_hl = 0;
		93	break;
		94	default:
		95	new_hl = ip6h->hop_limit;
		96	break;
		97	}
		98
		99	ip6h->hop_limit = new_hl;
		100
		101	return XT_CONTINUE;
		102	}
		103
		104	static bool ttl_tg_check(const struct xt_tgchk_param *par)
		105	{
		106	const struct ipt_TTL_info *info = par->targinfo;
		107
		108	if (info->mode > IPT_TTL_MAXMODE) {
		109	printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n",
		110	info->mode);
		111	return false;
		112	}
		113	if (info->mode != IPT_TTL_SET && info->ttl == 0)
		114	return false;
		115	return true;
		116	}
		117
		118	static bool hl_tg6_check(const struct xt_tgchk_param *par)
		119	{
		120	const struct ip6t_HL_info *info = par->targinfo;
		121
		122	if (info->mode > IP6T_HL_MAXMODE) {
		123	printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
		124	info->mode);
		125	return false;
		126	}
		127	if (info->mode != IP6T_HL_SET && info->hop_limit == 0) {
		128	printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
		129	"make sense with value 0\n");
		130	return false;
		131	}
		132	return true;
		133	}
		134
		135	static struct xt_target hl_tg_reg[] __read_mostly = {
		136	{
		137	.name = "TTL",
		138	.revision = 0,
		139	.family = NFPROTO_IPV4,
		140	.target = ttl_tg,
		141	.targetsize = sizeof(struct ipt_TTL_info),
		142	.table = "mangle",
		143	.checkentry = ttl_tg_check,
		144	.me = THIS_MODULE,
		145	},
		146	{
		147	.name = "HL",
		148	.revision = 0,
		149	.family = NFPROTO_IPV6,
		150	.target = hl_tg6,
		151	.targetsize = sizeof(struct ip6t_HL_info),
		152	.table = "mangle",
		153	.checkentry = hl_tg6_check,
		154	.me = THIS_MODULE,
		155	},
		156	};
		157
		158	static int __init hl_tg_init(void)
		159	{
		160	return xt_register_targets(hl_tg_reg, ARRAY_SIZE(hl_tg_reg));
		161	}
		162
		163	static void __exit hl_tg_exit(void)
		164	{
		165	xt_unregister_targets(hl_tg_reg, ARRAY_SIZE(hl_tg_reg));
		166	}
		167
		168	module_init(hl_tg_init);
		169	module_exit(hl_tg_exit);
		170	MODULE_ALIAS("ipt_TTL");
		171	MODULE_ALIAS("ip6t_HL");