diff options
-rw-r--r-- | net/netfilter/xt_tcpmss.c | 48 |
1 files changed, 18 insertions, 30 deletions
diff --git a/net/netfilter/xt_tcpmss.c b/net/netfilter/xt_tcpmss.c index 7baa9ebc46c1..a3682fe2f192 100644 --- a/net/netfilter/xt_tcpmss.c +++ b/net/netfilter/xt_tcpmss.c | |||
@@ -18,21 +18,22 @@ | |||
18 | #include <linux/netfilter_ipv4/ip_tables.h> | 18 | #include <linux/netfilter_ipv4/ip_tables.h> |
19 | #include <linux/netfilter_ipv6/ip6_tables.h> | 19 | #include <linux/netfilter_ipv6/ip6_tables.h> |
20 | 20 | ||
21 | #define TH_SYN 0x02 | ||
22 | |||
23 | MODULE_LICENSE("GPL"); | 21 | MODULE_LICENSE("GPL"); |
24 | MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); | 22 | MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); |
25 | MODULE_DESCRIPTION("iptables TCP MSS match module"); | 23 | MODULE_DESCRIPTION("iptables TCP MSS match module"); |
26 | MODULE_ALIAS("ipt_tcpmss"); | 24 | MODULE_ALIAS("ipt_tcpmss"); |
27 | 25 | ||
28 | /* Returns 1 if the mss option is set and matched by the range, 0 otherwise */ | 26 | static int |
29 | static inline int | 27 | match(const struct sk_buff *skb, |
30 | mssoption_match(u_int16_t min, u_int16_t max, | 28 | const struct net_device *in, |
31 | const struct sk_buff *skb, | 29 | const struct net_device *out, |
32 | unsigned int protoff, | 30 | const struct xt_match *match, |
33 | int invert, | 31 | const void *matchinfo, |
34 | int *hotdrop) | 32 | int offset, |
33 | unsigned int protoff, | ||
34 | int *hotdrop) | ||
35 | { | 35 | { |
36 | const struct xt_tcpmss_match_info *info = matchinfo; | ||
36 | struct tcphdr _tcph, *th; | 37 | struct tcphdr _tcph, *th; |
37 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ | 38 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ |
38 | u8 _opt[15 * 4 - sizeof(_tcph)], *op; | 39 | u8 _opt[15 * 4 - sizeof(_tcph)], *op; |
@@ -64,35 +65,22 @@ mssoption_match(u_int16_t min, u_int16_t max, | |||
64 | 65 | ||
65 | mssval = (op[i+2] << 8) | op[i+3]; | 66 | mssval = (op[i+2] << 8) | op[i+3]; |
66 | 67 | ||
67 | return (mssval >= min && mssval <= max) ^ invert; | 68 | return (mssval >= info->mss_min && |
69 | mssval <= info->mss_max) ^ info->invert; | ||
68 | } | 70 | } |
69 | if (op[i] < 2) i++; | 71 | if (op[i] < 2) |
70 | else i += op[i+1]?:1; | 72 | i++; |
73 | else | ||
74 | i += op[i+1] ? : 1; | ||
71 | } | 75 | } |
72 | out: | 76 | out: |
73 | return invert; | 77 | return info->invert; |
74 | 78 | ||
75 | dropit: | 79 | dropit: |
76 | *hotdrop = 1; | 80 | *hotdrop = 1; |
77 | return 0; | 81 | return 0; |
78 | } | 82 | } |
79 | 83 | ||
80 | static int | ||
81 | match(const struct sk_buff *skb, | ||
82 | const struct net_device *in, | ||
83 | const struct net_device *out, | ||
84 | const struct xt_match *match, | ||
85 | const void *matchinfo, | ||
86 | int offset, | ||
87 | unsigned int protoff, | ||
88 | int *hotdrop) | ||
89 | { | ||
90 | const struct xt_tcpmss_match_info *info = matchinfo; | ||
91 | |||
92 | return mssoption_match(info->mss_min, info->mss_max, skb, protoff, | ||
93 | info->invert, hotdrop); | ||
94 | } | ||
95 | |||
96 | static struct xt_match xt_tcpmss_match[] = { | 84 | static struct xt_match xt_tcpmss_match[] = { |
97 | { | 85 | { |
98 | .name = "tcpmss", | 86 | .name = "tcpmss", |