aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/netfilter/xt_tcpmss.c48
1 files changed, 18 insertions, 30 deletions
diff --git a/net/netfilter/xt_tcpmss.c b/net/netfilter/xt_tcpmss.c
index 7baa9ebc46c1..a3682fe2f192 100644
--- a/net/netfilter/xt_tcpmss.c
+++ b/net/netfilter/xt_tcpmss.c
@@ -18,21 +18,22 @@
18#include <linux/netfilter_ipv4/ip_tables.h> 18#include <linux/netfilter_ipv4/ip_tables.h>
19#include <linux/netfilter_ipv6/ip6_tables.h> 19#include <linux/netfilter_ipv6/ip6_tables.h>
20 20
21#define TH_SYN 0x02
22
23MODULE_LICENSE("GPL"); 21MODULE_LICENSE("GPL");
24MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>"); 22MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
25MODULE_DESCRIPTION("iptables TCP MSS match module"); 23MODULE_DESCRIPTION("iptables TCP MSS match module");
26MODULE_ALIAS("ipt_tcpmss"); 24MODULE_ALIAS("ipt_tcpmss");
27 25
28/* Returns 1 if the mss option is set and matched by the range, 0 otherwise */ 26static int
29static inline int 27match(const struct sk_buff *skb,
30mssoption_match(u_int16_t min, u_int16_t max, 28 const struct net_device *in,
31 const struct sk_buff *skb, 29 const struct net_device *out,
32 unsigned int protoff, 30 const struct xt_match *match,
33 int invert, 31 const void *matchinfo,
34 int *hotdrop) 32 int offset,
33 unsigned int protoff,
34 int *hotdrop)
35{ 35{
36 const struct xt_tcpmss_match_info *info = matchinfo;
36 struct tcphdr _tcph, *th; 37 struct tcphdr _tcph, *th;
37 /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ 38 /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
38 u8 _opt[15 * 4 - sizeof(_tcph)], *op; 39 u8 _opt[15 * 4 - sizeof(_tcph)], *op;
@@ -64,35 +65,22 @@ mssoption_match(u_int16_t min, u_int16_t max,
64 65
65 mssval = (op[i+2] << 8) | op[i+3]; 66 mssval = (op[i+2] << 8) | op[i+3];
66 67
67 return (mssval >= min && mssval <= max) ^ invert; 68 return (mssval >= info->mss_min &&
69 mssval <= info->mss_max) ^ info->invert;
68 } 70 }
69 if (op[i] < 2) i++; 71 if (op[i] < 2)
70 else i += op[i+1]?:1; 72 i++;
73 else
74 i += op[i+1] ? : 1;
71 } 75 }
72out: 76out:
73 return invert; 77 return info->invert;
74 78
75 dropit: 79dropit:
76 *hotdrop = 1; 80 *hotdrop = 1;
77 return 0; 81 return 0;
78} 82}
79 83
80static int
81match(const struct sk_buff *skb,
82 const struct net_device *in,
83 const struct net_device *out,
84 const struct xt_match *match,
85 const void *matchinfo,
86 int offset,
87 unsigned int protoff,
88 int *hotdrop)
89{
90 const struct xt_tcpmss_match_info *info = matchinfo;
91
92 return mssoption_match(info->mss_min, info->mss_max, skb, protoff,
93 info->invert, hotdrop);
94}
95
96static struct xt_match xt_tcpmss_match[] = { 84static struct xt_match xt_tcpmss_match[] = {
97 { 85 {
98 .name = "tcpmss", 86 .name = "tcpmss",