diff options
Diffstat (limited to 'net/ipv6')
| -rw-r--r-- | net/ipv6/netfilter/Kconfig | 17 | ||||
| -rw-r--r-- | net/ipv6/netfilter/Makefile | 1 | ||||
| -rw-r--r-- | net/ipv6/netfilter/ip6t_HL.c | 95 |
3 files changed, 0 insertions, 113 deletions
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig index 53ea512c4608..6a42a968c498 100644 --- a/net/ipv6/netfilter/Kconfig +++ b/net/ipv6/netfilter/Kconfig | |||
| @@ -170,23 +170,6 @@ config IP6_NF_MANGLE | |||
| 170 | 170 | ||
| 171 | To compile it as a module, choose M here. If unsure, say N. | 171 | To compile it as a module, choose M here. If unsure, say N. |
| 172 | 172 | ||
| 173 | config IP6_NF_TARGET_HL | ||
| 174 | tristate 'HL (hoplimit) target support' | ||
| 175 | depends on IP6_NF_MANGLE | ||
| 176 | depends on NETFILTER_ADVANCED | ||
| 177 | help | ||
| 178 | This option adds a `HL' target, which enables the user to decrement | ||
| 179 | the hoplimit value of the IPv6 header or set it to a given (lower) | ||
| 180 | value. | ||
| 181 | |||
| 182 | While it is safe to decrement the hoplimit value, this option also | ||
| 183 | enables functionality to increment and set the hoplimit value of the | ||
| 184 | IPv6 header to arbitrary values. This is EXTREMELY DANGEROUS since | ||
| 185 | you can easily create immortal packets that loop forever on the | ||
| 186 | network. | ||
| 187 | |||
| 188 | To compile it as a module, choose M here. If unsure, say N. | ||
| 189 | |||
| 190 | config IP6_NF_RAW | 173 | config IP6_NF_RAW |
| 191 | tristate 'raw table support (required for TRACE)' | 174 | tristate 'raw table support (required for TRACE)' |
| 192 | depends on NETFILTER_ADVANCED | 175 | depends on NETFILTER_ADVANCED |
diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile index 3f17c948eefb..61a4570d0ede 100644 --- a/net/ipv6/netfilter/Makefile +++ b/net/ipv6/netfilter/Makefile | |||
| @@ -27,6 +27,5 @@ obj-$(CONFIG_IP6_NF_MATCH_OPTS) += ip6t_hbh.o | |||
| 27 | obj-$(CONFIG_IP6_NF_MATCH_RT) += ip6t_rt.o | 27 | obj-$(CONFIG_IP6_NF_MATCH_RT) += ip6t_rt.o |
| 28 | 28 | ||
| 29 | # targets | 29 | # targets |
| 30 | obj-$(CONFIG_IP6_NF_TARGET_HL) += ip6t_HL.o | ||
| 31 | obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o | 30 | obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o |
| 32 | obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o | 31 | obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o |
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c deleted file mode 100644 index 27b5adf670a2..000000000000 --- a/net/ipv6/netfilter/ip6t_HL.c +++ /dev/null | |||
| @@ -1,95 +0,0 @@ | |||
| 1 | /* | ||
| 2 | * Hop Limit modification target for ip6tables | ||
| 3 | * Maciej Soltysiak <solt@dns.toxicfilms.tv> | ||
| 4 | * Based on HW's TTL module | ||
| 5 | * | ||
| 6 | * This software is distributed under the terms of GNU GPL | ||
| 7 | */ | ||
| 8 | |||
| 9 | #include <linux/module.h> | ||
| 10 | #include <linux/skbuff.h> | ||
| 11 | #include <linux/ip.h> | ||
| 12 | #include <linux/ipv6.h> | ||
| 13 | |||
| 14 | #include <linux/netfilter/x_tables.h> | ||
| 15 | #include <linux/netfilter_ipv6/ip6t_HL.h> | ||
| 16 | |||
| 17 | MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>"); | ||
| 18 | MODULE_DESCRIPTION("Xtables: IPv6 Hop Limit field modification target"); | ||
| 19 | MODULE_LICENSE("GPL"); | ||
| 20 | |||
| 21 | static unsigned int | ||
| 22 | hl_tg6(struct sk_buff *skb, const struct xt_target_param *par) | ||
| 23 | { | ||
| 24 | struct ipv6hdr *ip6h; | ||
| 25 | const struct ip6t_HL_info *info = par->targinfo; | ||
| 26 | int new_hl; | ||
| 27 | |||
| 28 | if (!skb_make_writable(skb, skb->len)) | ||
| 29 | return NF_DROP; | ||
| 30 | |||
| 31 | ip6h = ipv6_hdr(skb); | ||
| 32 | |||
| 33 | switch (info->mode) { | ||
| 34 | case IP6T_HL_SET: | ||
| 35 | new_hl = info->hop_limit; | ||
| 36 | break; | ||
| 37 | case IP6T_HL_INC: | ||
| 38 | new_hl = ip6h->hop_limit + info->hop_limit; | ||
| 39 | if (new_hl > 255) | ||
| 40 | new_hl = 255; | ||
| 41 | break; | ||
| 42 | case IP6T_HL_DEC: | ||
| 43 | new_hl = ip6h->hop_limit - info->hop_limit; | ||
| 44 | if (new_hl < 0) | ||
| 45 | new_hl = 0; | ||
| 46 | break; | ||
| 47 | default: | ||
| 48 | new_hl = ip6h->hop_limit; | ||
| 49 | break; | ||
| 50 | } | ||
| 51 | |||
| 52 | ip6h->hop_limit = new_hl; | ||
| 53 | |||
| 54 | return XT_CONTINUE; | ||
| 55 | } | ||
| 56 | |||
| 57 | static bool hl_tg6_check(const struct xt_tgchk_param *par) | ||
| 58 | { | ||
| 59 | const struct ip6t_HL_info *info = par->targinfo; | ||
| 60 | |||
| 61 | if (info->mode > IP6T_HL_MAXMODE) { | ||
| 62 | printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n", | ||
| 63 | info->mode); | ||
| 64 | return false; | ||
| 65 | } | ||
| 66 | if (info->mode != IP6T_HL_SET && info->hop_limit == 0) { | ||
| 67 | printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't " | ||
| 68 | "make sense with value 0\n"); | ||
| 69 | return false; | ||
| 70 | } | ||
| 71 | return true; | ||
| 72 | } | ||
| 73 | |||
| 74 | static struct xt_target hl_tg6_reg __read_mostly = { | ||
| 75 | .name = "HL", | ||
| 76 | .family = NFPROTO_IPV6, | ||
| 77 | .target = hl_tg6, | ||
| 78 | .targetsize = sizeof(struct ip6t_HL_info), | ||
| 79 | .table = "mangle", | ||
| 80 | .checkentry = hl_tg6_check, | ||
| 81 | .me = THIS_MODULE | ||
| 82 | }; | ||
| 83 | |||
| 84 | static int __init hl_tg6_init(void) | ||
| 85 | { | ||
| 86 | return xt_register_target(&hl_tg6_reg); | ||
| 87 | } | ||
| 88 | |||
| 89 | static void __exit hl_tg6_exit(void) | ||
| 90 | { | ||
| 91 | xt_unregister_target(&hl_tg6_reg); | ||
| 92 | } | ||
| 93 | |||
| 94 | module_init(hl_tg6_init); | ||
| 95 | module_exit(hl_tg6_exit); | ||