libnetfilter_queue  1.0.3
ipv6.c
1 /*
2  * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This code has been sponsored by Vyatta Inc. <http://www.vyatta.com>
10  */
11 
12 #include <stdio.h>
13 #include <stddef.h>
14 #include <stdbool.h>
15 #include <arpa/inet.h>
16 #include <netinet/ip6.h>
17 
18 #include <libnetfilter_queue/libnetfilter_queue.h>
19 #include <libnetfilter_queue/libnetfilter_queue_ipv6.h>
20 #include <libnetfilter_queue/pktbuff.h>
21 
22 #include "internal.h"
23 
36 struct ip6_hdr *nfq_ip6_get_hdr(struct pkt_buff *pktb)
37 {
38  struct ip6_hdr *ip6h;
39  unsigned int pktlen = pktb->tail - pktb->network_header;
40 
41  /* Not enough room for IPv4 header. */
42  if (pktlen < sizeof(struct ip6_hdr))
43  return NULL;
44 
45  ip6h = (struct ip6_hdr *)pktb->network_header;
46 
47  /* Not IPv6 packet. */
48  if (ip6h->ip6_flow != 0x60)
49  return NULL;
50 
51  return ip6h;
52 }
53 EXPORT_SYMBOL(nfq_ip6_get_hdr);
54 
64 int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h,
65  uint8_t target)
66 {
67  uint8_t nexthdr = ip6h->ip6_nxt;
68  uint8_t *cur = (uint8_t *)ip6h + sizeof(struct ip6_hdr);
69 
70  while (nexthdr != target) {
71  struct ip6_ext *ip6_ext;
72  uint32_t hdrlen;
73 
74  /* No more extensions, we're done. */
75  if (nexthdr == IPPROTO_NONE) {
76  cur = NULL;
77  break;
78  }
79  /* No room for extension, bad packet. */
80  if (pktb->tail - cur < sizeof(struct ip6_ext)) {
81  cur = NULL;
82  break;
83  }
84  ip6_ext = (struct ip6_ext *)cur;
85 
86  if (nexthdr == IPPROTO_FRAGMENT) {
87  uint16_t *frag_off;
88 
89  /* No room for full fragment header, bad packet. */
90  if (pktb->tail - cur < sizeof(struct ip6_frag)) {
91  cur = NULL;
92  break;
93  }
94 
95  frag_off = (uint16_t *)cur +
96  offsetof(struct ip6_frag, ip6f_offlg);
97 
98  /* Fragment offset is only 13 bits long. */
99  if (htons(*frag_off & ~0x7)) {
100  /* Not the first fragment, it does not contain
101  * any headers.
102  */
103  cur = NULL;
104  break;
105  }
106  hdrlen = sizeof(struct ip6_frag);
107  } else if (nexthdr == IPPROTO_AH)
108  hdrlen = (ip6_ext->ip6e_len + 2) << 2;
109  else
110  hdrlen = ip6_ext->ip6e_len;
111 
112  nexthdr = ip6_ext->ip6e_nxt;
113  cur += hdrlen;
114  }
115  pktb->transport_header = cur;
116  return cur ? 1 : 0;
117 }
118 EXPORT_SYMBOL(nfq_ip6_set_transport_header);
119 
127 int nfq_ip6_snprintf(char *buf, size_t size, const struct ip6_hdr *ip6h)
128 {
129  int ret;
130  char src[INET6_ADDRSTRLEN];
131  char dst[INET6_ADDRSTRLEN];
132 
133  inet_ntop(AF_INET6, &ip6h->ip6_src, src, INET6_ADDRSTRLEN);
134  inet_ntop(AF_INET6, &ip6h->ip6_dst, dst, INET6_ADDRSTRLEN);
135 
136  ret = snprintf(buf, size, "SRC=%s DST=%s LEN=%Zu TC=0x%X "
137  "HOPLIMIT=%u FLOWLBL=%u ",
138  src, dst,
139  ntohs(ip6h->ip6_plen) + sizeof(struct ip6_hdr),
140  (ip6h->ip6_flow & 0x0ff00000) >> 20,
141  ip6h->ip6_hlim,
142  (ip6h->ip6_flow & 0x000fffff));
143 
144  return ret;
145 }
146 EXPORT_SYMBOL(nfq_ip6_snprintf);
147 
nfq_ip6_get_hdr
struct ip6_hdr * nfq_ip6_get_hdr(struct pkt_buff *pktb)
Definition: ipv6.c:36
nfq_ip6_snprintf
int nfq_ip6_snprintf(char *buf, size_t size, const struct ip6_hdr *ip6h)
Definition: ipv6.c:127
nfq_ip6_set_transport_header
int nfq_ip6_set_transport_header(struct pkt_buff *pktb, struct ip6_hdr *ip6h, uint8_t target)
Definition: ipv6.c:64
Generated on Wed Jan 10 2018 02:19:42 for libnetfilter_queue by   doxygen 1.8.8