libnetfilter_queue  1.0.3
tcp.c
1 /*
2  * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
3  *
4  * This program is free software; you can redistribute it and/or modify
5  * it under the terms of the GNU General Public License as published by
6  * the Free Software Foundation; either version 2 of the License, or
7  * (at your option) any later version.
8  *
9  * This code has been sponsored by Vyatta Inc. <http://www.vyatta.com>
10  */
11 
12 #include <stdio.h>
13 #include <string.h> /* for memcpy */
14 #include <stdbool.h>
15 #include <arpa/inet.h>
16 #include <netinet/ip.h>
17 #include <netinet/ip6.h>
18 #define _GNU_SOURCE
19 #include <netinet/tcp.h>
20 
21 #include <libnetfilter_queue/libnetfilter_queue.h>
22 #include <libnetfilter_queue/libnetfilter_queue_tcp.h>
23 #include <libnetfilter_queue/libnetfilter_queue_ipv4.h>
24 #include <libnetfilter_queue/pktbuff.h>
25 
26 #include "internal.h"
27 
43 struct tcphdr *nfq_tcp_get_hdr(struct pkt_buff *pktb)
44 {
45  if (pktb->transport_header == NULL)
46  return NULL;
47 
48  /* No room for the TCP header. */
49  if (pktb->tail - pktb->transport_header < sizeof(struct tcphdr))
50  return NULL;
51 
52  return (struct tcphdr *)pktb->transport_header;
53 }
54 EXPORT_SYMBOL(nfq_tcp_get_hdr);
55 
61 void *nfq_tcp_get_payload(struct tcphdr *tcph, struct pkt_buff *pktb)
62 {
63  unsigned int len = tcph->doff * 4;
64 
65  /* TCP packet is too short */
66  if (len < sizeof(struct tcphdr))
67  return NULL;
68 
69  /* malformed TCP data offset. */
70  if (pktb->transport_header + len > pktb->tail)
71  return NULL;
72 
73  return pktb->transport_header + len;
74 }
75 EXPORT_SYMBOL(nfq_tcp_get_payload);
76 
82 unsigned int
83 nfq_tcp_get_payload_len(struct tcphdr *tcph, struct pkt_buff *pktb)
84 {
85  return pktb->tail - pktb->transport_header;
86 }
87 EXPORT_SYMBOL(nfq_tcp_get_payload_len);
88 
94 void
95 nfq_tcp_compute_checksum_ipv4(struct tcphdr *tcph, struct iphdr *iph)
96 {
97  /* checksum field in header needs to be zero for calculation. */
98  tcph->check = 0;
99  tcph->check = nfq_checksum_tcpudp_ipv4(iph);
100 }
101 EXPORT_SYMBOL(nfq_tcp_compute_checksum_ipv4);
102 
108 void
109 nfq_tcp_compute_checksum_ipv6(struct tcphdr *tcph, struct ip6_hdr *ip6h)
110 {
111  /* checksum field in header needs to be zero for calculation. */
112  tcph->check = 0;
113  tcph->check = nfq_checksum_tcpudp_ipv6(ip6h, tcph);
114 }
115 EXPORT_SYMBOL(nfq_tcp_compute_checksum_ipv6);
116 
117 /*
118  * The union cast uses a gcc extension to avoid aliasing problems
119  * (union is compatible to any of its members)
120  * This means this part of the code is -fstrict-aliasing safe now.
121  */
122 union tcp_word_hdr {
123  struct tcphdr hdr;
124  uint32_t words[5];
125 };
126 
127 #define tcp_flag_word(tp) ( ((union tcp_word_hdr *)(tp))->words[3])
128 
137 int nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph)
138 {
139  int ret, len = 0;
140 
141 #define TCP_RESERVED_BITS htonl(0x0F000000)
142 
143  ret = snprintf(buf, size, "SPT=%u DPT=%u SEQ=%u ACK=%u "
144  "WINDOW=%u RES=0x%02x ",
145  ntohs(tcph->source), ntohs(tcph->dest),
146  ntohl(tcph->seq), ntohl(tcph->ack_seq),
147  ntohs(tcph->window),
148  (uint8_t)
149  (ntohl(tcp_flag_word(tcph) & TCP_RESERVED_BITS) >> 22));
150  len += ret;
151 
152  if (tcph->urg) {
153  ret = snprintf(buf+len, size-len, "URG ");
154  len += ret;
155  }
156  if (tcph->ack) {
157  ret = snprintf(buf+len, size-len, "ACK ");
158  len += ret;
159  }
160  if (tcph->psh) {
161  ret = snprintf(buf+len, size-len, "PSH ");
162  len += ret;
163  }
164  if (tcph->rst) {
165  ret = snprintf(buf+len, size-len, "RST ");
166  len += ret;
167  }
168  if (tcph->syn) {
169  ret = snprintf(buf+len, size-len, "SYN ");
170  len += ret;
171  }
172  if (tcph->fin) {
173  ret = snprintf(buf+len, size-len, "FIN ");
174  len += ret;
175  }
176  /* XXX: Not TCP options implemented yet, sorry. */
177 
178  return ret;
179 }
180 EXPORT_SYMBOL(nfq_tcp_snprintf);
181 
192 int
193 nfq_tcp_mangle_ipv4(struct pkt_buff *pkt,
194  unsigned int match_offset, unsigned int match_len,
195  const char *rep_buffer, unsigned int rep_len)
196 {
197  struct iphdr *iph;
198  struct tcphdr *tcph;
199 
200  iph = (struct iphdr *)pkt->network_header;
201  tcph = (struct tcphdr *)(pkt->network_header + iph->ihl*4);
202 
203  if (!nfq_ip_mangle(pkt, iph->ihl*4 + tcph->doff*4,
204  match_offset, match_len, rep_buffer, rep_len))
205  return 0;
206 
207  nfq_tcp_compute_checksum_ipv4(tcph, iph);
208 
209  return 1;
210 }
211 EXPORT_SYMBOL(nfq_tcp_mangle_ipv4);
212 
nfq_tcp_compute_checksum_ipv6
void nfq_tcp_compute_checksum_ipv6(struct tcphdr *tcph, struct ip6_hdr *ip6h)
Definition: tcp.c:109
tcp_word_hdr
Definition: tcp.c:122
nfq_tcp_compute_checksum_ipv4
void nfq_tcp_compute_checksum_ipv4(struct tcphdr *tcph, struct iphdr *iph)
Definition: tcp.c:95
nfq_tcp_mangle_ipv4
int nfq_tcp_mangle_ipv4(struct pkt_buff *pkt, unsigned int match_offset, unsigned int match_len, const char *rep_buffer, unsigned int rep_len)
Definition: tcp.c:193
nfq_tcp_get_hdr
struct tcphdr * nfq_tcp_get_hdr(struct pkt_buff *pktb)
Definition: tcp.c:43
nfq_tcp_snprintf
int nfq_tcp_snprintf(char *buf, size_t size, const struct tcphdr *tcph)
Definition: tcp.c:137
nfq_ip_mangle
int nfq_ip_mangle(struct pkt_buff *pkt, unsigned int dataoff, unsigned int match_offset, unsigned int match_len, const char *rep_buffer, unsigned int rep_len)
Definition: ipv4.c:103
nfq_tcp_get_payload_len
unsigned int nfq_tcp_get_payload_len(struct tcphdr *tcph, struct pkt_buff *pktb)
Definition: tcp.c:83
nfq_tcp_get_payload
void * nfq_tcp_get_payload(struct tcphdr *tcph, struct pkt_buff *pktb)
Definition: tcp.c:61
Generated on Wed Jan 10 2018 02:19:42 for libnetfilter_queue by   doxygen 1.8.8