Creates a generic function to perform the tcp header manipulation in. Done
in preparation for IPv6 support. This allows us to share code between v4 and
v6 processing.
Signed-off-by: Josh Hunt <johunt@xxxxxxxxxx>
---
extensions/xt_TARPIT.c | 33 +++++++++++++++++++++++----------
1 files changed, 23 insertions(+), 10 deletions(-)
diff --git a/extensions/xt_TARPIT.c b/extensions/xt_TARPIT.c
index 5d8af70..528c012 100644
--- a/extensions/xt_TARPIT.c
+++ b/extensions/xt_TARPIT.c
@@ -146,6 +146,27 @@ static bool xttarpit_reset(struct tcphdr *oth, struct tcphdr *tcph)
return true;
}
+static bool tarpit_generic(struct tcphdr *oth, struct tcphdr *tcph, uint16_t payload,
+ unsigned int mode)
+{
+ switch(mode) {
+ case XTTARPIT_TARPIT:
+ if (!xttarpit_tarpit(oth, tcph))
+ return false;
+ break;
+ case XTTARPIT_HONEYPOT:
+ if (!xttarpit_honeypot(oth, tcph, payload))
+ return false;
+ break;
+ case XTTARPIT_RESET:
+ if (!xttarpit_reset(oth, tcph))
+ return false;
+ break;
+ }
+
+ return true;
+}
+
static void tarpit_tcp(struct sk_buff *oldskb, unsigned int hook,
unsigned int mode)
{
@@ -211,16 +232,8 @@ static void tarpit_tcp(struct sk_buff *oldskb, unsigned int hook,
/* Reset flags */
((u_int8_t *)tcph)[13] = 0;
- if (mode == XTTARPIT_TARPIT) {
- if (!xttarpit_tarpit(oth, tcph))
- return;
- } else if (mode == XTTARPIT_HONEYPOT) {
- if (!xttarpit_honeypot(oth, tcph, payload))
- return;
- } else if (mode == XTTARPIT_RESET) {
- if (!xttarpit_reset(oth, tcph))
- return;
- }
+ if (!tarpit_generic(oth, tcph, payload, mode))
+ return;
/* Adjust TCP checksum */
tcph->check = 0;
--
1.7.0.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
