Signed-off-by: Jeremy Sowden <jeremy@xxxxxxxxxx>
---
extensions/xt_ipp2p.c | 165 ++++++++++++++++++++++++------------------
1 file changed, 93 insertions(+), 72 deletions(-)
diff --git a/extensions/xt_ipp2p.c b/extensions/xt_ipp2p.c
index 4e0fbb675c76..298950514569 100644
--- a/extensions/xt_ipp2p.c
+++ b/extensions/xt_ipp2p.c
@@ -807,15 +807,97 @@ static const struct {
{0},
};
+static bool
+ipp2p_mt_tcp(const struct ipt_p2p_info *info, const struct tcphdr *tcph,
+ const unsigned char *haystack, unsigned int hlen,
+ const struct iphdr *ip)
+{
+ size_t tcph_len = tcph->doff * 4;
+ bool p2p_result = false;
+ int i = 0;
+
+ if (tcph->fin) return 0; /* if FIN bit is set bail out */
+ if (tcph->syn) return 0; /* if SYN bit is set bail out */
+ if (tcph->rst) return 0; /* if RST bit is set bail out */
+
+ if (hlen < tcph_len) {
+ if (info->debug)
+ pr_info("TCP header indicated packet larger than it is\n");
+ return 0;
+ }
+ if (hlen == tcph_len)
+ return 0;
+
+ haystack += tcph_len;
+ hlen -= tcph_len;
+
+ while (matchlist[i].command) {
+ if ((info->cmd & matchlist[i].command) == matchlist[i].command &&
+ hlen > matchlist[i].packet_len)
+ {
+ p2p_result = matchlist[i].function_name(haystack, hlen);
+ if (p2p_result) {
+ if (info->debug)
+ printk("IPP2P.debug:TCP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %d\n",
+ p2p_result, &ip->saddr,
+ ntohs(tcph->source),
+ &ip->daddr,
+ ntohs(tcph->dest), hlen);
+ return p2p_result;
+ }
+ }
+ i++;
+ }
+ return p2p_result;
+}
+
+static bool
+ipp2p_mt_udp(const struct ipt_p2p_info *info, const struct udphdr *udph,
+ const unsigned char *haystack, unsigned int hlen,
+ const struct iphdr *ip)
+{
+ size_t udph_len = sizeof(*udph);
+ bool p2p_result = false;
+ int i = 0;
+
+ if (hlen < udph_len) {
+ if (info->debug)
+ pr_info("UDP header indicated packet larger than it is\n");
+ return 0;
+ }
+ if (hlen == udph_len)
+ return 0;
+
+ haystack += udph_len;
+ hlen -= udph_len;
+
+ while (udp_list[i].command) {
+ if ((info->cmd & udp_list[i].command) == udp_list[i].command &&
+ hlen > udp_list[i].packet_len)
+ {
+ p2p_result = udp_list[i].function_name(haystack, hlen);
+ if (p2p_result) {
+ if (info->debug)
+ printk("IPP2P.debug:UDP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %d\n",
+ p2p_result, &ip->saddr,
+ ntohs(udph->source),
+ &ip->daddr,
+ ntohs(udph->dest), hlen);
+ return p2p_result;
+ }
+ }
+ i++;
+ }
+ return p2p_result;
+}
+
static bool
ipp2p_mt(const struct sk_buff *skb, struct xt_action_param *par)
{
const struct ipt_p2p_info *info = par->matchinfo;
- const unsigned char *haystack;
const struct iphdr *ip = ip_hdr(skb);
- bool p2p_result = false;
- int i = 0;
- unsigned int hlen = ntohs(ip->tot_len) - ip_hdrlen(skb); /* hlen = packet-data length */
+ const unsigned char *haystack; /* packet-data */
+ unsigned int hlen; /* packet-data length */
/* must not be a fragment */
if (par->fragoff != 0) {
@@ -831,84 +913,23 @@ ipp2p_mt(const struct sk_buff *skb, struct xt_action_param *par)
return 0;
}
- haystack = skb_network_header(skb) + ip_hdrlen(skb);
+ haystack = skb_transport_header(skb);
+ hlen = ntohs(ip->tot_len) - skb_transport_offset(skb);
switch (ip->protocol) {
case IPPROTO_TCP: /* what to do with a TCP packet */
{
- const struct tcphdr *tcph = (const void *)ip + ip_hdrlen(skb);
-
- if (tcph->fin) return 0; /* if FIN bit is set bail out */
- if (tcph->syn) return 0; /* if SYN bit is set bail out */
- if (tcph->rst) return 0; /* if RST bit is set bail out */
-
- if (tcph->doff * 4 > hlen) {
- if (info->debug)
- pr_info("TCP header indicated packet larger than it is\n");
- return 0;
- }
- if (tcph->doff * 4 == hlen)
- return 0;
+ const struct tcphdr *tcph = tcp_hdr(skb);
- haystack += tcph->doff * 4; /* get TCP-Header-Size */
- hlen -= tcph->doff * 4;
-
- while (matchlist[i].command) {
- if ((info->cmd & matchlist[i].command) == matchlist[i].command &&
- hlen > matchlist[i].packet_len)
- {
- p2p_result = matchlist[i].function_name(haystack, hlen);
- if (p2p_result) {
- if (info->debug)
- printk("IPP2P.debug:TCP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %d\n",
- p2p_result, &ip->saddr,
- ntohs(tcph->source),
- &ip->daddr,
- ntohs(tcph->dest), hlen);
- return p2p_result;
- }
- }
- i++;
- }
- return p2p_result;
+ return ipp2p_mt_tcp(info, tcph, haystack, hlen, ip);
}
-
- case IPPROTO_UDP: /* what to do with an UDP packet */
+ case IPPROTO_UDP: /* what to do with a UDP packet */
case IPPROTO_UDPLITE:
{
- const struct udphdr *udph = (const void *)ip + ip_hdrlen(skb);
+ const struct udphdr *udph = udp_hdr(skb);
- if (sizeof(*udph) > hlen) {
- if (info->debug)
- pr_info("UDP header indicated packet larger than it is\n");
- return 0;
- }
- if (sizeof(*udph) == hlen)
- return 0;
-
- haystack += sizeof(*udph);
- hlen -= sizeof(*udph);
-
- while (udp_list[i].command) {
- if ((info->cmd & udp_list[i].command) == udp_list[i].command &&
- hlen > udp_list[i].packet_len)
- {
- p2p_result = udp_list[i].function_name(haystack, hlen);
- if (p2p_result) {
- if (info->debug)
- printk("IPP2P.debug:UDP-match: %d from: %pI4:%hu to: %pI4:%hu Length: %d\n",
- p2p_result, &ip->saddr,
- ntohs(udph->source),
- &ip->daddr,
- ntohs(udph->dest), hlen);
- return p2p_result;
- }
- }
- i++;
- }
- return p2p_result;
+ return ipp2p_mt_udp(info, udph, haystack, hlen, ip);
}
-
default:
return 0;
}
--
2.33.0
