cachepc-linux

Fork of AMDESE/linux with modifications for CachePC side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-linux
Log | Files | Refs | README | LICENSE | sfeed.txt

ip6t_mh.c (2200B)

      1// SPDX-License-Identifier: GPL-2.0-only
      2/*
      3 * Copyright (C)2006 USAGI/WIDE Project
      4 *
      5 * Author:
      6 *	Masahide NAKAMURA @USAGI <masahide.nakamura.cz@hitachi.com>
      7 *
      8 * Based on net/netfilter/xt_tcpudp.c
      9 */
     10#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
     11#include <linux/types.h>
     12#include <linux/module.h>
     13#include <net/ip.h>
     14#include <linux/ipv6.h>
     15#include <net/ipv6.h>
     16#include <net/mip6.h>
     17
     18#include <linux/netfilter/x_tables.h>
     19#include <linux/netfilter_ipv6/ip6t_mh.h>
     20
     21MODULE_DESCRIPTION("Xtables: IPv6 Mobility Header match");
     22MODULE_LICENSE("GPL");
     23
     24/* Returns 1 if the type is matched by the range, 0 otherwise */
     25static inline bool
     26type_match(u_int8_t min, u_int8_t max, u_int8_t type, bool invert)
     27{
     28	return (type >= min && type <= max) ^ invert;
     29}
     30
     31static bool mh_mt6(const struct sk_buff *skb, struct xt_action_param *par)
     32{
     33	struct ip6_mh _mh;
     34	const struct ip6_mh *mh;
     35	const struct ip6t_mh *mhinfo = par->matchinfo;
     36
     37	/* Must not be a fragment. */
     38	if (par->fragoff != 0)
     39		return false;
     40
     41	mh = skb_header_pointer(skb, par->thoff, sizeof(_mh), &_mh);
     42	if (mh == NULL) {
     43		/* We've been asked to examine this packet, and we
     44		   can't.  Hence, no choice but to drop. */
     45		pr_debug("Dropping evil MH tinygram.\n");
     46		par->hotdrop = true;
     47		return false;
     48	}
     49
     50	if (mh->ip6mh_proto != IPPROTO_NONE) {
     51		pr_debug("Dropping invalid MH Payload Proto: %u\n",
     52			 mh->ip6mh_proto);
     53		par->hotdrop = true;
     54		return false;
     55	}
     56
     57	return type_match(mhinfo->types[0], mhinfo->types[1], mh->ip6mh_type,
     58			  !!(mhinfo->invflags & IP6T_MH_INV_TYPE));
     59}
     60
     61static int mh_mt6_check(const struct xt_mtchk_param *par)
     62{
     63	const struct ip6t_mh *mhinfo = par->matchinfo;
     64
     65	/* Must specify no unknown invflags */
     66	return (mhinfo->invflags & ~IP6T_MH_INV_MASK) ? -EINVAL : 0;
     67}
     68
     69static struct xt_match mh_mt6_reg __read_mostly = {
     70	.name		= "mh",
     71	.family		= NFPROTO_IPV6,
     72	.checkentry	= mh_mt6_check,
     73	.match		= mh_mt6,
     74	.matchsize	= sizeof(struct ip6t_mh),
     75	.proto		= IPPROTO_MH,
     76	.me		= THIS_MODULE,
     77};
     78
     79static int __init mh_mt6_init(void)
     80{
     81	return xt_register_match(&mh_mt6_reg);
     82}
     83
     84static void __exit mh_mt6_exit(void)
     85{
     86	xt_unregister_match(&mh_mt6_reg);
     87}
     88
     89module_init(mh_mt6_init);
     90module_exit(mh_mt6_exit);