xt_length.c (1717B)
1// SPDX-License-Identifier: GPL-2.0-only 2/* Kernel module to match packet length. */ 3/* (C) 1999-2001 James Morris <jmorros@intercode.com.au> 4 */ 5 6#include <linux/module.h> 7#include <linux/skbuff.h> 8#include <linux/ipv6.h> 9#include <net/ip.h> 10 11#include <linux/netfilter/xt_length.h> 12#include <linux/netfilter/x_tables.h> 13 14MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>"); 15MODULE_DESCRIPTION("Xtables: Packet length (Layer3,4,5) match"); 16MODULE_LICENSE("GPL"); 17MODULE_ALIAS("ipt_length"); 18MODULE_ALIAS("ip6t_length"); 19 20static bool 21length_mt(const struct sk_buff *skb, struct xt_action_param *par) 22{ 23 const struct xt_length_info *info = par->matchinfo; 24 u_int16_t pktlen = ntohs(ip_hdr(skb)->tot_len); 25 26 return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; 27} 28 29static bool 30length_mt6(const struct sk_buff *skb, struct xt_action_param *par) 31{ 32 const struct xt_length_info *info = par->matchinfo; 33 const u_int16_t pktlen = ntohs(ipv6_hdr(skb)->payload_len) + 34 sizeof(struct ipv6hdr); 35 36 return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; 37} 38 39static struct xt_match length_mt_reg[] __read_mostly = { 40 { 41 .name = "length", 42 .family = NFPROTO_IPV4, 43 .match = length_mt, 44 .matchsize = sizeof(struct xt_length_info), 45 .me = THIS_MODULE, 46 }, 47 { 48 .name = "length", 49 .family = NFPROTO_IPV6, 50 .match = length_mt6, 51 .matchsize = sizeof(struct xt_length_info), 52 .me = THIS_MODULE, 53 }, 54}; 55 56static int __init length_mt_init(void) 57{ 58 return xt_register_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg)); 59} 60 61static void __exit length_mt_exit(void) 62{ 63 xt_unregister_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg)); 64} 65 66module_init(length_mt_init); 67module_exit(length_mt_exit);