[net-next-2.6.git] / net / ipv4 / netfilter / arpt_mangle.c

/* module that allows mangling of the arp payload */
#include <linux/module.h>
#include <linux/netfilter_arp/arpt_mangle.h>
#include <net/sock.h>

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>");
MODULE_DESCRIPTION("arptables arp payload mangle target");

static unsigned int
target(struct sk_buff **pskb,
       const struct net_device *in, const struct net_device *out,
       unsigned int hooknum, const struct xt_target *target,
       const void *targinfo)
{
	const struct arpt_mangle *mangle = targinfo;
	struct arphdr *arp;
	unsigned char *arpptr;
	int pln, hln;

	if (skb_shared(*pskb) || skb_cloned(*pskb)) {
		struct sk_buff *nskb;

		nskb = skb_copy(*pskb, GFP_ATOMIC);
		if (!nskb)
			return NF_DROP;
		if ((*pskb)->sk)
			skb_set_owner_w(nskb, (*pskb)->sk);
		kfree_skb(*pskb);
		*pskb = nskb;
	}

	arp = (*pskb)->nh.arph;
	arpptr = (*pskb)->nh.raw + sizeof(*arp);
	pln = arp->ar_pln;
	hln = arp->ar_hln;
	/* We assume that pln and hln were checked in the match */
	if (mangle->flags & ARPT_MANGLE_SDEV) {
		if (ARPT_DEV_ADDR_LEN_MAX < hln ||
		   (arpptr + hln > (**pskb).tail))
			return NF_DROP;
		memcpy(arpptr, mangle->src_devaddr, hln);
	}
	arpptr += hln;
	if (mangle->flags & ARPT_MANGLE_SIP) {
		if (ARPT_MANGLE_ADDR_LEN_MAX < pln ||
		   (arpptr + pln > (**pskb).tail))
			return NF_DROP;
		memcpy(arpptr, &mangle->u_s.src_ip, pln);
	}
	arpptr += pln;
	if (mangle->flags & ARPT_MANGLE_TDEV) {
		if (ARPT_DEV_ADDR_LEN_MAX < hln ||
		   (arpptr + hln > (**pskb).tail))
			return NF_DROP;
		memcpy(arpptr, mangle->tgt_devaddr, hln);
	}
	arpptr += hln;
	if (mangle->flags & ARPT_MANGLE_TIP) {
		if (ARPT_MANGLE_ADDR_LEN_MAX < pln ||
		   (arpptr + pln > (**pskb).tail))
			return NF_DROP;
		memcpy(arpptr, &mangle->u_t.tgt_ip, pln);
	}
	return mangle->target;
}

static int
checkentry(const char *tablename, const void *e, const struct xt_target *target,
	   void *targinfo, unsigned int hook_mask)
{
	const struct arpt_mangle *mangle = targinfo;

	if (mangle->flags & ~ARPT_MANGLE_MASK ||
	    !(mangle->flags & ARPT_MANGLE_MASK))
		return 0;

	if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT &&
	   mangle->target != ARPT_CONTINUE)
		return 0;
	return 1;
}

static struct arpt_target arpt_mangle_reg = {
	.name		= "mangle",
	.target		= target,
	.targetsize	= sizeof(struct arpt_mangle),
	.checkentry	= checkentry,
	.me		= THIS_MODULE,
};

static int __init arpt_mangle_init(void)
{
	if (arpt_register_target(&arpt_mangle_reg))
		return -EINVAL;

	return 0;
}

static void __exit arpt_mangle_fini(void)
{
	arpt_unregister_target(&arpt_mangle_reg);
}

module_init(arpt_mangle_init);
module_exit(arpt_mangle_fini);
Commit	Line	Data
1da177e4 LT	1	/* module that allows mangling of the arp payload */
	2	#include <linux/module.h>
	3	#include <linux/netfilter_arp/arpt_mangle.h>
	4	#include <net/sock.h>
	5
	6	MODULE_LICENSE("GPL");
	7	MODULE_AUTHOR("Bart De Schuymer <bdschuym@pandora.be>");
	8	MODULE_DESCRIPTION("arptables arp payload mangle target");
	9
	10	static unsigned int
c4986734 PM	11	target(struct sk_buff **pskb,
	12	const struct net_device in, const struct net_device out,
	13	unsigned int hooknum, const struct xt_target *target,
fe1cb108	14	const void *targinfo)
1da177e4 LT	15	{
	16	const struct arpt_mangle *mangle = targinfo;
	17	struct arphdr *arp;
	18	unsigned char *arpptr;
	19	int pln, hln;
	20
	21	if (skb_shared(pskb) \|\| skb_cloned(pskb)) {
	22	struct sk_buff *nskb;
	23
	24	nskb = skb_copy(*pskb, GFP_ATOMIC);
	25	if (!nskb)
	26	return NF_DROP;
	27	if ((*pskb)->sk)
	28	skb_set_owner_w(nskb, (*pskb)->sk);
	29	kfree_skb(*pskb);
	30	*pskb = nskb;
	31	}
	32
	33	arp = (*pskb)->nh.arph;
	34	arpptr = (pskb)->nh.raw + sizeof(arp);
	35	pln = arp->ar_pln;
	36	hln = arp->ar_hln;
	37	/* We assume that pln and hln were checked in the match */
	38	if (mangle->flags & ARPT_MANGLE_SDEV) {
	39	if (ARPT_DEV_ADDR_LEN_MAX < hln \|\|
	40	(arpptr + hln > (**pskb).tail))
	41	return NF_DROP;
	42	memcpy(arpptr, mangle->src_devaddr, hln);
	43	}
	44	arpptr += hln;
	45	if (mangle->flags & ARPT_MANGLE_SIP) {
	46	if (ARPT_MANGLE_ADDR_LEN_MAX < pln \|\|
	47	(arpptr + pln > (**pskb).tail))
	48	return NF_DROP;
	49	memcpy(arpptr, &mangle->u_s.src_ip, pln);
	50	}
	51	arpptr += pln;
	52	if (mangle->flags & ARPT_MANGLE_TDEV) {
	53	if (ARPT_DEV_ADDR_LEN_MAX < hln \|\|
	54	(arpptr + hln > (**pskb).tail))
	55	return NF_DROP;
	56	memcpy(arpptr, mangle->tgt_devaddr, hln);
	57	}
	58	arpptr += hln;
	59	if (mangle->flags & ARPT_MANGLE_TIP) {
	60	if (ARPT_MANGLE_ADDR_LEN_MAX < pln \|\|
	61	(arpptr + pln > (**pskb).tail))
	62	return NF_DROP;
	63	memcpy(arpptr, &mangle->u_t.tgt_ip, pln);
	64	}
	65	return mangle->target;
	66	}
	67
	68	static int
c4986734	69	checkentry(const char tablename, const void e, const struct xt_target *target,
e905a9ed	70	void *targinfo, unsigned int hook_mask)
1da177e4 LT	71	{
	72	const struct arpt_mangle *mangle = targinfo;
	73
	74	if (mangle->flags & ~ARPT_MANGLE_MASK \|\|
	75	!(mangle->flags & ARPT_MANGLE_MASK))
	76	return 0;
	77
	78	if (mangle->target != NF_DROP && mangle->target != NF_ACCEPT &&
	79	mangle->target != ARPT_CONTINUE)
	80	return 0;
	81	return 1;
	82	}
	83
aa83c1ab PM	84	static struct arpt_target arpt_mangle_reg = {
	85	.name = "mangle",
	86	.target = target,
	87	.targetsize = sizeof(struct arpt_mangle),
	88	.checkentry = checkentry,
	89	.me = THIS_MODULE,
1da177e4 LT	90	};
1da177e4 LT	91
65b4b4e8	92	static int __init arpt_mangle_init(void)
1da177e4 LT	93	{
	94	if (arpt_register_target(&arpt_mangle_reg))
	95	return -EINVAL;
	96
	97	return 0;
	98	}
	99
65b4b4e8	100	static void __exit arpt_mangle_fini(void)
1da177e4 LT	101	{
	102	arpt_unregister_target(&arpt_mangle_reg);
	103	}
	104
65b4b4e8 AM	105	module_init(arpt_mangle_init);
65b4b4e8 AM	106	module_exit(arpt_mangle_fini);