2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Generic frame diversion
9 * Benoit LOCHER: initial integration within the kernel with support for ethernet
10 * Dave Miller: improvement on the code (correctness, performance and source files)
13 #include <linux/module.h>
14 #include <linux/types.h>
15 #include <linux/kernel.h>
16 #include <linux/sched.h>
17 #include <linux/string.h>
19 #include <linux/socket.h>
21 #include <linux/inet.h>
23 #include <linux/udp.h>
24 #include <linux/netdevice.h>
25 #include <linux/etherdevice.h>
26 #include <linux/skbuff.h>
27 #include <linux/capability.h>
28 #include <linux/errno.h>
29 #include <linux/init.h>
35 #include <asm/uaccess.h>
36 #include <asm/system.h>
37 #include <asm/checksum.h>
38 #include <linux/divert.h>
39 #include <linux/sockios.h>
41 const char sysctl_divert_version[32]="0.46"; /* Current version */
43 static int __init dv_init(void)
50 * Allocate a divert_blk for a device. This must be an ethernet nic.
52 int alloc_divert_blk(struct net_device *dev)
54 int alloc_size = (sizeof(struct divert_blk) + 3) & ~3;
57 if (dev->type == ARPHRD_ETHER) {
58 dev->divert = (struct divert_blk *)
59 kmalloc(alloc_size, GFP_KERNEL);
60 if (dev->divert == NULL) {
61 printk(KERN_INFO "divert: unable to allocate divert_blk for %s\n",
66 memset(dev->divert, 0, sizeof(struct divert_blk));
74 * Free a divert_blk allocated by the above function, if it was
75 * allocated on that device.
77 void free_divert_blk(struct net_device *dev)
87 * Adds a tcp/udp (source or dest) port to an array
89 static int add_port(u16 ports[], u16 port)
96 /* Storing directly in network format for performance,
101 for (i = 0; i < MAX_DIVERT_PORTS; i++) {
102 if (ports[i] == port)
106 for (i = 0; i < MAX_DIVERT_PORTS; i++) {
117 * Removes a port from an array tcp/udp (source or dest)
119 static int remove_port(u16 ports[], u16 port)
126 /* Storing directly in network format for performance,
131 for (i = 0; i < MAX_DIVERT_PORTS; i++) {
132 if (ports[i] == port) {
141 /* Some basic sanity checks on the arguments passed to divert_ioctl() */
142 static int check_args(struct divert_cf *div_cf, struct net_device **dev)
150 /* GETVERSION: all other args are unused */
151 if (div_cf->cmd == DIVCMD_GETVERSION)
154 /* Network device index should reasonably be between 0 and 1000 :) */
155 if (div_cf->dev_index < 0 || div_cf->dev_index > 1000)
158 /* Let's try to find the ifname */
159 sprintf(devname, "eth%d", div_cf->dev_index);
160 *dev = dev_get_by_name(devname);
162 /* dev should NOT be null */
168 /* user issuing the ioctl must be a super one :) */
169 if (!capable(CAP_SYS_ADMIN)) {
174 /* Device must have a divert_blk member NOT null */
175 if ((*dev)->divert == NULL)
183 * control function of the diverter
187 printk(KERN_DEBUG "divert_ioctl() line %d %s\n", __LINE__, (a))
192 int divert_ioctl(unsigned int cmd, struct divert_cf __user *arg)
194 struct divert_cf div_cf;
195 struct divert_blk *div_blk;
196 struct net_device *dev;
201 DVDBG("SIOCGIFDIVERT, copy_from_user");
202 if (copy_from_user(&div_cf, arg, sizeof(struct divert_cf)))
204 DVDBG("before check_args");
205 ret = check_args(&div_cf, &dev);
208 DVDBG("after checkargs");
209 div_blk = dev->divert;
211 DVDBG("befre switch()");
212 switch (div_cf.cmd) {
213 case DIVCMD_GETSTATUS:
214 /* Now, just give the user the raw divert block
215 * for him to play with :)
217 if (copy_to_user(div_cf.arg1.ptr, dev->divert,
218 sizeof(struct divert_blk)))
222 case DIVCMD_GETVERSION:
223 DVDBG("GETVERSION: checking ptr");
224 if (div_cf.arg1.ptr == NULL)
226 DVDBG("GETVERSION: copying data to userland");
227 if (copy_to_user(div_cf.arg1.ptr,
228 sysctl_divert_version, 32))
230 DVDBG("GETVERSION: data copied");
240 if (copy_from_user(&div_cf, arg, sizeof(struct divert_cf)))
243 ret = check_args(&div_cf, &dev);
247 div_blk = dev->divert;
252 div_blk->protos = DIVERT_PROTO_NONE;
253 memset(div_blk->tcp_dst, 0,
254 MAX_DIVERT_PORTS * sizeof(u16));
255 memset(div_blk->tcp_src, 0,
256 MAX_DIVERT_PORTS * sizeof(u16));
257 memset(div_blk->udp_dst, 0,
258 MAX_DIVERT_PORTS * sizeof(u16));
259 memset(div_blk->udp_src, 0,
260 MAX_DIVERT_PORTS * sizeof(u16));
264 switch(div_cf.arg1.int32) {
271 case DIVARG1_DISABLE:
272 if (!div_blk->divert)
284 switch(div_cf.arg1.int32) {
286 if (div_blk->protos & DIVERT_PROTO_IP)
288 div_blk->protos |= DIVERT_PROTO_IP;
291 case DIVARG1_DISABLE:
292 if (!(div_blk->protos & DIVERT_PROTO_IP))
294 div_blk->protos &= ~DIVERT_PROTO_IP;
304 switch(div_cf.arg1.int32) {
306 if (div_blk->protos & DIVERT_PROTO_TCP)
308 div_blk->protos |= DIVERT_PROTO_TCP;
311 case DIVARG1_DISABLE:
312 if (!(div_blk->protos & DIVERT_PROTO_TCP))
314 div_blk->protos &= ~DIVERT_PROTO_TCP;
324 switch(div_cf.arg1.int32) {
326 return add_port(div_blk->tcp_dst,
330 return remove_port(div_blk->tcp_dst,
340 switch(div_cf.arg1.int32) {
342 return add_port(div_blk->tcp_src,
346 return remove_port(div_blk->tcp_src,
356 switch(div_cf.arg1.int32) {
358 if (div_blk->protos & DIVERT_PROTO_UDP)
360 div_blk->protos |= DIVERT_PROTO_UDP;
363 case DIVARG1_DISABLE:
364 if (!(div_blk->protos & DIVERT_PROTO_UDP))
366 div_blk->protos &= ~DIVERT_PROTO_UDP;
376 switch(div_cf.arg1.int32) {
378 return add_port(div_blk->udp_dst,
382 return remove_port(div_blk->udp_dst,
392 switch(div_cf.arg1.int32) {
394 return add_port(div_blk->udp_src,
398 return remove_port(div_blk->udp_src,
408 switch(div_cf.arg1.int32) {
410 if (div_blk->protos & DIVERT_PROTO_ICMP)
412 div_blk->protos |= DIVERT_PROTO_ICMP;
415 case DIVARG1_DISABLE:
416 if (!(div_blk->protos & DIVERT_PROTO_ICMP))
418 div_blk->protos &= ~DIVERT_PROTO_ICMP;
442 * Check if packet should have its dest mac address set to the box itself
446 #define ETH_DIVERT_FRAME(skb) \
447 memcpy(eth_hdr(skb), skb->dev->dev_addr, ETH_ALEN); \
448 skb->pkt_type=PACKET_HOST
450 void divert_frame(struct sk_buff *skb)
452 struct ethhdr *eth = eth_hdr(skb);
456 struct divert_blk *divert = skb->dev->divert;
458 unsigned char *skb_data_end = skb->data + skb->len;
460 /* Packet is already aimed at us, return */
461 if (!compare_ether_addr(eth->h_dest, skb->dev->dev_addr))
464 /* proto is not IP, do nothing */
465 if (eth->h_proto != htons(ETH_P_IP))
468 /* Divert all IP frames ? */
469 if (divert->protos & DIVERT_PROTO_IP) {
470 ETH_DIVERT_FRAME(skb);
474 /* Check for possible (maliciously) malformed IP frame (thanks Dave) */
475 iph = (struct iphdr *) skb->data;
476 if (((iph->ihl<<2)+(unsigned char*)(iph)) >= skb_data_end) {
477 printk(KERN_INFO "divert: malformed IP packet !\n");
481 switch (iph->protocol) {
482 /* Divert all ICMP frames ? */
484 if (divert->protos & DIVERT_PROTO_ICMP) {
485 ETH_DIVERT_FRAME(skb);
490 /* Divert all TCP frames ? */
492 if (divert->protos & DIVERT_PROTO_TCP) {
493 ETH_DIVERT_FRAME(skb);
497 /* Check for possible (maliciously) malformed IP
500 tcph = (struct tcphdr *)
501 (((unsigned char *)iph) + (iph->ihl<<2));
502 if (((unsigned char *)(tcph+1)) >= skb_data_end) {
503 printk(KERN_INFO "divert: malformed TCP packet !\n");
507 /* Divert some tcp dst/src ports only ?*/
508 for (i = 0; i < MAX_DIVERT_PORTS; i++) {
509 dst = divert->tcp_dst[i];
510 src = divert->tcp_src[i];
511 if ((dst && dst == tcph->dest) ||
512 (src && src == tcph->source)) {
513 ETH_DIVERT_FRAME(skb);
519 /* Divert all UDP frames ? */
521 if (divert->protos & DIVERT_PROTO_UDP) {
522 ETH_DIVERT_FRAME(skb);
526 /* Check for possible (maliciously) malformed IP
527 * packet (thanks Dave)
529 udph = (struct udphdr *)
530 (((unsigned char *)iph) + (iph->ihl<<2));
531 if (((unsigned char *)(udph+1)) >= skb_data_end) {
533 "divert: malformed UDP packet !\n");
537 /* Divert some udp dst/src ports only ? */
538 for (i = 0; i < MAX_DIVERT_PORTS; i++) {
539 dst = divert->udp_dst[i];
540 src = divert->udp_src[i];
541 if ((dst && dst == udph->dest) ||
542 (src && src == udph->source)) {
543 ETH_DIVERT_FRAME(skb);
git://bbs.cooldavid.org / net-next-2.6.git / blob