1 // SPDX-License-Identifier: GPL-2.0-only 2 /* Kernel module to match packet length. */ 3 /* (C) 1999-2001 James Morris <jmorros@intercode.com.au> 4 */ 5 6 #include <linux/module.h> 7 #include <linux/skbuff.h> 8 #include <linux/ipv6.h> 9 #include <net/ip.h> 10 11 #include <linux/netfilter/xt_length.h> 12 #include <linux/netfilter/x_tables.h> 13 14 MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>"); 15 MODULE_DESCRIPTION("Xtables: Packet length (Layer3,4,5) match"); 16 MODULE_LICENSE("GPL"); 17 MODULE_ALIAS("ipt_length"); 18 MODULE_ALIAS("ip6t_length"); 19 20 static bool 21 length_mt(const struct sk_buff *skb, struct xt_action_param *par) 22 { 23 const struct xt_length_info *info = par->matchinfo; 24 u_int16_t pktlen = ntohs(ip_hdr(skb)->tot_len); 25 26 return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; 27 } 28 29 static bool 30 length_mt6(const struct sk_buff *skb, struct xt_action_param *par) 31 { 32 const struct xt_length_info *info = par->matchinfo; 33 const u_int16_t pktlen = ntohs(ipv6_hdr(skb)->payload_len) + 34 sizeof(struct ipv6hdr); 35 36 return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; 37 } 38 39 static struct xt_match length_mt_reg[] __read_mostly = { 40 { 41 .name = "length", 42 .family = NFPROTO_IPV4, 43 .match = length_mt, 44 .matchsize = sizeof(struct xt_length_info), 45 .me = THIS_MODULE, 46 }, 47 { 48 .name = "length", 49 .family = NFPROTO_IPV6, 50 .match = length_mt6, 51 .matchsize = sizeof(struct xt_length_info), 52 .me = THIS_MODULE, 53 }, 54 }; 55 56 static int __init length_mt_init(void) 57 { 58 return xt_register_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg)); 59 } 60 61 static void __exit length_mt_exit(void) 62 { 63 xt_unregister_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg)); 64 } 65 66 module_init(length_mt_init); 67 module_exit(length_mt_exit); 68