1 // SPDX-License-Identifier: GPL-2.0-only 2 /* Kernel module to match packet length. */ 3 /* (C) 1999-2001 James Morris <jmorros@intercode.com.au> 4 */ 5 6 #include <linux/module.h> 7 #include <linux/skbuff.h> 8 #include <linux/ipv6.h> 9 #include <net/ip.h> 10 11 #include <linux/netfilter/xt_length.h> 12 #include <linux/netfilter/x_tables.h> 13 14 MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>"); 15 MODULE_DESCRIPTION("Xtables: Packet length (Layer3,4,5) match"); 16 MODULE_LICENSE("GPL"); 17 MODULE_ALIAS("ipt_length"); 18 MODULE_ALIAS("ip6t_length"); 19 20 static bool 21 length_mt(const struct sk_buff *skb, struct xt_action_param *par) 22 { 23 const struct xt_length_info *info = par->matchinfo; 24 u32 pktlen = skb_ip_totlen(skb); 25 26 return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; 27 } 28 29 static bool 30 length_mt6(const struct sk_buff *skb, struct xt_action_param *par) 31 { 32 const struct xt_length_info *info = par->matchinfo; 33 u32 pktlen = skb->len; 34 35 return (pktlen >= info->min && pktlen <= info->max) ^ info->invert; 36 } 37 38 static struct xt_match length_mt_reg[] __read_mostly = { 39 { 40 .name = "length", 41 .family = NFPROTO_IPV4, 42 .match = length_mt, 43 .matchsize = sizeof(struct xt_length_info), 44 .me = THIS_MODULE, 45 }, 46 { 47 .name = "length", 48 .family = NFPROTO_IPV6, 49 .match = length_mt6, 50 .matchsize = sizeof(struct xt_length_info), 51 .me = THIS_MODULE, 52 }, 53 }; 54 55 static int __init length_mt_init(void) 56 { 57 return xt_register_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg)); 58 } 59 60 static void __exit length_mt_exit(void) 61 { 62 xt_unregister_matches(length_mt_reg, ARRAY_SIZE(length_mt_reg)); 63 } 64 65 module_init(length_mt_init); 66 module_exit(length_mt_exit); 67