2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
6 * Generic frame diversion
9 * Benoit LOCHER: initial integration within the kernel with support for ethernet
10 * Dave Miller: improvement on the code (correctness, performance and source files)
13 #include <linux/module.h>
14 #include <linux/types.h>
15 #include <linux/kernel.h>
16 #include <linux/sched.h>
17 #include <linux/string.h>
19 #include <linux/socket.h>
21 #include <linux/inet.h>
23 #include <linux/udp.h>
24 #include <linux/netdevice.h>
25 #include <linux/etherdevice.h>
26 #include <linux/skbuff.h>
27 #include <linux/capability.h>
28 #include <linux/errno.h>
29 #include <linux/init.h>
35 #include <asm/uaccess.h>
36 #include <asm/system.h>
37 #include <asm/checksum.h>
38 #include <linux/divert.h>
39 #include <linux/sockios.h>
41 const char sysctl_divert_version
[32]="0.46"; /* Current version */
43 static int __init
dv_init(void)
50 * Allocate a divert_blk for a device. This must be an ethernet nic.
52 int alloc_divert_blk(struct net_device
*dev
)
54 int alloc_size
= (sizeof(struct divert_blk
) + 3) & ~3;
57 if (dev
->type
== ARPHRD_ETHER
) {
58 dev
->divert
= kzalloc(alloc_size
, GFP_KERNEL
);
59 if (dev
->divert
== NULL
) {
60 printk(KERN_INFO
"divert: unable to allocate divert_blk for %s\n",
71 * Free a divert_blk allocated by the above function, if it was
72 * allocated on that device.
74 void free_divert_blk(struct net_device
*dev
)
84 * Adds a tcp/udp (source or dest) port to an array
86 static int add_port(u16 ports
[], u16 port
)
93 /* Storing directly in network format for performance,
98 for (i
= 0; i
< MAX_DIVERT_PORTS
; i
++) {
103 for (i
= 0; i
< MAX_DIVERT_PORTS
; i
++) {
114 * Removes a port from an array tcp/udp (source or dest)
116 static int remove_port(u16 ports
[], u16 port
)
123 /* Storing directly in network format for performance,
128 for (i
= 0; i
< MAX_DIVERT_PORTS
; i
++) {
129 if (ports
[i
] == port
) {
138 /* Some basic sanity checks on the arguments passed to divert_ioctl() */
139 static int check_args(struct divert_cf
*div_cf
, struct net_device
**dev
)
147 /* GETVERSION: all other args are unused */
148 if (div_cf
->cmd
== DIVCMD_GETVERSION
)
151 /* Network device index should reasonably be between 0 and 1000 :) */
152 if (div_cf
->dev_index
< 0 || div_cf
->dev_index
> 1000)
155 /* Let's try to find the ifname */
156 sprintf(devname
, "eth%d", div_cf
->dev_index
);
157 *dev
= dev_get_by_name(devname
);
159 /* dev should NOT be null */
165 /* user issuing the ioctl must be a super one :) */
166 if (!capable(CAP_SYS_ADMIN
)) {
171 /* Device must have a divert_blk member NOT null */
172 if ((*dev
)->divert
== NULL
)
180 * control function of the diverter
184 printk(KERN_DEBUG "divert_ioctl() line %d %s\n", __LINE__, (a))
189 int divert_ioctl(unsigned int cmd
, struct divert_cf __user
*arg
)
191 struct divert_cf div_cf
;
192 struct divert_blk
*div_blk
;
193 struct net_device
*dev
;
198 DVDBG("SIOCGIFDIVERT, copy_from_user");
199 if (copy_from_user(&div_cf
, arg
, sizeof(struct divert_cf
)))
201 DVDBG("before check_args");
202 ret
= check_args(&div_cf
, &dev
);
205 DVDBG("after checkargs");
206 div_blk
= dev
->divert
;
208 DVDBG("befre switch()");
209 switch (div_cf
.cmd
) {
210 case DIVCMD_GETSTATUS
:
211 /* Now, just give the user the raw divert block
212 * for him to play with :)
214 if (copy_to_user(div_cf
.arg1
.ptr
, dev
->divert
,
215 sizeof(struct divert_blk
)))
219 case DIVCMD_GETVERSION
:
220 DVDBG("GETVERSION: checking ptr");
221 if (div_cf
.arg1
.ptr
== NULL
)
223 DVDBG("GETVERSION: copying data to userland");
224 if (copy_to_user(div_cf
.arg1
.ptr
,
225 sysctl_divert_version
, 32))
227 DVDBG("GETVERSION: data copied");
237 if (copy_from_user(&div_cf
, arg
, sizeof(struct divert_cf
)))
240 ret
= check_args(&div_cf
, &dev
);
244 div_blk
= dev
->divert
;
249 div_blk
->protos
= DIVERT_PROTO_NONE
;
250 memset(div_blk
->tcp_dst
, 0,
251 MAX_DIVERT_PORTS
* sizeof(u16
));
252 memset(div_blk
->tcp_src
, 0,
253 MAX_DIVERT_PORTS
* sizeof(u16
));
254 memset(div_blk
->udp_dst
, 0,
255 MAX_DIVERT_PORTS
* sizeof(u16
));
256 memset(div_blk
->udp_src
, 0,
257 MAX_DIVERT_PORTS
* sizeof(u16
));
261 switch(div_cf
.arg1
.int32
) {
268 case DIVARG1_DISABLE
:
269 if (!div_blk
->divert
)
281 switch(div_cf
.arg1
.int32
) {
283 if (div_blk
->protos
& DIVERT_PROTO_IP
)
285 div_blk
->protos
|= DIVERT_PROTO_IP
;
288 case DIVARG1_DISABLE
:
289 if (!(div_blk
->protos
& DIVERT_PROTO_IP
))
291 div_blk
->protos
&= ~DIVERT_PROTO_IP
;
301 switch(div_cf
.arg1
.int32
) {
303 if (div_blk
->protos
& DIVERT_PROTO_TCP
)
305 div_blk
->protos
|= DIVERT_PROTO_TCP
;
308 case DIVARG1_DISABLE
:
309 if (!(div_blk
->protos
& DIVERT_PROTO_TCP
))
311 div_blk
->protos
&= ~DIVERT_PROTO_TCP
;
321 switch(div_cf
.arg1
.int32
) {
323 return add_port(div_blk
->tcp_dst
,
327 return remove_port(div_blk
->tcp_dst
,
337 switch(div_cf
.arg1
.int32
) {
339 return add_port(div_blk
->tcp_src
,
343 return remove_port(div_blk
->tcp_src
,
353 switch(div_cf
.arg1
.int32
) {
355 if (div_blk
->protos
& DIVERT_PROTO_UDP
)
357 div_blk
->protos
|= DIVERT_PROTO_UDP
;
360 case DIVARG1_DISABLE
:
361 if (!(div_blk
->protos
& DIVERT_PROTO_UDP
))
363 div_blk
->protos
&= ~DIVERT_PROTO_UDP
;
373 switch(div_cf
.arg1
.int32
) {
375 return add_port(div_blk
->udp_dst
,
379 return remove_port(div_blk
->udp_dst
,
389 switch(div_cf
.arg1
.int32
) {
391 return add_port(div_blk
->udp_src
,
395 return remove_port(div_blk
->udp_src
,
405 switch(div_cf
.arg1
.int32
) {
407 if (div_blk
->protos
& DIVERT_PROTO_ICMP
)
409 div_blk
->protos
|= DIVERT_PROTO_ICMP
;
412 case DIVARG1_DISABLE
:
413 if (!(div_blk
->protos
& DIVERT_PROTO_ICMP
))
415 div_blk
->protos
&= ~DIVERT_PROTO_ICMP
;
439 * Check if packet should have its dest mac address set to the box itself
443 #define ETH_DIVERT_FRAME(skb) \
444 memcpy(eth_hdr(skb), skb->dev->dev_addr, ETH_ALEN); \
445 skb->pkt_type=PACKET_HOST
447 void divert_frame(struct sk_buff
*skb
)
449 struct ethhdr
*eth
= eth_hdr(skb
);
453 struct divert_blk
*divert
= skb
->dev
->divert
;
455 unsigned char *skb_data_end
= skb
->data
+ skb
->len
;
457 /* Packet is already aimed at us, return */
458 if (!compare_ether_addr(eth
->h_dest
, skb
->dev
->dev_addr
))
461 /* proto is not IP, do nothing */
462 if (eth
->h_proto
!= htons(ETH_P_IP
))
465 /* Divert all IP frames ? */
466 if (divert
->protos
& DIVERT_PROTO_IP
) {
467 ETH_DIVERT_FRAME(skb
);
471 /* Check for possible (maliciously) malformed IP frame (thanks Dave) */
472 iph
= (struct iphdr
*) skb
->data
;
473 if (((iph
->ihl
<<2)+(unsigned char*)(iph
)) >= skb_data_end
) {
474 printk(KERN_INFO
"divert: malformed IP packet !\n");
478 switch (iph
->protocol
) {
479 /* Divert all ICMP frames ? */
481 if (divert
->protos
& DIVERT_PROTO_ICMP
) {
482 ETH_DIVERT_FRAME(skb
);
487 /* Divert all TCP frames ? */
489 if (divert
->protos
& DIVERT_PROTO_TCP
) {
490 ETH_DIVERT_FRAME(skb
);
494 /* Check for possible (maliciously) malformed IP
497 tcph
= (struct tcphdr
*)
498 (((unsigned char *)iph
) + (iph
->ihl
<<2));
499 if (((unsigned char *)(tcph
+1)) >= skb_data_end
) {
500 printk(KERN_INFO
"divert: malformed TCP packet !\n");
504 /* Divert some tcp dst/src ports only ?*/
505 for (i
= 0; i
< MAX_DIVERT_PORTS
; i
++) {
506 dst
= divert
->tcp_dst
[i
];
507 src
= divert
->tcp_src
[i
];
508 if ((dst
&& dst
== tcph
->dest
) ||
509 (src
&& src
== tcph
->source
)) {
510 ETH_DIVERT_FRAME(skb
);
516 /* Divert all UDP frames ? */
518 if (divert
->protos
& DIVERT_PROTO_UDP
) {
519 ETH_DIVERT_FRAME(skb
);
523 /* Check for possible (maliciously) malformed IP
524 * packet (thanks Dave)
526 udph
= (struct udphdr
*)
527 (((unsigned char *)iph
) + (iph
->ihl
<<2));
528 if (((unsigned char *)(udph
+1)) >= skb_data_end
) {
530 "divert: malformed UDP packet !\n");
534 /* Divert some udp dst/src ports only ? */
535 for (i
= 0; i
< MAX_DIVERT_PORTS
; i
++) {
536 dst
= divert
->udp_dst
[i
];
537 src
= divert
->udp_src
[i
];
538 if ((dst
&& dst
== udph
->dest
) ||
539 (src
&& src
== udph
->source
)) {
540 ETH_DIVERT_FRAME(skb
);