search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
userns: don't leak root user
[wrt350n-kernel.git] / net / netfilter / xt_sctp.c
blobc002153b80ab76ef6e3725dfc9dc6d4fce242d69
1 #include <linux/module.h>
2 #include <linux/skbuff.h>
3 #include <net/ip.h>
4 #include <net/ipv6.h>
5 #include <linux/sctp.h>
6
7 #include <linux/netfilter/x_tables.h>
8 #include <linux/netfilter/xt_sctp.h>
9 #include <linux/netfilter_ipv4/ip_tables.h>
10 #include <linux/netfilter_ipv6/ip6_tables.h>
11
12 MODULE_LICENSE("GPL");
13 MODULE_AUTHOR("Kiran Kumar Immidi");
14 MODULE_DESCRIPTION("Match for SCTP protocol packets");
15 MODULE_ALIAS("ipt_sctp");
16
17 #ifdef DEBUG_SCTP
18 #define duprintf(format, args...) printk(format , ## args)
19 #else
20 #define duprintf(format, args...)
21 #endif
22
23 #define SCCHECK(cond, option, flag, invflag) (!((flag) & (option)) \
24 || (!!((invflag) & (option)) ^ (cond)))
25
26 static bool
27 match_flags(const struct xt_sctp_flag_info *flag_info,
28 const int flag_count,
29 u_int8_t chunktype,
30 u_int8_t chunkflags)
31 {
32 int i;
33
34 for (i = 0; i < flag_count; i++)
35 if (flag_info[i].chunktype == chunktype)
36 return (chunkflags & flag_info[i].flag_mask) == flag_info[i].flag;
37
38 return true;
39 }
40
41 static inline bool
42 match_packet(const struct sk_buff *skb,
43 unsigned int offset,
44 const u_int32_t *chunkmap,
45 int chunk_match_type,
46 const struct xt_sctp_flag_info *flag_info,
47 const int flag_count,
48 bool *hotdrop)
49 {
50 u_int32_t chunkmapcopy[256 / sizeof (u_int32_t)];
51 sctp_chunkhdr_t _sch, *sch;
52
53 #ifdef DEBUG_SCTP
54 int i = 0;
55 #endif
56
57 if (chunk_match_type == SCTP_CHUNK_MATCH_ALL)
58 SCTP_CHUNKMAP_COPY(chunkmapcopy, chunkmap);
59
60 do {
61 sch = skb_header_pointer(skb, offset, sizeof(_sch), &_sch);
62 if (sch == NULL || sch->length == 0) {
63 duprintf("Dropping invalid SCTP packet.\n");
64 *hotdrop = true;
65 return false;
66 }
67
68 duprintf("Chunk num: %d\toffset: %d\ttype: %d\tlength: %d\tflags: %x\n",
69 ++i, offset, sch->type, htons(sch->length), sch->flags);
70
71 offset += (ntohs(sch->length) + 3) & ~3;
72
73 duprintf("skb->len: %d\toffset: %d\n", skb->len, offset);
74
75 if (SCTP_CHUNKMAP_IS_SET(chunkmap, sch->type)) {
76 switch (chunk_match_type) {
77 case SCTP_CHUNK_MATCH_ANY:
78 if (match_flags(flag_info, flag_count,
79 sch->type, sch->flags)) {
80 return true;
81 }
82 break;
83
84 case SCTP_CHUNK_MATCH_ALL:
85 if (match_flags(flag_info, flag_count,
86 sch->type, sch->flags))
87 SCTP_CHUNKMAP_CLEAR(chunkmapcopy, sch->type);
88 break;
89
90 case SCTP_CHUNK_MATCH_ONLY:
91 if (!match_flags(flag_info, flag_count,
92 sch->type, sch->flags))
93 return false;
94 break;
95 }
96 } else {
97 switch (chunk_match_type) {
98 case SCTP_CHUNK_MATCH_ONLY:
99 return false;
100 }
101 }
102 } while (offset < skb->len);
103
104 switch (chunk_match_type) {
105 case SCTP_CHUNK_MATCH_ALL:
106 return SCTP_CHUNKMAP_IS_CLEAR(chunkmap);
107 case SCTP_CHUNK_MATCH_ANY:
108 return false;
109 case SCTP_CHUNK_MATCH_ONLY:
110 return true;
111 }
112
113 /* This will never be reached, but required to stop compiler whine */
114 return false;
115 }
116
117 static bool
118 match(const struct sk_buff *skb,
119 const struct net_device *in,
120 const struct net_device *out,
121 const struct xt_match *match,
122 const void *matchinfo,
123 int offset,
124 unsigned int protoff,
125 bool *hotdrop)
126 {
127 const struct xt_sctp_info *info = matchinfo;
128 sctp_sctphdr_t _sh, *sh;
129
130 if (offset) {
131 duprintf("Dropping non-first fragment.. FIXME\n");
132 return false;
133 }
134
135 sh = skb_header_pointer(skb, protoff, sizeof(_sh), &_sh);
136 if (sh == NULL) {
137 duprintf("Dropping evil TCP offset=0 tinygram.\n");
138 *hotdrop = true;
139 return false;
140 }
141 duprintf("spt: %d\tdpt: %d\n", ntohs(sh->source), ntohs(sh->dest));
142
143 return SCCHECK(ntohs(sh->source) >= info->spts[0]
144 && ntohs(sh->source) <= info->spts[1],
145 XT_SCTP_SRC_PORTS, info->flags, info->invflags)
146 && SCCHECK(ntohs(sh->dest) >= info->dpts[0]
147 && ntohs(sh->dest) <= info->dpts[1],
148 XT_SCTP_DEST_PORTS, info->flags, info->invflags)
149 && SCCHECK(match_packet(skb, protoff + sizeof (sctp_sctphdr_t),
150 info->chunkmap, info->chunk_match_type,
151 info->flag_info, info->flag_count,
152 hotdrop),
153 XT_SCTP_CHUNK_TYPES, info->flags, info->invflags);
154 }
155
156 static bool
157 checkentry(const char *tablename,
158 const void *inf,
159 const struct xt_match *match,
160 void *matchinfo,
161 unsigned int hook_mask)
162 {
163 const struct xt_sctp_info *info = matchinfo;
164
165 return !(info->flags & ~XT_SCTP_VALID_FLAGS)
166 && !(info->invflags & ~XT_SCTP_VALID_FLAGS)
167 && !(info->invflags & ~info->flags)
168 && ((!(info->flags & XT_SCTP_CHUNK_TYPES)) ||
169 (info->chunk_match_type &
170 (SCTP_CHUNK_MATCH_ALL
171 | SCTP_CHUNK_MATCH_ANY
172 | SCTP_CHUNK_MATCH_ONLY)));
173 }
174
175 static struct xt_match xt_sctp_match[] __read_mostly = {
176 {
177 .name = "sctp",
178 .family = AF_INET,
179 .checkentry = checkentry,
180 .match = match,
181 .matchsize = sizeof(struct xt_sctp_info),
182 .proto = IPPROTO_SCTP,
183 .me = THIS_MODULE
184 },
185 {
186 .name = "sctp",
187 .family = AF_INET6,
188 .checkentry = checkentry,
189 .match = match,
190 .matchsize = sizeof(struct xt_sctp_info),
191 .proto = IPPROTO_SCTP,
192 .me = THIS_MODULE
193 },
194 };
195
196 static int __init xt_sctp_init(void)
197 {
198 return xt_register_matches(xt_sctp_match, ARRAY_SIZE(xt_sctp_match));
199 }
200
201 static void __exit xt_sctp_fini(void)
202 {
203 xt_unregister_matches(xt_sctp_match, ARRAY_SIZE(xt_sctp_match));
204 }
205
206 module_init(xt_sctp_init);
207 module_exit(xt_sctp_fini);
WRT350N Kernel Patches