netfilter: Combine ipt_TTL and ip6t_HL source (563d36eb) · Commits · e / devices / android_kernel_xiaomi_nabu

net/ipv4/netfilter/Kconfig

+0 −15

Original line number	Original line	Diff line number	Diff line
	@@ -322,21 +322,6 @@ config IP_NF_TARGET_ECN

	To compile it as a module, choose M here. If unsure, say N.		To compile it as a module, choose M here. If unsure, say N.

	config IP_NF_TARGET_TTL
	tristate 'TTL target support'
	depends on IP_NF_MANGLE
	depends on NETFILTER_ADVANCED
	help
	This option adds a `TTL' target, which enables the user to modify
	the TTL value of the IP header.

	While it is safe to decrement/lower the TTL, this target also enables
	functionality to increment and set the TTL value of the IP header to
	arbitrary values. This is EXTREMELY DANGEROUS since you can easily
	create immortal packets that loop forever on the network.

	To compile it as a module, choose M here. If unsure, say N.

	# raw + specific targets		# raw + specific targets
	config IP_NF_RAW		config IP_NF_RAW
	tristate 'raw table support (required for NOTRACK/TRACE)'		tristate 'raw table support (required for NOTRACK/TRACE)'

net/ipv4/netfilter/Makefile

+0 −1

Original line number	Original line	Diff line number	Diff line
	@@ -61,7 +61,6 @@ obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
	obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o		obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
	obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o		obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
	obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o		obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
	obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
	obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o		obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o

	# generic ARP tables		# generic ARP tables

net/ipv6/netfilter/Kconfig

+0 −17

Original line number	Original line	Diff line number	Diff line
	@@ -170,23 +170,6 @@ config IP6_NF_MANGLE

	To compile it as a module, choose M here. If unsure, say N.		To compile it as a module, choose M here. If unsure, say N.

	config IP6_NF_TARGET_HL
	tristate 'HL (hoplimit) target support'
	depends on IP6_NF_MANGLE
	depends on NETFILTER_ADVANCED
	help
	This option adds a `HL' target, which enables the user to decrement
	the hoplimit value of the IPv6 header or set it to a given (lower)
	value.

	While it is safe to decrement the hoplimit value, this option also
	enables functionality to increment and set the hoplimit value of the
	IPv6 header to arbitrary values. This is EXTREMELY DANGEROUS since
	you can easily create immortal packets that loop forever on the
	network.

	To compile it as a module, choose M here. If unsure, say N.

	config IP6_NF_RAW		config IP6_NF_RAW
	tristate 'raw table support (required for TRACE)'		tristate 'raw table support (required for TRACE)'
	depends on NETFILTER_ADVANCED		depends on NETFILTER_ADVANCED

net/ipv6/netfilter/Makefile

+0 −1

Original line number	Original line	Diff line number	Diff line
	@@ -27,6 +27,5 @@ obj-$(CONFIG_IP6_NF_MATCH_OPTS) += ip6t_hbh.o
	obj-$(CONFIG_IP6_NF_MATCH_RT) += ip6t_rt.o		obj-$(CONFIG_IP6_NF_MATCH_RT) += ip6t_rt.o

	# targets		# targets
	obj-$(CONFIG_IP6_NF_TARGET_HL) += ip6t_HL.o
	obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o		obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o
	obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o		obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o

net/ipv6/netfilter/ip6t_HL.c

deleted100644 → 0

+0 −95

Original line number	Original line	Diff line number	Diff line
	/*
	* Hop Limit modification target for ip6tables
	* Maciej Soltysiak <solt@dns.toxicfilms.tv>
	* Based on HW's TTL module
	*
	* This software is distributed under the terms of GNU GPL
	*/

	#include <linux/module.h>
	#include <linux/skbuff.h>
	#include <linux/ip.h>
	#include <linux/ipv6.h>

	#include <linux/netfilter/x_tables.h>
	#include <linux/netfilter_ipv6/ip6t_HL.h>

	MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
	MODULE_DESCRIPTION("Xtables: IPv6 Hop Limit field modification target");
	MODULE_LICENSE("GPL");

	static unsigned int
	hl_tg6(struct sk_buff skb, const struct xt_target_param par)
	{
	struct ipv6hdr *ip6h;
	const struct ip6t_HL_info *info = par->targinfo;
	int new_hl;

	if (!skb_make_writable(skb, skb->len))
	return NF_DROP;

	ip6h = ipv6_hdr(skb);

	switch (info->mode) {
	case IP6T_HL_SET:
	new_hl = info->hop_limit;
	break;
	case IP6T_HL_INC:
	new_hl = ip6h->hop_limit + info->hop_limit;
	if (new_hl > 255)
	new_hl = 255;
	break;
	case IP6T_HL_DEC:
	new_hl = ip6h->hop_limit - info->hop_limit;
	if (new_hl < 0)
	new_hl = 0;
	break;
	default:
	new_hl = ip6h->hop_limit;
	break;
	}

	ip6h->hop_limit = new_hl;

	return XT_CONTINUE;
	}

	static bool hl_tg6_check(const struct xt_tgchk_param *par)
	{
	const struct ip6t_HL_info *info = par->targinfo;

	if (info->mode > IP6T_HL_MAXMODE) {
	printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n",
	info->mode);
	return false;
	}
	if (info->mode != IP6T_HL_SET && info->hop_limit == 0) {
	printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
	"make sense with value 0\n");
	return false;
	}
	return true;
	}

	static struct xt_target hl_tg6_reg __read_mostly = {
	.name = "HL",
	.family = NFPROTO_IPV6,
	.target = hl_tg6,
	.targetsize = sizeof(struct ip6t_HL_info),
	.table = "mangle",
	.checkentry = hl_tg6_check,
	.me = THIS_MODULE
	};

	static int __init hl_tg6_init(void)
	{
	return xt_register_target(&hl_tg6_reg);
	}

	static void __exit hl_tg6_exit(void)
	{
	xt_unregister_target(&hl_tg6_reg);
	}

	module_init(hl_tg6_init);
	module_exit(hl_tg6_exit);