TARPIT: make tarpit code generic

Creates a generic function to perform the tcp header manipulation in. Done in preparation for IPv6 support. This allows us to share code between v4 and v6 processing. Signed-off-by: Josh Hunt <johunt@akamai.com>
2025-09-07 21:25:12 +02:00 · 2012-07-08 11:11:23 -07:00
parent 48fbc6783e
commit 4eb97c7a01
1 changed files with 22 additions and 9 deletions
--- a/extensions/xt_TARPIT.c
+++ b/extensions/xt_TARPIT.c
@@ -142,6 +142,26 @@ static void xttarpit_reset(struct tcphdr *tcph, const struct tcphdr *oth)
 	tcph->ack_seq = oth->seq;
 }

+static bool tarpit_generic(struct tcphdr *tcph, const struct tcphdr *oth,
+    uint16_t payload, unsigned int mode)
+{
+	switch(mode) {
+	case XTTARPIT_TARPIT:
+		if (!xttarpit_tarpit(tcph, oth))
+			return false;
+		break;
+	case XTTARPIT_HONEYPOT:
+		if (!xttarpit_honeypot(tcph, oth, payload))
+			return false;
+		break;
+	case XTTARPIT_RESET:
+		xttarpit_reset(tcph, oth);
+		break;
+	}
+
+	return true;
+}
+
 static void tarpit_tcp(struct sk_buff *oldskb, unsigned int hook,
    unsigned int mode)
 {
@@ -208,15 +228,8 @@ static void tarpit_tcp(struct sk_buff *oldskb, unsigned int hook,
 	/* Reset flags */
 	((u_int8_t *)tcph)[13] = 0;

-	if (mode == XTTARPIT_TARPIT) {
-		if (!xttarpit_tarpit(tcph, oth))
-			return;
-	} else if (mode == XTTARPIT_HONEYPOT) {
-		if (!xttarpit_honeypot(tcph, oth, payload))
-			return;
-	} else if (mode == XTTARPIT_RESET) {
-		xttarpit_reset(tcph, oth);
-	}
+	if (!tarpit_generic(tcph, oth, payload, mode))
+		return;

 	/* Adjust TCP checksum */
 	tcph->check = 0;