anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-06 04:35:12 +02:00
Code Issues Releases Wiki Activity

extensions: reduce number of arguments to send_reset functions

Browse Source
This commit is contained in:
Jan Engelhardt
2020-11-23 23:11:41 +01:00
parent f973577ec0
commit 9d5b2e2e0e
2 changed files with 29 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
extensions/xt_DELUDE.c
View File

@@ -25,8 +25,8 @@
#include "compat_xtables.h" #include "compat_xtables.h"
#define PFX KBUILD_MODNAME ": " #define PFX KBUILD_MODNAME ": "
static void delude_send_reset(struct net *net, struct sock *sk, static void delude_send_reset(struct sk_buff *oldskb,
struct sk_buff *oldskb, unsigned int hook) const struct xt_action_param *par)
{ {
struct tcphdr _otcph, *tcph; struct tcphdr _otcph, *tcph;
const struct tcphdr *oth; const struct tcphdr *oth;
@@ -51,7 +51,8 @@ static void delude_send_reset(struct net *net, struct sock *sk,
return; return;
/* Check checksum */ /* Check checksum */
if (nf_ip_checksum(oldskb, hook, ip_hdrlen(oldskb), IPPROTO_TCP)) if (nf_ip_checksum(oldskb, par->state->hook, ip_hdrlen(oldskb),
IPPROTO_TCP))
return; return;
nskb = alloc_skb(sizeof(struct iphdr) + sizeof(struct tcphdr) + nskb = alloc_skb(sizeof(struct iphdr) + sizeof(struct tcphdr) +
@@ -108,20 +109,21 @@ static void delude_send_reset(struct net *net, struct sock *sk,
addr_type = RTN_UNSPEC; addr_type = RTN_UNSPEC;
#ifdef CONFIG_BRIDGE_NETFILTER #ifdef CONFIG_BRIDGE_NETFILTER
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0) #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)
if (hook != NF_INET_FORWARD || ((struct nf_bridge_info *)skb_ext_find(nskb, SKB_EXT_BRIDGE_NF) != NULL && if (par->state->hook != NF_INET_FORWARD ||
((struct nf_bridge_info *)skb_ext_find(nskb, SKB_EXT_BRIDGE_NF) != NULL &&
((struct nf_bridge_info *)skb_ext_find(nskb, SKB_EXT_BRIDGE_NF))->physoutdev)) ((struct nf_bridge_info *)skb_ext_find(nskb, SKB_EXT_BRIDGE_NF))->physoutdev))
#else #else
if (hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL && if (par->state->hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL &&
nskb->nf_bridge->physoutdev)) nskb->nf_bridge->physoutdev))
#endif #endif
#else #else
if (hook != NF_INET_FORWARD) if (par->state->hook != NF_INET_FORWARD)
#endif #endif
addr_type = RTN_LOCAL; addr_type = RTN_LOCAL;
/* ip_route_me_harder expects skb->dst to be set */ /* ip_route_me_harder expects skb->dst to be set */
skb_dst_set(nskb, dst_clone(skb_dst(oldskb))); skb_dst_set(nskb, dst_clone(skb_dst(oldskb)));
if (ip_route_me_harder(net, sk, nskb, addr_type)) if (ip_route_me_harder(par_net(par), par->state->sk, nskb, addr_type))
goto free_nskb; goto free_nskb;
else else
niph = ip_hdr(nskb); niph = ip_hdr(nskb);
@@ -134,8 +136,7 @@ static void delude_send_reset(struct net *net, struct sock *sk,
goto free_nskb; goto free_nskb;
nf_ct_attach(nskb, oldskb); nf_ct_attach(nskb, oldskb);
ip_local_out(par_net(par), nskb->sk, nskb);
ip_local_out(net, nskb->sk, nskb);
return; return;
free_nskb: free_nskb:
@@ -150,7 +151,7 @@ delude_tg(struct sk_buff *skb, const struct xt_action_param *par)
* a problem, as that is supported since Linux 2.6.35. But since we do not * a problem, as that is supported since Linux 2.6.35. But since we do not
* actually want to have a connection open, we are still going to drop it. * actually want to have a connection open, we are still going to drop it.
*/ */
delude_send_reset(par_net(par), par->state->sk, skb, par->state->hook); delude_send_reset(skb, par);
return NF_DROP; return NF_DROP;
} }

36
extensions/xt_TARPIT.c
View File

@@ -170,8 +170,8 @@ static bool tarpit_generic(struct tcphdr *tcph, const struct tcphdr *oth,
return true; return true;
} }
static void tarpit_tcp4(struct net *net, struct sock *sk, static void tarpit_tcp4(const struct xt_action_param *par,
struct sk_buff *oldskb, unsigned int hook, unsigned int mode) struct sk_buff *oldskb, unsigned int mode)
{ {
struct tcphdr _otcph, *tcph; struct tcphdr _otcph, *tcph;
const struct tcphdr *oth; const struct tcphdr *oth;
@@ -191,7 +191,8 @@ static void tarpit_tcp4(struct net *net, struct sock *sk,
return; return;
/* Check checksum. */ /* Check checksum. */
if (nf_ip_checksum(oldskb, hook, ip_hdrlen(oldskb), IPPROTO_TCP)) if (nf_ip_checksum(oldskb, par->state->hook, ip_hdrlen(oldskb),
IPPROTO_TCP))
return; return;
/* /*
@@ -254,18 +255,19 @@ static void tarpit_tcp4(struct net *net, struct sock *sk,
#ifdef CONFIG_BRIDGE_NETFILTER #ifdef CONFIG_BRIDGE_NETFILTER
#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0) #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 0, 0)
if (hook != NF_INET_FORWARD || ((struct nf_bridge_info *)skb_ext_find(nskb, SKB_EXT_BRIDGE_NF) != NULL && if (par->state->hook != NF_INET_FORWARD ||
((struct nf_bridge_info *)skb_ext_find(nskb, SKB_EXT_BRIDGE_NF) != NULL &&
((struct nf_bridge_info *)skb_ext_find(nskb, SKB_EXT_BRIDGE_NF))->physoutdev)) ((struct nf_bridge_info *)skb_ext_find(nskb, SKB_EXT_BRIDGE_NF))->physoutdev))
#else #else
if (hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL && if (par->state->hook != NF_INET_FORWARD || (nskb->nf_bridge != NULL &&
nskb->nf_bridge->physoutdev != NULL)) nskb->nf_bridge->physoutdev != NULL))
#endif #endif
#else #else
if (hook != NF_INET_FORWARD) if (par->state->hook != NF_INET_FORWARD)
#endif #endif
addr_type = RTN_LOCAL; addr_type = RTN_LOCAL;
if (ip_route_me_harder(net, sk, nskb, addr_type) != 0) if (ip_route_me_harder(par_net(par), par->state->sk, nskb, addr_type) != 0)
goto free_nskb; goto free_nskb;
else else
niph = ip_hdr(nskb); niph = ip_hdr(nskb);
@@ -287,8 +289,8 @@ static void tarpit_tcp4(struct net *net, struct sock *sk,
goto free_nskb; goto free_nskb;
nf_ct_attach(nskb, oldskb); nf_ct_attach(nskb, oldskb);
NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, net, nskb->sk, nskb, NULL, NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_OUT, par_net(par), nskb->sk, nskb,
skb_dst(nskb)->dev, dst_output); NULL, skb_dst(nskb)->dev, dst_output);
return; return;
free_nskb: free_nskb:
@@ -296,8 +298,8 @@ static void tarpit_tcp4(struct net *net, struct sock *sk,
} }
#ifdef WITH_IPV6 #ifdef WITH_IPV6
static void tarpit_tcp6(struct net *net, struct sock *sock, static void tarpit_tcp6(const struct xt_action_param *par,
struct sk_buff *oldskb, unsigned int hook, unsigned int mode) struct sk_buff *oldskb, unsigned int mode)
{ {
struct sk_buff *nskb; struct sk_buff *nskb;
struct tcphdr *tcph, oth; struct tcphdr *tcph, oth;
@@ -398,14 +400,14 @@ static void tarpit_tcp6(struct net *net, struct sock *sock,
&ipv6_hdr(nskb)->daddr, sizeof(struct tcphdr), &ipv6_hdr(nskb)->daddr, sizeof(struct tcphdr),
IPPROTO_TCP, IPPROTO_TCP,
csum_partial(tcph, sizeof(struct tcphdr), 0)); csum_partial(tcph, sizeof(struct tcphdr), 0));
if (ip6_route_me_harder(net, nskb->sk, nskb)) if (ip6_route_me_harder(par_net(par), nskb->sk, nskb))
goto free_nskb; goto free_nskb;
nskb->ip_summed = CHECKSUM_NONE; nskb->ip_summed = CHECKSUM_NONE;
nf_ct_attach(nskb, oldskb); nf_ct_attach(nskb, oldskb);
NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, net, nskb->sk, nskb, NULL, NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, par_net(par), nskb->sk, nskb,
skb_dst(nskb)->dev, dst_output); NULL, skb_dst(nskb)->dev, dst_output);
return; return;
free_nskb: free_nskb:
@@ -443,8 +445,7 @@ tarpit_tg4(struct sk_buff *skb, const struct xt_action_param *par)
/* We are not interested in fragments */ /* We are not interested in fragments */
if (iph->frag_off & htons(IP_OFFSET)) if (iph->frag_off & htons(IP_OFFSET))
return NF_DROP; return NF_DROP;
tarpit_tcp4(par_net(par), par->state->sk, skb, par->state->hook, tarpit_tcp4(par, skb, info->variant);
info->variant);
return NF_DROP; return NF_DROP;
} }
@@ -485,8 +486,7 @@ tarpit_tg6(struct sk_buff *skb, const struct xt_action_param *par)
pr_debug("addr is not unicast.\n"); pr_debug("addr is not unicast.\n");
return NF_DROP; return NF_DROP;
} }
tarpit_tcp6(par_net(par), par->state->sk, skb, par->state->hook, tarpit_tcp6(par, skb, info->variant);
info->variant);
return NF_DROP; return NF_DROP;
} }
#endif #endif