1/* TTL modification target for IP tables 2 * (C) 2000,2005 by Harald Welte <laforge@netfilter.org> 3 * 4 * This program is free software; you can redistribute it and/or modify 5 * it under the terms of the GNU General Public License version 2 as 6 * published by the Free Software Foundation. 7 * 8 */ 9 10#include <linux/module.h> 11#include <linux/skbuff.h> 12#include <linux/ip.h> 13#include <net/checksum.h> 14 15#include <linux/netfilter/x_tables.h> 16#include <linux/netfilter_ipv4/ipt_TTL.h> 17 18MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>"); 19MODULE_DESCRIPTION("IP tables TTL modification module"); 20MODULE_LICENSE("GPL"); 21 22static unsigned int 23ipt_ttl_target(struct sk_buff **pskb, 24 const struct net_device *in, const struct net_device *out, 25 unsigned int hooknum, const struct xt_target *target, 26 const void *targinfo) 27{ 28 struct iphdr *iph; 29 const struct ipt_TTL_info *info = targinfo; 30 int new_ttl; 31 32 if (!skb_make_writable(pskb, (*pskb)->len)) 33 return NF_DROP; 34 35 iph = ip_hdr(*pskb); 36 37 switch (info->mode) { 38 case IPT_TTL_SET: 39 new_ttl = info->ttl; 40 break; 41 case IPT_TTL_INC: 42 new_ttl = iph->ttl + info->ttl; 43 if (new_ttl > 255) 44 new_ttl = 255; 45 break; 46 case IPT_TTL_DEC: 47 new_ttl = iph->ttl - info->ttl; 48 if (new_ttl < 0) 49 new_ttl = 0; 50 break; 51 default: 52 new_ttl = iph->ttl; 53 break; 54 } 55 56 if (new_ttl != iph->ttl) { 57 nf_csum_replace2(&iph->check, htons(iph->ttl << 8), 58 htons(new_ttl << 8)); 59 iph->ttl = new_ttl; 60 } 61 62 return XT_CONTINUE; 63} 64 65static int ipt_ttl_checkentry(const char *tablename, 66 const void *e, 67 const struct xt_target *target, 68 void *targinfo, 69 unsigned int hook_mask) 70{ 71 struct ipt_TTL_info *info = targinfo; 72 73 if (info->mode > IPT_TTL_MAXMODE) { 74 printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n", 75 info->mode); 76 return 0; 77 } 78 if ((info->mode != IPT_TTL_SET) && (info->ttl == 0)) 79 return 0; 80 return 1; 81} 82 83static struct xt_target ipt_TTL = { 84 .name = "TTL", 85 .family = AF_INET, 86 .target = ipt_ttl_target, 87 .targetsize = sizeof(struct ipt_TTL_info), 88 .table = "mangle", 89 .checkentry = ipt_ttl_checkentry, 90 .me = THIS_MODULE, 91}; 92 93static int __init ipt_ttl_init(void) 94{ 95 return xt_register_target(&ipt_TTL); 96} 97 98static void __exit ipt_ttl_fini(void) 99{ 100 xt_unregister_target(&ipt_TTL); 101} 102 103module_init(ipt_ttl_init); 104module_exit(ipt_ttl_fini); 105