|
18 | 18 | #include <linux/netfilter_ipv4/ip_tables.h> |
19 | 19 | #include <linux/netfilter_ipv6/ip6_tables.h> |
20 | 20 |
|
21 | | -#define TH_SYN 0x02 |
22 | | - |
23 | 21 | MODULE_LICENSE("GPL"); |
24 | 22 | MODULE_AUTHOR( "Marc Boucher <[email protected]>"); |
25 | 23 | MODULE_DESCRIPTION("iptables TCP MSS match module"); |
26 | 24 | MODULE_ALIAS("ipt_tcpmss"); |
27 | 25 |
|
28 | | -/* Returns 1 if the mss option is set and matched by the range, 0 otherwise */ |
29 | | -static inline int |
30 | | -mssoption_match(u_int16_t min, u_int16_t max, |
31 | | - const struct sk_buff *skb, |
32 | | - unsigned int protoff, |
33 | | - int invert, |
34 | | - int *hotdrop) |
| 26 | +static int |
| 27 | +match(const struct sk_buff *skb, |
| 28 | + const struct net_device *in, |
| 29 | + const struct net_device *out, |
| 30 | + const struct xt_match *match, |
| 31 | + const void *matchinfo, |
| 32 | + int offset, |
| 33 | + unsigned int protoff, |
| 34 | + int *hotdrop) |
35 | 35 | { |
| 36 | + const struct xt_tcpmss_match_info *info = matchinfo; |
36 | 37 | struct tcphdr _tcph, *th; |
37 | 38 | /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */ |
38 | 39 | u8 _opt[15 * 4 - sizeof(_tcph)], *op; |
@@ -64,35 +65,22 @@ mssoption_match(u_int16_t min, u_int16_t max, |
64 | 65 |
|
65 | 66 | mssval = (op[i+2] << 8) | op[i+3]; |
66 | 67 |
|
67 | | - return (mssval >= min && mssval <= max) ^ invert; |
| 68 | + return (mssval >= info->mss_min && |
| 69 | + mssval <= info->mss_max) ^ info->invert; |
68 | 70 | } |
69 | | - if (op[i] < 2) i++; |
70 | | - else i += op[i+1]?:1; |
| 71 | + if (op[i] < 2) |
| 72 | + i++; |
| 73 | + else |
| 74 | + i += op[i+1] ? : 1; |
71 | 75 | } |
72 | 76 | out: |
73 | | - return invert; |
| 77 | + return info->invert; |
74 | 78 |
|
75 | | - dropit: |
| 79 | +dropit: |
76 | 80 | *hotdrop = 1; |
77 | 81 | return 0; |
78 | 82 | } |
79 | 83 |
|
80 | | -static int |
81 | | -match(const struct sk_buff *skb, |
82 | | - const struct net_device *in, |
83 | | - const struct net_device *out, |
84 | | - const struct xt_match *match, |
85 | | - const void *matchinfo, |
86 | | - int offset, |
87 | | - unsigned int protoff, |
88 | | - int *hotdrop) |
89 | | -{ |
90 | | - const struct xt_tcpmss_match_info *info = matchinfo; |
91 | | - |
92 | | - return mssoption_match(info->mss_min, info->mss_max, skb, protoff, |
93 | | - info->invert, hotdrop); |
94 | | -} |
95 | | - |
96 | 84 | static struct xt_match xt_tcpmss_match[] = { |
97 | 85 | { |
98 | 86 | .name = "tcpmss", |
|
0 commit comments