udp.c

/*
 * (C) 2012 by Pablo Neira Ayuso <pablo@netfilter.org>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This code has been sponsored by Vyatta Inc. <http://www.vyatta.com>
 */

#include <stdio.h>
#include <stdbool.h>
#include <arpa/inet.h>
#include <netinet/ip.h>
#include <netinet/ip6.h>
#define _GNU_SOURCE
#include <netinet/udp.h>

#include <libnetfilter_queue/libnetfilter_queue.h>
#include <libnetfilter_queue/libnetfilter_queue_udp.h>
#include <libnetfilter_queue/libnetfilter_queue_ipv4.h>
#include <libnetfilter_queue/libnetfilter_queue_ipv6.h>
#include <libnetfilter_queue/pktbuff.h>

#include "internal.h"

EXPORT_SYMBOL
struct udphdr *nfq_udp_get_hdr(struct pkt_buff *pktb)
{
        if (pktb->transport_header == NULL)
                return NULL;

        /* No room for the UDP header. */
        if (pktb_tail(pktb) - pktb->transport_header < sizeof(struct udphdr))
                return NULL;

        return (struct udphdr *)pktb->transport_header;
}

EXPORT_SYMBOL
void *nfq_udp_get_payload(struct udphdr *udph, struct pkt_buff *pktb)
{
        uint16_t len = ntohs(udph->len);

        /* the UDP packet is too short. */
        if (len < sizeof(struct udphdr))
                return NULL;

        /* malformed UDP packet. */
        if (pktb->transport_header + len > pktb_tail(pktb))
                return NULL;

        return pktb->transport_header + sizeof(struct udphdr);
}

EXPORT_SYMBOL
unsigned int nfq_udp_get_payload_len(struct udphdr *udph, struct pkt_buff *pktb)
{
        return pktb_tail(pktb) - pktb->transport_header - sizeof(struct udphdr);
}

EXPORT_SYMBOL
void nfq_udp_compute_checksum_ipv4(struct udphdr *udph, struct iphdr *iph)
{
        /* checksum field in header needs to be zero for calculation. */
        udph->check = 0;
        udph->check = nfq_checksum_tcpudp_ipv4(iph, IPPROTO_UDP);
}

EXPORT_SYMBOL
void nfq_udp_compute_checksum_ipv6(struct udphdr *udph, struct ip6_hdr *ip6h)
{
        /* checksum field in header needs to be zero for calculation. */
        udph->check = 0;
        udph->check = nfq_checksum_tcpudp_ipv6(ip6h, udph, IPPROTO_UDP);
}

EXPORT_SYMBOL
int nfq_udp_mangle_ipv4(struct pkt_buff *pktb,
                        unsigned int match_offset, unsigned int match_len,
                        const char *rep_buffer, unsigned int rep_len)
{
        struct iphdr *iph;
        struct udphdr *udph;

        iph = (struct iphdr *)pktb->network_header;
        udph = (struct udphdr *)(pktb->network_header + iph->ihl*4);

        udph->len = htons(ntohs(udph->len) + rep_len - match_len);

        if (!nfq_ip_mangle(pktb, iph->ihl*4 + sizeof(struct udphdr),
                                match_offset, match_len, rep_buffer, rep_len))
                return 0;

        nfq_udp_compute_checksum_ipv4(udph, iph);

        return 1;
}

EXPORT_SYMBOL
int nfq_udp_mangle_ipv6(struct pkt_buff *pktb,
                        unsigned int match_offset, unsigned int match_len,
                        const char *rep_buffer, unsigned int rep_len)
{
        struct ip6_hdr *ip6h;
        struct udphdr *udph;

        ip6h = (struct ip6_hdr *)pktb->network_header;
        udph = (struct udphdr *)(pktb->transport_header);
        if (!udph)
                return 0;

        udph->len = htons(ntohs(udph->len) + rep_len - match_len);

        if (!nfq_ip6_mangle(pktb,
                            pktb->transport_header - pktb->network_header +
                            sizeof(struct udphdr),
                            match_offset, match_len, rep_buffer, rep_len))
                return 0;

        nfq_udp_compute_checksum_ipv6(udph, ip6h);

        return 1;
}

EXPORT_SYMBOL
int nfq_udp_snprintf(char *buf, size_t size, const struct udphdr *udph)
{
        return snprintf(buf, size, "SPT=%u DPT=%u ",
                        htons(udph->source), htons(udph->dest));
}