make sure we use ipv4 or ipv6

8 years ago · 48dcafcd0a
2 changed files with 83 additions and 38 deletions
--- a/src/libxt_ts3init.c
+++ b/src/libxt_ts3init.c
@ -17,6 +17,7 @@
				@@ -17,6 +17,7 @@
 #include "ts3init_match.h"

 #define param_act(t, s, f) xtables_param_act((t), "ts3init_get_cookie", (s), (f))
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))

 static void ts3init_get_cookie_help(void)
 {
@ -189,37 +190,64 @@ static void ts3init_get_puzzle_print(const void *ip, const struct xt_entry_match
				@@ -189,37 +190,64 @@ static void ts3init_get_puzzle_print(const void *ip, const struct xt_entry_match
 }

 /* register and init */
-static struct xtables_match ts3init_get_cookie_mt_reg = {
-    .name          = "ts3init_get_cookie",
-    .revision      = 0,
-    .family        = NFPROTO_UNSPEC,
-    .version       = XTABLES_VERSION,
-    .size          = XT_ALIGN(sizeof(struct xt_ts3init_get_cookie_mtinfo)),
-    .userspacesize = XT_ALIGN(sizeof(struct xt_ts3init_get_cookie_mtinfo)),
-    .help          = ts3init_get_cookie_help,
-    .parse         = ts3init_get_cookie_parse,
-    .print         = ts3init_get_cookie_print,
-    .save          = ts3init_get_cookie_save,
-    .extra_opts    = ts3init_get_cookie_opts,
-};
-
-static struct xtables_match ts3init_get_puzzle_mt_reg = {
-    .name          = "ts3init_get_puzzle",
-    .revision      = 0,
-    .family        = NFPROTO_UNSPEC,
-    .version       = XTABLES_VERSION,
-    .size          = XT_ALIGN(sizeof(struct xt_ts3init_get_puzzle_mtinfo)),
-    .userspacesize = XT_ALIGN(sizeof(struct xt_ts3init_get_puzzle_mtinfo)),
-    .help          = ts3init_get_puzzle_help,
-    .parse         = ts3init_get_puzzle_parse,
-    .print         = ts3init_get_puzzle_print,
-    .save          = ts3init_get_puzzle_save,
-    .extra_opts    = ts3init_get_puzzle_opts,
+static struct xtables_match ts3init_mt_reg[] =
+{
+    {
+        .name          = "ts3init_get_cookie",
+        .revision      = 0,
+        .family        = NFPROTO_IPV4,
+        .version       = XTABLES_VERSION,
+        .size          = XT_ALIGN(sizeof(struct xt_ts3init_get_cookie_mtinfo)),
+        .userspacesize = XT_ALIGN(sizeof(struct xt_ts3init_get_cookie_mtinfo)),
+        .help          = ts3init_get_cookie_help,
+        .parse         = ts3init_get_cookie_parse,
+        .print         = ts3init_get_cookie_print,
+        .save          = ts3init_get_cookie_save,
+        .extra_opts    = ts3init_get_cookie_opts,
+    },
+    {
+        .name          = "ts3init_get_cookie",
+        .revision      = 0,
+        .family        = NFPROTO_IPV6,
+        .version       = XTABLES_VERSION,
+        .size          = XT_ALIGN(sizeof(struct xt_ts3init_get_cookie_mtinfo)),
+        .userspacesize = XT_ALIGN(sizeof(struct xt_ts3init_get_cookie_mtinfo)),
+        .help          = ts3init_get_cookie_help,
+        .parse         = ts3init_get_cookie_parse,
+        .print         = ts3init_get_cookie_print,
+        .save          = ts3init_get_cookie_save,
+        .extra_opts    = ts3init_get_cookie_opts,
+    },
+    {
+        .name          = "ts3init_get_puzzle",
+        .revision      = 0,
+        .family        = NFPROTO_IPV4,
+        .version       = XTABLES_VERSION,
+        .size          = XT_ALIGN(sizeof(struct xt_ts3init_get_puzzle_mtinfo)),
+        .userspacesize = XT_ALIGN(sizeof(struct xt_ts3init_get_puzzle_mtinfo)),
+        .help          = ts3init_get_puzzle_help,
+        .parse         = ts3init_get_puzzle_parse,
+        .print         = ts3init_get_puzzle_print,
+        .save          = ts3init_get_puzzle_save,
+        .extra_opts    = ts3init_get_puzzle_opts,
+    },
+    {
+        .name          = "ts3init_get_puzzle",
+        .revision      = 0,
+        .family        = NFPROTO_IPV6,
+        .version       = XTABLES_VERSION,
+        .size          = XT_ALIGN(sizeof(struct xt_ts3init_get_puzzle_mtinfo)),
+        .userspacesize = XT_ALIGN(sizeof(struct xt_ts3init_get_puzzle_mtinfo)),
+        .help          = ts3init_get_puzzle_help,
+        .parse         = ts3init_get_puzzle_parse,
+        .print         = ts3init_get_puzzle_print,
+        .save          = ts3init_get_puzzle_save,
+        .extra_opts    = ts3init_get_puzzle_opts,
+    }
 };

 static __attribute__((constructor)) void ts3init_mt_ldr(void)
 {
-    xtables_register_match(&ts3init_get_cookie_mt_reg);
-    xtables_register_match(&ts3init_get_puzzle_mt_reg);
+    xtables_register_matches(ts3init_mt_reg, ARRAY_SIZE(ts3init_mt_reg));
 }

--- a/src/ts3init_match.c
+++ b/src/ts3init_match.c
@ -153,6 +153,12 @@ static int ts3init_get_cookie_mt_check(const struct xt_mtchk_param *par)
				@@ -153,6 +153,12 @@ static int ts3init_get_cookie_mt_check(const struct xt_mtchk_param *par)
 {
    struct xt_ts3init_get_cookie_mtinfo *info = par->matchinfo;

+    if (! (par->family == NFPROTO_IPV4 || par->family == NFPROTO_IPV6))
+    {
+        printk(KERN_INFO KBUILD_MODNAME ": invalid protocol (only ipv4 and ipv6) for get_cookie\n");
+        return -EINVAL;
+    }
+
    if (info->common_options & ~(CHK_COMMON_VALID_MASK))
    {
        printk(KERN_INFO KBUILD_MODNAME ": invalid (common) options for get_cookie\n");
@ -173,18 +179,18 @@ ts3init_get_puzzle_mt(const struct sk_buff *skb, struct xt_action_param *par)
				@@ -173,18 +179,18 @@ ts3init_get_puzzle_mt(const struct sk_buff *skb, struct xt_action_param *par)
 {
    const struct xt_ts3init_get_puzzle_mtinfo *info = par->matchinfo;
    struct ts3_init_checked_header_data header_data;
-    
+
    if (!check_header(skb, par, GET_PUZZLE_PAYLOAD_SIZE, &header_data))
        return false;
-        
+
    if (header_data.ts3_header->command != 2) return false;
-    
+
    if (info->specific_options & CHK_GET_PUZZLE_CHECK_COOKIE)
    {
        struct ts3init_cache_t* cache;
        struct ts3_init_header* ts3_header = header_data.ts3_header;
-        __u64* cookie_seed;
-        /*__u8  cookie[8];*/
+        __u64* cookie_seed, cookie_seed0, cookie_seed1;
+
        unsigned long jifs;
        time_t current_unix_time;

@ -194,26 +200,30 @@ ts3init_get_puzzle_mt(const struct sk_buff *skb, struct xt_action_param *par)
				@@ -194,26 +200,30 @@ ts3init_get_puzzle_mt(const struct sk_buff *skb, struct xt_action_param *par)
        update_cache_time(jifs, cache);

        current_unix_time = cache->unix_time;
-                
+
        cookie_seed = ts3init_get_cookie_seed(current_unix_time,
            ts3_header->payload[8], &cache->cookie_cache,
            info->cookie_seed);
-                    
+
        if (!cookie_seed)
        {
            put_cpu_var(ts3init_cache);
            return false;
        }
-                
+
+        cookie_seed0 = cookie_seed[0];
+        cookie_seed1 = cookie_seed[1];
+
+        put_cpu_var(ts3init_cache);
+
        /* use cookie_seed and ipaddress and port to create a hash
         * (cookie) for this connection */
        /* TODO: implement using sipHash */ 
-        put_cpu_var(ts3init_cache);

        /* compare cookie with payload bytes 0-7. if equal, cookie
         * is valid */
        /*if (memcmp(cookie, ts3_header->payload, 8) != 0) return false;*/
-               
+
    }
    return true;
 }
@ -221,6 +231,13 @@ ts3init_get_puzzle_mt(const struct sk_buff *skb, struct xt_action_param *par)
				@@ -221,6 +231,13 @@ ts3init_get_puzzle_mt(const struct sk_buff *skb, struct xt_action_param *par)
 static int ts3init_get_puzzle_mt_check(const struct xt_mtchk_param *par)
 {
    struct xt_ts3init_get_puzzle_mtinfo *info = par->matchinfo;
+    
+        if (! (par->family == NFPROTO_IPV4 || par->family == NFPROTO_IPV6))
+    {
+        printk(KERN_INFO KBUILD_MODNAME ": invalid protocol (only ipv4 and ipv6) for get_puzzle\n");
+        return -EINVAL;
+    }
+
    if (info->common_options & ~(CHK_COMMON_VALID_MASK))
    {
        printk(KERN_INFO KBUILD_MODNAME ": invalid (common) options for get_puzzle\n");