added new methods ts3init_calculate_cookie_ipv4 and ts3init_calculate_cookie_ipv6. Changed TS3INIT_SET_COOKIE to use the new methods.

2016-10-12 13:04:20 +02:00 · 2016-10-12 13:04:20 +02:00 · 4bbbd63860
commit 4bbbd63860
parent e31b6cf80c
5 changed files with 79 additions and 14 deletions
--- a/src/ts3init_cache.c
+++ b/src/ts3init_cache.c
@ -14,6 +14,8 @@
 #include <linux/kernel.h>
 #include <linux/skbuff.h>
 #include <linux/netfilter/x_tables.h>
+#include <linux/ip.h>
+#include <linux/ipv6.h>
 #include <linux/udp.h>
 #include <linux/time.h>
 #include <linux/jiffies.h>
--- a/src/ts3init_cookie.c
+++ b/src/ts3init_cookie.c
@ -17,6 +17,8 @@
 #include <linux/err.h>
 #include <linux/scatterlist.h>
 #include <linux/netfilter/x_tables.h>
+#include <linux/ip.h>
+#include <linux/ipv6.h>
 #include <linux/udp.h>
 #include "siphash24.h"
 #include "ts3init_cookie_seed.h"
@ -94,6 +96,32 @@ __u64* ts3init_get_cookie_seed(time_t current_time, __u8 packet_index,
    return cache->seed64 + ((SIP_KEY_SIZE/sizeof(__u64)) * packet_index );
 }

+int ts3init_calculate_cookie_ipv6(const struct ipv6hdr *ip, const struct udphdr *udp, 
+                                  __u64 k0, __u64 k1, __u64* out)
+{
+    struct ts3init_siphash_state hash_state;
+
+    ts3init_siphash_setup(&hash_state, k0, k1);
+    ts3init_siphash_update(&hash_state, (u8 *)&ip->saddr, sizeof(ip->saddr) * 2);
+    ts3init_siphash_update(&hash_state, (u8 *)&udp->source, 4);
+    *out = ts3init_siphash_finalize(&hash_state);
+
+    return 0;
+}
+
+int ts3init_calculate_cookie_ipv4(const struct iphdr *ip, const struct udphdr *udp, 
+                                  __u64 k0, __u64 k1, __u64* out)
+{
+    struct ts3init_siphash_state hash_state;
+
+    ts3init_siphash_setup(&hash_state, k0, k1);
+    ts3init_siphash_update(&hash_state, (u8 *)&ip->saddr, sizeof(ip->saddr) * 2);
+    ts3init_siphash_update(&hash_state, (u8 *)&udp->source, 4);
+    *out = ts3init_siphash_finalize(&hash_state);
+
+    return 0;
+}
+
 int ts3init_calculate_cookie(const struct sk_buff *skb, const struct xt_action_param *par, 
                             struct udphdr *udp, __u64 k0, __u64 k1, __u64* out)
 {
--- a/src/ts3init_cookie.h
+++ b/src/ts3init_cookie.h
@ -23,5 +23,9 @@ __u64* ts3init_get_cookie_seed(time_t current_time, __u8 packet_index,
 int ts3init_calculate_cookie(const struct sk_buff *skb,
                const struct xt_action_param *par, struct udphdr *udp,
                __u64 k0, __u64 k1, __u64* out);
+int ts3init_calculate_cookie_ipv6(const struct ipv6hdr *ip, const struct udphdr *udp, 
+                                  __u64 k0, __u64 k1, __u64* out);
+int ts3init_calculate_cookie_ipv4(const struct iphdr *ip, const struct udphdr *udp, 
+                                  __u64 k0, __u64 k1, __u64* out);

 #endif /* _TS3INIT_COOKIE_H */
--- a/src/ts3init_match.c
+++ b/src/ts3init_match.c
@ -15,6 +15,8 @@
 #include <linux/kernel.h>
 #include <linux/netfilter/x_tables.h>
 #include <linux/skbuff.h>
+#include <linux/ip.h>
+#include <linux/ipv6.h>
 #include <linux/udp.h>
 #include <linux/time.h>
 #include <linux/percpu.h>
--- a/src/ts3init_target.c
+++ b/src/ts3init_target.c
@ -13,7 +13,6 @@
 */

 #include <linux/kernel.h>
-#include <linux/ip.h>
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/udp.h>
@ -249,20 +248,43 @@ ts3init_reset_ipv6_tg(struct sk_buff *skb, const struct xt_action_param *par)
 static const char set_cookie_package_header[12] = {'T', 'S', '3', 'I', 'N', 'I', 'T', '1', 0x65, 0, 0x88, COMMAND_SET_COOKIE };

 static bool
-ts3init_fill_set_cookie_payload(const struct sk_buff *skb, const struct xt_action_param *par,
-                                struct sk_buff *newskb, struct udphdr *newudp, u8 *newpayload)
+ts3init_generate_cookie_ipv4(const struct xt_action_param *par,
+                             const struct iphdr *ip, const struct udphdr *udp,
+                             u64 *cookie_hash, u8 *packet_index)
+{
+    const struct xt_ts3init_set_cookie_tginfo *info = par->targinfo;
+    __u64 cookie[2];
+
+    if (get_current_cookie(info->cookie_seed, &cookie, packet_index) == false)
+        return false;
+    if (ts3init_calculate_cookie_ipv4(ip, udp, cookie[0], cookie[1], cookie_hash))
+        return false;
+    return true;
+}
+
+static bool
+ts3init_generate_cookie_ipv6(const struct xt_action_param *par, 
+                             const struct ipv6hdr *ip, const struct udphdr *udp,
+                             u64 *cookie_hash, u8 *packet_index)
+{
+    const struct xt_ts3init_set_cookie_tginfo *info = par->targinfo;
+    __u64 cookie[2];
+
+    if (get_current_cookie(info->cookie_seed, &cookie, packet_index) == false)
+        return false;
+    if (ts3init_calculate_cookie_ipv6(ip, udp, cookie[0], cookie[1], cookie_hash))
+        return false;
+    return true;
+}
+
+static bool
+ts3init_fill_set_cookie_payload(const struct sk_buff *skb,
+                                const struct xt_action_param *par, 
+                                const u64 cookie_hash, const u8 packet_index,
+                                u8 *newpayload)
 {
    const struct xt_ts3init_set_cookie_tginfo *info = par->targinfo;
    u8 *payload, payload_buf[34];
-    __u64 cookie[2];
-    u64 cookie_hash;
-    u8 packet_index;
-
-    if (get_current_cookie(info->cookie_seed, &cookie, &packet_index) == false)
-        return false;
-
-    if (ts3init_calculate_cookie(newskb, par, newudp, cookie[0], cookie[1], &cookie_hash))
-        return false;

    memcpy(newpayload, set_cookie_package_header, sizeof(set_cookie_package_header));
    newpayload[12] = (u8)cookie_hash;
@ -303,10 +325,14 @@ ts3init_set_cookie_ipv4_tg(struct sk_buff *skb, const struct xt_action_param *pa
    struct iphdr *newip;
    struct udphdr *newudp;
    u8 *payload;
+    u64 cookie_hash;
+    u8 packet_index;
    const int payload_size = sizeof(set_cookie_package_header) + 20;
+    
    if (ts3init_prepare_ipv4_reply(skb, par, payload_size, &newskb, &newip, &newudp, &payload))
    {
-        if (ts3init_fill_set_cookie_payload(skb, par, newskb, newudp, payload))
+        if (ts3init_generate_cookie_ipv4(par, newip, newudp, &cookie_hash, &packet_index) &&
+            ts3init_fill_set_cookie_payload(skb, par, cookie_hash, packet_index, payload))
        {
            ts3init_send_ipv4_reply(skb, par, newskb, newip, newudp);
        }
@ -325,11 +351,14 @@ ts3init_set_cookie_ipv6_tg(struct sk_buff *skb, const struct xt_action_param *pa
    struct ipv6hdr *newip;
    struct udphdr *newudp;
    u8 *payload;
+    u64 cookie_hash;
+    u8 packet_index;
    const int payload_size = sizeof(set_cookie_package_header) + 20;
    
    if (ts3init_prepare_ipv6_reply(skb, par, payload_size, &newskb, &newip, &newudp, &payload))
    {
-        if (ts3init_fill_set_cookie_payload(skb, par, newskb, newudp, payload))
+        if (ts3init_generate_cookie_ipv6(par, newip, newudp, &cookie_hash, &packet_index) &&
+            ts3init_fill_set_cookie_payload(skb, par, cookie_hash, packet_index, payload))
        {
            ts3init_send_ipv6_reply(skb, par, newskb, newip, newudp);
        }