r4sas
/
ts3init_linux_netfilter_module
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

added new methods ts3init_calculate_cookie_ipv4 and ts3init_calculate_cookie_ipv6. Changed TS3INIT_SET_COOKIE to use the new methods.

pull/1/head
Maximilian Münchow 8 years ago
parent
e31b6cf80c
commit
4bbbd63860
5 changed files with 75 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      src/ts3init_cache.c
  2. 28
      src/ts3init_cookie.c
  3. 4
      src/ts3init_cookie.h
  4. 2
      src/ts3init_match.c
  5. 49
      src/ts3init_target.c

2
src/ts3init_cache.c
Unescape View File

@ -14,6 +14,8 @@ @@ -14,6 +14,8 @@
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/netfilter/x_tables.h>
#include <linux/ip.h>
#include <linux/ipv6.h>
#include <linux/udp.h>
#include <linux/time.h>
#include <linux/jiffies.h>

28
src/ts3init_cookie.c
Unescape View File

@ -17,6 +17,8 @@ @@ -17,6 +17,8 @@
#include <linux/err.h>
#include <linux/scatterlist.h>
#include <linux/netfilter/x_tables.h>
#include <linux/ip.h>
#include <linux/ipv6.h>
#include <linux/udp.h>
#include "siphash24.h"
#include "ts3init_cookie_seed.h"
@ -94,6 +96,32 @@ __u64* ts3init_get_cookie_seed(time_t current_time, __u8 packet_index, @@ -94,6 +96,32 @@ __u64* ts3init_get_cookie_seed(time_t current_time, __u8 packet_index,
return cache->seed64 + ((SIP_KEY_SIZE/sizeof(__u64)) * packet_index );
}
int ts3init_calculate_cookie_ipv6(const struct ipv6hdr *ip, const struct udphdr *udp,
__u64 k0, __u64 k1, __u64* out)
{
struct ts3init_siphash_state hash_state;
ts3init_siphash_setup(&hash_state, k0, k1);
ts3init_siphash_update(&hash_state, (u8 *)&ip->saddr, sizeof(ip->saddr) * 2);
ts3init_siphash_update(&hash_state, (u8 *)&udp->source, 4);
*out = ts3init_siphash_finalize(&hash_state);
return 0;
}
int ts3init_calculate_cookie_ipv4(const struct iphdr *ip, const struct udphdr *udp,
__u64 k0, __u64 k1, __u64* out)
{
struct ts3init_siphash_state hash_state;
ts3init_siphash_setup(&hash_state, k0, k1);
ts3init_siphash_update(&hash_state, (u8 *)&ip->saddr, sizeof(ip->saddr) * 2);
ts3init_siphash_update(&hash_state, (u8 *)&udp->source, 4);
*out = ts3init_siphash_finalize(&hash_state);
return 0;
}
int ts3init_calculate_cookie(const struct sk_buff *skb, const struct xt_action_param *par,
struct udphdr *udp, __u64 k0, __u64 k1, __u64* out)
{

4
src/ts3init_cookie.h
Unescape View File

@ -23,5 +23,9 @@ __u64* ts3init_get_cookie_seed(time_t current_time, __u8 packet_index, @@ -23,5 +23,9 @@ __u64* ts3init_get_cookie_seed(time_t current_time, __u8 packet_index,
int ts3init_calculate_cookie(const struct sk_buff *skb,
const struct xt_action_param *par, struct udphdr *udp,
__u64 k0, __u64 k1, __u64* out);
int ts3init_calculate_cookie_ipv6(const struct ipv6hdr *ip, const struct udphdr *udp,
__u64 k0, __u64 k1, __u64* out);
int ts3init_calculate_cookie_ipv4(const struct iphdr *ip, const struct udphdr *udp,
__u64 k0, __u64 k1, __u64* out);
#endif /* _TS3INIT_COOKIE_H */

2
src/ts3init_match.c
Unescape View File

@ -15,6 +15,8 @@ @@ -15,6 +15,8 @@
#include <linux/kernel.h>
#include <linux/netfilter/x_tables.h>
#include <linux/skbuff.h>
#include <linux/ip.h>
#include <linux/ipv6.h>
#include <linux/udp.h>
#include <linux/time.h>
#include <linux/percpu.h>

49
src/ts3init_target.c
Unescape View File

@ -13,7 +13,6 @@ @@ -13,7 +13,6 @@
*/
#include <linux/kernel.h>
#include <linux/ip.h>
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/udp.h>
@ -249,20 +248,43 @@ ts3init_reset_ipv6_tg(struct sk_buff *skb, const struct xt_action_param *par) @@ -249,20 +248,43 @@ ts3init_reset_ipv6_tg(struct sk_buff *skb, const struct xt_action_param *par)
static const char set_cookie_package_header[12] = {'T', 'S', '3', 'I', 'N', 'I', 'T', '1', 0x65, 0, 0x88, COMMAND_SET_COOKIE };
static bool
ts3init_fill_set_cookie_payload(const struct sk_buff *skb, const struct xt_action_param *par,
struct sk_buff *newskb, struct udphdr *newudp, u8 *newpayload)
ts3init_generate_cookie_ipv4(const struct xt_action_param *par,
const struct iphdr *ip, const struct udphdr *udp,
u64 *cookie_hash, u8 *packet_index)
{
const struct xt_ts3init_set_cookie_tginfo *info = par->targinfo;
u8 *payload, payload_buf[34];
__u64 cookie[2];
u64 cookie_hash;
u8 packet_index;
if (get_current_cookie(info->cookie_seed, &cookie, &packet_index) == false)
if (get_current_cookie(info->cookie_seed, &cookie, packet_index) == false)
return false;
if (ts3init_calculate_cookie_ipv4(ip, udp, cookie[0], cookie[1], cookie_hash))
return false;
return true;
}
if (ts3init_calculate_cookie(newskb, par, newudp, cookie[0], cookie[1], &cookie_hash))
static bool
ts3init_generate_cookie_ipv6(const struct xt_action_param *par,
const struct ipv6hdr *ip, const struct udphdr *udp,
u64 *cookie_hash, u8 *packet_index)
{
const struct xt_ts3init_set_cookie_tginfo *info = par->targinfo;
__u64 cookie[2];
if (get_current_cookie(info->cookie_seed, &cookie, packet_index) == false)
return false;
if (ts3init_calculate_cookie_ipv6(ip, udp, cookie[0], cookie[1], cookie_hash))
return false;
return true;
}
static bool
ts3init_fill_set_cookie_payload(const struct sk_buff *skb,
const struct xt_action_param *par,
const u64 cookie_hash, const u8 packet_index,
u8 *newpayload)
{
const struct xt_ts3init_set_cookie_tginfo *info = par->targinfo;
u8 *payload, payload_buf[34];
memcpy(newpayload, set_cookie_package_header, sizeof(set_cookie_package_header));
newpayload[12] = (u8)cookie_hash;
@ -303,10 +325,14 @@ ts3init_set_cookie_ipv4_tg(struct sk_buff *skb, const struct xt_action_param *pa @@ -303,10 +325,14 @@ ts3init_set_cookie_ipv4_tg(struct sk_buff *skb, const struct xt_action_param *pa
struct iphdr *newip;
struct udphdr *newudp;
u8 *payload;
u64 cookie_hash;
u8 packet_index;
const int payload_size = sizeof(set_cookie_package_header) + 20;
if (ts3init_prepare_ipv4_reply(skb, par, payload_size, &newskb, &newip, &newudp, &payload))
{
if (ts3init_fill_set_cookie_payload(skb, par, newskb, newudp, payload))
if (ts3init_generate_cookie_ipv4(par, newip, newudp, &cookie_hash, &packet_index) &&
ts3init_fill_set_cookie_payload(skb, par, cookie_hash, packet_index, payload))
{
ts3init_send_ipv4_reply(skb, par, newskb, newip, newudp);
}
@ -325,11 +351,14 @@ ts3init_set_cookie_ipv6_tg(struct sk_buff *skb, const struct xt_action_param *pa @@ -325,11 +351,14 @@ ts3init_set_cookie_ipv6_tg(struct sk_buff *skb, const struct xt_action_param *pa
struct ipv6hdr *newip;
struct udphdr *newudp;
u8 *payload;
u64 cookie_hash;
u8 packet_index;
const int payload_size = sizeof(set_cookie_package_header) + 20;
if (ts3init_prepare_ipv6_reply(skb, par, payload_size, &newskb, &newip, &newudp, &payload))
{
if (ts3init_fill_set_cookie_payload(skb, par, newskb, newudp, payload))
if (ts3init_generate_cookie_ipv6(par, newip, newudp, &cookie_hash, &packet_index) &&
ts3init_fill_set_cookie_payload(skb, par, cookie_hash, packet_index, payload))
{
ts3init_send_ipv6_reply(skb, par, newskb, newip, newudp);
}

Write Preview
Loading…
Cancel
Save