From 4bbbd63860067232c984804973a890610eb76f26 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maximilian=20M=C3=BCnchow?=
 <maximilian.muenchow@teamspeak.com>
Date: Wed, 12 Oct 2016 13:04:20 +0200
Subject: [PATCH] added new methods ts3init_calculate_cookie_ipv4 and
 ts3init_calculate_cookie_ipv6. Changed TS3INIT_SET_COOKIE to use the new
 methods.

---
 src/ts3init_cache.c  |  2 ++
 src/ts3init_cookie.c | 28 ++++++++++++++++++++++
 src/ts3init_cookie.h |  4 ++++
 src/ts3init_match.c  |  2 ++
 src/ts3init_target.c | 57 +++++++++++++++++++++++++++++++++-----------
 5 files changed, 79 insertions(+), 14 deletions(-)

diff --git a/src/ts3init_cache.c b/src/ts3init_cache.c
index 3259559..a64ec78 100644
--- a/src/ts3init_cache.c
+++ b/src/ts3init_cache.c
@@ -14,6 +14,8 @@
 #include <linux/kernel.h>
 #include <linux/skbuff.h>
 #include <linux/netfilter/x_tables.h>
+#include <linux/ip.h>
+#include <linux/ipv6.h>
 #include <linux/udp.h>
 #include <linux/time.h>
 #include <linux/jiffies.h>
diff --git a/src/ts3init_cookie.c b/src/ts3init_cookie.c
index 44c9333..8dbf6ab 100644
--- a/src/ts3init_cookie.c
+++ b/src/ts3init_cookie.c
@@ -17,6 +17,8 @@
 #include <linux/err.h>
 #include <linux/scatterlist.h>
 #include <linux/netfilter/x_tables.h>
+#include <linux/ip.h>
+#include <linux/ipv6.h>
 #include <linux/udp.h>
 #include "siphash24.h"
 #include "ts3init_cookie_seed.h"
@@ -94,6 +96,32 @@ __u64* ts3init_get_cookie_seed(time_t current_time, __u8 packet_index,
     return cache->seed64 + ((SIP_KEY_SIZE/sizeof(__u64)) * packet_index );
 }
 
+int ts3init_calculate_cookie_ipv6(const struct ipv6hdr *ip, const struct udphdr *udp, 
+                                  __u64 k0, __u64 k1, __u64* out)
+{
+    struct ts3init_siphash_state hash_state;
+
+    ts3init_siphash_setup(&hash_state, k0, k1);
+    ts3init_siphash_update(&hash_state, (u8 *)&ip->saddr, sizeof(ip->saddr) * 2);
+    ts3init_siphash_update(&hash_state, (u8 *)&udp->source, 4);
+    *out = ts3init_siphash_finalize(&hash_state);
+
+    return 0;
+}
+
+int ts3init_calculate_cookie_ipv4(const struct iphdr *ip, const struct udphdr *udp, 
+                                  __u64 k0, __u64 k1, __u64* out)
+{
+    struct ts3init_siphash_state hash_state;
+
+    ts3init_siphash_setup(&hash_state, k0, k1);
+    ts3init_siphash_update(&hash_state, (u8 *)&ip->saddr, sizeof(ip->saddr) * 2);
+    ts3init_siphash_update(&hash_state, (u8 *)&udp->source, 4);
+    *out = ts3init_siphash_finalize(&hash_state);
+
+    return 0;
+}
+
 int ts3init_calculate_cookie(const struct sk_buff *skb, const struct xt_action_param *par, 
                              struct udphdr *udp, __u64 k0, __u64 k1, __u64* out)
 {
diff --git a/src/ts3init_cookie.h b/src/ts3init_cookie.h
index c1f2072..f6cf481 100644
--- a/src/ts3init_cookie.h
+++ b/src/ts3init_cookie.h
@@ -23,5 +23,9 @@ __u64* ts3init_get_cookie_seed(time_t current_time, __u8 packet_index,
 int ts3init_calculate_cookie(const struct sk_buff *skb,
                 const struct xt_action_param *par, struct udphdr *udp,
                 __u64 k0, __u64 k1, __u64* out);
+int ts3init_calculate_cookie_ipv6(const struct ipv6hdr *ip, const struct udphdr *udp, 
+                                  __u64 k0, __u64 k1, __u64* out);
+int ts3init_calculate_cookie_ipv4(const struct iphdr *ip, const struct udphdr *udp, 
+                                  __u64 k0, __u64 k1, __u64* out);
 
 #endif /* _TS3INIT_COOKIE_H */
diff --git a/src/ts3init_match.c b/src/ts3init_match.c
index dd25383..854a670 100644
--- a/src/ts3init_match.c
+++ b/src/ts3init_match.c
@@ -15,6 +15,8 @@
 #include <linux/kernel.h>
 #include <linux/netfilter/x_tables.h>
 #include <linux/skbuff.h>
+#include <linux/ip.h>
+#include <linux/ipv6.h>
 #include <linux/udp.h>
 #include <linux/time.h>
 #include <linux/percpu.h>
diff --git a/src/ts3init_target.c b/src/ts3init_target.c
index 0d8120a..b7527ff 100644
--- a/src/ts3init_target.c
+++ b/src/ts3init_target.c
@@ -13,7 +13,6 @@
  */
 
 #include <linux/kernel.h>
-#include <linux/ip.h>
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/udp.h>
@@ -249,20 +248,43 @@ ts3init_reset_ipv6_tg(struct sk_buff *skb, const struct xt_action_param *par)
 static const char set_cookie_package_header[12] = {'T', 'S', '3', 'I', 'N', 'I', 'T', '1', 0x65, 0, 0x88, COMMAND_SET_COOKIE };
 
 static bool
-ts3init_fill_set_cookie_payload(const struct sk_buff *skb, const struct xt_action_param *par,
-                                struct sk_buff *newskb, struct udphdr *newudp, u8 *newpayload)
+ts3init_generate_cookie_ipv4(const struct xt_action_param *par,
+                             const struct iphdr *ip, const struct udphdr *udp,
+                             u64 *cookie_hash, u8 *packet_index)
+{
+    const struct xt_ts3init_set_cookie_tginfo *info = par->targinfo;
+    __u64 cookie[2];
+
+    if (get_current_cookie(info->cookie_seed, &cookie, packet_index) == false)
+        return false;
+    if (ts3init_calculate_cookie_ipv4(ip, udp, cookie[0], cookie[1], cookie_hash))
+        return false;
+    return true;
+}
+
+static bool
+ts3init_generate_cookie_ipv6(const struct xt_action_param *par, 
+                             const struct ipv6hdr *ip, const struct udphdr *udp,
+                             u64 *cookie_hash, u8 *packet_index)
+{
+    const struct xt_ts3init_set_cookie_tginfo *info = par->targinfo;
+    __u64 cookie[2];
+
+    if (get_current_cookie(info->cookie_seed, &cookie, packet_index) == false)
+        return false;
+    if (ts3init_calculate_cookie_ipv6(ip, udp, cookie[0], cookie[1], cookie_hash))
+        return false;
+    return true;
+}
+
+static bool
+ts3init_fill_set_cookie_payload(const struct sk_buff *skb,
+                                const struct xt_action_param *par, 
+                                const u64 cookie_hash, const u8 packet_index,
+                                u8 *newpayload)
 {
     const struct xt_ts3init_set_cookie_tginfo *info = par->targinfo;
     u8 *payload, payload_buf[34];
-    __u64 cookie[2];
-    u64 cookie_hash;
-    u8 packet_index;
-
-    if (get_current_cookie(info->cookie_seed, &cookie, &packet_index) == false)
-        return false;
-
-    if (ts3init_calculate_cookie(newskb, par, newudp, cookie[0], cookie[1], &cookie_hash))
-        return false;
 
     memcpy(newpayload, set_cookie_package_header, sizeof(set_cookie_package_header));
     newpayload[12] = (u8)cookie_hash;
@@ -303,10 +325,14 @@ ts3init_set_cookie_ipv4_tg(struct sk_buff *skb, const struct xt_action_param *pa
     struct iphdr *newip;
     struct udphdr *newudp;
     u8 *payload;
+    u64 cookie_hash;
+    u8 packet_index;
     const int payload_size = sizeof(set_cookie_package_header) + 20;
+    
     if (ts3init_prepare_ipv4_reply(skb, par, payload_size, &newskb, &newip, &newudp, &payload))
     {
-        if (ts3init_fill_set_cookie_payload(skb, par, newskb, newudp, payload))
+        if (ts3init_generate_cookie_ipv4(par, newip, newudp, &cookie_hash, &packet_index) &&
+            ts3init_fill_set_cookie_payload(skb, par, cookie_hash, packet_index, payload))
         {
             ts3init_send_ipv4_reply(skb, par, newskb, newip, newudp);
         }
@@ -325,11 +351,14 @@ ts3init_set_cookie_ipv6_tg(struct sk_buff *skb, const struct xt_action_param *pa
     struct ipv6hdr *newip;
     struct udphdr *newudp;
     u8 *payload;
+    u64 cookie_hash;
+    u8 packet_index;
     const int payload_size = sizeof(set_cookie_package_header) + 20;
     
     if (ts3init_prepare_ipv6_reply(skb, par, payload_size, &newskb, &newip, &newudp, &payload))
     {
-        if (ts3init_fill_set_cookie_payload(skb, par, newskb, newudp, payload))
+        if (ts3init_generate_cookie_ipv6(par, newip, newudp, &cookie_hash, &packet_index) &&
+            ts3init_fill_set_cookie_payload(skb, par, cookie_hash, packet_index, payload))
         {
             ts3init_send_ipv6_reply(skb, par, newskb, newip, newudp);
         }