diff options
| author | Matthias Schiffer <mschiffer@universe-factory.net> | 2011-11-10 07:53:52 +0100 |
|---|---|---|
| committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2011-11-10 07:53:52 +0100 |
| commit | a95082117ad4813141f5733e5c3dda8efc5dec16 (patch) | |
| tree | 61edab08d7390e0179fc6c2900234c040168500a /ip6t_DNPTV6.c | |
| parent | c25768e4311eaf9e9d9166e42fe74e9c597c466d (diff) | |
| download | NPTv6-a95082117ad4813141f5733e5c3dda8efc5dec16.tar NPTv6-a95082117ad4813141f5733e5c3dda8efc5dec16.zip | |
Make this work again.
Diffstat (limited to 'ip6t_DNPTV6.c')
| -rw-r--r-- | ip6t_DNPTV6.c | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/ip6t_DNPTV6.c b/ip6t_DNPTV6.c new file mode 100644 index 0000000..96d16e8 --- /dev/null +++ b/ip6t_DNPTV6.c @@ -0,0 +1,83 @@ +/* + * NATv6: IPv6-to-IPv6 Network Prefix Translation as + * proposed in RFC 6296. + * Based on MAP66 (c) 2010 sven-ola()gmx.de + * (c) 2011 mschiffer()universe-factory.net "I'm the one to blame for any problems with this version ;P" + */ + +#include <linux/module.h> +#include <linux/version.h> +#include <linux/netfilter_ipv6/ip6_tables.h> +#include <net/ipv6.h> + +#include "ip6t_NPTV6_common.h" + +MODULE_AUTHOR("Matthias Schiffer <mschiffer()universe-factory.net>"); +MODULE_DESCRIPTION("Xtables: Destination NPTv6 - IPv6-to-IPv6 Network Prefix Translation"); +MODULE_LICENSE("GPL"); + + +static unsigned int dnptv6_tg6(struct sk_buff *skb, const struct xt_action_param *par) +{ + struct ipv6hdr* hdr = ipv6_hdr(skb); + const struct ip6t_nptv6_info *info = par->targinfo; + + pr_devel("DNPTV6: enter in=%s, out=%s, saddr=" NIP6_FMT ", daddr=" NIP6_FMT "\n", + NULL != par->in ? par->in->name : "", + NULL != par->out ? par->out->name : "", + NIP6(hdr->saddr), NIP6(hdr->daddr)); + + if (!skb_make_writable(skb, sizeof(struct ipv6hdr))) { + pr_devel("DNPTV6: unwriteable, dropped\n"); + return NF_DROP; + } + hdr = ipv6_hdr(skb); + + if (!translate_address(&hdr->daddr, &info->nptv6_prefix, info->nptv6_prefix_len)) { + pr_devel("DNPTV6: untranslatable address\n"); + return NF_DROP; + } + + pr_devel("DNPTV6: exit in=%s, out=%s, saddr=" NIP6_FMT ", daddr=" NIP6_FMT "\n", + NULL != par->in ? par->in->name : "", + NULL != par->out ? par->out->name : "", + NIP6(hdr->saddr), NIP6(hdr->daddr)); + + return NF_ACCEPT; +} + +static int dnptv6_tg6_check(const struct xt_tgchk_param *par) +{ + const struct ip6t_nptv6_info *info = par->targinfo; + + if (info->nptv6_prefix_len > 64) { + printk("DNPTV6: Prefix length longer than 64 given\n"); + return -EINVAL; + } + + return 0; +} + +static struct xt_target dnptv6_tg6_reg __read_mostly = { + .name = "DNPTV6", + .family = NFPROTO_IPV6, + .target = dnptv6_tg6, + .checkentry = dnptv6_tg6_check, + .targetsize = sizeof(struct ip6t_nptv6_info), + .table = "mangle", + .hooks = (1 << NF_INET_PRE_ROUTING), + .me = THIS_MODULE, +}; + +static int __init dnptv6_tg6_init(void) +{ + return xt_register_target(&dnptv6_tg6_reg); +} + +static void __exit dnptv6_tg6_exit(void) +{ + xt_unregister_target(&dnptv6_tg6_reg); +} + +module_init(dnptv6_tg6_init); +module_exit(dnptv6_tg6_exit); |