diff options
author | Matthias Schiffer <mschiffer@universe-factory.net> | 2011-11-10 07:53:52 +0100 |
---|---|---|
committer | Matthias Schiffer <mschiffer@universe-factory.net> | 2011-11-10 07:53:52 +0100 |
commit | a95082117ad4813141f5733e5c3dda8efc5dec16 (patch) | |
tree | 61edab08d7390e0179fc6c2900234c040168500a /ip6t_SNPTV6.c | |
parent | c25768e4311eaf9e9d9166e42fe74e9c597c466d (diff) | |
download | NPTv6-a95082117ad4813141f5733e5c3dda8efc5dec16.tar NPTv6-a95082117ad4813141f5733e5c3dda8efc5dec16.zip |
Make this work again.
Diffstat (limited to 'ip6t_SNPTV6.c')
-rw-r--r-- | ip6t_SNPTV6.c | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/ip6t_SNPTV6.c b/ip6t_SNPTV6.c new file mode 100644 index 0000000..5651382 --- /dev/null +++ b/ip6t_SNPTV6.c @@ -0,0 +1,83 @@ +/* + * NATv6: IPv6-to-IPv6 Network Prefix Translation as + * proposed in RFC 6296. + * Based on MAP66 (c) 2010 sven-ola()gmx.de + * (c) 2011 mschiffer()universe-factory.net "I'm the one to blame for any problems with this version ;P" + */ + +#include <linux/module.h> +#include <linux/version.h> +#include <linux/netfilter_ipv6/ip6_tables.h> +#include <net/ipv6.h> + +#include "ip6t_NPTV6_common.h" + +MODULE_AUTHOR("Matthias Schiffer <mschiffer()universe-factory.net>"); +MODULE_DESCRIPTION("Xtables: Source NPTv6 - IPv6-to-IPv6 Network Prefix Translation"); +MODULE_LICENSE("GPL"); + + +static unsigned int snptv6_tg6(struct sk_buff *skb, const struct xt_action_param *par) +{ + struct ipv6hdr* hdr = ipv6_hdr(skb); + const struct ip6t_nptv6_info *info = par->targinfo; + + pr_devel("SNPTV6: enter in=%s, out=%s, saddr=" NIP6_FMT ", daddr=" NIP6_FMT "\n", + NULL != par->in ? par->in->name : "", + NULL != par->out ? par->out->name : "", + NIP6(hdr->saddr), NIP6(hdr->daddr)); + + if (!skb_make_writable(skb, sizeof(struct ipv6hdr))) { + pr_devel("SNPTV6: unwriteable, dropped\n"); + return NF_DROP; + } + hdr = ipv6_hdr(skb); + + if (!translate_address(&hdr->saddr, &info->nptv6_prefix, info->nptv6_prefix_len)) { + pr_devel("SNPTV6: untranslatable address\n"); + return NF_DROP; + } + + pr_devel("SNPTV6: exit in=%s, out=%s, saddr=" NIP6_FMT ", daddr=" NIP6_FMT "\n", + NULL != par->in ? par->in->name : "", + NULL != par->out ? par->out->name : "", + NIP6(hdr->saddr), NIP6(hdr->daddr)); + + return NF_ACCEPT; +} + +static int snptv6_tg6_check(const struct xt_tgchk_param *par) +{ + const struct ip6t_nptv6_info *info = par->targinfo; + + if (info->nptv6_prefix_len > 64) { + printk("SNPTV6: Prefix length longer than 64 given\n"); + return -EINVAL; + } + + return 0; +} + +static struct xt_target snptv6_tg6_reg __read_mostly = { + .name = "SNPTV6", + .family = NFPROTO_IPV6, + .target = snptv6_tg6, + .checkentry = snptv6_tg6_check, + .targetsize = sizeof(struct ip6t_nptv6_info), + .table = "mangle", + .hooks = (1 << NF_INET_POST_ROUTING), + .me = THIS_MODULE, +}; + +static int __init snptv6_tg6_init(void) +{ + return xt_register_target(&snptv6_tg6_reg); +} + +static void __exit snptv6_tg6_exit(void) +{ + xt_unregister_target(&snptv6_tg6_reg); +} + +module_init(snptv6_tg6_init); +module_exit(snptv6_tg6_exit); |