ia64/linux-2.6.18-xen.hg

annotate net/netfilter/xt_tcpmss.c @ 871:9cbcc9008446

xen/x86: don't initialize cpu_data[]'s apicid field on generic code

Afaict, this is not only redundant with the intialization done in
drivers/xen/core/smpboot.c, but actually results - at least for
secondary CPUs - in the Xen-specific value written to be later
overwritten with whatever the generic code determines (with no
guarantee that the two values are identical).

Signed-off-by: Jan Beulich <jbeulich@novell.com>
author Keir Fraser <keir.fraser@citrix.com>
date Thu May 14 10:09:15 2009 +0100 (2009-05-14)
parents 831230e53067
children
rev   line source
ian@0 1 /* Kernel module to match TCP MSS values. */
ian@0 2
ian@0 3 /* Copyright (C) 2000 Marc Boucher <marc@mbsi.ca>
ian@0 4 * Portions (C) 2005 by Harald Welte <laforge@netfilter.org>
ian@0 5 *
ian@0 6 * This program is free software; you can redistribute it and/or modify
ian@0 7 * it under the terms of the GNU General Public License version 2 as
ian@0 8 * published by the Free Software Foundation.
ian@0 9 */
ian@0 10
ian@0 11 #include <linux/module.h>
ian@0 12 #include <linux/skbuff.h>
ian@0 13 #include <net/tcp.h>
ian@0 14
ian@0 15 #include <linux/netfilter/xt_tcpmss.h>
ian@0 16 #include <linux/netfilter/x_tables.h>
ian@0 17
ian@0 18 #include <linux/netfilter_ipv4/ip_tables.h>
ian@0 19 #include <linux/netfilter_ipv6/ip6_tables.h>
ian@0 20
ian@0 21 #define TH_SYN 0x02
ian@0 22
ian@0 23 MODULE_LICENSE("GPL");
ian@0 24 MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
ian@0 25 MODULE_DESCRIPTION("iptables TCP MSS match module");
ian@0 26 MODULE_ALIAS("ipt_tcpmss");
ian@0 27
ian@0 28 /* Returns 1 if the mss option is set and matched by the range, 0 otherwise */
ian@0 29 static inline int
ian@0 30 mssoption_match(u_int16_t min, u_int16_t max,
ian@0 31 const struct sk_buff *skb,
ian@0 32 unsigned int protoff,
ian@0 33 int invert,
ian@0 34 int *hotdrop)
ian@0 35 {
ian@0 36 struct tcphdr _tcph, *th;
ian@0 37 /* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
ian@0 38 u8 _opt[15 * 4 - sizeof(_tcph)], *op;
ian@0 39 unsigned int i, optlen;
ian@0 40
ian@0 41 /* If we don't have the whole header, drop packet. */
ian@0 42 th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
ian@0 43 if (th == NULL)
ian@0 44 goto dropit;
ian@0 45
ian@0 46 /* Malformed. */
ian@0 47 if (th->doff*4 < sizeof(*th))
ian@0 48 goto dropit;
ian@0 49
ian@0 50 optlen = th->doff*4 - sizeof(*th);
ian@0 51 if (!optlen)
ian@0 52 goto out;
ian@0 53
ian@0 54 /* Truncated options. */
ian@0 55 op = skb_header_pointer(skb, protoff + sizeof(*th), optlen, _opt);
ian@0 56 if (op == NULL)
ian@0 57 goto dropit;
ian@0 58
ian@0 59 for (i = 0; i < optlen; ) {
ian@0 60 if (op[i] == TCPOPT_MSS
ian@0 61 && (optlen - i) >= TCPOLEN_MSS
ian@0 62 && op[i+1] == TCPOLEN_MSS) {
ian@0 63 u_int16_t mssval;
ian@0 64
ian@0 65 mssval = (op[i+2] << 8) | op[i+3];
ian@0 66
ian@0 67 return (mssval >= min && mssval <= max) ^ invert;
ian@0 68 }
ian@0 69 if (op[i] < 2) i++;
ian@0 70 else i += op[i+1]?:1;
ian@0 71 }
ian@0 72 out:
ian@0 73 return invert;
ian@0 74
ian@0 75 dropit:
ian@0 76 *hotdrop = 1;
ian@0 77 return 0;
ian@0 78 }
ian@0 79
ian@0 80 static int
ian@0 81 match(const struct sk_buff *skb,
ian@0 82 const struct net_device *in,
ian@0 83 const struct net_device *out,
ian@0 84 const struct xt_match *match,
ian@0 85 const void *matchinfo,
ian@0 86 int offset,
ian@0 87 unsigned int protoff,
ian@0 88 int *hotdrop)
ian@0 89 {
ian@0 90 const struct xt_tcpmss_match_info *info = matchinfo;
ian@0 91
ian@0 92 return mssoption_match(info->mss_min, info->mss_max, skb, protoff,
ian@0 93 info->invert, hotdrop);
ian@0 94 }
ian@0 95
ian@0 96 static struct xt_match tcpmss_match = {
ian@0 97 .name = "tcpmss",
ian@0 98 .match = match,
ian@0 99 .matchsize = sizeof(struct xt_tcpmss_match_info),
ian@0 100 .proto = IPPROTO_TCP,
ian@0 101 .family = AF_INET,
ian@0 102 .me = THIS_MODULE,
ian@0 103 };
ian@0 104
ian@0 105 static struct xt_match tcpmss6_match = {
ian@0 106 .name = "tcpmss",
ian@0 107 .match = match,
ian@0 108 .matchsize = sizeof(struct xt_tcpmss_match_info),
ian@0 109 .proto = IPPROTO_TCP,
ian@0 110 .family = AF_INET6,
ian@0 111 .me = THIS_MODULE,
ian@0 112 };
ian@0 113
ian@0 114
ian@0 115 static int __init xt_tcpmss_init(void)
ian@0 116 {
ian@0 117 int ret;
ian@0 118 ret = xt_register_match(&tcpmss_match);
ian@0 119 if (ret)
ian@0 120 return ret;
ian@0 121
ian@0 122 ret = xt_register_match(&tcpmss6_match);
ian@0 123 if (ret)
ian@0 124 xt_unregister_match(&tcpmss_match);
ian@0 125
ian@0 126 return ret;
ian@0 127 }
ian@0 128
ian@0 129 static void __exit xt_tcpmss_fini(void)
ian@0 130 {
ian@0 131 xt_unregister_match(&tcpmss6_match);
ian@0 132 xt_unregister_match(&tcpmss_match);
ian@0 133 }
ian@0 134
ian@0 135 module_init(xt_tcpmss_init);
ian@0 136 module_exit(xt_tcpmss_fini);