1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
/*
* ip_vs_proto_icmp.c: ICMP load balancing support for IP Virtual Server
*
* Authors: Julian Anastasov <ja@ssi.bg>, March 2002
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* version 2 as published by the Free Software Foundation;
*
*/
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/icmp.h>
#include <linux/netfilter.h>
#include <linux/netfilter_ipv4.h>
#include <net/ip_vs.h>
static int icmp_timeouts[1] = { 1*60*HZ };
static char * icmp_state_name_table[1] = { "ICMP" };
static struct ip_vs_conn *
icmp_conn_in_get(const struct sk_buff *skb,
struct ip_vs_protocol *pp,
const struct iphdr *iph,
unsigned int proto_off,
int inverse)
{
#if 0
struct ip_vs_conn *cp;
if (likely(!inverse)) {
cp = ip_vs_conn_in_get(iph->protocol,
iph->saddr, 0,
iph->daddr, 0);
} else {
cp = ip_vs_conn_in_get(iph->protocol,
iph->daddr, 0,
iph->saddr, 0);
}
return cp;
#else
return NULL;
#endif
}
static struct ip_vs_conn *
icmp_conn_out_get(const struct sk_buff *skb,
struct ip_vs_protocol *pp,
const struct iphdr *iph,
unsigned int proto_off,
int inverse)
{
#if 0
struct ip_vs_conn *cp;
if (likely(!inverse)) {
cp = ip_vs_conn_out_get(iph->protocol,
iph->saddr, 0,
iph->daddr, 0);
} else {
cp = ip_vs_conn_out_get(IPPROTO_UDP,
iph->daddr, 0,
iph->saddr, 0);
}
return cp;
#else
return NULL;
#endif
}
static int
icmp_conn_schedule(struct sk_buff *skb, struct ip_vs_protocol *pp,
int *verdict, struct ip_vs_conn **cpp)
{
*verdict = NF_ACCEPT;
return 0;
}
static int
icmp_csum_check(struct sk_buff *skb, struct ip_vs_protocol *pp)
{
if (!(skb->nh.iph->frag_off & __constant_htons(IP_OFFSET))) {
if (skb->ip_summed != CHECKSUM_UNNECESSARY) {
if (ip_vs_checksum_complete(skb, skb->nh.iph->ihl * 4)) {
IP_VS_DBG_RL_PKT(0, pp, skb, 0, "Failed checksum for");
return 0;
}
}
}
return 1;
}
static void
icmp_debug_packet(struct ip_vs_protocol *pp,
const struct sk_buff *skb,
int offset,
const char *msg)
{
char buf[256];
struct iphdr _iph, *ih;
ih = skb_header_pointer(skb, offset, sizeof(_iph), &_iph);
if (ih == NULL)
sprintf(buf, "%s TRUNCATED", pp->name);
else if (ih->frag_off & __constant_htons(IP_OFFSET))
sprintf(buf, "%s %u.%u.%u.%u->%u.%u.%u.%u frag",
pp->name, NIPQUAD(ih->saddr),
NIPQUAD(ih->daddr));
else {
struct icmphdr _icmph, *ic;
ic = skb_header_pointer(skb, offset + ih->ihl*4,
sizeof(_icmph), &_icmph);
if (ic == NULL)
sprintf(buf, "%s TRUNCATED to %u bytes\n",
pp->name, skb->len - offset);
else
sprintf(buf, "%s %u.%u.%u.%u->%u.%u.%u.%u T:%d C:%d",
pp->name, NIPQUAD(ih->saddr),
NIPQUAD(ih->daddr),
ic->type, ic->code);
}
printk(KERN_DEBUG "IPVS: %s: %s\n", msg, buf);
}
static int
icmp_state_transition(struct ip_vs_conn *cp, int direction,
const struct sk_buff *skb,
struct ip_vs_protocol *pp)
{
cp->timeout = pp->timeout_table[IP_VS_ICMP_S_NORMAL];
return 1;
}
static int
icmp_set_state_timeout(struct ip_vs_protocol *pp, char *sname, int to)
{
int num;
char **names;
num = IP_VS_ICMP_S_LAST;
names = icmp_state_name_table;
return ip_vs_set_state_timeout(pp->timeout_table, num, names, sname, to);
}
static void icmp_init(struct ip_vs_protocol *pp)
{
pp->timeout_table = icmp_timeouts;
}
static void icmp_exit(struct ip_vs_protocol *pp)
{
}
struct ip_vs_protocol ip_vs_protocol_icmp = {
.name = "ICMP",
.protocol = IPPROTO_ICMP,
.dont_defrag = 0,
.init = icmp_init,
.exit = icmp_exit,
.conn_schedule = icmp_conn_schedule,
.conn_in_get = icmp_conn_in_get,
.conn_out_get = icmp_conn_out_get,
.snat_handler = NULL,
.dnat_handler = NULL,
.csum_check = icmp_csum_check,
.state_transition = icmp_state_transition,
.register_app = NULL,
.unregister_app = NULL,
.app_conn_bind = NULL,
.debug_packet = icmp_debug_packet,
.timeout_change = NULL,
.set_state_timeout = icmp_set_state_timeout,
};
|
