patch-1.3.22 linux/net/ipv4/ipip.c
Next file: linux/net/ipv4/ipmr.c
Previous file: linux/net/ipv4/ip_fw.c
Back to the patch index
Back to the overall index
- Lines: 96
- Date:
Fri Sep 1 14:35:17 1995
- Orig file:
v1.3.21/linux/net/ipv4/ipip.c
- Orig date:
Fri Aug 18 08:44:59 1995
diff -u --recursive --new-file v1.3.21/linux/net/ipv4/ipip.c linux/net/ipv4/ipip.c
@@ -9,6 +9,7 @@
* a module taking up 2 pages).
* Alan Cox : Fixed bug with 1.3.18 and IPIP not working (now needs to set skb->h.iph)
* to keep ip_forward happy.
+ * Alan Cox : More fixes for 1.3.21, and firewall fix. Maybe this will work soon 8).
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -18,6 +19,7 @@
*/
#include <linux/types.h>
+#include <linux/sched.h>
#include <linux/kernel.h>
#include <linux/skbuff.h>
#include <linux/netdevice.h>
@@ -25,8 +27,12 @@
#include <net/datalink.h>
#include <net/sock.h>
#include <net/ip.h>
+#include <net/icmp.h>
+#include <linux/tcp.h>
+#include <linux/udp.h>
#include <net/protocol.h>
#include <net/ipip.h>
+#include <linux/ip_fw.h>
/*
* NB. we must include the kernel idenfication string in to install the module.
@@ -46,19 +52,64 @@
/*
- * The driver.
+ * The IPIP protocol driver.
+ *
+ * On entry here
+ * skb->data is the original IP header
+ * skb->ip_hdr points to the initial IP header.
+ * skb->h.raw points at the new header.
*/
int ipip_rcv(struct sk_buff *skb, struct device *dev, struct options *opt,
unsigned long daddr, unsigned short len, unsigned long saddr,
int redo, struct inet_protocol *protocol)
{
+#ifdef CONFIG_IP_FIREWALL
+ int err;
+#endif
/* Don't unlink in the middle of a turnaround */
MOD_INC_USE_COUNT;
#ifdef TUNNEL_DEBUG
printk("ipip_rcv: got a packet!\n");
#endif
- skb->h.iph=skb->data; /* Correct IP header pointer on to new header */
+ /*
+ * Discard the original IP header
+ */
+
+ skb_pull(skb, ((struct iphdr *)skb->data)->ihl<<2);
+
+ /*
+ * Adjust pointers
+ */
+
+ skb->h.iph=(struct iphdr *)skb->data;
+ skb->ip_hdr=(struct iphdr *)skb->data;
+
+#ifdef CONFIG_IP_FIREWALL
+ /*
+ * Check the firewall [well spotted Olaf]
+ */
+
+ if((err=ip_fw_chk(skb->ip_hdr,dev,ip_fw_blk_chain, ip_fw_blk_policy,0))<1)
+ {
+ if(err==-1)
+ icmp_send(skb,ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0 , dev);
+ kfree_skb(skb, FREE_READ);
+ return 0;
+ }
+#endif
+
+ /*
+ * If you want to add LZ compressed IP or things like that here,
+ * and in drivers/net/tunnel.c are the places to add.
+ */
+
+ /* skb=lzw_uncompress(skb); */
+
+ /*
+ * Feed to IP forward.
+ */
+
if(ip_forward(skb, dev, 0, daddr, 0))
kfree_skb(skb, FREE_READ);
MOD_DEC_USE_COUNT;
FUNET's LINUX-ADM group, [email protected]
TCL-scripts by Sam Shen, [email protected]
with Sam's (original) version of this