Release 4.10 net/ipv4/netfilter/ipt_REJECT.c
/*
* This is a module which is used for rejecting packets.
*/
/* (C) 1999-2001 Paul `Rusty' Russell
* (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
#include <linux/module.h>
#include <linux/skbuff.h>
#include <linux/slab.h>
#include <linux/ip.h>
#include <linux/udp.h>
#include <linux/icmp.h>
#include <net/icmp.h>
#include <linux/netfilter/x_tables.h>
#include <linux/netfilter_ipv4/ip_tables.h>
#include <linux/netfilter_ipv4/ipt_REJECT.h>
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
#include <linux/netfilter_bridge.h>
#endif
#include <net/netfilter/ipv4/nf_reject.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
MODULE_DESCRIPTION("Xtables: packet \"rejection\" target for IPv4");
static unsigned int
reject_tg(struct sk_buff *skb, const struct xt_action_param *par)
{
const struct ipt_reject_info *reject = par->targinfo;
int hook = xt_hooknum(par);
switch (reject->with) {
case IPT_ICMP_NET_UNREACHABLE:
nf_send_unreach(skb, ICMP_NET_UNREACH, hook);
break;
case IPT_ICMP_HOST_UNREACHABLE:
nf_send_unreach(skb, ICMP_HOST_UNREACH, hook);
break;
case IPT_ICMP_PROT_UNREACHABLE:
nf_send_unreach(skb, ICMP_PROT_UNREACH, hook);
break;
case IPT_ICMP_PORT_UNREACHABLE:
nf_send_unreach(skb, ICMP_PORT_UNREACH, hook);
break;
case IPT_ICMP_NET_PROHIBITED:
nf_send_unreach(skb, ICMP_NET_ANO, hook);
break;
case IPT_ICMP_HOST_PROHIBITED:
nf_send_unreach(skb, ICMP_HOST_ANO, hook);
break;
case IPT_ICMP_ADMIN_PROHIBITED:
nf_send_unreach(skb, ICMP_PKT_FILTERED, hook);
break;
case IPT_TCP_RESET:
nf_send_reset(xt_net(par), skb, hook);
case IPT_ICMP_ECHOREPLY:
/* Doesn't happen. */
break;
}
return NF_DROP;
}
Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| linus torvalds | linus torvalds | 95 | 60.13% | 2 | 15.38% |
| florian westphal | florian westphal | 20 | 12.66% | 1 | 7.69% |
| herbert xu | herbert xu | 9 | 5.70% | 1 | 7.69% |
| maciej soltysiak | maciej soltysiak | 9 | 5.70% | 1 | 7.69% |
| eric leblond | eric leblond | 8 | 5.06% | 1 | 7.69% |
| pablo neira ayuso | pablo neira ayuso | 6 | 3.80% | 1 | 7.69% |
| jan engelhardt | jan engelhardt | 5 | 3.16% | 3 | 23.08% |
| pre-git | pre-git | 3 | 1.90% | 1 | 7.69% |
| eric w. biederman | eric w. biederman | 2 | 1.27% | 1 | 7.69% |
| harald welte | harald welte | 1 | 0.63% | 1 | 7.69% |
| Total | 158 | 100.00% | 13 | 100.00% |
static int reject_tg_check(const struct xt_tgchk_param *par)
{
const struct ipt_reject_info *rejinfo = par->targinfo;
const struct ipt_entry *e = par->entryinfo;
if (rejinfo->with == IPT_ICMP_ECHOREPLY) {
pr_info("ECHOREPLY no longer supported.\n");
return -EINVAL;
} else if (rejinfo->with == IPT_TCP_RESET) {
/* Must specify that it's a TCP packet */
if (e->ip.proto != IPPROTO_TCP ||
(e->ip.invflags & XT_INV_PROTO)) {
pr_info("TCP_RESET invalid for non-tcp\n");
return -EINVAL;
}
}
return 0;
}
Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| pre-git | pre-git | 69 | 71.13% | 2 | 20.00% |
| jan engelhardt | jan engelhardt | 19 | 19.59% | 6 | 60.00% |
| harald welte | harald welte | 7 | 7.22% | 1 | 10.00% |
| patrick mchardy | patrick mchardy | 2 | 2.06% | 1 | 10.00% |
| Total | 97 | 100.00% | 10 | 100.00% |
static struct xt_target reject_tg_reg __read_mostly = {
.name = "REJECT",
.family = NFPROTO_IPV4,
.target = reject_tg,
.targetsize = sizeof(struct ipt_reject_info),
.table = "filter",
.hooks = (1 << NF_INET_LOCAL_IN) | (1 << NF_INET_FORWARD) |
(1 << NF_INET_LOCAL_OUT),
.checkentry = reject_tg_check,
.me = THIS_MODULE,
};
static int __init reject_tg_init(void)
{
return xt_register_target(&reject_tg_reg);
}
Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| pre-git | pre-git | 12 | 75.00% | 1 | 25.00% |
| jan engelhardt | jan engelhardt | 3 | 18.75% | 2 | 50.00% |
| daniele bellucci | daniele bellucci | 1 | 6.25% | 1 | 25.00% |
| Total | 16 | 100.00% | 4 | 100.00% |
static void __exit reject_tg_exit(void)
{
xt_unregister_target(&reject_tg_reg);
}
Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| pre-git | pre-git | 12 | 80.00% | 1 | 33.33% |
| jan engelhardt | jan engelhardt | 3 | 20.00% | 2 | 66.67% |
| Total | 15 | 100.00% | 3 | 100.00% |
module_init(reject_tg_init);
module_exit(reject_tg_exit);
Overall Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| pre-git | pre-git | 132 | 30.56% | 2 | 5.71% |
| linus torvalds | linus torvalds | 95 | 21.99% | 2 | 5.71% |
| jan engelhardt | jan engelhardt | 52 | 12.04% | 10 | 28.57% |
| patrick mchardy | patrick mchardy | 45 | 10.42% | 6 | 17.14% |
| harald welte | harald welte | 23 | 5.32% | 4 | 11.43% |
| florian westphal | florian westphal | 20 | 4.63% | 1 | 2.86% |
| art haas | art haas | 13 | 3.01% | 1 | 2.86% |
| pablo neira ayuso | pablo neira ayuso | 11 | 2.55% | 2 | 5.71% |
| eric leblond | eric leblond | 11 | 2.55% | 1 | 2.86% |
| maciej soltysiak | maciej soltysiak | 9 | 2.08% | 1 | 2.86% |
| herbert xu | herbert xu | 9 | 2.08% | 1 | 2.86% |
| bart de schuymer | bart de schuymer | 6 | 1.39% | 1 | 2.86% |
| tejun heo | tejun heo | 3 | 0.69% | 1 | 2.86% |
| eric w. biederman | eric w. biederman | 2 | 0.46% | 1 | 2.86% |
| daniele bellucci | daniele bellucci | 1 | 0.23% | 1 | 2.86% |
| Total | 432 | 100.00% | 35 | 100.00% |
Information contained on this website is for historical information purposes only and does not indicate or represent copyright ownership.