Author: pluto Date: Thu Sep 15 07:20:38 2005 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- [base] hoplimit, ttl, ipv4optsstrip
---- Files affected:
SOURCES:
linux-2.6-nf-TTL.patch (NONE -> 1.1.2.1) (NEW), linux-2.6-nf-HOPLIMIT.patch
(NONE -> 1.1.2.1) (NEW), linux-2.6-nf-IPV4OPTSSTRIP.patch (NONE -> 1.1.2.1)
(NEW)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-nf-TTL.patch
diff -u /dev/null SOURCES/linux-2.6-nf-TTL.patch:1.1.2.1
--- /dev/null Thu Sep 15 09:20:39 2005
+++ SOURCES/linux-2.6-nf-TTL.patch Thu Sep 15 09:20:33 2005
@@ -0,0 +1,181 @@
+ include/linux/netfilter_ipv4/ipt_TTL.h | 21 +++++
+ net/ipv4/netfilter/Kconfig | 11 ++
+ net/ipv4/netfilter/Makefile | 3
+ net/ipv4/netfilter/ipt_TTL.c | 122
+++++++++++++++++++++++++++++++++
+ 4 files changed, 157 insertions(+)
+diff -uNr linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ipt_TTL.h
linux-2.6.13.1/include/linux/netfilter_ipv4/ipt_TTL.h
+--- linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ipt_TTL.h 1970-01-01
01:00:00.000000000 +0100
++++ linux-2.6.13.1/include/linux/netfilter_ipv4/ipt_TTL.h 2005-09-15
09:02:15.928364500 +0200
+@@ -0,0 +1,21 @@
++/* TTL modification module for IP tables
++ * (C) 2000 by Harald Welte <[EMAIL PROTECTED]> */
++
++#ifndef _IPT_TTL_H
++#define _IPT_TTL_H
++
++enum {
++ IPT_TTL_SET = 0,
++ IPT_TTL_INC,
++ IPT_TTL_DEC
++};
++
++#define IPT_TTL_MAXMODE IPT_TTL_DEC
++
++struct ipt_TTL_info {
++ u_int8_t mode;
++ u_int8_t ttl;
++};
++
++
++#endif
+diff -uNr linux-2.6.13.1/net.orig/ipv4/netfilter/ipt_TTL.c
linux-2.6.13.1/net/ipv4/netfilter/ipt_TTL.c
+--- linux-2.6.13.1/net.orig/ipv4/netfilter/ipt_TTL.c 1970-01-01
01:00:00.000000000 +0100
++++ linux-2.6.13.1/net/ipv4/netfilter/ipt_TTL.c 2005-09-15
09:02:15.932362750 +0200
+@@ -0,0 +1,122 @@
++/* TTL modification target for IP tables
++ * (C) 2000 by Harald Welte <[EMAIL PROTECTED]>
++ *
++ * Version: $Revision$
++ *
++ * This software is distributed under the terms of GNU GPL
++ */
++
++#include <linux/module.h>
++#include <linux/skbuff.h>
++#include <linux/ip.h>
++#include <net/checksum.h>
++
++#include <linux/netfilter_ipv4/ip_tables.h>
++#include <linux/netfilter_ipv4/ipt_TTL.h>
++
++MODULE_AUTHOR("Harald Welte <[EMAIL PROTECTED]>");
++MODULE_DESCRIPTION("IP tables TTL modification module");
++MODULE_LICENSE("GPL");
++
++static unsigned int
++ipt_ttl_target(struct sk_buff **pskb, const struct net_device *in,
++ const struct net_device *out, unsigned int hooknum,
++ const void *targinfo, void *userinfo)
++{
++ struct iphdr *iph;
++ const struct ipt_TTL_info *info = targinfo;
++ u_int16_t diffs[2];
++ int new_ttl;
++
++ if (!skb_ip_make_writable(pskb, (*pskb)->len))
++ return NF_DROP;
++
++ iph = (*pskb)->nh.iph;
++
++ switch (info->mode) {
++ case IPT_TTL_SET:
++ new_ttl = info->ttl;
++ break;
++ case IPT_TTL_INC:
++ new_ttl = iph->ttl + info->ttl;
++ if (new_ttl > 255)
++ new_ttl = 255;
++ break;
++ case IPT_TTL_DEC:
++ new_ttl = iph->ttl - info->ttl;
++ if (new_ttl < 0)
++ new_ttl = 0;
++ break;
++ default:
++ new_ttl = iph->ttl;
++ break;
++ }
++
++ if (new_ttl != iph->ttl) {
++ diffs[0] = htons(((unsigned)iph->ttl) << 8) ^ 0xFFFF;
++ iph->ttl = new_ttl;
++ diffs[1] = htons(((unsigned)iph->ttl) << 8);
++ iph->check = csum_fold(csum_partial((char *)diffs,
++ sizeof(diffs),
++ iph->check^0xFFFF));
++ (*pskb)->nfcache |= NFC_ALTERED;
++ }
++
++ return IPT_CONTINUE;
++}
++
++static int ipt_ttl_checkentry(const char *tablename,
++ const struct ipt_entry *e,
++ void *targinfo,
++ unsigned int targinfosize,
++ unsigned int hook_mask)
++{
++ struct ipt_TTL_info *info = targinfo;
++
++ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_TTL_info))) {
++ printk(KERN_WARNING "TTL: targinfosize %u != %Zu\n",
++ targinfosize,
++ IPT_ALIGN(sizeof(struct ipt_TTL_info)));
++ return 0;
++ }
++
++ if (strcmp(tablename, "mangle")) {
++ printk(KERN_WARNING "TTL: can only be called from "
++ "\"mangle\" table, not \"%s\"\n", tablename);
++ return 0;
++ }
++
++ if (info->mode > IPT_TTL_MAXMODE) {
++ printk(KERN_WARNING "TTL: invalid or unknown Mode %u\n",
++ info->mode);
++ return 0;
++ }
++
++ if ((info->mode != IPT_TTL_SET) && (info->ttl == 0)) {
++ printk(KERN_WARNING "TTL: increment/decrement doesn't "
++ "make sense with value 0\n");
++ return 0;
++ }
++
++ return 1;
++}
++
++static struct ipt_target ipt_TTL = {
++ .name = "TTL",
++ .target = ipt_ttl_target,
++ .checkentry = ipt_ttl_checkentry,
++ .me = THIS_MODULE,
++};
++
++static int __init init(void)
++{
++ return ipt_register_target(&ipt_TTL);
++}
++
++static void __exit fini(void)
++{
++ ipt_unregister_target(&ipt_TTL);
++}
++
++module_init(init);
++module_exit(fini);
+diff -uNr linux-2.6.13.1/net.orig/ipv4/netfilter/Kconfig
linux-2.6.13.1/net/ipv4/netfilter/Kconfig
+--- linux-2.6.13.1/net.orig/ipv4/netfilter/Kconfig 2005-09-10
04:42:58.000000000 +0200
++++ linux-2.6.13.1/net/ipv4/netfilter/Kconfig 2005-09-15 09:02:15.936361000
+0200
+@@ -692,5 +692,16 @@
+ Allows altering the ARP packet payload: source and destination
+ hardware and network addresses.
+
++config IP_NF_TARGET_TTL
++ tristate 'TTL target support'
++ depends on IP_NF_MANGLE
++ help
++ This option adds a `TTL' target, which enables the user to set
++ the TTL value or increment / decrement the TTL value by a given
++ amount.
++
++ If you want to compile it as a module, say M here and read
++ Documentation/modules.txt. If unsure, say `N'.
++
+ endmenu
+
+diff -uNr linux-2.6.13.1/net.orig/ipv4/netfilter/Makefile
linux-2.6.13.1/net/ipv4/netfilter/Makefile
+--- linux-2.6.13.1/net.orig/ipv4/netfilter/Makefile 2005-09-10
04:42:58.000000000 +0200
++++ linux-2.6.13.1/net/ipv4/netfilter/Makefile 2005-09-15 09:03:09.078554750
+0200
+@@ -0,0 +0,1 @@
++obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
================================================================
Index: SOURCES/linux-2.6-nf-HOPLIMIT.patch
diff -u /dev/null SOURCES/linux-2.6-nf-HOPLIMIT.patch:1.1.2.1
--- /dev/null Thu Sep 15 09:20:39 2005
+++ SOURCES/linux-2.6-nf-HOPLIMIT.patch Thu Sep 15 09:20:33 2005
@@ -0,0 +1,172 @@
+
+ include/linux/netfilter_ipv6/ip6t_HL.h | 22 ++++++
+ net/ipv6/netfilter/Kconfig | 10 ++
+ net/ipv6/netfilter/Makefile | 1
+ net/ipv6/netfilter/ip6t_HL.c | 111
+++++++++++++++++++++++++++++++++
+ 4 files changed, 144 insertions(+)
+
+diff -uNr linux-2.6.13.1/include.orig/linux/netfilter_ipv6/ip6t_HL.h
linux-2.6.13.1/include/linux/netfilter_ipv6/ip6t_HL.h
+--- linux-2.6.13.1/include.orig/linux/netfilter_ipv6/ip6t_HL.h 1970-01-01
01:00:00.000000000 +0100
++++ linux-2.6.13.1/include/linux/netfilter_ipv6/ip6t_HL.h 2005-09-15
08:42:13.680280500 +0200
+@@ -0,0 +1,22 @@
++/* Hop Limit modification module for ip6tables
++ * Maciej Soltysiak <[EMAIL PROTECTED]>
++ * Based on HW's TTL module */
++
++#ifndef _IP6T_HL_H
++#define _IP6T_HL_H
++
++enum {
++ IP6T_HL_SET = 0,
++ IP6T_HL_INC,
++ IP6T_HL_DEC
++};
++
++#define IP6T_HL_MAXMODE IP6T_HL_DEC
++
++struct ip6t_HL_info {
++ u_int8_t mode;
++ u_int8_t hop_limit;
++};
++
++
++#endif
+diff -uNr linux-2.6.13.1/net.orig/ipv6/netfilter/ip6t_HL.c
linux-2.6.13.1/net/ipv6/netfilter/ip6t_HL.c
+--- linux-2.6.13.1/net.orig/ipv6/netfilter/ip6t_HL.c 1970-01-01
01:00:00.000000000 +0100
++++ linux-2.6.13.1/net/ipv6/netfilter/ip6t_HL.c 2005-09-15
08:42:13.680280500 +0200
+@@ -0,0 +1,111 @@
++/*
++ * Hop Limit modification target for ip6tables
++ * Maciej Soltysiak <[EMAIL PROTECTED]>
++ * Based on HW's TTL module
++ *
++ * This software is distributed under the terms of GNU GPL
++ */
++
++#include <linux/module.h>
++#include <linux/skbuff.h>
++#include <linux/ip.h>
++
++#include <linux/netfilter_ipv6/ip6_tables.h>
++#include <linux/netfilter_ipv6/ip6t_HL.h>
++
++MODULE_AUTHOR("Maciej Soltysiak <[EMAIL PROTECTED]>");
++MODULE_DESCRIPTION("IP tables Hop Limit modification module");
++MODULE_LICENSE("GPL");
++
++static unsigned int ip6t_hl_target(struct sk_buff **pskb,
++ const struct net_device *in,
++ const struct net_device *out,
++ unsigned int hooknum,
++ const void *targinfo, void *userinfo)
++{
++ struct ipv6hdr *ip6h = (*pskb)->nh.ipv6h;
++ const struct ip6t_HL_info *info = targinfo;
++ u_int16_t diffs[2];
++ int new_hl;
++
++ switch (info->mode) {
++ case IP6T_HL_SET:
++ new_hl = info->hop_limit;
++ break;
++ case IP6T_HL_INC:
++ new_hl = ip6h->hop_limit + info->hop_limit;
++ if (new_hl > 255)
++ new_hl = 255;
++ break;
++ case IP6T_HL_DEC:
++ new_hl = ip6h->hop_limit - info->hop_limit;
++ if (new_hl < 0)
++ new_hl = 0;
++ break;
++ default:
++ new_hl = ip6h->hop_limit;
++ break;
++ }
++
++ if (new_hl != ip6h->hop_limit) {
++ diffs[0] = htons(((unsigned)ip6h->hop_limit) << 8) ^ 0xFFFF;
++ ip6h->hop_limit = new_hl;
++ diffs[1] = htons(((unsigned)ip6h->hop_limit) << 8);
++ }
++
++ return IP6T_CONTINUE;
++}
++
++static int ip6t_hl_checkentry(const char *tablename,
++ const struct ip6t_entry *e,
++ void *targinfo,
++ unsigned int targinfosize,
++ unsigned int hook_mask)
++{
++ struct ip6t_HL_info *info = targinfo;
++
++ if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_HL_info))) {
++ printk(KERN_WARNING "HL: targinfosize %u != %Zu\n",
++ targinfosize,
++ IP6T_ALIGN(sizeof(struct ip6t_HL_info)));
++ return 0;
++ }
++
++ if (strcmp(tablename, "mangle")) {
++ printk(KERN_WARNING "HL: can only be called from \"mangle\"
table, not \"%s\"\n", tablename);
++ return 0;
++ }
++
++ if (info->mode > IP6T_HL_MAXMODE) {
++ printk(KERN_WARNING "HL: invalid or unknown Mode %u\n",
++ info->mode);
++ return 0;
++ }
++
++ if ((info->mode != IP6T_HL_SET) && (info->hop_limit == 0)) {
++ printk(KERN_WARNING "HL: increment/decrement doesn't make sense
with value 0\n");
++ return 0;
++ }
++
++ return 1;
++}
++
++static struct ip6t_target ip6t_HL = {
++ .name = "HL",
++ .target = ip6t_hl_target,
++ .checkentry = ip6t_hl_checkentry,
++ .me = THIS_MODULE
++};
++
++static int __init init(void)
++{
++ return ip6t_register_target(&ip6t_HL);
++}
++
++static void __exit fini(void)
++{
++ ip6t_unregister_target(&ip6t_HL);
++}
++
++module_init(init);
++module_exit(fini);
+diff -uNr linux-2.6.13.1/net.orig/ipv6/netfilter/Kconfig
linux-2.6.13.1/net/ipv6/netfilter/Kconfig
+--- linux-2.6.13.1/net.orig/ipv6/netfilter/Kconfig 2005-09-10
04:42:58.000000000 +0200
++++ linux-2.6.13.1/net/ipv6/netfilter/Kconfig 2005-09-15 08:42:13.684280750
+0200
+@@ -238,5 +238,15 @@
+ If you want to compile it as a module, say M here and read
+ <file:Documentation/modules.txt>. If unsure, say `N'.
+
++config IP6_NF_TARGET_HL
++ tristate 'HL target support'
++ depends on IP6_NF_MANGLE
++ help
++ This option adds a `HL' target, which allows you to modify the value
of
++ IPv6 Hop Limit field.
++
++ If you want to compile it as a module, say M here and read
++ <file:Documentation/modules.txt>. If unsure, say `N'.
++
+ endmenu
+
+diff -uNr linux-2.6.13.1/net.orig/ipv6/netfilter/Makefile
linux-2.6.13.1/net/ipv6/netfilter/Makefile
+--- linux-2.6.13.1/net.orig/ipv6/netfilter/Makefile 2005-09-10
04:42:58.000000000 +0200
++++ linux-2.6.13.1/net/ipv6/netfilter/Makefile 2005-09-15 08:50:48.456452000
+0200
+@@ -0,0 +0,1 @@
++obj-$(CONFIG_IP6_NF_TARGET_HL) += ip6t_HL.o
================================================================
Index: SOURCES/linux-2.6-nf-IPV4OPTSSTRIP.patch
diff -u /dev/null SOURCES/linux-2.6-nf-IPV4OPTSSTRIP.patch:1.1.2.1
--- /dev/null Thu Sep 15 09:20:39 2005
+++ SOURCES/linux-2.6-nf-IPV4OPTSSTRIP.patch Thu Sep 15 09:20:33 2005
@@ -0,0 +1,121 @@
+ Kconfig | 10 +++++
+ Makefile | 3 +
+ ipt_IPV4OPTSSTRIP.c | 89
++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 102 insertions(+)
+diff -uNr linux-2.6.13.1/net.orig/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
linux-2.6.13.1/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
+--- linux-2.6.13.1/net.orig/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 1970-01-01
01:00:00.000000000 +0100
++++ linux-2.6.13.1/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 2005-09-15
08:53:35.990922250 +0200
+@@ -0,0 +1,89 @@
++/**
++ * Strip all IP options in the IP packet header.
++ *
++ * (C) 2001 by Fabrice MARIE <[EMAIL PROTECTED]>
++ * This software is distributed under GNU GPL v2, 1991
++ */
++
++#include <linux/module.h>
++#include <linux/skbuff.h>
++#include <net/ip.h>
++#include <net/checksum.h>
++
++#include <linux/netfilter_ipv4/ip_tables.h>
++
++MODULE_AUTHOR("Fabrice MARIE <[EMAIL PROTECTED]>");
++MODULE_DESCRIPTION("Strip all options in IPv4 packets");
++MODULE_LICENSE("GPL");
++
++static unsigned int
++target(struct sk_buff **pskb,
++ const struct net_device *in,
++ const struct net_device *out,
++ unsigned int hooknum,
++ const void *targinfo,
++ void *userinfo)
++{
++ struct iphdr *iph;
++ struct sk_buff *skb;
++ struct ip_options *opt;
++ unsigned char *optiph;
++ int l;
++
++ if (!skb_ip_make_writable(pskb, (*pskb)->len))
++ return NF_DROP;
++
++ skb = (*pskb);
++ iph = (*pskb)->nh.iph;
++ optiph = skb->nh.raw;
++ l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
++
++ /* if no options in packet then nothing to clear. */
++ if (iph->ihl * 4 == sizeof(struct iphdr))
++ return IPT_CONTINUE;
++
++ /* else clear all options */
++ memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
++ memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l);
++ opt = &(IPCB(skb)->opt);
++ opt->is_data = 0;
++ opt->optlen = l;
++
++ skb->nfcache |= NFC_ALTERED;
++
++ return IPT_CONTINUE;
++}
++
++static int
++checkentry(const char *tablename,
++ const struct ipt_entry *e,
++ void *targinfo,
++ unsigned int targinfosize,
++ unsigned int hook_mask)
++{
++ if (strcmp(tablename, "mangle")) {
++ printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from
\"mangle\" table, not \"%s\"\n", tablename);
++ return 0;
++ }
++ /* nothing else to check because no parameters */
++ return 1;
++}
++
++static struct ipt_target ipt_ipv4optsstrip_reg = {
++ .name = "IPV4OPTSSTRIP",
++ .target = target,
++ .checkentry = checkentry,
++ .me = THIS_MODULE };
++
++static int __init init(void)
++{
++ return ipt_register_target(&ipt_ipv4optsstrip_reg);
++}
++
++static void __exit fini(void)
++{
++ ipt_unregister_target(&ipt_ipv4optsstrip_reg);
++}
++
++module_init(init);
++module_exit(fini);
+diff -uNr linux-2.6.13.1/net.orig/ipv4/netfilter/Kconfig
linux-2.6.13.1/net/ipv4/netfilter/Kconfig
+--- linux-2.6.13.1/net.orig/ipv4/netfilter/Kconfig 2005-09-10
04:42:58.000000000 +0200
++++ linux-2.6.13.1/net/ipv4/netfilter/Kconfig 2005-09-15 08:53:35.998922750
+0200
+@@ -692,5 +692,15 @@
+ Allows altering the ARP packet payload: source and destination
+ hardware and network addresses.
+
++config IP_NF_TARGET_IPV4OPTSSTRIP
++ tristate 'IPV4OPTSSTRIP target support'
++ depends on IP_NF_MANGLE
++ help
++ This option adds an IPV4OPTSSTRIP target.
++ This target allows you to strip all IP options in a packet.
++
++ If you want to compile it as a module, say M here and read
++ Documentation/modules.txt. If unsure, say `N'.
++
+ endmenu
+
+diff -uNr linux-2.6.13.1/net.orig/ipv4/netfilter/Makefile
linux-2.6.13.1/net/ipv4/netfilter/Makefile
+--- linux-2.6.13.1/net.orig/ipv4/netfilter/Makefile 2005-09-10
04:42:58.000000000 +0200
++++ linux-2.6.13.1/net/ipv4/netfilter/Makefile 2005-09-15 08:58:54.650837250
+0200
+@@ -0,0 +0,1 @@
++obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o
================================================================
_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
