[packages/kernel.git] / pom-ng-IPV4OPTSSTRIP-20060504.patch

 Kconfig             |   10 +++++
 Makefile            |    1 
 ipt_IPV4OPTSSTRIP.c |   87 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 98 insertions(+)

diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig
--- linux.org/net/ipv4/netfilter/Kconfig	2006-05-02 23:38:44.000000000 +0200
+++ linux/net/ipv4/netfilter/Kconfig	2006-05-04 09:57:42.000000000 +0200
@@ -606,5 +606,15 @@
 	  Allows altering the ARP packet payload: source and destination
 	  hardware and network addresses.
 
+config IP_NF_TARGET_IPV4OPTSSTRIP
+	tristate  'IPV4OPTSSTRIP target support'
+	depends on IP_NF_MANGLE
+	help
+	  This option adds an IPV4OPTSSTRIP target.
+	  This target allows you to strip all IP options in a packet.
+	 
+	  If you want to compile it as a module, say M here and read
+	  Documentation/modules.txt.  If unsure, say `N'.
+
 endmenu
 
diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile
--- linux.org/net/ipv4/netfilter/Makefile	2006-05-02 23:38:44.000000000 +0200
+++ linux/net/ipv4/netfilter/Makefile	2006-05-04 09:57:42.000000000 +0200
@@ -0,0 +0,1 @@
+obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o
diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
--- linux.org/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c	1970-01-01 01:00:00.000000000 +0100
+++ linux/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c	2006-05-04 09:57:42.000000000 +0200
@@ -0,0 +1,87 @@
+/**
+ * Strip all IP options in the IP packet header.
+ *
+ * (C) 2001 by Fabrice MARIE <fabrice@netfilter.org>
+ * This software is distributed under GNU GPL v2, 1991
+ */
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <net/ip.h>
+#include <net/checksum.h>
+
+#include <linux/netfilter_ipv4/ip_tables.h>
+
+MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
+MODULE_DESCRIPTION("Strip all options in IPv4 packets");
+MODULE_LICENSE("GPL");
+
+static unsigned int
+target(struct sk_buff **pskb,
+       const struct net_device *in,
+       const struct net_device *out,
+       unsigned int hooknum,
+       const void *targinfo,
+       void *userinfo)
+{
+	struct iphdr *iph;
+	struct sk_buff *skb;
+	struct ip_options *opt;
+	unsigned char *optiph;
+	int l;
+	
+	if (!skb_make_writable(pskb, (*pskb)->len))
+		return NF_DROP;
+ 
+	skb = (*pskb);
+	iph = (*pskb)->nh.iph;
+	optiph = skb->nh.raw;
+	l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
+
+	/* if no options in packet then nothing to clear. */
+	if (iph->ihl * 4 == sizeof(struct iphdr))
+		return IPT_CONTINUE;
+
+	/* else clear all options */
+	memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
+	memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l);
+	opt = &(IPCB(skb)->opt);
+	opt->is_data = 0;
+	opt->optlen = l;
+
+        return IPT_CONTINUE;
+}
+
+static int
+checkentry(const char *tablename,
+	   const struct ipt_entry *e,
+           void *targinfo,
+           unsigned int targinfosize,
+           unsigned int hook_mask)
+{
+	if (strcmp(tablename, "mangle")) {
+		printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
+		return 0;
+	}
+	/* nothing else to check because no parameters */
+	return 1;
+}
+
+static struct ipt_target ipt_ipv4optsstrip_reg = { 
+	.name = "IPV4OPTSSTRIP",
+	.target = target,
+	.checkentry = checkentry,
+	.me = THIS_MODULE };
+
+static int __init init(void)
+{
+	return ipt_register_target(&ipt_ipv4optsstrip_reg);
+}
+
+static void __exit fini(void)
+{
+	ipt_unregister_target(&ipt_ipv4optsstrip_reg);
+}
+
+module_init(init);
+module_exit(fini);
Commit	Line	Data
e00b0090	1	Kconfig \| 10 +++++
	2	Makefile \| 1
	3	ipt_IPV4OPTSSTRIP.c \| 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++
	4	3 files changed, 98 insertions(+)
	5
	6	diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig
	7	--- linux.org/net/ipv4/netfilter/Kconfig 2006-05-02 23:38:44.000000000 +0200
	8	+++ linux/net/ipv4/netfilter/Kconfig 2006-05-04 09:57:42.000000000 +0200
	9	@@ -606,5 +606,15 @@
	10	Allows altering the ARP packet payload: source and destination
	11	hardware and network addresses.
	12
	13	+config IP_NF_TARGET_IPV4OPTSSTRIP
	14	+ tristate 'IPV4OPTSSTRIP target support'
	15	+ depends on IP_NF_MANGLE
	16	+ help
	17	+ This option adds an IPV4OPTSSTRIP target.
	18	+ This target allows you to strip all IP options in a packet.
	19	+
	20	+ If you want to compile it as a module, say M here and read
	21	+ Documentation/modules.txt. If unsure, say `N'.
	22	+
	23	endmenu
	24
	25	diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile
	26	--- linux.org/net/ipv4/netfilter/Makefile 2006-05-02 23:38:44.000000000 +0200
	27	+++ linux/net/ipv4/netfilter/Makefile 2006-05-04 09:57:42.000000000 +0200
	28	@@ -0,0 +0,1 @@
	29	+obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o
	30	diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
	31	--- linux.org/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 1970-01-01 01:00:00.000000000 +0100
	32	+++ linux/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 2006-05-04 09:57:42.000000000 +0200
	33	@@ -0,0 +1,87 @@
	34	+/**
	35	+ * Strip all IP options in the IP packet header.
	36	+ *
	37	+ * (C) 2001 by Fabrice MARIE <fabrice@netfilter.org>
	38	+ * This software is distributed under GNU GPL v2, 1991
	39	+ */
	40	+
	41	+#include <linux/module.h>
	42	+#include <linux/skbuff.h>
	43	+#include <net/ip.h>
	44	+#include <net/checksum.h>
	45	+
	46	+#include <linux/netfilter_ipv4/ip_tables.h>
	47	+
	48	+MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
	49	+MODULE_DESCRIPTION("Strip all options in IPv4 packets");
	50	+MODULE_LICENSE("GPL");
	51	+
	52	+static unsigned int
	53	+target(struct sk_buff **pskb,
	54	+ const struct net_device *in,
	55	+ const struct net_device *out,
	56	+ unsigned int hooknum,
	57	+ const void *targinfo,
	58	+ void *userinfo)
	59	+{
	60	+ struct iphdr *iph;
	61	+ struct sk_buff *skb;
	62	+ struct ip_options *opt;
	63	+ unsigned char *optiph;
	64	+ int l;
65	+
66	+ if (!skb_make_writable(pskb, (*pskb)->len))
67	+ return NF_DROP;
68	+
69	+ skb = (*pskb);
70	+ iph = (*pskb)->nh.iph;
71	+ optiph = skb->nh.raw;
72	+ l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
73	+
74	+ /* if no options in packet then nothing to clear. */
75	+ if (iph->ihl * 4 == sizeof(struct iphdr))
76	+ return IPT_CONTINUE;
77	+
78	+ /* else clear all options */
79	+ memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
80	+ memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l);
81	+ opt = &(IPCB(skb)->opt);
82	+ opt->is_data = 0;
83	+ opt->optlen = l;
84	+
85	+ return IPT_CONTINUE;
86	+}
87	+
88	+static int
89	+checkentry(const char *tablename,
90	+ const struct ipt_entry *e,
91	+ void *targinfo,
92	+ unsigned int targinfosize,
93	+ unsigned int hook_mask)
94	+{
95	+ if (strcmp(tablename, "mangle")) {
96	+ printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
97	+ return 0;
98	+ }
99	+ /* nothing else to check because no parameters */
100	+ return 1;
101	+}
102	+
103	+static struct ipt_target ipt_ipv4optsstrip_reg = {
104	+ .name = "IPV4OPTSSTRIP",
105	+ .target = target,
106	+ .checkentry = checkentry,
107	+ .me = THIS_MODULE };
108	+
109	+static int __init init(void)
110	+{
111	+ return ipt_register_target(&ipt_ipv4optsstrip_reg);
112	+}
113	+
114	+static void __exit fini(void)
115	+{
116	+ ipt_unregister_target(&ipt_ipv4optsstrip_reg);
117	+}
118	+
119	+module_init(init);
120	+module_exit(fini);