]>
Commit | Line | Data |
---|---|---|
c6410bf7 | 1 | include/linux/netfilter_ipv4/ipt_XOR.h | 9 ++ |
2 | net/ipv4/netfilter/Kconfig | 10 ++ | |
3 | net/ipv4/netfilter/Makefile | 1 | |
4 | net/ipv4/netfilter/ipt_XOR.c | 117 +++++++++++++++++++++++++++++++++ | |
5 | 4 files changed, 137 insertions(+) | |
6 | ||
7 | diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv4/ipt_XOR.h linux/include/linux/netfilter_ipv4/ipt_XOR.h | |
8 | --- linux.org/include/linux/netfilter_ipv4/ipt_XOR.h 1970-01-01 01:00:00.000000000 +0100 | |
9 | +++ linux/include/linux/netfilter_ipv4/ipt_XOR.h 2006-05-04 14:48:15.000000000 +0200 | |
10 | @@ -0,0 +1,9 @@ | |
11 | +#ifndef _IPT_XOR_H | |
12 | +#define _IPT_XOR_H | |
13 | + | |
14 | +struct ipt_XOR_info { | |
15 | + char key[30]; | |
16 | + u_int8_t block_size; | |
17 | +}; | |
18 | + | |
19 | +#endif /* _IPT_XOR_H */ | |
20 | diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig | |
21 | --- linux.org/net/ipv4/netfilter/Kconfig 2006-05-02 23:38:44.000000000 +0200 | |
22 | +++ linux/net/ipv4/netfilter/Kconfig 2006-05-04 14:48:15.000000000 +0200 | |
23 | @@ -606,5 +606,15 @@ | |
24 | Allows altering the ARP packet payload: source and destination | |
25 | hardware and network addresses. | |
26 | ||
27 | +config IP_NF_TARGET_XOR | |
28 | + tristate 'XOR target support' | |
29 | + depends on IP_NF_MANGLE | |
30 | + help | |
31 | + This option adds a `XOR' target, which can encrypt TCP and | |
32 | + UDP traffic using a simple XOR encryption. | |
33 | + | |
34 | + If you want to compile it as a module, say M here and read | |
35 | + Documentation/modules.txt. If unsure, say `N'. | |
36 | + | |
37 | endmenu | |
38 | ||
39 | diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile | |
40 | --- linux.org/net/ipv4/netfilter/Makefile 2006-05-02 23:38:44.000000000 +0200 | |
41 | +++ linux/net/ipv4/netfilter/Makefile 2006-05-04 14:48:15.000000000 +0200 | |
42 | @@ -0,0 +0,1 @@ | |
43 | +obj-$(CONFIG_IP_NF_TARGET_XOR) += ipt_XOR.o | |
44 | diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_XOR.c linux/net/ipv4/netfilter/ipt_XOR.c | |
45 | --- linux.org/net/ipv4/netfilter/ipt_XOR.c 1970-01-01 01:00:00.000000000 +0100 | |
46 | +++ linux/net/ipv4/netfilter/ipt_XOR.c 2006-05-04 14:48:15.000000000 +0200 | |
47 | @@ -0,0 +1,117 @@ | |
48 | +/* XOR target for IP tables | |
49 | + * (C) 2000 by Tim Vandermeersch <Tim.Vandermeersch@pandora.be> | |
50 | + * Based on ipt_TTL.c | |
51 | + * | |
52 | + * Version 1.0 | |
53 | + * | |
54 | + * This software is distributed under the terms of GNU GPL | |
55 | + */ | |
56 | + | |
57 | +#include <linux/module.h> | |
58 | +#include <linux/skbuff.h> | |
59 | +#include <linux/ip.h> | |
60 | +#include <linux/tcp.h> | |
61 | +#include <linux/udp.h> | |
62 | + | |
63 | +#include <linux/netfilter_ipv4/ip_tables.h> | |
64 | +#include <linux/netfilter_ipv4/ipt_XOR.h> | |
65 | + | |
66 | +MODULE_AUTHOR("Tim Vandermeersch <Tim.Vandermeersch@pandora.be>"); | |
67 | +MODULE_DESCRIPTION("IP tables XOR module"); | |
68 | +MODULE_LICENSE("GPL"); | |
69 | + | |
70 | +static unsigned int | |
71 | +ipt_xor_target(struct sk_buff **pskb, | |
72 | + const struct net_device *in, const struct net_device *out, | |
73 | + unsigned int hooknum, const void *targinfo, void *userinfo) | |
74 | +{ | |
75 | + struct ipt_XOR_info *info = (void *) targinfo; | |
76 | + struct iphdr *iph; | |
77 | + struct tcphdr *tcph; | |
78 | + struct udphdr *udph; | |
79 | + int i, j, k; | |
80 | + | |
81 | + if (!skb_make_writable(pskb, (*pskb)->len)) | |
82 | + return NF_DROP; | |
83 | + | |
84 | + iph = (*pskb)->nh.iph; | |
85 | + | |
86 | + if (iph->protocol == IPPROTO_TCP) { | |
87 | + tcph = (struct tcphdr *) ((*pskb)->data + iph->ihl*4); | |
88 | + for (i=0, j=0; i<(ntohs(iph->tot_len) - iph->ihl*4 - tcph->doff*4); ) { | |
89 | + for (k=0; k<=info->block_size; k++) { | |
90 | + (*pskb)->data[ iph->ihl*4 + tcph->doff*4 + i ] ^= | |
91 | + info->key[j]; | |
92 | + i++; | |
93 | + } | |
94 | + j++; | |
95 | + if (info->key[j] == 0x00) | |
96 | + j = 0; | |
97 | + } | |
98 | + } else if (iph->protocol == IPPROTO_UDP) { | |
99 | + udph = (struct udphdr *) ((*pskb)->data + iph->ihl*4); | |
100 | + for (i=0, j=0; i<(ntohs(udph->len)-8); ) { | |
101 | + for (k=0; k<=info->block_size; k++) { | |
102 | + (*pskb)->data[ iph->ihl*4 + sizeof(struct udphdr) + i ] ^= | |
103 | + info->key[j]; | |
104 | + i++; | |
105 | + } | |
106 | + j++; | |
107 | + if (info->key[j] == 0x00) | |
108 | + j = 0; | |
109 | + } | |
110 | + } | |
111 | + | |
112 | + return IPT_CONTINUE; | |
113 | +} | |
114 | + | |
115 | +static int ipt_xor_checkentry(const char *tablename, const struct ipt_entry *e, | |
116 | + void *targinfo, unsigned int targinfosize, | |
117 | + unsigned int hook_mask) | |
118 | +{ | |
119 | + struct ipt_XOR_info *info = targinfo; | |
120 | + | |
121 | + if (targinfosize != IPT_ALIGN(sizeof(struct ipt_XOR_info))) { | |
122 | + printk(KERN_WARNING "XOR: targinfosize %u != %Zu\n", | |
123 | + targinfosize, IPT_ALIGN(sizeof(struct ipt_XOR_info))); | |
124 | + return 0; | |
125 | + } | |
126 | + | |
127 | + if (strcmp(tablename, "mangle")) { | |
128 | + printk(KERN_WARNING "XOR: can only be called from" | |
129 | + "\"mangle\" table, not \"%s\"\n", tablename); | |
130 | + return 0; | |
131 | + } | |
132 | + | |
133 | + if (!strcmp(info->key, "")) { | |
134 | + printk(KERN_WARNING "XOR: You must specify a key"); | |
135 | + return 0; | |
136 | + } | |
137 | + | |
138 | + if (info->block_size == 0) { | |
139 | + printk(KERN_WARNING "XOR: You must specify a block-size"); | |
140 | + return 0; | |
141 | + } | |
142 | + | |
143 | + return 1; | |
144 | +} | |
145 | + | |
146 | +static struct ipt_target ipt_XOR = { | |
147 | + .name = "XOR", | |
148 | + .target = ipt_xor_target, | |
149 | + .checkentry = ipt_xor_checkentry, | |
150 | + .me = THIS_MODULE, | |
151 | +}; | |
152 | + | |
153 | +static int __init init(void) | |
154 | +{ | |
155 | + return ipt_register_target(&ipt_XOR); | |
156 | +} | |
157 | + | |
158 | +static void __exit fini(void) | |
159 | +{ | |
160 | + ipt_unregister_target(&ipt_XOR); | |
161 | +} | |
162 | + | |
163 | +module_init(init); | |
164 | +module_exit(fini); |