[packages/kernel.git] / pom-ng-XOR-20060504.patch

 include/linux/netfilter_ipv4/ipt_XOR.h |    9 ++
 net/ipv4/netfilter/Kconfig             |   10 ++
 net/ipv4/netfilter/Makefile            |    1 
 net/ipv4/netfilter/ipt_XOR.c           |  117 +++++++++++++++++++++++++++++++++
 4 files changed, 137 insertions(+)

diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv4/ipt_XOR.h linux/include/linux/netfilter_ipv4/ipt_XOR.h
--- linux.org/include/linux/netfilter_ipv4/ipt_XOR.h	1970-01-01 01:00:00.000000000 +0100
+++ linux/include/linux/netfilter_ipv4/ipt_XOR.h	2006-05-04 14:48:15.000000000 +0200
@@ -0,0 +1,9 @@
+#ifndef _IPT_XOR_H
+#define _IPT_XOR_H
+
+struct ipt_XOR_info {
+	char		key[30];
+	u_int8_t	block_size;
+};
+
+#endif /* _IPT_XOR_H */
diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig
--- linux.org/net/ipv4/netfilter/Kconfig	2006-05-02 23:38:44.000000000 +0200
+++ linux/net/ipv4/netfilter/Kconfig	2006-05-04 14:48:15.000000000 +0200
@@ -606,5 +606,15 @@
 	  Allows altering the ARP packet payload: source and destination
 	  hardware and network addresses.
 
+config IP_NF_TARGET_XOR
+	tristate  'XOR target support'
+	depends on IP_NF_MANGLE
+	help
+	  This option adds a `XOR' target, which can encrypt TCP and 
+	  UDP traffic using a simple XOR encryption.
+	
+	  If you want to compile it as a module, say M here and read
+	  Documentation/modules.txt.  If unsure, say `N'.
+
 endmenu
 
diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile
--- linux.org/net/ipv4/netfilter/Makefile	2006-05-02 23:38:44.000000000 +0200
+++ linux/net/ipv4/netfilter/Makefile	2006-05-04 14:48:15.000000000 +0200
@@ -0,0 +0,1 @@
+obj-$(CONFIG_IP_NF_TARGET_XOR) += ipt_XOR.o
diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_XOR.c linux/net/ipv4/netfilter/ipt_XOR.c
--- linux.org/net/ipv4/netfilter/ipt_XOR.c	1970-01-01 01:00:00.000000000 +0100
+++ linux/net/ipv4/netfilter/ipt_XOR.c	2006-05-04 14:48:15.000000000 +0200
@@ -0,0 +1,117 @@
+/* XOR target for IP tables
+ * (C) 2000 by Tim Vandermeersch <Tim.Vandermeersch@pandora.be>
+ * Based on ipt_TTL.c
+ *
+ * Version 1.0
+ *
+ * This software is distributed under the terms of GNU GPL
+ */
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/ip.h>
+#include <linux/tcp.h>
+#include <linux/udp.h>
+
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_XOR.h>
+
+MODULE_AUTHOR("Tim Vandermeersch <Tim.Vandermeersch@pandora.be>");
+MODULE_DESCRIPTION("IP tables XOR module");
+MODULE_LICENSE("GPL");
+
+static unsigned int 
+ipt_xor_target(struct sk_buff **pskb, 
+		const struct net_device *in, const struct net_device *out, 
+		unsigned int hooknum, const void *targinfo, void *userinfo)
+{
+	struct ipt_XOR_info *info = (void *) targinfo;
+	struct iphdr *iph;
+	struct tcphdr *tcph;
+	struct udphdr *udph;
+	int i, j, k;
+
+	if (!skb_make_writable(pskb, (*pskb)->len))
+		return NF_DROP;
+
+	iph = (*pskb)->nh.iph;
+  
+	if (iph->protocol == IPPROTO_TCP) {
+		tcph = (struct tcphdr *) ((*pskb)->data + iph->ihl*4);
+		for (i=0, j=0; i<(ntohs(iph->tot_len) - iph->ihl*4 - tcph->doff*4); ) {
+			for (k=0; k<=info->block_size; k++) {
+				(*pskb)->data[ iph->ihl*4 + tcph->doff*4 + i ] ^=
+						info->key[j];
+				i++;
+			}
+			j++;
+			if (info->key[j] == 0x00)
+				j = 0;
+		}
+	} else if (iph->protocol == IPPROTO_UDP) {
+		udph = (struct udphdr *) ((*pskb)->data + iph->ihl*4);
+		for (i=0, j=0; i<(ntohs(udph->len)-8); ) {
+			for (k=0; k<=info->block_size; k++) {
+				(*pskb)->data[ iph->ihl*4 + sizeof(struct udphdr) + i ] ^= 
+						info->key[j];
+				i++;
+			}
+			j++;
+			if (info->key[j] == 0x00)
+				j = 0;
+		}
+	}
+  
+	return IPT_CONTINUE;
+}
+
+static int ipt_xor_checkentry(const char *tablename, const struct ipt_entry *e,
+		void *targinfo, unsigned int targinfosize, 
+		unsigned int hook_mask)
+{
+	struct ipt_XOR_info *info = targinfo;
+
+	if (targinfosize != IPT_ALIGN(sizeof(struct ipt_XOR_info))) {
+		printk(KERN_WARNING "XOR: targinfosize %u != %Zu\n", 
+				targinfosize, IPT_ALIGN(sizeof(struct ipt_XOR_info)));
+		return 0;
+	}	
+
+	if (strcmp(tablename, "mangle")) {
+		printk(KERN_WARNING "XOR: can only be called from"
+				"\"mangle\" table, not \"%s\"\n", tablename);
+		return 0; 
+	}
+
+	if (!strcmp(info->key, "")) {
+		printk(KERN_WARNING "XOR: You must specify a key");
+		return 0;
+	}
+
+	if (info->block_size == 0) {
+		printk(KERN_WARNING "XOR: You must specify a block-size");
+		return 0;
+	}
+
+	return 1;
+}
+
+static struct ipt_target ipt_XOR = { 
+	.name = "XOR",
+	.target = ipt_xor_target, 
+	.checkentry = ipt_xor_checkentry,
+	.me = THIS_MODULE,
+};
+
+static int __init init(void)
+{
+	return ipt_register_target(&ipt_XOR);
+}
+
+static void __exit fini(void)
+{
+	ipt_unregister_target(&ipt_XOR);
+}
+
+module_init(init);
+module_exit(fini);
Commit	Line	Data
c6410bf7	1	include/linux/netfilter_ipv4/ipt_XOR.h \| 9 ++
	2	net/ipv4/netfilter/Kconfig \| 10 ++
	3	net/ipv4/netfilter/Makefile \| 1
	4	net/ipv4/netfilter/ipt_XOR.c \| 117 +++++++++++++++++++++++++++++++++
	5	4 files changed, 137 insertions(+)
	6
	7	diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv4/ipt_XOR.h linux/include/linux/netfilter_ipv4/ipt_XOR.h
	8	--- linux.org/include/linux/netfilter_ipv4/ipt_XOR.h 1970-01-01 01:00:00.000000000 +0100
	9	+++ linux/include/linux/netfilter_ipv4/ipt_XOR.h 2006-05-04 14:48:15.000000000 +0200
	10	@@ -0,0 +1,9 @@
	11	+#ifndef _IPT_XOR_H
	12	+#define _IPT_XOR_H
	13	+
	14	+struct ipt_XOR_info {
	15	+ char key[30];
	16	+ u_int8_t block_size;
	17	+};
	18	+
	19	+#endif /* _IPT_XOR_H */
	20	diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig
	21	--- linux.org/net/ipv4/netfilter/Kconfig 2006-05-02 23:38:44.000000000 +0200
	22	+++ linux/net/ipv4/netfilter/Kconfig 2006-05-04 14:48:15.000000000 +0200
	23	@@ -606,5 +606,15 @@
	24	Allows altering the ARP packet payload: source and destination
	25	hardware and network addresses.
	26
	27	+config IP_NF_TARGET_XOR
	28	+ tristate 'XOR target support'
	29	+ depends on IP_NF_MANGLE
	30	+ help
	31	+ This option adds a `XOR' target, which can encrypt TCP and
	32	+ UDP traffic using a simple XOR encryption.
	33	+
	34	+ If you want to compile it as a module, say M here and read
	35	+ Documentation/modules.txt. If unsure, say `N'.
	36	+
	37	endmenu
	38
	39	diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile
	40	--- linux.org/net/ipv4/netfilter/Makefile 2006-05-02 23:38:44.000000000 +0200
	41	+++ linux/net/ipv4/netfilter/Makefile 2006-05-04 14:48:15.000000000 +0200
	42	@@ -0,0 +0,1 @@
	43	+obj-$(CONFIG_IP_NF_TARGET_XOR) += ipt_XOR.o
	44	diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_XOR.c linux/net/ipv4/netfilter/ipt_XOR.c
	45	--- linux.org/net/ipv4/netfilter/ipt_XOR.c 1970-01-01 01:00:00.000000000 +0100
	46	+++ linux/net/ipv4/netfilter/ipt_XOR.c 2006-05-04 14:48:15.000000000 +0200
	47	@@ -0,0 +1,117 @@
	48	+/* XOR target for IP tables
	49	+ * (C) 2000 by Tim Vandermeersch <Tim.Vandermeersch@pandora.be>
	50	+ * Based on ipt_TTL.c
	51	+ *
	52	+ * Version 1.0
	53	+ *
	54	+ * This software is distributed under the terms of GNU GPL
	55	+ */
	56	+
	57	+#include <linux/module.h>
	58	+#include <linux/skbuff.h>
	59	+#include <linux/ip.h>
	60	+#include <linux/tcp.h>
	61	+#include <linux/udp.h>
	62	+
	63	+#include <linux/netfilter_ipv4/ip_tables.h>
	64	+#include <linux/netfilter_ipv4/ipt_XOR.h>
65	+
66	+MODULE_AUTHOR("Tim Vandermeersch <Tim.Vandermeersch@pandora.be>");
67	+MODULE_DESCRIPTION("IP tables XOR module");
68	+MODULE_LICENSE("GPL");
69	+
70	+static unsigned int
71	+ipt_xor_target(struct sk_buff **pskb,
72	+ const struct net_device in, const struct net_device out,
73	+ unsigned int hooknum, const void targinfo, void userinfo)
74	+{
75	+ struct ipt_XOR_info info = (void ) targinfo;
76	+ struct iphdr *iph;
77	+ struct tcphdr *tcph;
78	+ struct udphdr *udph;
79	+ int i, j, k;
80	+
81	+ if (!skb_make_writable(pskb, (*pskb)->len))
82	+ return NF_DROP;
83	+
84	+ iph = (*pskb)->nh.iph;
85	+
86	+ if (iph->protocol == IPPROTO_TCP) {
87	+ tcph = (struct tcphdr ) ((pskb)->data + iph->ihl*4);
88	+ for (i=0, j=0; i<(ntohs(iph->tot_len) - iph->ihl4 - tcph->doff4); ) {
89	+ for (k=0; k<=info->block_size; k++) {
90	+ (pskb)->data[ iph->ihl4 + tcph->doff*4 + i ] ^=
91	+ info->key[j];
92	+ i++;
93	+ }
94	+ j++;
95	+ if (info->key[j] == 0x00)
96	+ j = 0;
97	+ }
98	+ } else if (iph->protocol == IPPROTO_UDP) {
99	+ udph = (struct udphdr ) ((pskb)->data + iph->ihl*4);
100	+ for (i=0, j=0; i<(ntohs(udph->len)-8); ) {
101	+ for (k=0; k<=info->block_size; k++) {
102	+ (pskb)->data[ iph->ihl4 + sizeof(struct udphdr) + i ] ^=
103	+ info->key[j];
104	+ i++;
105	+ }
106	+ j++;
107	+ if (info->key[j] == 0x00)
108	+ j = 0;
109	+ }
110	+ }
111	+
112	+ return IPT_CONTINUE;
113	+}
114	+
115	+static int ipt_xor_checkentry(const char tablename, const struct ipt_entry e,
116	+ void *targinfo, unsigned int targinfosize,
117	+ unsigned int hook_mask)
118	+{
119	+ struct ipt_XOR_info *info = targinfo;
120	+
121	+ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_XOR_info))) {
122	+ printk(KERN_WARNING "XOR: targinfosize %u != %Zu\n",
123	+ targinfosize, IPT_ALIGN(sizeof(struct ipt_XOR_info)));
124	+ return 0;
125	+ }
126	+
127	+ if (strcmp(tablename, "mangle")) {
128	+ printk(KERN_WARNING "XOR: can only be called from"
129	+ "\"mangle\" table, not \"%s\"\n", tablename);
130	+ return 0;
131	+ }
132	+
133	+ if (!strcmp(info->key, "")) {
134	+ printk(KERN_WARNING "XOR: You must specify a key");
135	+ return 0;
136	+ }
137	+
138	+ if (info->block_size == 0) {
139	+ printk(KERN_WARNING "XOR: You must specify a block-size");
140	+ return 0;
141	+ }
142	+
143	+ return 1;
144	+}
145	+
146	+static struct ipt_target ipt_XOR = {
147	+ .name = "XOR",
148	+ .target = ipt_xor_target,
149	+ .checkentry = ipt_xor_checkentry,
150	+ .me = THIS_MODULE,
151	+};
152	+
153	+static int __init init(void)
154	+{
155	+ return ipt_register_target(&ipt_XOR);
156	+}
157	+
158	+static void __exit fini(void)
159	+{
160	+ ipt_unregister_target(&ipt_XOR);
161	+}
162	+
163	+module_init(init);
164	+module_exit(fini);