[packages/kernel.git] / pom-ng-random-20060504.patch

 include/linux/netfilter_ipv4/ipt_random.h  |   11 +++
 include/linux/netfilter_ipv6/ip6t_random.h |   11 +++
 net/ipv4/netfilter/Kconfig                 |   11 +++
 net/ipv4/netfilter/Makefile                |    1 
 net/ipv4/netfilter/ipt_random.c            |   93 ++++++++++++++++++++++++++++
 net/ipv6/netfilter/Kconfig                 |   11 +++
 net/ipv6/netfilter/Makefile                |    1 
 net/ipv6/netfilter/ip6t_random.c           |   95 +++++++++++++++++++++++++++++
 8 files changed, 234 insertions(+)

diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv4/ipt_random.h linux/include/linux/netfilter_ipv4/ipt_random.h
--- linux.org/include/linux/netfilter_ipv4/ipt_random.h	1970-01-01 01:00:00.000000000 +0100
+++ linux/include/linux/netfilter_ipv4/ipt_random.h	2006-05-04 10:25:13.000000000 +0200
@@ -0,0 +1,11 @@
+#ifndef _IPT_RAND_H
+#define _IPT_RAND_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+struct ipt_rand_info {
+	u_int8_t average;
+};
+
+#endif /*_IPT_RAND_H*/
diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv6/ip6t_random.h linux/include/linux/netfilter_ipv6/ip6t_random.h
--- linux.org/include/linux/netfilter_ipv6/ip6t_random.h	1970-01-01 01:00:00.000000000 +0100
+++ linux/include/linux/netfilter_ipv6/ip6t_random.h	2006-05-04 10:25:13.000000000 +0200
@@ -0,0 +1,11 @@
+#ifndef _IP6T_RAND_H
+#define _IP6T_RAND_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+struct ip6t_rand_info {
+	u_int8_t average;
+};
+
+#endif /*_IP6T_RAND_H*/
diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig
--- linux.org/net/ipv4/netfilter/Kconfig	2006-05-02 23:38:44.000000000 +0200
+++ linux/net/ipv4/netfilter/Kconfig	2006-05-04 10:25:13.000000000 +0200
@@ -606,5 +606,16 @@
 	  Allows altering the ARP packet payload: source and destination
 	  hardware and network addresses.
 
+config IP_NF_MATCH_RANDOM
+	tristate  'random match support'
+	depends on IP_NF_IPTABLES
+	help
+	  This option adds a `random' match,
+	  which allow you to match packets randomly
+	  following a given probability.
+	 
+	  If you want to compile it as a module, say M here and read
+	  Documentation/modules.txt.  If unsure, say `N'.
+
 endmenu
 
diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile
--- linux.org/net/ipv4/netfilter/Makefile	2006-05-02 23:38:44.000000000 +0200
+++ linux/net/ipv4/netfilter/Makefile	2006-05-04 10:25:13.000000000 +0200
@@ -0,0 +0,1 @@
+obj-$(CONFIG_IP_NF_MATCH_RANDOM) += ipt_random.o
diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_random.c linux/net/ipv4/netfilter/ipt_random.c
--- linux.org/net/ipv4/netfilter/ipt_random.c	1970-01-01 01:00:00.000000000 +0100
+++ linux/net/ipv4/netfilter/ipt_random.c	2006-05-04 10:25:13.000000000 +0200
@@ -0,0 +1,93 @@
+/*
+  This is a module which is used for a "random" match support.
+  This file is distributed under the terms of the GNU General Public
+  License (GPL). Copies of the GPL can be obtained from:
+     ftp://prep.ai.mit.edu/pub/gnu/GPL
+
+  2001-10-14 Fabrice MARIE <fabrice@netfilter.org> : initial implementation.
+*/
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/ip.h>
+#include <linux/random.h>
+#include <net/tcp.h>
+#include <linux/spinlock.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_random.h>
+
+MODULE_LICENSE("GPL");
+
+static int
+ipt_rand_match(const struct sk_buff *pskb,
+	       const struct net_device *in,
+	       const struct net_device *out,
+	       const void *matchinfo,
+	       int offset,
+	       unsigned int protoff,
+	       int *hotdrop)
+{
+	/* Parameters from userspace */
+	const struct ipt_rand_info *info = matchinfo;
+	u_int8_t random_number;
+
+	/* get 1 random number from the kernel random number generation routine */
+	get_random_bytes((void *)(&random_number), 1);
+
+	/* Do we match ? */
+	if (random_number <= info->average)
+		return 1;
+	else
+		return 0;
+}
+
+static int
+ipt_rand_checkentry(const char *tablename,
+		   const struct ipt_ip *e,
+		   void *matchinfo,
+		   unsigned int matchsize,
+		   unsigned int hook_mask)
+{
+	/* Parameters from userspace */
+	const struct ipt_rand_info *info = matchinfo;
+
+	if (matchsize != IPT_ALIGN(sizeof(struct ipt_rand_info))) {
+		printk("ipt_random: matchsize %u != %Zd\n", matchsize,
+		       IPT_ALIGN(sizeof(struct ipt_rand_info)));
+		return 0;
+	}
+
+	/* must be  1 <= average % <= 99 */
+	/* 1  x 2.55 = 2   */
+	/* 99 x 2.55 = 252 */
+	if ((info->average < 2) || (info->average > 252)) {
+		printk("ipt_random:  invalid average %u\n", info->average);
+		return 0;
+	}
+
+	return 1;
+}
+
+static struct ipt_match ipt_rand_reg = { 
+	.name = "random",
+	.match = ipt_rand_match,
+	.checkentry = ipt_rand_checkentry,
+	.me = THIS_MODULE };
+
+static int __init init(void)
+{
+	if (ipt_register_match(&ipt_rand_reg))
+		return -EINVAL;
+
+	printk("ipt_random match loaded\n");
+	return 0;
+}
+
+static void __exit fini(void)
+{
+	ipt_unregister_match(&ipt_rand_reg);
+	printk("ipt_random match unloaded\n");
+}
+
+module_init(init);
+module_exit(fini);
diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/Kconfig linux/net/ipv6/netfilter/Kconfig
--- linux.org/net/ipv6/netfilter/Kconfig	2006-05-02 23:38:44.000000000 +0200
+++ linux/net/ipv6/netfilter/Kconfig	2006-05-04 10:25:13.000000000 +0200
@@ -210,5 +210,16 @@
 	  If you want to compile it as a module, say M here and read
 	  <file:Documentation/modules.txt>.  If unsure, say `N'.
 
+config IP6_NF_MATCH_RANDOM
+	tristate  'Random match support'
+	depends on IP6_NF_IPTABLES
+	help
+	  This option adds a `random' match,
+	  which allow you to match packets randomly
+	  following a given probability.
+	 
+	  If you want to compile it as a module, say M here and read
+	  Documentation/modules.txt.  If unsure, say `N'.
+
 endmenu
 
diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/Makefile linux/net/ipv6/netfilter/Makefile
--- linux.org/net/ipv6/netfilter/Makefile	2006-05-02 23:38:44.000000000 +0200
+++ linux/net/ipv6/netfilter/Makefile	2006-05-04 10:25:13.000000000 +0200
@@ -0,0 +0,1 @@
+obj-$(CONFIG_IP6_NF_MATCH_RANDOM) += ip6t_random.o
diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/ip6t_random.c linux/net/ipv6/netfilter/ip6t_random.c
--- linux.org/net/ipv6/netfilter/ip6t_random.c	1970-01-01 01:00:00.000000000 +0100
+++ linux/net/ipv6/netfilter/ip6t_random.c	2006-05-04 10:25:13.000000000 +0200
@@ -0,0 +1,95 @@
+/*
+  This is a module which is used for a "random" match support.
+  This file is distributed under the terms of the GNU General Public
+  License (GPL). Copies of the GPL can be obtained from:
+     ftp://prep.ai.mit.edu/pub/gnu/GPL
+
+  2001-10-14 Fabrice MARIE <fabrice@netfilter.org> : initial implementation.
+  2003-04-30 Maciej Soltysiak <solt@dns.toxicfilms.tv> : IPv6 Port
+*/
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/ip.h>
+#include <linux/random.h>
+#include <net/tcp.h>
+#include <linux/spinlock.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter_ipv6/ip6t_random.h>
+
+MODULE_LICENSE("GPL");
+
+static int
+ip6t_rand_match(const struct sk_buff *pskb,
+	       const struct net_device *in,
+	       const struct net_device *out,
+	       const void *matchinfo,
+	       int offset,
+	       unsigned int protoff,
+	       int *hotdrop)
+{
+	/* Parameters from userspace */
+	const struct ip6t_rand_info *info = matchinfo;
+	u_int8_t random_number;
+
+	/* get 1 random number from the kernel random number generation routine */
+	get_random_bytes((void *)(&random_number), 1);
+
+	/* Do we match ? */
+	if (random_number <= info->average)
+		return 1;
+	else
+		return 0;
+}
+
+static int
+ip6t_rand_checkentry(const char *tablename,
+		   const struct ip6t_ip6 *e,
+		   void *matchinfo,
+		   unsigned int matchsize,
+		   unsigned int hook_mask)
+{
+	/* Parameters from userspace */
+	const struct ip6t_rand_info *info = matchinfo;
+
+	if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_rand_info))) {
+		printk("ip6t_random: matchsize %u != %Zd\n", matchsize,
+		       IP6T_ALIGN(sizeof(struct ip6t_rand_info)));
+		return 0;
+	}
+
+	/* must be  1 <= average % <= 99 */
+	/* 1  x 2.55 = 2   */
+	/* 99 x 2.55 = 252 */
+	if ((info->average < 2) || (info->average > 252)) {
+		printk("ip6t_random:  invalid average %u\n", info->average);
+		return 0;
+	}
+
+	return 1;
+}
+
+static struct ip6t_match ip6t_rand_reg = {
+	.name       = "random",
+	.match      = ip6t_rand_match,
+	.checkentry = ip6t_rand_checkentry,
+	.me         = THIS_MODULE,
+};
+
+static int __init init(void)
+{
+	if (ip6t_register_match(&ip6t_rand_reg))
+		return -EINVAL;
+
+	printk("ip6t_random match loaded\n");
+	return 0;
+}
+
+static void __exit fini(void)
+{
+	ip6t_unregister_match(&ip6t_rand_reg);
+	printk("ip6t_random match unloaded\n");
+}
+
+module_init(init);
+module_exit(fini);
Commit	Line	Data
c6410bf7	1	include/linux/netfilter_ipv4/ipt_random.h \| 11 +++
	2	include/linux/netfilter_ipv6/ip6t_random.h \| 11 +++
	3	net/ipv4/netfilter/Kconfig \| 11 +++
	4	net/ipv4/netfilter/Makefile \| 1
	5	net/ipv4/netfilter/ipt_random.c \| 93 ++++++++++++++++++++++++++++
	6	net/ipv6/netfilter/Kconfig \| 11 +++
	7	net/ipv6/netfilter/Makefile \| 1
	8	net/ipv6/netfilter/ip6t_random.c \| 95 +++++++++++++++++++++++++++++
	9	8 files changed, 234 insertions(+)
	10
	11	diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv4/ipt_random.h linux/include/linux/netfilter_ipv4/ipt_random.h
	12	--- linux.org/include/linux/netfilter_ipv4/ipt_random.h 1970-01-01 01:00:00.000000000 +0100
	13	+++ linux/include/linux/netfilter_ipv4/ipt_random.h 2006-05-04 10:25:13.000000000 +0200
	14	@@ -0,0 +1,11 @@
	15	+#ifndef _IPT_RAND_H
	16	+#define _IPT_RAND_H
	17	+
	18	+#include <linux/param.h>
	19	+#include <linux/types.h>
	20	+
	21	+struct ipt_rand_info {
	22	+ u_int8_t average;
	23	+};
	24	+
	25	+#endif /_IPT_RAND_H/
	26	diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv6/ip6t_random.h linux/include/linux/netfilter_ipv6/ip6t_random.h
	27	--- linux.org/include/linux/netfilter_ipv6/ip6t_random.h 1970-01-01 01:00:00.000000000 +0100
	28	+++ linux/include/linux/netfilter_ipv6/ip6t_random.h 2006-05-04 10:25:13.000000000 +0200
	29	@@ -0,0 +1,11 @@
	30	+#ifndef _IP6T_RAND_H
	31	+#define _IP6T_RAND_H
	32	+
	33	+#include <linux/param.h>
	34	+#include <linux/types.h>
	35	+
	36	+struct ip6t_rand_info {
	37	+ u_int8_t average;
	38	+};
	39	+
	40	+#endif /_IP6T_RAND_H/
	41	diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig
	42	--- linux.org/net/ipv4/netfilter/Kconfig 2006-05-02 23:38:44.000000000 +0200
	43	+++ linux/net/ipv4/netfilter/Kconfig 2006-05-04 10:25:13.000000000 +0200
	44	@@ -606,5 +606,16 @@
	45	Allows altering the ARP packet payload: source and destination
	46	hardware and network addresses.
	47
	48	+config IP_NF_MATCH_RANDOM
	49	+ tristate 'random match support'
	50	+ depends on IP_NF_IPTABLES
	51	+ help
	52	+ This option adds a `random' match,
	53	+ which allow you to match packets randomly
	54	+ following a given probability.
	55	+
	56	+ If you want to compile it as a module, say M here and read
	57	+ Documentation/modules.txt. If unsure, say `N'.
	58	+
	59	endmenu
	60
	61	diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile
	62	--- linux.org/net/ipv4/netfilter/Makefile 2006-05-02 23:38:44.000000000 +0200
	63	+++ linux/net/ipv4/netfilter/Makefile 2006-05-04 10:25:13.000000000 +0200
	64	@@ -0,0 +0,1 @@
65	+obj-$(CONFIG_IP_NF_MATCH_RANDOM) += ipt_random.o
66	diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_random.c linux/net/ipv4/netfilter/ipt_random.c
67	--- linux.org/net/ipv4/netfilter/ipt_random.c 1970-01-01 01:00:00.000000000 +0100
68	+++ linux/net/ipv4/netfilter/ipt_random.c 2006-05-04 10:25:13.000000000 +0200
69	@@ -0,0 +1,93 @@
70	+/*
71	+ This is a module which is used for a "random" match support.
72	+ This file is distributed under the terms of the GNU General Public
73	+ License (GPL). Copies of the GPL can be obtained from:
74	+ ftp://prep.ai.mit.edu/pub/gnu/GPL
75	+
76	+ 2001-10-14 Fabrice MARIE <fabrice@netfilter.org> : initial implementation.
77	+*/
78	+
79	+#include <linux/module.h>
80	+#include <linux/skbuff.h>
81	+#include <linux/ip.h>
82	+#include <linux/random.h>
83	+#include <net/tcp.h>
84	+#include <linux/spinlock.h>
85	+#include <linux/netfilter_ipv4/ip_tables.h>
86	+#include <linux/netfilter_ipv4/ipt_random.h>
87	+
88	+MODULE_LICENSE("GPL");
89	+
90	+static int
91	+ipt_rand_match(const struct sk_buff *pskb,
92	+ const struct net_device *in,
93	+ const struct net_device *out,
94	+ const void *matchinfo,
95	+ int offset,
96	+ unsigned int protoff,
97	+ int *hotdrop)
98	+{
99	+ /* Parameters from userspace */
100	+ const struct ipt_rand_info *info = matchinfo;
101	+ u_int8_t random_number;
102	+
103	+ /* get 1 random number from the kernel random number generation routine */
104	+ get_random_bytes((void *)(&random_number), 1);
105	+
106	+ /* Do we match ? */
107	+ if (random_number <= info->average)
108	+ return 1;
109	+ else
110	+ return 0;
111	+}
112	+
113	+static int
114	+ipt_rand_checkentry(const char *tablename,
115	+ const struct ipt_ip *e,
116	+ void *matchinfo,
117	+ unsigned int matchsize,
118	+ unsigned int hook_mask)
119	+{
120	+ /* Parameters from userspace */
121	+ const struct ipt_rand_info *info = matchinfo;
122	+
123	+ if (matchsize != IPT_ALIGN(sizeof(struct ipt_rand_info))) {
124	+ printk("ipt_random: matchsize %u != %Zd\n", matchsize,
125	+ IPT_ALIGN(sizeof(struct ipt_rand_info)));
126	+ return 0;
127	+ }
128	+
129	+ /* must be 1 <= average % <= 99 */
130	+ /* 1 x 2.55 = 2 */
131	+ /* 99 x 2.55 = 252 */
132	+ if ((info->average < 2) \|\| (info->average > 252)) {
133	+ printk("ipt_random: invalid average %u\n", info->average);
134	+ return 0;
135	+ }
136	+
137	+ return 1;
138	+}
139	+
140	+static struct ipt_match ipt_rand_reg = {
141	+ .name = "random",
142	+ .match = ipt_rand_match,
143	+ .checkentry = ipt_rand_checkentry,
144	+ .me = THIS_MODULE };
145	+
146	+static int __init init(void)
147	+{
148	+ if (ipt_register_match(&ipt_rand_reg))
149	+ return -EINVAL;
150	+
151	+ printk("ipt_random match loaded\n");
152	+ return 0;
153	+}
154	+
155	+static void __exit fini(void)
156	+{
157	+ ipt_unregister_match(&ipt_rand_reg);
158	+ printk("ipt_random match unloaded\n");
159	+}
160	+
161	+module_init(init);
162	+module_exit(fini);
163	diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/Kconfig linux/net/ipv6/netfilter/Kconfig
164	--- linux.org/net/ipv6/netfilter/Kconfig 2006-05-02 23:38:44.000000000 +0200
165	+++ linux/net/ipv6/netfilter/Kconfig 2006-05-04 10:25:13.000000000 +0200
166	@@ -210,5 +210,16 @@
167	If you want to compile it as a module, say M here and read
168	<file:Documentation/modules.txt>. If unsure, say `N'.
169
170	+config IP6_NF_MATCH_RANDOM
171	+ tristate 'Random match support'
172	+ depends on IP6_NF_IPTABLES
173	+ help
174	+ This option adds a `random' match,
175	+ which allow you to match packets randomly
176	+ following a given probability.
177	+
178	+ If you want to compile it as a module, say M here and read
179	+ Documentation/modules.txt. If unsure, say `N'.
180	+
181	endmenu
182
183	diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/Makefile linux/net/ipv6/netfilter/Makefile
184	--- linux.org/net/ipv6/netfilter/Makefile 2006-05-02 23:38:44.000000000 +0200
185	+++ linux/net/ipv6/netfilter/Makefile 2006-05-04 10:25:13.000000000 +0200
186	@@ -0,0 +0,1 @@
187	+obj-$(CONFIG_IP6_NF_MATCH_RANDOM) += ip6t_random.o
188	diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/ip6t_random.c linux/net/ipv6/netfilter/ip6t_random.c
189	--- linux.org/net/ipv6/netfilter/ip6t_random.c 1970-01-01 01:00:00.000000000 +0100
190	+++ linux/net/ipv6/netfilter/ip6t_random.c 2006-05-04 10:25:13.000000000 +0200
191	@@ -0,0 +1,95 @@
192	+/*
193	+ This is a module which is used for a "random" match support.
194	+ This file is distributed under the terms of the GNU General Public
195	+ License (GPL). Copies of the GPL can be obtained from:
196	+ ftp://prep.ai.mit.edu/pub/gnu/GPL
197	+
198	+ 2001-10-14 Fabrice MARIE <fabrice@netfilter.org> : initial implementation.
199	+ 2003-04-30 Maciej Soltysiak <solt@dns.toxicfilms.tv> : IPv6 Port
200	+*/
201	+
202	+#include <linux/module.h>
203	+#include <linux/skbuff.h>
204	+#include <linux/ip.h>
205	+#include <linux/random.h>
206	+#include <net/tcp.h>
207	+#include <linux/spinlock.h>
208	+#include <linux/netfilter_ipv6/ip6_tables.h>
209	+#include <linux/netfilter_ipv6/ip6t_random.h>
210	+
211	+MODULE_LICENSE("GPL");
212	+
213	+static int
214	+ip6t_rand_match(const struct sk_buff *pskb,
215	+ const struct net_device *in,
216	+ const struct net_device *out,
217	+ const void *matchinfo,
218	+ int offset,
219	+ unsigned int protoff,
220	+ int *hotdrop)
221	+{
222	+ /* Parameters from userspace */
223	+ const struct ip6t_rand_info *info = matchinfo;
224	+ u_int8_t random_number;
225	+
226	+ /* get 1 random number from the kernel random number generation routine */
227	+ get_random_bytes((void *)(&random_number), 1);
228	+
229	+ /* Do we match ? */
230	+ if (random_number <= info->average)
231	+ return 1;
232	+ else
233	+ return 0;
234	+}
235	+
236	+static int
237	+ip6t_rand_checkentry(const char *tablename,
238	+ const struct ip6t_ip6 *e,
239	+ void *matchinfo,
240	+ unsigned int matchsize,
241	+ unsigned int hook_mask)
242	+{
243	+ /* Parameters from userspace */
244	+ const struct ip6t_rand_info *info = matchinfo;
245	+
246	+ if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_rand_info))) {
247	+ printk("ip6t_random: matchsize %u != %Zd\n", matchsize,
248	+ IP6T_ALIGN(sizeof(struct ip6t_rand_info)));
249	+ return 0;
250	+ }
251	+
252	+ /* must be 1 <= average % <= 99 */
253	+ /* 1 x 2.55 = 2 */
254	+ /* 99 x 2.55 = 252 */
255	+ if ((info->average < 2) \|\| (info->average > 252)) {
256	+ printk("ip6t_random: invalid average %u\n", info->average);
257	+ return 0;
258	+ }
259	+
260	+ return 1;
261	+}
262	+
263	+static struct ip6t_match ip6t_rand_reg = {
264	+ .name = "random",
265	+ .match = ip6t_rand_match,
266	+ .checkentry = ip6t_rand_checkentry,
267	+ .me = THIS_MODULE,
268	+};
269	+
270	+static int __init init(void)
271	+{
272	+ if (ip6t_register_match(&ip6t_rand_reg))
273	+ return -EINVAL;
274	+
275	+ printk("ip6t_random match loaded\n");
276	+ return 0;
277	+}
278	+
279	+static void __exit fini(void)
280	+{
281	+ ip6t_unregister_match(&ip6t_rand_reg);
282	+ printk("ip6t_random match unloaded\n");
283	+}
284	+
285	+module_init(init);
286	+module_exit(fini);