]>
Commit | Line | Data |
---|---|---|
c6410bf7 | 1 | include/linux/netfilter_ipv4/ipt_random.h | 11 +++ |
2 | include/linux/netfilter_ipv6/ip6t_random.h | 11 +++ | |
3 | net/ipv4/netfilter/Kconfig | 11 +++ | |
4 | net/ipv4/netfilter/Makefile | 1 | |
5 | net/ipv4/netfilter/ipt_random.c | 93 ++++++++++++++++++++++++++++ | |
6 | net/ipv6/netfilter/Kconfig | 11 +++ | |
7 | net/ipv6/netfilter/Makefile | 1 | |
8 | net/ipv6/netfilter/ip6t_random.c | 95 +++++++++++++++++++++++++++++ | |
9 | 8 files changed, 234 insertions(+) | |
10 | ||
11 | diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv4/ipt_random.h linux/include/linux/netfilter_ipv4/ipt_random.h | |
12 | --- linux.org/include/linux/netfilter_ipv4/ipt_random.h 1970-01-01 01:00:00.000000000 +0100 | |
13 | +++ linux/include/linux/netfilter_ipv4/ipt_random.h 2006-05-04 10:25:13.000000000 +0200 | |
14 | @@ -0,0 +1,11 @@ | |
15 | +#ifndef _IPT_RAND_H | |
16 | +#define _IPT_RAND_H | |
17 | + | |
18 | +#include <linux/param.h> | |
19 | +#include <linux/types.h> | |
20 | + | |
21 | +struct ipt_rand_info { | |
22 | + u_int8_t average; | |
23 | +}; | |
24 | + | |
25 | +#endif /*_IPT_RAND_H*/ | |
26 | diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv6/ip6t_random.h linux/include/linux/netfilter_ipv6/ip6t_random.h | |
27 | --- linux.org/include/linux/netfilter_ipv6/ip6t_random.h 1970-01-01 01:00:00.000000000 +0100 | |
28 | +++ linux/include/linux/netfilter_ipv6/ip6t_random.h 2006-05-04 10:25:13.000000000 +0200 | |
29 | @@ -0,0 +1,11 @@ | |
30 | +#ifndef _IP6T_RAND_H | |
31 | +#define _IP6T_RAND_H | |
32 | + | |
33 | +#include <linux/param.h> | |
34 | +#include <linux/types.h> | |
35 | + | |
36 | +struct ip6t_rand_info { | |
37 | + u_int8_t average; | |
38 | +}; | |
39 | + | |
40 | +#endif /*_IP6T_RAND_H*/ | |
41 | diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig | |
42 | --- linux.org/net/ipv4/netfilter/Kconfig 2006-05-02 23:38:44.000000000 +0200 | |
43 | +++ linux/net/ipv4/netfilter/Kconfig 2006-05-04 10:25:13.000000000 +0200 | |
44 | @@ -606,5 +606,16 @@ | |
45 | Allows altering the ARP packet payload: source and destination | |
46 | hardware and network addresses. | |
47 | ||
48 | +config IP_NF_MATCH_RANDOM | |
49 | + tristate 'random match support' | |
50 | + depends on IP_NF_IPTABLES | |
51 | + help | |
52 | + This option adds a `random' match, | |
53 | + which allow you to match packets randomly | |
54 | + following a given probability. | |
55 | + | |
56 | + If you want to compile it as a module, say M here and read | |
57 | + Documentation/modules.txt. If unsure, say `N'. | |
58 | + | |
59 | endmenu | |
60 | ||
61 | diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile | |
62 | --- linux.org/net/ipv4/netfilter/Makefile 2006-05-02 23:38:44.000000000 +0200 | |
63 | +++ linux/net/ipv4/netfilter/Makefile 2006-05-04 10:25:13.000000000 +0200 | |
64 | @@ -0,0 +0,1 @@ | |
65 | +obj-$(CONFIG_IP_NF_MATCH_RANDOM) += ipt_random.o | |
66 | diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_random.c linux/net/ipv4/netfilter/ipt_random.c | |
67 | --- linux.org/net/ipv4/netfilter/ipt_random.c 1970-01-01 01:00:00.000000000 +0100 | |
68 | +++ linux/net/ipv4/netfilter/ipt_random.c 2006-05-04 10:25:13.000000000 +0200 | |
69 | @@ -0,0 +1,93 @@ | |
70 | +/* | |
71 | + This is a module which is used for a "random" match support. | |
72 | + This file is distributed under the terms of the GNU General Public | |
73 | + License (GPL). Copies of the GPL can be obtained from: | |
74 | + ftp://prep.ai.mit.edu/pub/gnu/GPL | |
75 | + | |
76 | + 2001-10-14 Fabrice MARIE <fabrice@netfilter.org> : initial implementation. | |
77 | +*/ | |
78 | + | |
79 | +#include <linux/module.h> | |
80 | +#include <linux/skbuff.h> | |
81 | +#include <linux/ip.h> | |
82 | +#include <linux/random.h> | |
83 | +#include <net/tcp.h> | |
84 | +#include <linux/spinlock.h> | |
85 | +#include <linux/netfilter_ipv4/ip_tables.h> | |
86 | +#include <linux/netfilter_ipv4/ipt_random.h> | |
87 | + | |
88 | +MODULE_LICENSE("GPL"); | |
89 | + | |
90 | +static int | |
91 | +ipt_rand_match(const struct sk_buff *pskb, | |
92 | + const struct net_device *in, | |
93 | + const struct net_device *out, | |
94 | + const void *matchinfo, | |
95 | + int offset, | |
96 | + unsigned int protoff, | |
97 | + int *hotdrop) | |
98 | +{ | |
99 | + /* Parameters from userspace */ | |
100 | + const struct ipt_rand_info *info = matchinfo; | |
101 | + u_int8_t random_number; | |
102 | + | |
103 | + /* get 1 random number from the kernel random number generation routine */ | |
104 | + get_random_bytes((void *)(&random_number), 1); | |
105 | + | |
106 | + /* Do we match ? */ | |
107 | + if (random_number <= info->average) | |
108 | + return 1; | |
109 | + else | |
110 | + return 0; | |
111 | +} | |
112 | + | |
113 | +static int | |
114 | +ipt_rand_checkentry(const char *tablename, | |
115 | + const struct ipt_ip *e, | |
116 | + void *matchinfo, | |
117 | + unsigned int matchsize, | |
118 | + unsigned int hook_mask) | |
119 | +{ | |
120 | + /* Parameters from userspace */ | |
121 | + const struct ipt_rand_info *info = matchinfo; | |
122 | + | |
123 | + if (matchsize != IPT_ALIGN(sizeof(struct ipt_rand_info))) { | |
124 | + printk("ipt_random: matchsize %u != %Zd\n", matchsize, | |
125 | + IPT_ALIGN(sizeof(struct ipt_rand_info))); | |
126 | + return 0; | |
127 | + } | |
128 | + | |
129 | + /* must be 1 <= average % <= 99 */ | |
130 | + /* 1 x 2.55 = 2 */ | |
131 | + /* 99 x 2.55 = 252 */ | |
132 | + if ((info->average < 2) || (info->average > 252)) { | |
133 | + printk("ipt_random: invalid average %u\n", info->average); | |
134 | + return 0; | |
135 | + } | |
136 | + | |
137 | + return 1; | |
138 | +} | |
139 | + | |
140 | +static struct ipt_match ipt_rand_reg = { | |
141 | + .name = "random", | |
142 | + .match = ipt_rand_match, | |
143 | + .checkentry = ipt_rand_checkentry, | |
144 | + .me = THIS_MODULE }; | |
145 | + | |
146 | +static int __init init(void) | |
147 | +{ | |
148 | + if (ipt_register_match(&ipt_rand_reg)) | |
149 | + return -EINVAL; | |
150 | + | |
151 | + printk("ipt_random match loaded\n"); | |
152 | + return 0; | |
153 | +} | |
154 | + | |
155 | +static void __exit fini(void) | |
156 | +{ | |
157 | + ipt_unregister_match(&ipt_rand_reg); | |
158 | + printk("ipt_random match unloaded\n"); | |
159 | +} | |
160 | + | |
161 | +module_init(init); | |
162 | +module_exit(fini); | |
163 | diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/Kconfig linux/net/ipv6/netfilter/Kconfig | |
164 | --- linux.org/net/ipv6/netfilter/Kconfig 2006-05-02 23:38:44.000000000 +0200 | |
165 | +++ linux/net/ipv6/netfilter/Kconfig 2006-05-04 10:25:13.000000000 +0200 | |
166 | @@ -210,5 +210,16 @@ | |
167 | If you want to compile it as a module, say M here and read | |
168 | <file:Documentation/modules.txt>. If unsure, say `N'. | |
169 | ||
170 | +config IP6_NF_MATCH_RANDOM | |
171 | + tristate 'Random match support' | |
172 | + depends on IP6_NF_IPTABLES | |
173 | + help | |
174 | + This option adds a `random' match, | |
175 | + which allow you to match packets randomly | |
176 | + following a given probability. | |
177 | + | |
178 | + If you want to compile it as a module, say M here and read | |
179 | + Documentation/modules.txt. If unsure, say `N'. | |
180 | + | |
181 | endmenu | |
182 | ||
183 | diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/Makefile linux/net/ipv6/netfilter/Makefile | |
184 | --- linux.org/net/ipv6/netfilter/Makefile 2006-05-02 23:38:44.000000000 +0200 | |
185 | +++ linux/net/ipv6/netfilter/Makefile 2006-05-04 10:25:13.000000000 +0200 | |
186 | @@ -0,0 +0,1 @@ | |
187 | +obj-$(CONFIG_IP6_NF_MATCH_RANDOM) += ip6t_random.o | |
188 | diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/ip6t_random.c linux/net/ipv6/netfilter/ip6t_random.c | |
189 | --- linux.org/net/ipv6/netfilter/ip6t_random.c 1970-01-01 01:00:00.000000000 +0100 | |
190 | +++ linux/net/ipv6/netfilter/ip6t_random.c 2006-05-04 10:25:13.000000000 +0200 | |
191 | @@ -0,0 +1,95 @@ | |
192 | +/* | |
193 | + This is a module which is used for a "random" match support. | |
194 | + This file is distributed under the terms of the GNU General Public | |
195 | + License (GPL). Copies of the GPL can be obtained from: | |
196 | + ftp://prep.ai.mit.edu/pub/gnu/GPL | |
197 | + | |
198 | + 2001-10-14 Fabrice MARIE <fabrice@netfilter.org> : initial implementation. | |
199 | + 2003-04-30 Maciej Soltysiak <solt@dns.toxicfilms.tv> : IPv6 Port | |
200 | +*/ | |
201 | + | |
202 | +#include <linux/module.h> | |
203 | +#include <linux/skbuff.h> | |
204 | +#include <linux/ip.h> | |
205 | +#include <linux/random.h> | |
206 | +#include <net/tcp.h> | |
207 | +#include <linux/spinlock.h> | |
208 | +#include <linux/netfilter_ipv6/ip6_tables.h> | |
209 | +#include <linux/netfilter_ipv6/ip6t_random.h> | |
210 | + | |
211 | +MODULE_LICENSE("GPL"); | |
212 | + | |
213 | +static int | |
214 | +ip6t_rand_match(const struct sk_buff *pskb, | |
215 | + const struct net_device *in, | |
216 | + const struct net_device *out, | |
217 | + const void *matchinfo, | |
218 | + int offset, | |
219 | + unsigned int protoff, | |
220 | + int *hotdrop) | |
221 | +{ | |
222 | + /* Parameters from userspace */ | |
223 | + const struct ip6t_rand_info *info = matchinfo; | |
224 | + u_int8_t random_number; | |
225 | + | |
226 | + /* get 1 random number from the kernel random number generation routine */ | |
227 | + get_random_bytes((void *)(&random_number), 1); | |
228 | + | |
229 | + /* Do we match ? */ | |
230 | + if (random_number <= info->average) | |
231 | + return 1; | |
232 | + else | |
233 | + return 0; | |
234 | +} | |
235 | + | |
236 | +static int | |
237 | +ip6t_rand_checkentry(const char *tablename, | |
238 | + const struct ip6t_ip6 *e, | |
239 | + void *matchinfo, | |
240 | + unsigned int matchsize, | |
241 | + unsigned int hook_mask) | |
242 | +{ | |
243 | + /* Parameters from userspace */ | |
244 | + const struct ip6t_rand_info *info = matchinfo; | |
245 | + | |
246 | + if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_rand_info))) { | |
247 | + printk("ip6t_random: matchsize %u != %Zd\n", matchsize, | |
248 | + IP6T_ALIGN(sizeof(struct ip6t_rand_info))); | |
249 | + return 0; | |
250 | + } | |
251 | + | |
252 | + /* must be 1 <= average % <= 99 */ | |
253 | + /* 1 x 2.55 = 2 */ | |
254 | + /* 99 x 2.55 = 252 */ | |
255 | + if ((info->average < 2) || (info->average > 252)) { | |
256 | + printk("ip6t_random: invalid average %u\n", info->average); | |
257 | + return 0; | |
258 | + } | |
259 | + | |
260 | + return 1; | |
261 | +} | |
262 | + | |
263 | +static struct ip6t_match ip6t_rand_reg = { | |
264 | + .name = "random", | |
265 | + .match = ip6t_rand_match, | |
266 | + .checkentry = ip6t_rand_checkentry, | |
267 | + .me = THIS_MODULE, | |
268 | +}; | |
269 | + | |
270 | +static int __init init(void) | |
271 | +{ | |
272 | + if (ip6t_register_match(&ip6t_rand_reg)) | |
273 | + return -EINVAL; | |
274 | + | |
275 | + printk("ip6t_random match loaded\n"); | |
276 | + return 0; | |
277 | +} | |
278 | + | |
279 | +static void __exit fini(void) | |
280 | +{ | |
281 | + ip6t_unregister_match(&ip6t_rand_reg); | |
282 | + printk("ip6t_random match unloaded\n"); | |
283 | +} | |
284 | + | |
285 | +module_init(init); | |
286 | +module_exit(fini); |