3 ipt_IPV4OPTSSTRIP.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++
4 3 files changed, 98 insertions(+)
6 diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig
7 --- linux.org/net/ipv4/netfilter/Kconfig 2006-05-02 23:38:44.000000000 +0200
8 +++ linux/net/ipv4/netfilter/Kconfig 2006-05-04 09:57:42.000000000 +0200
10 Allows altering the ARP packet payload: source and destination
11 hardware and network addresses.
13 +config IP_NF_TARGET_IPV4OPTSSTRIP
14 + tristate 'IPV4OPTSSTRIP target support'
15 + depends on IP_NF_MANGLE
17 + This option adds an IPV4OPTSSTRIP target.
18 + This target allows you to strip all IP options in a packet.
20 + If you want to compile it as a module, say M here and read
21 + Documentation/modules.txt. If unsure, say `N'.
25 diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile
26 --- linux.org/net/ipv4/netfilter/Makefile 2006-05-02 23:38:44.000000000 +0200
27 +++ linux/net/ipv4/netfilter/Makefile 2006-05-04 09:57:42.000000000 +0200
29 +obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o
30 diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
31 --- linux.org/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 1970-01-01 01:00:00.000000000 +0100
32 +++ linux/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 2006-05-04 09:57:42.000000000 +0200
35 + * Strip all IP options in the IP packet header.
37 + * (C) 2001 by Fabrice MARIE <fabrice@netfilter.org>
38 + * This software is distributed under GNU GPL v2, 1991
41 +#include <linux/module.h>
42 +#include <linux/skbuff.h>
44 +#include <net/checksum.h>
46 +#include <linux/netfilter_ipv4/ip_tables.h>
48 +MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
49 +MODULE_DESCRIPTION("Strip all options in IPv4 packets");
50 +MODULE_LICENSE("GPL");
53 +target(struct sk_buff **pskb,
54 + const struct net_device *in,
55 + const struct net_device *out,
56 + unsigned int hooknum,
57 + const void *targinfo,
61 + struct sk_buff *skb;
62 + struct ip_options *opt;
63 + unsigned char *optiph;
66 + if (!skb_make_writable(pskb, (*pskb)->len))
70 + iph = (*pskb)->nh.iph;
71 + optiph = skb->nh.raw;
72 + l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
74 + /* if no options in packet then nothing to clear. */
75 + if (iph->ihl * 4 == sizeof(struct iphdr))
76 + return IPT_CONTINUE;
78 + /* else clear all options */
79 + memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
80 + memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l);
81 + opt = &(IPCB(skb)->opt);
85 + return IPT_CONTINUE;
89 +checkentry(const char *tablename,
90 + const struct ipt_entry *e,
92 + unsigned int targinfosize,
93 + unsigned int hook_mask)
95 + if (strcmp(tablename, "mangle")) {
96 + printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
99 + /* nothing else to check because no parameters */
103 +static struct ipt_target ipt_ipv4optsstrip_reg = {
104 + .name = "IPV4OPTSSTRIP",
106 + .checkentry = checkentry,
107 + .me = THIS_MODULE };
109 +static int __init init(void)
111 + return ipt_register_target(&ipt_ipv4optsstrip_reg);
114 +static void __exit fini(void)
116 + ipt_unregister_target(&ipt_ipv4optsstrip_reg);