- 2.6.27.8 [CVE-2008-5300]

[packages/kernel.git] / pom-ng-XOR-20060504.patch

 include/linux/netfilter_ipv4/ipt_XOR.h |    9 ++
 net/ipv4/netfilter/Kconfig             |   10 ++
 net/ipv4/netfilter/Makefile            |    1 
 net/ipv4/netfilter/ipt_XOR.c           |  117 +++++++++++++++++++++++++++++++++
 4 files changed, 137 insertions(+)

diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv4/ipt_XOR.h linux/include/linux/netfilter_ipv4/ipt_XOR.h
--- linux.org/include/linux/netfilter_ipv4/ipt_XOR.h    1970-01-01 01:00:00.000000000 +0100
+++ linux/include/linux/netfilter_ipv4/ipt_XOR.h        2006-05-04 14:48:15.000000000 +0200
@@ -0,0 +1,9 @@
+#ifndef _IPT_XOR_H
+#define _IPT_XOR_H
+
+struct ipt_XOR_info {
+       char            key[30];
+       u_int8_t        block_size;
+};
+
+#endif /* _IPT_XOR_H */
diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig
--- linux.org/net/ipv4/netfilter/Kconfig        2006-05-02 23:38:44.000000000 +0200
+++ linux/net/ipv4/netfilter/Kconfig    2006-05-04 14:48:15.000000000 +0200
@@ -606,5 +606,15 @@
          Allows altering the ARP packet payload: source and destination
          hardware and network addresses.
 
+config IP_NF_TARGET_XOR
+       tristate  'XOR target support'
+       depends on IP_NF_MANGLE
+       help
+         This option adds a `XOR' target, which can encrypt TCP and 
+         UDP traffic using a simple XOR encryption.
+       
+         If you want to compile it as a module, say M here and read
+         Documentation/modules.txt.  If unsure, say `N'.
+
 endmenu
 
diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile
--- linux.org/net/ipv4/netfilter/Makefile       2006-05-02 23:38:44.000000000 +0200
+++ linux/net/ipv4/netfilter/Makefile   2006-05-04 14:48:15.000000000 +0200
@@ -0,0 +0,1 @@
+obj-$(CONFIG_IP_NF_TARGET_XOR) += ipt_XOR.o
diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_XOR.c linux/net/ipv4/netfilter/ipt_XOR.c
--- linux.org/net/ipv4/netfilter/ipt_XOR.c      1970-01-01 01:00:00.000000000 +0100
+++ linux/net/ipv4/netfilter/ipt_XOR.c  2006-05-04 14:48:15.000000000 +0200
@@ -0,0 +1,117 @@
+/* XOR target for IP tables
+ * (C) 2000 by Tim Vandermeersch <Tim.Vandermeersch@pandora.be>
+ * Based on ipt_TTL.c
+ *
+ * Version 1.0
+ *
+ * This software is distributed under the terms of GNU GPL
+ */
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/ip.h>
+#include <linux/tcp.h>
+#include <linux/udp.h>
+
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_XOR.h>
+
+MODULE_AUTHOR("Tim Vandermeersch <Tim.Vandermeersch@pandora.be>");
+MODULE_DESCRIPTION("IP tables XOR module");
+MODULE_LICENSE("GPL");
+
+static unsigned int 
+ipt_xor_target(struct sk_buff **pskb, 
+               const struct net_device *in, const struct net_device *out, 
+               unsigned int hooknum, const void *targinfo, void *userinfo)
+{
+       struct ipt_XOR_info *info = (void *) targinfo;
+       struct iphdr *iph;
+       struct tcphdr *tcph;
+       struct udphdr *udph;
+       int i, j, k;
+
+       if (!skb_make_writable(pskb, (*pskb)->len))
+               return NF_DROP;
+
+       iph = (*pskb)->nh.iph;
+  
+       if (iph->protocol == IPPROTO_TCP) {
+               tcph = (struct tcphdr *) ((*pskb)->data + iph->ihl*4);
+               for (i=0, j=0; i<(ntohs(iph->tot_len) - iph->ihl*4 - tcph->doff*4); ) {
+                       for (k=0; k<=info->block_size; k++) {
+                               (*pskb)->data[ iph->ihl*4 + tcph->doff*4 + i ] ^=
+                                               info->key[j];
+                               i++;
+                       }
+                       j++;
+                       if (info->key[j] == 0x00)
+                               j = 0;
+               }
+       } else if (iph->protocol == IPPROTO_UDP) {
+               udph = (struct udphdr *) ((*pskb)->data + iph->ihl*4);
+               for (i=0, j=0; i<(ntohs(udph->len)-8); ) {
+                       for (k=0; k<=info->block_size; k++) {
+                               (*pskb)->data[ iph->ihl*4 + sizeof(struct udphdr) + i ] ^= 
+                                               info->key[j];
+                               i++;
+                       }
+                       j++;
+                       if (info->key[j] == 0x00)
+                               j = 0;
+               }
+       }
+  
+       return IPT_CONTINUE;
+}
+
+static int ipt_xor_checkentry(const char *tablename, const struct ipt_entry *e,
+               void *targinfo, unsigned int targinfosize, 
+               unsigned int hook_mask)
+{
+       struct ipt_XOR_info *info = targinfo;
+
+       if (targinfosize != IPT_ALIGN(sizeof(struct ipt_XOR_info))) {
+               printk(KERN_WARNING "XOR: targinfosize %u != %Zu\n", 
+                               targinfosize, IPT_ALIGN(sizeof(struct ipt_XOR_info)));
+               return 0;
+       }       
+
+       if (strcmp(tablename, "mangle")) {
+               printk(KERN_WARNING "XOR: can only be called from"
+                               "\"mangle\" table, not \"%s\"\n", tablename);
+               return 0; 
+       }
+
+       if (!strcmp(info->key, "")) {
+               printk(KERN_WARNING "XOR: You must specify a key");
+               return 0;
+       }
+
+       if (info->block_size == 0) {
+               printk(KERN_WARNING "XOR: You must specify a block-size");
+               return 0;
+       }
+
+       return 1;
+}
+
+static struct ipt_target ipt_XOR = { 
+       .name = "XOR",
+       .target = ipt_xor_target, 
+       .checkentry = ipt_xor_checkentry,
+       .me = THIS_MODULE,
+};
+
+static int __init init(void)
+{
+       return ipt_register_target(&ipt_XOR);
+}
+
+static void __exit fini(void)
+{
+       ipt_unregister_target(&ipt_XOR);
+}
+
+module_init(init);
+module_exit(fini);