1 include/linux/netfilter_ipv4/ipt_XOR.h | 9 ++
2 net/ipv4/netfilter/Kconfig | 10 ++
3 net/ipv4/netfilter/Makefile | 1
4 net/ipv4/netfilter/ipt_XOR.c | 117 +++++++++++++++++++++++++++++++++
5 4 files changed, 137 insertions(+)
7 diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv4/ipt_XOR.h linux/include/linux/netfilter_ipv4/ipt_XOR.h
8 --- linux.org/include/linux/netfilter_ipv4/ipt_XOR.h 1970-01-01 01:00:00.000000000 +0100
9 +++ linux/include/linux/netfilter_ipv4/ipt_XOR.h 2006-05-04 14:48:15.000000000 +0200
14 +struct ipt_XOR_info {
16 + u_int8_t block_size;
19 +#endif /* _IPT_XOR_H */
20 diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig
21 --- linux.org/net/ipv4/netfilter/Kconfig 2006-05-02 23:38:44.000000000 +0200
22 +++ linux/net/ipv4/netfilter/Kconfig 2006-05-04 14:48:15.000000000 +0200
24 Allows altering the ARP packet payload: source and destination
25 hardware and network addresses.
27 +config IP_NF_TARGET_XOR
28 + tristate 'XOR target support'
29 + depends on IP_NF_MANGLE
31 + This option adds a `XOR' target, which can encrypt TCP and
32 + UDP traffic using a simple XOR encryption.
34 + If you want to compile it as a module, say M here and read
35 + Documentation/modules.txt. If unsure, say `N'.
39 diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile
40 --- linux.org/net/ipv4/netfilter/Makefile 2006-05-02 23:38:44.000000000 +0200
41 +++ linux/net/ipv4/netfilter/Makefile 2006-05-04 14:48:15.000000000 +0200
43 +obj-$(CONFIG_IP_NF_TARGET_XOR) += ipt_XOR.o
44 diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_XOR.c linux/net/ipv4/netfilter/ipt_XOR.c
45 --- linux.org/net/ipv4/netfilter/ipt_XOR.c 1970-01-01 01:00:00.000000000 +0100
46 +++ linux/net/ipv4/netfilter/ipt_XOR.c 2006-05-04 14:48:15.000000000 +0200
48 +/* XOR target for IP tables
49 + * (C) 2000 by Tim Vandermeersch <Tim.Vandermeersch@pandora.be>
50 + * Based on ipt_TTL.c
54 + * This software is distributed under the terms of GNU GPL
57 +#include <linux/module.h>
58 +#include <linux/skbuff.h>
59 +#include <linux/ip.h>
60 +#include <linux/tcp.h>
61 +#include <linux/udp.h>
63 +#include <linux/netfilter_ipv4/ip_tables.h>
64 +#include <linux/netfilter_ipv4/ipt_XOR.h>
66 +MODULE_AUTHOR("Tim Vandermeersch <Tim.Vandermeersch@pandora.be>");
67 +MODULE_DESCRIPTION("IP tables XOR module");
68 +MODULE_LICENSE("GPL");
71 +ipt_xor_target(struct sk_buff **pskb,
72 + const struct net_device *in, const struct net_device *out,
73 + unsigned int hooknum, const void *targinfo, void *userinfo)
75 + struct ipt_XOR_info *info = (void *) targinfo;
77 + struct tcphdr *tcph;
78 + struct udphdr *udph;
81 + if (!skb_make_writable(pskb, (*pskb)->len))
84 + iph = (*pskb)->nh.iph;
86 + if (iph->protocol == IPPROTO_TCP) {
87 + tcph = (struct tcphdr *) ((*pskb)->data + iph->ihl*4);
88 + for (i=0, j=0; i<(ntohs(iph->tot_len) - iph->ihl*4 - tcph->doff*4); ) {
89 + for (k=0; k<=info->block_size; k++) {
90 + (*pskb)->data[ iph->ihl*4 + tcph->doff*4 + i ] ^=
95 + if (info->key[j] == 0x00)
98 + } else if (iph->protocol == IPPROTO_UDP) {
99 + udph = (struct udphdr *) ((*pskb)->data + iph->ihl*4);
100 + for (i=0, j=0; i<(ntohs(udph->len)-8); ) {
101 + for (k=0; k<=info->block_size; k++) {
102 + (*pskb)->data[ iph->ihl*4 + sizeof(struct udphdr) + i ] ^=
107 + if (info->key[j] == 0x00)
112 + return IPT_CONTINUE;
115 +static int ipt_xor_checkentry(const char *tablename, const struct ipt_entry *e,
116 + void *targinfo, unsigned int targinfosize,
117 + unsigned int hook_mask)
119 + struct ipt_XOR_info *info = targinfo;
121 + if (targinfosize != IPT_ALIGN(sizeof(struct ipt_XOR_info))) {
122 + printk(KERN_WARNING "XOR: targinfosize %u != %Zu\n",
123 + targinfosize, IPT_ALIGN(sizeof(struct ipt_XOR_info)));
127 + if (strcmp(tablename, "mangle")) {
128 + printk(KERN_WARNING "XOR: can only be called from"
129 + "\"mangle\" table, not \"%s\"\n", tablename);
133 + if (!strcmp(info->key, "")) {
134 + printk(KERN_WARNING "XOR: You must specify a key");
138 + if (info->block_size == 0) {
139 + printk(KERN_WARNING "XOR: You must specify a block-size");
146 +static struct ipt_target ipt_XOR = {
148 + .target = ipt_xor_target,
149 + .checkentry = ipt_xor_checkentry,
153 +static int __init init(void)
155 + return ipt_register_target(&ipt_XOR);
158 +static void __exit fini(void)
160 + ipt_unregister_target(&ipt_XOR);