1 include/linux/netfilter_ipv4/ipt_random.h | 11 +++
2 include/linux/netfilter_ipv6/ip6t_random.h | 11 +++
3 net/ipv4/netfilter/Kconfig | 11 +++
4 net/ipv4/netfilter/Makefile | 1
5 net/ipv4/netfilter/ipt_random.c | 93 ++++++++++++++++++++++++++++
6 net/ipv6/netfilter/Kconfig | 11 +++
7 net/ipv6/netfilter/Makefile | 1
8 net/ipv6/netfilter/ip6t_random.c | 95 +++++++++++++++++++++++++++++
9 8 files changed, 234 insertions(+)
11 diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv4/ipt_random.h linux/include/linux/netfilter_ipv4/ipt_random.h
12 --- linux.org/include/linux/netfilter_ipv4/ipt_random.h 1970-01-01 01:00:00.000000000 +0100
13 +++ linux/include/linux/netfilter_ipv4/ipt_random.h 2006-05-04 10:25:13.000000000 +0200
18 +#include <linux/param.h>
19 +#include <linux/types.h>
21 +struct ipt_rand_info {
25 +#endif /*_IPT_RAND_H*/
26 diff -Nur --exclude '*.orig' linux.org/include/linux/netfilter_ipv6/ip6t_random.h linux/include/linux/netfilter_ipv6/ip6t_random.h
27 --- linux.org/include/linux/netfilter_ipv6/ip6t_random.h 1970-01-01 01:00:00.000000000 +0100
28 +++ linux/include/linux/netfilter_ipv6/ip6t_random.h 2006-05-04 10:25:13.000000000 +0200
33 +#include <linux/param.h>
34 +#include <linux/types.h>
36 +struct ip6t_rand_info {
40 +#endif /*_IP6T_RAND_H*/
41 diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Kconfig linux/net/ipv4/netfilter/Kconfig
42 --- linux.org/net/ipv4/netfilter/Kconfig 2006-05-02 23:38:44.000000000 +0200
43 +++ linux/net/ipv4/netfilter/Kconfig 2006-05-04 10:25:13.000000000 +0200
45 Allows altering the ARP packet payload: source and destination
46 hardware and network addresses.
48 +config IP_NF_MATCH_RANDOM
49 + tristate 'random match support'
50 + depends on IP_NF_IPTABLES
52 + This option adds a `random' match,
53 + which allow you to match packets randomly
54 + following a given probability.
56 + If you want to compile it as a module, say M here and read
57 + Documentation/modules.txt. If unsure, say `N'.
61 diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/Makefile linux/net/ipv4/netfilter/Makefile
62 --- linux.org/net/ipv4/netfilter/Makefile 2006-05-02 23:38:44.000000000 +0200
63 +++ linux/net/ipv4/netfilter/Makefile 2006-05-04 10:25:13.000000000 +0200
65 +obj-$(CONFIG_IP_NF_MATCH_RANDOM) += ipt_random.o
66 diff -Nur --exclude '*.orig' linux.org/net/ipv4/netfilter/ipt_random.c linux/net/ipv4/netfilter/ipt_random.c
67 --- linux.org/net/ipv4/netfilter/ipt_random.c 1970-01-01 01:00:00.000000000 +0100
68 +++ linux/net/ipv4/netfilter/ipt_random.c 2006-05-04 10:25:13.000000000 +0200
71 + This is a module which is used for a "random" match support.
72 + This file is distributed under the terms of the GNU General Public
73 + License (GPL). Copies of the GPL can be obtained from:
74 + ftp://prep.ai.mit.edu/pub/gnu/GPL
76 + 2001-10-14 Fabrice MARIE <fabrice@netfilter.org> : initial implementation.
79 +#include <linux/module.h>
80 +#include <linux/skbuff.h>
81 +#include <linux/ip.h>
82 +#include <linux/random.h>
84 +#include <linux/spinlock.h>
85 +#include <linux/netfilter_ipv4/ip_tables.h>
86 +#include <linux/netfilter_ipv4/ipt_random.h>
88 +MODULE_LICENSE("GPL");
91 +ipt_rand_match(const struct sk_buff *pskb,
92 + const struct net_device *in,
93 + const struct net_device *out,
94 + const void *matchinfo,
96 + unsigned int protoff,
99 + /* Parameters from userspace */
100 + const struct ipt_rand_info *info = matchinfo;
101 + u_int8_t random_number;
103 + /* get 1 random number from the kernel random number generation routine */
104 + get_random_bytes((void *)(&random_number), 1);
106 + /* Do we match ? */
107 + if (random_number <= info->average)
114 +ipt_rand_checkentry(const char *tablename,
115 + const struct ipt_ip *e,
117 + unsigned int matchsize,
118 + unsigned int hook_mask)
120 + /* Parameters from userspace */
121 + const struct ipt_rand_info *info = matchinfo;
123 + if (matchsize != IPT_ALIGN(sizeof(struct ipt_rand_info))) {
124 + printk("ipt_random: matchsize %u != %Zd\n", matchsize,
125 + IPT_ALIGN(sizeof(struct ipt_rand_info)));
129 + /* must be 1 <= average % <= 99 */
131 + /* 99 x 2.55 = 252 */
132 + if ((info->average < 2) || (info->average > 252)) {
133 + printk("ipt_random: invalid average %u\n", info->average);
140 +static struct ipt_match ipt_rand_reg = {
142 + .match = ipt_rand_match,
143 + .checkentry = ipt_rand_checkentry,
144 + .me = THIS_MODULE };
146 +static int __init init(void)
148 + if (ipt_register_match(&ipt_rand_reg))
151 + printk("ipt_random match loaded\n");
155 +static void __exit fini(void)
157 + ipt_unregister_match(&ipt_rand_reg);
158 + printk("ipt_random match unloaded\n");
163 diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/Kconfig linux/net/ipv6/netfilter/Kconfig
164 --- linux.org/net/ipv6/netfilter/Kconfig 2006-05-02 23:38:44.000000000 +0200
165 +++ linux/net/ipv6/netfilter/Kconfig 2006-05-04 10:25:13.000000000 +0200
167 If you want to compile it as a module, say M here and read
168 <file:Documentation/modules.txt>. If unsure, say `N'.
170 +config IP6_NF_MATCH_RANDOM
171 + tristate 'Random match support'
172 + depends on IP6_NF_IPTABLES
174 + This option adds a `random' match,
175 + which allow you to match packets randomly
176 + following a given probability.
178 + If you want to compile it as a module, say M here and read
179 + Documentation/modules.txt. If unsure, say `N'.
183 diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/Makefile linux/net/ipv6/netfilter/Makefile
184 --- linux.org/net/ipv6/netfilter/Makefile 2006-05-02 23:38:44.000000000 +0200
185 +++ linux/net/ipv6/netfilter/Makefile 2006-05-04 10:25:13.000000000 +0200
187 +obj-$(CONFIG_IP6_NF_MATCH_RANDOM) += ip6t_random.o
188 diff -Nur --exclude '*.orig' linux.org/net/ipv6/netfilter/ip6t_random.c linux/net/ipv6/netfilter/ip6t_random.c
189 --- linux.org/net/ipv6/netfilter/ip6t_random.c 1970-01-01 01:00:00.000000000 +0100
190 +++ linux/net/ipv6/netfilter/ip6t_random.c 2006-05-04 10:25:13.000000000 +0200
193 + This is a module which is used for a "random" match support.
194 + This file is distributed under the terms of the GNU General Public
195 + License (GPL). Copies of the GPL can be obtained from:
196 + ftp://prep.ai.mit.edu/pub/gnu/GPL
198 + 2001-10-14 Fabrice MARIE <fabrice@netfilter.org> : initial implementation.
199 + 2003-04-30 Maciej Soltysiak <solt@dns.toxicfilms.tv> : IPv6 Port
202 +#include <linux/module.h>
203 +#include <linux/skbuff.h>
204 +#include <linux/ip.h>
205 +#include <linux/random.h>
206 +#include <net/tcp.h>
207 +#include <linux/spinlock.h>
208 +#include <linux/netfilter_ipv6/ip6_tables.h>
209 +#include <linux/netfilter_ipv6/ip6t_random.h>
211 +MODULE_LICENSE("GPL");
214 +ip6t_rand_match(const struct sk_buff *pskb,
215 + const struct net_device *in,
216 + const struct net_device *out,
217 + const void *matchinfo,
219 + unsigned int protoff,
222 + /* Parameters from userspace */
223 + const struct ip6t_rand_info *info = matchinfo;
224 + u_int8_t random_number;
226 + /* get 1 random number from the kernel random number generation routine */
227 + get_random_bytes((void *)(&random_number), 1);
229 + /* Do we match ? */
230 + if (random_number <= info->average)
237 +ip6t_rand_checkentry(const char *tablename,
238 + const struct ip6t_ip6 *e,
240 + unsigned int matchsize,
241 + unsigned int hook_mask)
243 + /* Parameters from userspace */
244 + const struct ip6t_rand_info *info = matchinfo;
246 + if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_rand_info))) {
247 + printk("ip6t_random: matchsize %u != %Zd\n", matchsize,
248 + IP6T_ALIGN(sizeof(struct ip6t_rand_info)));
252 + /* must be 1 <= average % <= 99 */
254 + /* 99 x 2.55 = 252 */
255 + if ((info->average < 2) || (info->average > 252)) {
256 + printk("ip6t_random: invalid average %u\n", info->average);
263 +static struct ip6t_match ip6t_rand_reg = {
265 + .match = ip6t_rand_match,
266 + .checkentry = ip6t_rand_checkentry,
270 +static int __init init(void)
272 + if (ip6t_register_match(&ip6t_rand_reg))
275 + printk("ip6t_random match loaded\n");
279 +static void __exit fini(void)
281 + ip6t_unregister_match(&ip6t_rand_reg);
282 + printk("ip6t_random match unloaded\n");