X-Git-Url: http://git.pld-linux.org/?a=blobdiff_plain;f=kernel-pom-ng-IPV4OPTSSTRIP.patch;h=ae696e136e0c4aca3edea4d58fb14b0ba8fc6250;hb=e2e92d01b72e62e3a7ca5acec32a3f6c9f013bfb;hp=98e9ffbcd12e2749bda877fd6671ce87d25a868e;hpb=711f58d2c96be70fe04a0e362d136a672156396e;p=packages%2Fkernel.git diff --git a/kernel-pom-ng-IPV4OPTSSTRIP.patch b/kernel-pom-ng-IPV4OPTSSTRIP.patch index 98e9ffbc..ae696e13 100644 --- a/kernel-pom-ng-IPV4OPTSSTRIP.patch +++ b/kernel-pom-ng-IPV4OPTSSTRIP.patch @@ -1,9 +1,9 @@ -diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/Kconfig linux-2.6.21.a/net/ipv4/netfilter/Kconfig ---- linux-2.6.21.b/net/ipv4/netfilter/Kconfig 2007-05-30 11:11:52.000000000 +0200 -+++ linux-2.6.21.a/net/ipv4/netfilter/Kconfig 2007-05-30 11:18:08.000000000 +0200 -@@ -668,5 +668,15 @@ config IP_NF_ARP_MANGLE - Allows altering the ARP packet payload: source and destination - hardware and network addresses. +diff -ur linux-5.9/net/ipv4/netfilter.org/Kconfig linux-5.9/net/ipv4/netfilter/Kconfig +--- linux-5.9/net/ipv4/netfilter.org/Kconfig 2020-10-11 23:15:50.000000000 +0200 ++++ linux-5.9/net/ipv4/netfilter/Kconfig 2020-11-03 13:07:22.874511004 +0100 +@@ -356,5 +356,15 @@ + + endif # IP_NF_ARPTABLES +config IP_NF_TARGET_IPV4OPTSSTRIP + tristate 'IPV4OPTSSTRIP target support' @@ -17,21 +17,21 @@ diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/Kconfig linux-2.6.21.a/n + endmenu -diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/Makefile linux-2.6.21.a/net/ipv4/netfilter/Makefile ---- linux-2.6.21.b/net/ipv4/netfilter/Makefile 2007-05-30 11:11:52.000000000 +0200 -+++ linux-2.6.21.a/net/ipv4/netfilter/Makefile 2007-05-30 11:18:08.000000000 +0200 -@@ -54,6 +54,7 @@ +diff -ur linux-5.9/net/ipv4/netfilter.org/Makefile linux-5.9/net/ipv4/netfilter/Makefile +--- linux-5.9/net/ipv4/netfilter.org/Makefile 2020-10-11 23:15:50.000000000 +0200 ++++ linux-5.9/net/ipv4/netfilter/Makefile 2020-11-03 13:07:22.874511004 +0100 +@@ -48,6 +48,7 @@ + # targets obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o - obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o +obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o - obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o - obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o - obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o + obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o + obj-$(CONFIG_IP_NF_TARGET_SYNPROXY) += ipt_SYNPROXY.o + diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c --- linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 1970-01-01 01:00:00.000000000 +0100 +++ linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 2007-05-30 11:18:08.000000000 +0200 -@@ -0,0 +1,84 @@ +@@ -0,0 +1,75 @@ +/** + * Strip all IP options in the IP packet header. + * @@ -51,47 +51,38 @@ diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linu +MODULE_LICENSE("GPL"); + +static unsigned int -+target(struct sk_buff *skb, -+ const struct net_device *in, -+ const struct net_device *out, -+ unsigned int hooknum, -+ const struct xt_target *target, -+ const void *targinfo) ++target(struct sk_buff *skb, const struct xt_action_param *par) +{ + struct iphdr *iph; + struct ip_options *opt; -+ sk_buff_data_t optiph; ++ unsigned char *optiph; + int l; + -+ if (!skb_make_writable(skb, skb->len)) ++ if (skb_ensure_writable(skb, skb->len)) + return NF_DROP; + + iph = ip_hdr(skb); -+ optiph = skb->network_header; -+ l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen; + + /* if no options in packet then nothing to clear. */ + if (iph->ihl * 4 == sizeof(struct iphdr)) + return XT_CONTINUE; + + /* else clear all options */ ++ optiph = skb_network_header(skb); ++ l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen; + memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); + memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l); + opt = &(IPCB(skb)->opt); + opt->optlen = l; + -+ return XT_CONTINUE; ++ return XT_CONTINUE; +} + -+static bool -+checkentry(const char *tablename, -+ const void *e, -+ const struct xt_target *target, -+ void *targinfo, -+ unsigned int hook_mask) ++static int ++checkentry(const struct xt_tgchk_param *par) +{ -+ if (strcmp(tablename, "mangle")) { -+ printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", tablename); ++ if (strcmp(par->table, "mangle")) { ++ printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", par->table); + return 0; + } + /* nothing else to check because no parameters */