[packages/kernel.git] / kernel-pom-ng-IPV4OPTSSTRIP.patch

diff -ur linux-5.9/net/ipv4/netfilter.org/Kconfig linux-5.9/net/ipv4/netfilter/Kconfig
--- linux-5.9/net/ipv4/netfilter.org/Kconfig	2020-10-11 23:15:50.000000000 +0200
+++ linux-5.9/net/ipv4/netfilter/Kconfig	2020-11-03 13:07:22.874511004 +0100
@@ -356,5 +356,15 @@
 
 endif # IP_NF_ARPTABLES
 
+config IP_NF_TARGET_IPV4OPTSSTRIP
+	tristate  'IPV4OPTSSTRIP target support'
+	depends on IP_NF_MANGLE
+	help
+	  This option adds an IPV4OPTSSTRIP target.
+	  This target allows you to strip all IP options in a packet.
+	 
+	  If you want to compile it as a module, say M here and read
+	  Documentation/modules.txt.  If unsure, say `N'.
+
 endmenu
 
diff -ur linux-5.9/net/ipv4/netfilter.org/Makefile linux-5.9/net/ipv4/netfilter/Makefile
--- linux-5.9/net/ipv4/netfilter.org/Makefile	2020-10-11 23:15:50.000000000 +0200
+++ linux-5.9/net/ipv4/netfilter/Makefile	2020-11-03 13:07:22.874511004 +0100
@@ -48,6 +48,7 @@
 # targets
 obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
 obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
+obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o
 obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
 obj-$(CONFIG_IP_NF_TARGET_SYNPROXY) += ipt_SYNPROXY.o
 
diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
--- linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c	2007-05-30 11:18:08.000000000 +0200
@@ -0,0 +1,75 @@
+/**
+ * Strip all IP options in the IP packet header.
+ *
+ * (C) 2001 by Fabrice MARIE <fabrice@netfilter.org>
+ * This software is distributed under GNU GPL v2, 1991
+ */
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <net/ip.h>
+#include <net/checksum.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+
+MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
+MODULE_DESCRIPTION("Strip all options in IPv4 packets");
+MODULE_LICENSE("GPL");
+
+static unsigned int
+target(struct sk_buff *skb, const struct xt_action_param *par)
+{
+	struct iphdr *iph;
+	struct ip_options *opt;
+	unsigned char *optiph;
+	int l;
+	
+	if (skb_ensure_writable(skb, skb->len))
+		return NF_DROP;
+ 
+	iph = ip_hdr(skb);
+
+	/* if no options in packet then nothing to clear. */
+	if (iph->ihl * 4 == sizeof(struct iphdr))
+		return XT_CONTINUE;
+
+	/* else clear all options */
+	optiph = skb_network_header(skb);
+	l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
+	memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
+	memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l);
+	opt = &(IPCB(skb)->opt);
+	opt->optlen = l;
+
+	return XT_CONTINUE;
+}
+
+static int
+checkentry(const struct xt_tgchk_param *par)
+{
+	if (strcmp(par->table, "mangle")) {
+		printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", par->table);
+		return 0;
+	}
+	/* nothing else to check because no parameters */
+	return 1;
+}
+
+static struct xt_target ipt_ipv4optsstrip_reg = { 
+	.name = "IPV4OPTSSTRIP",
+	.target = target,
+	.checkentry = checkentry,
+	.me = THIS_MODULE };
+
+static int __init init(void)
+{
+	return xt_register_target(&ipt_ipv4optsstrip_reg);
+}
+
+static void __exit fini(void)
+{
+	xt_unregister_target(&ipt_ipv4optsstrip_reg);
+}
+
+module_init(init);
+module_exit(fini);
Commit	Line	Data
01bb4d10 AM	1	diff -ur linux-5.9/net/ipv4/netfilter.org/Kconfig linux-5.9/net/ipv4/netfilter/Kconfig
	2	--- linux-5.9/net/ipv4/netfilter.org/Kconfig 2020-10-11 23:15:50.000000000 +0200
	3	+++ linux-5.9/net/ipv4/netfilter/Kconfig 2020-11-03 13:07:22.874511004 +0100
	4	@@ -356,5 +356,15 @@
	5
	6	endif # IP_NF_ARPTABLES
2380c486 JR	7
	8	+config IP_NF_TARGET_IPV4OPTSSTRIP
	9	+ tristate 'IPV4OPTSSTRIP target support'
	10	+ depends on IP_NF_MANGLE
	11	+ help
	12	+ This option adds an IPV4OPTSSTRIP target.
	13	+ This target allows you to strip all IP options in a packet.
	14	+
	15	+ If you want to compile it as a module, say M here and read
	16	+ Documentation/modules.txt. If unsure, say `N'.
	17	+
	18	endmenu
	19
01bb4d10 AM	20	diff -ur linux-5.9/net/ipv4/netfilter.org/Makefile linux-5.9/net/ipv4/netfilter/Makefile
	21	--- linux-5.9/net/ipv4/netfilter.org/Makefile 2020-10-11 23:15:50.000000000 +0200
	22	+++ linux-5.9/net/ipv4/netfilter/Makefile 2020-11-03 13:07:22.874511004 +0100
	23	@@ -48,6 +48,7 @@
92d182d2	24	# targets
2380c486 JR	25	obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
2380c486 JR	26	obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
2380c486	27	+obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o
7543edb3 AM	28	obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
	29	obj-$(CONFIG_IP_NF_TARGET_SYNPROXY) += ipt_SYNPROXY.o
	30
2380c486 JR	31	diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
	32	--- linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 1970-01-01 01:00:00.000000000 +0100
	33	+++ linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 2007-05-30 11:18:08.000000000 +0200
3f5e7cb8	34	@@ -0,0 +1,75 @@
2380c486 JR	35	+/**
	36	+ * Strip all IP options in the IP packet header.
	37	+ *
	38	+ * (C) 2001 by Fabrice MARIE <fabrice@netfilter.org>
	39	+ * This software is distributed under GNU GPL v2, 1991
	40	+ */
	41	+
	42	+#include <linux/module.h>
	43	+#include <linux/skbuff.h>
	44	+#include <net/ip.h>
	45	+#include <net/checksum.h>
	46	+#include <linux/netfilter/x_tables.h>
	47	+#include <linux/netfilter_ipv4/ip_tables.h>
	48	+
	49	+MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
	50	+MODULE_DESCRIPTION("Strip all options in IPv4 packets");
	51	+MODULE_LICENSE("GPL");
	52	+
	53	+static unsigned int
3f5e7cb8	54	+target(struct sk_buff skb, const struct xt_action_param par)
2380c486 JR	55	+{
	56	+ struct iphdr *iph;
	57	+ struct ip_options *opt;
3f5e7cb8	58	+ unsigned char *optiph;
2380c486 JR	59	+ int l;
2380c486 JR	60	+
eca34b5c	61	+ if (skb_ensure_writable(skb, skb->len))
2380c486 JR	62	+ return NF_DROP;
	63	+
	64	+ iph = ip_hdr(skb);
2380c486 JR	65	+
	66	+ /* if no options in packet then nothing to clear. */
	67	+ if (iph->ihl * 4 == sizeof(struct iphdr))
711f58d2	68	+ return XT_CONTINUE;
2380c486 JR	69	+
2380c486 JR	70	+ /* else clear all options */
3f5e7cb8 JR	71	+ optiph = skb_network_header(skb);
3f5e7cb8 JR	72	+ l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
2380c486 JR	73	+ memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
	74	+ memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l);
	75	+ opt = &(IPCB(skb)->opt);
	76	+ opt->optlen = l;
	77	+
3f5e7cb8	78	+ return XT_CONTINUE;
2380c486 JR	79	+}
2380c486 JR	80	+
3f5e7cb8 JR	81	+static int
3f5e7cb8 JR	82	+checkentry(const struct xt_tgchk_param *par)
2380c486	83	+{
3f5e7cb8 JR	84	+ if (strcmp(par->table, "mangle")) {
3f5e7cb8 JR	85	+ printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", par->table);
2380c486 JR	86	+ return 0;
	87	+ }
	88	+ /* nothing else to check because no parameters */
	89	+ return 1;
	90	+}
	91	+
711f58d2	92	+static struct xt_target ipt_ipv4optsstrip_reg = {
2380c486 JR	93	+ .name = "IPV4OPTSSTRIP",
	94	+ .target = target,
	95	+ .checkentry = checkentry,
	96	+ .me = THIS_MODULE };
	97	+
	98	+static int __init init(void)
	99	+{
	100	+ return xt_register_target(&ipt_ipv4optsstrip_reg);
	101	+}
	102	+
	103	+static void __exit fini(void)
	104	+{
	105	+ xt_unregister_target(&ipt_ipv4optsstrip_reg);
	106	+}
	107	+
	108	+module_init(init);
	109	+module_exit(fini);