[packages/kernel.git] / kernel-pom-ng-IPV4OPTSSTRIP.patch

diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/Kconfig linux-2.6.21.a/net/ipv4/netfilter/Kconfig
--- linux-2.6.21.b/net/ipv4/netfilter/Kconfig	2007-05-30 11:11:52.000000000 +0200
+++ linux-2.6.21.a/net/ipv4/netfilter/Kconfig	2007-05-30 11:18:08.000000000 +0200
@@ -668,5 +668,15 @@ config IP_NF_ARP_MANGLE
 	  Allows altering the ARP packet payload: source and destination
 	  hardware and network addresses.
 
+config IP_NF_TARGET_IPV4OPTSSTRIP
+	tristate  'IPV4OPTSSTRIP target support'
+	depends on IP_NF_MANGLE
+	help
+	  This option adds an IPV4OPTSSTRIP target.
+	  This target allows you to strip all IP options in a packet.
+	 
+	  If you want to compile it as a module, say M here and read
+	  Documentation/modules.txt.  If unsure, say `N'.
+
 endmenu
 
--- linux-5.2/net/ipv4/netfilter/Makefile~	2019-07-08 00:41:56.000000000 +0200
+++ linux-5.2/net/ipv4/netfilter/Makefile	2019-07-08 09:01:35.241471623 +0200
@@ -48,6 +48,7 @@ obj-$(CONFIG_IP_NF_MATCH_RPFILTER) += ip
 # targets
 obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
 obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
+obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o
 obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
 obj-$(CONFIG_IP_NF_TARGET_SYNPROXY) += ipt_SYNPROXY.o
 
diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
--- linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c	2007-05-30 11:18:08.000000000 +0200
@@ -0,0 +1,75 @@
+/**
+ * Strip all IP options in the IP packet header.
+ *
+ * (C) 2001 by Fabrice MARIE <fabrice@netfilter.org>
+ * This software is distributed under GNU GPL v2, 1991
+ */
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <net/ip.h>
+#include <net/checksum.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+
+MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
+MODULE_DESCRIPTION("Strip all options in IPv4 packets");
+MODULE_LICENSE("GPL");
+
+static unsigned int
+target(struct sk_buff *skb, const struct xt_action_param *par)
+{
+	struct iphdr *iph;
+	struct ip_options *opt;
+	unsigned char *optiph;
+	int l;
+	
+	if (!skb_make_writable(skb, skb->len))
+		return NF_DROP;
+ 
+	iph = ip_hdr(skb);
+
+	/* if no options in packet then nothing to clear. */
+	if (iph->ihl * 4 == sizeof(struct iphdr))
+		return XT_CONTINUE;
+
+	/* else clear all options */
+	optiph = skb_network_header(skb);
+	l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
+	memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
+	memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l);
+	opt = &(IPCB(skb)->opt);
+	opt->optlen = l;
+
+	return XT_CONTINUE;
+}
+
+static int
+checkentry(const struct xt_tgchk_param *par)
+{
+	if (strcmp(par->table, "mangle")) {
+		printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", par->table);
+		return 0;
+	}
+	/* nothing else to check because no parameters */
+	return 1;
+}
+
+static struct xt_target ipt_ipv4optsstrip_reg = { 
+	.name = "IPV4OPTSSTRIP",
+	.target = target,
+	.checkentry = checkentry,
+	.me = THIS_MODULE };
+
+static int __init init(void)
+{
+	return xt_register_target(&ipt_ipv4optsstrip_reg);
+}
+
+static void __exit fini(void)
+{
+	xt_unregister_target(&ipt_ipv4optsstrip_reg);
+}
+
+module_init(init);
+module_exit(fini);
Commit	Line	Data
2380c486 JR	1	diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/Kconfig linux-2.6.21.a/net/ipv4/netfilter/Kconfig
	2	--- linux-2.6.21.b/net/ipv4/netfilter/Kconfig 2007-05-30 11:11:52.000000000 +0200
	3	+++ linux-2.6.21.a/net/ipv4/netfilter/Kconfig 2007-05-30 11:18:08.000000000 +0200
	4	@@ -668,5 +668,15 @@ config IP_NF_ARP_MANGLE
	5	Allows altering the ARP packet payload: source and destination
	6	hardware and network addresses.
	7
	8	+config IP_NF_TARGET_IPV4OPTSSTRIP
	9	+ tristate 'IPV4OPTSSTRIP target support'
	10	+ depends on IP_NF_MANGLE
	11	+ help
	12	+ This option adds an IPV4OPTSSTRIP target.
	13	+ This target allows you to strip all IP options in a packet.
	14	+
	15	+ If you want to compile it as a module, say M here and read
	16	+ Documentation/modules.txt. If unsure, say `N'.
	17	+
	18	endmenu
	19
7543edb3 AM	20	--- linux-5.2/net/ipv4/netfilter/Makefile~ 2019-07-08 00:41:56.000000000 +0200
	21	+++ linux-5.2/net/ipv4/netfilter/Makefile 2019-07-08 09:01:35.241471623 +0200
	22	@@ -48,6 +48,7 @@ obj-$(CONFIG_IP_NF_MATCH_RPFILTER) += ip
92d182d2	23	# targets
2380c486 JR	24	obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
2380c486 JR	25	obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
2380c486	26	+obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o
7543edb3 AM	27	obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
	28	obj-$(CONFIG_IP_NF_TARGET_SYNPROXY) += ipt_SYNPROXY.o
	29
2380c486 JR	30	diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
	31	--- linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 1970-01-01 01:00:00.000000000 +0100
	32	+++ linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 2007-05-30 11:18:08.000000000 +0200
3f5e7cb8	33	@@ -0,0 +1,75 @@
2380c486 JR	34	+/**
	35	+ * Strip all IP options in the IP packet header.
	36	+ *
	37	+ * (C) 2001 by Fabrice MARIE <fabrice@netfilter.org>
	38	+ * This software is distributed under GNU GPL v2, 1991
	39	+ */
	40	+
	41	+#include <linux/module.h>
	42	+#include <linux/skbuff.h>
	43	+#include <net/ip.h>
	44	+#include <net/checksum.h>
	45	+#include <linux/netfilter/x_tables.h>
	46	+#include <linux/netfilter_ipv4/ip_tables.h>
	47	+
	48	+MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
	49	+MODULE_DESCRIPTION("Strip all options in IPv4 packets");
	50	+MODULE_LICENSE("GPL");
	51	+
	52	+static unsigned int
3f5e7cb8	53	+target(struct sk_buff skb, const struct xt_action_param par)
2380c486 JR	54	+{
	55	+ struct iphdr *iph;
	56	+ struct ip_options *opt;
3f5e7cb8	57	+ unsigned char *optiph;
2380c486 JR	58	+ int l;
	59	+
	60	+ if (!skb_make_writable(skb, skb->len))
	61	+ return NF_DROP;
	62	+
	63	+ iph = ip_hdr(skb);
2380c486 JR	64	+
	65	+ /* if no options in packet then nothing to clear. */
	66	+ if (iph->ihl * 4 == sizeof(struct iphdr))
711f58d2	67	+ return XT_CONTINUE;
2380c486 JR	68	+
2380c486 JR	69	+ /* else clear all options */
3f5e7cb8 JR	70	+ optiph = skb_network_header(skb);
3f5e7cb8 JR	71	+ l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
2380c486 JR	72	+ memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
	73	+ memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l);
	74	+ opt = &(IPCB(skb)->opt);
	75	+ opt->optlen = l;
	76	+
3f5e7cb8	77	+ return XT_CONTINUE;
2380c486 JR	78	+}
2380c486 JR	79	+
3f5e7cb8 JR	80	+static int
3f5e7cb8 JR	81	+checkentry(const struct xt_tgchk_param *par)
2380c486	82	+{
3f5e7cb8 JR	83	+ if (strcmp(par->table, "mangle")) {
3f5e7cb8 JR	84	+ printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", par->table);
2380c486 JR	85	+ return 0;
	86	+ }
	87	+ /* nothing else to check because no parameters */
	88	+ return 1;
	89	+}
	90	+
711f58d2	91	+static struct xt_target ipt_ipv4optsstrip_reg = {
2380c486 JR	92	+ .name = "IPV4OPTSSTRIP",
	93	+ .target = target,
	94	+ .checkentry = checkentry,
	95	+ .me = THIS_MODULE };
	96	+
	97	+static int __init init(void)
	98	+{
	99	+ return xt_register_target(&ipt_ipv4optsstrip_reg);
	100	+}
	101	+
	102	+static void __exit fini(void)
	103	+{
	104	+ xt_unregister_target(&ipt_ipv4optsstrip_reg);
	105	+}
	106	+
	107	+module_init(init);
	108	+module_exit(fini);