[packages/kernel.git] / kernel-pom-ng-IPV4OPTSSTRIP.patch

diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/Kconfig linux-2.6.21.a/net/ipv4/netfilter/Kconfig
--- linux-2.6.21.b/net/ipv4/netfilter/Kconfig	2007-05-30 11:11:52.000000000 +0200
+++ linux-2.6.21.a/net/ipv4/netfilter/Kconfig	2007-05-30 11:18:08.000000000 +0200
@@ -668,5 +668,15 @@ config IP_NF_ARP_MANGLE
 	  Allows altering the ARP packet payload: source and destination
 	  hardware and network addresses.
 
+config IP_NF_TARGET_IPV4OPTSSTRIP
+	tristate  'IPV4OPTSSTRIP target support'
+	depends on IP_NF_MANGLE
+	help
+	  This option adds an IPV4OPTSSTRIP target.
+	  This target allows you to strip all IP options in a packet.
+	 
+	  If you want to compile it as a module, say M here and read
+	  Documentation/modules.txt.  If unsure, say `N'.
+
 endmenu
 
--- linux-3.4/net/ipv4/netfilter/Makefile~	2012-05-21 08:42:02.000000000 +0200
+++ linux-3.4/net/ipv4/netfilter/Makefile	2012-05-21 08:45:09.247956356 +0200
@@ -54,6 +54,7 @@
 # targets
 obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
 obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
+obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o
 obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
 obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
 obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
--- linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c	1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c	2007-05-30 11:18:08.000000000 +0200
@@ -0,0 +1,84 @@
+/**
+ * Strip all IP options in the IP packet header.
+ *
+ * (C) 2001 by Fabrice MARIE <fabrice@netfilter.org>
+ * This software is distributed under GNU GPL v2, 1991
+ */
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <net/ip.h>
+#include <net/checksum.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+
+MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
+MODULE_DESCRIPTION("Strip all options in IPv4 packets");
+MODULE_LICENSE("GPL");
+
+static unsigned int
+target(struct sk_buff *skb,
+       const struct net_device *in,
+       const struct net_device *out,
+       unsigned int hooknum,
+       const struct xt_target *target,
+       const void *targinfo)
+{
+	struct iphdr *iph;
+	struct ip_options *opt;
+	sk_buff_data_t optiph;
+	int l;
+	
+	if (!skb_make_writable(skb, skb->len))
+		return NF_DROP;
+ 
+	iph = ip_hdr(skb);
+	optiph = skb->network_header;
+	l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
+
+	/* if no options in packet then nothing to clear. */
+	if (iph->ihl * 4 == sizeof(struct iphdr))
+		return XT_CONTINUE;
+
+	/* else clear all options */
+	memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
+	memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l);
+	opt = &(IPCB(skb)->opt);
+	opt->optlen = l;
+
+        return XT_CONTINUE;
+}
+
+static bool
+checkentry(const char *tablename,
+	    const void *e,
+           const struct xt_target *target,
+           void *targinfo,
+           unsigned int hook_mask)
+{
+	if (strcmp(tablename, "mangle")) {
+		printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
+		return 0;
+	}
+	/* nothing else to check because no parameters */
+	return 1;
+}
+
+static struct xt_target ipt_ipv4optsstrip_reg = { 
+	.name = "IPV4OPTSSTRIP",
+	.target = target,
+	.checkentry = checkentry,
+	.me = THIS_MODULE };
+
+static int __init init(void)
+{
+	return xt_register_target(&ipt_ipv4optsstrip_reg);
+}
+
+static void __exit fini(void)
+{
+	xt_unregister_target(&ipt_ipv4optsstrip_reg);
+}
+
+module_init(init);
+module_exit(fini);
Commit	Line	Data
2380c486 JR	1	diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/Kconfig linux-2.6.21.a/net/ipv4/netfilter/Kconfig
	2	--- linux-2.6.21.b/net/ipv4/netfilter/Kconfig 2007-05-30 11:11:52.000000000 +0200
	3	+++ linux-2.6.21.a/net/ipv4/netfilter/Kconfig 2007-05-30 11:18:08.000000000 +0200
	4	@@ -668,5 +668,15 @@ config IP_NF_ARP_MANGLE
	5	Allows altering the ARP packet payload: source and destination
	6	hardware and network addresses.
	7
	8	+config IP_NF_TARGET_IPV4OPTSSTRIP
	9	+ tristate 'IPV4OPTSSTRIP target support'
	10	+ depends on IP_NF_MANGLE
	11	+ help
	12	+ This option adds an IPV4OPTSSTRIP target.
	13	+ This target allows you to strip all IP options in a packet.
	14	+
	15	+ If you want to compile it as a module, say M here and read
	16	+ Documentation/modules.txt. If unsure, say `N'.
	17	+
	18	endmenu
	19
92d182d2 AM	20	--- linux-3.4/net/ipv4/netfilter/Makefile~ 2012-05-21 08:42:02.000000000 +0200
92d182d2 AM	21	+++ linux-3.4/net/ipv4/netfilter/Makefile 2012-05-21 08:45:09.247956356 +0200
2380c486	22	@@ -54,6 +54,7 @@
92d182d2	23	# targets
2380c486 JR	24	obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
2380c486 JR	25	obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
2380c486 JR	26	+obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o
	27	obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
	28	obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
	29	obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
	30	diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
	31	--- linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 1970-01-01 01:00:00.000000000 +0100
	32	+++ linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 2007-05-30 11:18:08.000000000 +0200
	33	@@ -0,0 +1,84 @@
	34	+/**
	35	+ * Strip all IP options in the IP packet header.
	36	+ *
	37	+ * (C) 2001 by Fabrice MARIE <fabrice@netfilter.org>
	38	+ * This software is distributed under GNU GPL v2, 1991
	39	+ */
	40	+
	41	+#include <linux/module.h>
	42	+#include <linux/skbuff.h>
	43	+#include <net/ip.h>
	44	+#include <net/checksum.h>
	45	+#include <linux/netfilter/x_tables.h>
	46	+#include <linux/netfilter_ipv4/ip_tables.h>
	47	+
	48	+MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
	49	+MODULE_DESCRIPTION("Strip all options in IPv4 packets");
	50	+MODULE_LICENSE("GPL");
	51	+
	52	+static unsigned int
	53	+target(struct sk_buff *skb,
	54	+ const struct net_device *in,
	55	+ const struct net_device *out,
	56	+ unsigned int hooknum,
	57	+ const struct xt_target *target,
	58	+ const void *targinfo)
	59	+{
	60	+ struct iphdr *iph;
	61	+ struct ip_options *opt;
	62	+ sk_buff_data_t optiph;
	63	+ int l;
	64	+
	65	+ if (!skb_make_writable(skb, skb->len))
	66	+ return NF_DROP;
	67	+
	68	+ iph = ip_hdr(skb);
	69	+ optiph = skb->network_header;
	70	+ l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
	71	+
	72	+ /* if no options in packet then nothing to clear. */
	73	+ if (iph->ihl * 4 == sizeof(struct iphdr))
711f58d2	74	+ return XT_CONTINUE;
2380c486 JR	75	+
	76	+ /* else clear all options */
	77	+ memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
	78	+ memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l);
	79	+ opt = &(IPCB(skb)->opt);
	80	+ opt->optlen = l;
	81	+
711f58d2	82	+ return XT_CONTINUE;
2380c486 JR	83	+}
	84	+
	85	+static bool
	86	+checkentry(const char *tablename,
	87	+ const void *e,
	88	+ const struct xt_target *target,
	89	+ void *targinfo,
	90	+ unsigned int hook_mask)
	91	+{
	92	+ if (strcmp(tablename, "mangle")) {
	93	+ printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
	94	+ return 0;
	95	+ }
	96	+ /* nothing else to check because no parameters */
	97	+ return 1;
	98	+}
	99	+
711f58d2	100	+static struct xt_target ipt_ipv4optsstrip_reg = {
2380c486 JR	101	+ .name = "IPV4OPTSSTRIP",
	102	+ .target = target,
	103	+ .checkentry = checkentry,
	104	+ .me = THIS_MODULE };
	105	+
	106	+static int __init init(void)
	107	+{
	108	+ return xt_register_target(&ipt_ipv4optsstrip_reg);
	109	+}
	110	+
	111	+static void __exit fini(void)
	112	+{
	113	+ xt_unregister_target(&ipt_ipv4optsstrip_reg);
	114	+}
	115	+
	116	+module_init(init);
	117	+module_exit(fini);