1 diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/Kconfig linux-2.6.21.a/net/ipv4/netfilter/Kconfig
2 --- linux-2.6.21.b/net/ipv4/netfilter/Kconfig 2007-05-30 11:11:52.000000000 +0200
3 +++ linux-2.6.21.a/net/ipv4/netfilter/Kconfig 2007-05-30 11:18:08.000000000 +0200
4 @@ -668,5 +668,15 @@ config IP_NF_ARP_MANGLE
5 Allows altering the ARP packet payload: source and destination
6 hardware and network addresses.
8 +config IP_NF_TARGET_IPV4OPTSSTRIP
9 + tristate 'IPV4OPTSSTRIP target support'
10 + depends on IP_NF_MANGLE
12 + This option adds an IPV4OPTSSTRIP target.
13 + This target allows you to strip all IP options in a packet.
15 + If you want to compile it as a module, say M here and read
16 + Documentation/modules.txt. If unsure, say `N'.
20 diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/Makefile linux-2.6.21.a/net/ipv4/netfilter/Makefile
21 --- linux-2.6.21.b/net/ipv4/netfilter/Makefile 2007-05-30 11:11:52.000000000 +0200
22 +++ linux-2.6.21.a/net/ipv4/netfilter/Makefile 2007-05-30 11:18:08.000000000 +0200
24 obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
25 obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
26 obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o
27 +obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o
28 obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
29 obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
30 obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
31 diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
32 --- linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 1970-01-01 01:00:00.000000000 +0100
33 +++ linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 2007-05-30 11:18:08.000000000 +0200
36 + * Strip all IP options in the IP packet header.
38 + * (C) 2001 by Fabrice MARIE <fabrice@netfilter.org>
39 + * This software is distributed under GNU GPL v2, 1991
42 +#include <linux/module.h>
43 +#include <linux/skbuff.h>
45 +#include <net/checksum.h>
46 +#include <linux/netfilter/x_tables.h>
47 +#include <linux/netfilter_ipv4/ip_tables.h>
49 +MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
50 +MODULE_DESCRIPTION("Strip all options in IPv4 packets");
51 +MODULE_LICENSE("GPL");
54 +target(struct sk_buff *skb,
55 + const struct net_device *in,
56 + const struct net_device *out,
57 + unsigned int hooknum,
58 + const struct xt_target *target,
59 + const void *targinfo)
62 + struct ip_options *opt;
63 + sk_buff_data_t optiph;
66 + if (!skb_make_writable(skb, skb->len))
70 + optiph = skb->network_header;
71 + l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
73 + /* if no options in packet then nothing to clear. */
74 + if (iph->ihl * 4 == sizeof(struct iphdr))
75 + return IPT_CONTINUE;
77 + /* else clear all options */
78 + memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
79 + memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l);
80 + opt = &(IPCB(skb)->opt);
83 + return IPT_CONTINUE;
87 +checkentry(const char *tablename,
89 + const struct xt_target *target,
91 + unsigned int hook_mask)
93 + if (strcmp(tablename, "mangle")) {
94 + printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
97 + /* nothing else to check because no parameters */
101 +static struct ipt_target ipt_ipv4optsstrip_reg = {
102 + .name = "IPV4OPTSSTRIP",
104 + .checkentry = checkentry,
105 + .me = THIS_MODULE };
107 +static int __init init(void)
109 + return xt_register_target(&ipt_ipv4optsstrip_reg);
112 +static void __exit fini(void)
114 + xt_unregister_target(&ipt_ipv4optsstrip_reg);
projects / packages / kernel.git / blob