1 diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/Kconfig linux-2.6.21.a/net/ipv4/netfilter/Kconfig
2 --- linux-2.6.21.b/net/ipv4/netfilter/Kconfig 2007-05-30 11:11:52.000000000 +0200
3 +++ linux-2.6.21.a/net/ipv4/netfilter/Kconfig 2007-05-30 11:18:08.000000000 +0200
4 @@ -668,5 +668,15 @@ config IP_NF_ARP_MANGLE
5 Allows altering the ARP packet payload: source and destination
6 hardware and network addresses.
8 +config IP_NF_TARGET_IPV4OPTSSTRIP
9 + tristate 'IPV4OPTSSTRIP target support'
10 + depends on IP_NF_MANGLE
12 + This option adds an IPV4OPTSSTRIP target.
13 + This target allows you to strip all IP options in a packet.
15 + If you want to compile it as a module, say M here and read
16 + Documentation/modules.txt. If unsure, say `N'.
20 --- linux-3.4/net/ipv4/netfilter/Makefile~ 2012-05-21 08:42:02.000000000 +0200
21 +++ linux-3.4/net/ipv4/netfilter/Makefile 2012-05-21 08:45:09.247956356 +0200
24 obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
25 obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
26 +obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o
27 obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
28 obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
29 obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
30 diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
31 --- linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 1970-01-01 01:00:00.000000000 +0100
32 +++ linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 2007-05-30 11:18:08.000000000 +0200
35 + * Strip all IP options in the IP packet header.
37 + * (C) 2001 by Fabrice MARIE <fabrice@netfilter.org>
38 + * This software is distributed under GNU GPL v2, 1991
41 +#include <linux/module.h>
42 +#include <linux/skbuff.h>
44 +#include <net/checksum.h>
45 +#include <linux/netfilter/x_tables.h>
46 +#include <linux/netfilter_ipv4/ip_tables.h>
48 +MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>");
49 +MODULE_DESCRIPTION("Strip all options in IPv4 packets");
50 +MODULE_LICENSE("GPL");
53 +target(struct sk_buff *skb,
54 + const struct net_device *in,
55 + const struct net_device *out,
56 + unsigned int hooknum,
57 + const struct xt_target *target,
58 + const void *targinfo)
61 + struct ip_options *opt;
62 + sk_buff_data_t optiph;
65 + if (!skb_make_writable(skb, skb->len))
69 + optiph = skb->network_header;
70 + l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
72 + /* if no options in packet then nothing to clear. */
73 + if (iph->ihl * 4 == sizeof(struct iphdr))
76 + /* else clear all options */
77 + memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
78 + memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l);
79 + opt = &(IPCB(skb)->opt);
86 +checkentry(const char *tablename,
88 + const struct xt_target *target,
90 + unsigned int hook_mask)
92 + if (strcmp(tablename, "mangle")) {
93 + printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
96 + /* nothing else to check because no parameters */
100 +static struct xt_target ipt_ipv4optsstrip_reg = {
101 + .name = "IPV4OPTSSTRIP",
103 + .checkentry = checkentry,
104 + .me = THIS_MODULE };
106 +static int __init init(void)
108 + return xt_register_target(&ipt_ipv4optsstrip_reg);
111 +static void __exit fini(void)
113 + xt_unregister_target(&ipt_ipv4optsstrip_reg);
projects / packages / kernel.git / blob