+
endmenu
-diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/Makefile linux-2.6.21.a/net/ipv4/netfilter/Makefile
---- linux-2.6.21.b/net/ipv4/netfilter/Makefile 2007-05-30 11:11:52.000000000 +0200
-+++ linux-2.6.21.a/net/ipv4/netfilter/Makefile 2007-05-30 11:18:08.000000000 +0200
-@@ -54,6 +54,7 @@
+--- linux-5.2/net/ipv4/netfilter/Makefile~ 2019-07-08 00:41:56.000000000 +0200
++++ linux-5.2/net/ipv4/netfilter/Makefile 2019-07-08 09:01:35.241471623 +0200
+@@ -48,6 +48,7 @@ obj-$(CONFIG_IP_NF_MATCH_RPFILTER) += ip
+ # targets
obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o
- obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o
+obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o
- obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o
- obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o
- obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
+ obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
+ obj-$(CONFIG_IP_NF_TARGET_SYNPROXY) += ipt_SYNPROXY.o
+
diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c
--- linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 2007-05-30 11:18:08.000000000 +0200
-@@ -0,0 +1,84 @@
+@@ -0,0 +1,75 @@
+/**
+ * Strip all IP options in the IP packet header.
+ *
+MODULE_LICENSE("GPL");
+
+static unsigned int
-+target(struct sk_buff *skb,
-+ const struct net_device *in,
-+ const struct net_device *out,
-+ unsigned int hooknum,
-+ const struct xt_target *target,
-+ const void *targinfo)
++target(struct sk_buff *skb, const struct xt_action_param *par)
+{
+ struct iphdr *iph;
+ struct ip_options *opt;
-+ sk_buff_data_t optiph;
++ unsigned char *optiph;
+ int l;
+
-+ if (!skb_make_writable(skb, skb->len))
++ if (skb_ensure_writable(skb, skb->len))
+ return NF_DROP;
+
+ iph = ip_hdr(skb);
-+ optiph = skb->network_header;
-+ l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
+
+ /* if no options in packet then nothing to clear. */
+ if (iph->ihl * 4 == sizeof(struct iphdr))
+ return XT_CONTINUE;
+
+ /* else clear all options */
++ optiph = skb_network_header(skb);
++ l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen;
+ memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
+ memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l);
+ opt = &(IPCB(skb)->opt);
+ opt->optlen = l;
+
-+ return XT_CONTINUE;
++ return XT_CONTINUE;
+}
+
-+static bool
-+checkentry(const char *tablename,
-+ const void *e,
-+ const struct xt_target *target,
-+ void *targinfo,
-+ unsigned int hook_mask)
++static int
++checkentry(const struct xt_tgchk_param *par)
+{
-+ if (strcmp(tablename, "mangle")) {
-+ printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
++ if (strcmp(par->table, "mangle")) {
++ printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", par->table);
+ return 0;
+ }
+ /* nothing else to check because no parameters */
projects / packages / kernel.git / blobdiff