[packages/iptables.git] / grsecurity-1.2.8-iptables.patch

diff -urN iptables-1.2.8/extensions/Makefile iptables-1.2.8-new/extensions/Makefile
--- iptables-1.2.8/extensions/Makefile	2003-03-05 06:39:31.000000000 -0500
+++ iptables-1.2.8-new/extensions/Makefile	2003-04-23 10:27:41.000000000 -0400
@@ -5,7 +5,7 @@
 # header files are present in the include/linux directory of this iptables
 # package (HW)
 #
-PF_EXT_SLIB:=ah conntrack dscp ecn esp helper icmp iplimit length limit mac mark multiport owner physdev pkttype rpc standard state tcp tcpmss tos ttl udp unclean DNAT DSCP ECN LOG MARK MASQUERADE MIRROR REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TTL ULOG
+PF_EXT_SLIB:=ah conntrack dscp ecn esp helper stealth icmp length limit mac mark multiport owner physdev pkttype rpc standard state tcp tcpmss tos ttl udp unclean DNAT DSCP ECN LOG MARK MASQUERADE MIRROR REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TTL ULOG IMQ
 PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner standard tcp udp HL LOG MARK
 
 # Optionals
diff -urN iptables-1.2.8/extensions/libipt_stealth.c iptables-1.2.8-new/extensions/libipt_stealth.c
--- iptables-1.2.8/extensions/libipt_stealth.c	1969-12-31 19:00:00.000000000 -0500
+++ iptables-1.2.8-new/extensions/libipt_stealth.c	2003-04-23 10:27:06.000000000 -0400
@@ -0,0 +1,64 @@
+/* Shared library add-on to iptables to add stealth support.
+ * Copyright (C) 2002 Brad Spengler  <spender@grsecurity.net>
+ * This netfilter module is licensed under the GNU GPL.
+ */
+
+#include <stdio.h>
+#include <netdb.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <iptables.h>
+
+/* Function which prints out usage message. */
+static void
+help(void)
+{
+	printf("stealth v%s takes no options\n\n", IPTABLES_VERSION);
+}
+
+static struct option opts[] = {
+	{0}
+};
+
+/* Initialize the match. */
+static void
+init(struct ipt_entry_match *m, unsigned int *nfcache)
+{
+	*nfcache |= NFC_UNKNOWN;
+}
+
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+	const struct ipt_entry *entry,
+	unsigned int *nfcache,
+	struct ipt_entry_match **match)
+{
+	return 0;
+}
+
+static void
+final_check(unsigned int flags)
+{
+	return;
+}
+
+static
+struct iptables_match stealth = {
+	NULL,
+	"stealth",
+	IPTABLES_VERSION,
+	IPT_ALIGN(0),
+	IPT_ALIGN(0),
+	&help,
+	&init, 
+	&parse,
+	&final_check,
+	NULL,
+	NULL,
+	opts  
+};
+
+void _init(void)
+{
+	register_match(&stealth);
+}
Commit	Line	Data
81e1b4e9	1	diff -urN iptables-1.2.8/extensions/Makefile iptables-1.2.8-new/extensions/Makefile
	2	--- iptables-1.2.8/extensions/Makefile 2003-03-05 06:39:31.000000000 -0500
	3	+++ iptables-1.2.8-new/extensions/Makefile 2003-04-23 10:27:41.000000000 -0400
	4	@@ -5,7 +5,7 @@
	5	# header files are present in the include/linux directory of this iptables
	6	# package (HW)
	7	#
0ae2de78 JR	8	-PF_EXT_SLIB:=ah conntrack dscp ecn esp helper icmp iplimit length limit mac mark multiport owner physdev pkttype rpc standard state tcp tcpmss tos ttl udp unclean DNAT DSCP ECN LOG MARK MASQUERADE MIRROR REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TTL ULOG
0ae2de78 JR	9	+PF_EXT_SLIB:=ah conntrack dscp ecn esp helper stealth icmp length limit mac mark multiport owner physdev pkttype rpc standard state tcp tcpmss tos ttl udp unclean DNAT DSCP ECN LOG MARK MASQUERADE MIRROR REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TTL ULOG IMQ
81e1b4e9	10	PF6_EXT_SLIB:=eui64 hl icmpv6 length limit mac mark multiport owner standard tcp udp HL LOG MARK
	11
	12	# Optionals
	13	diff -urN iptables-1.2.8/extensions/libipt_stealth.c iptables-1.2.8-new/extensions/libipt_stealth.c
	14	--- iptables-1.2.8/extensions/libipt_stealth.c 1969-12-31 19:00:00.000000000 -0500
	15	+++ iptables-1.2.8-new/extensions/libipt_stealth.c 2003-04-23 10:27:06.000000000 -0400
	16	@@ -0,0 +1,64 @@
	17	+/* Shared library add-on to iptables to add stealth support.
	18	+ * Copyright (C) 2002 Brad Spengler <spender@grsecurity.net>
	19	+ * This netfilter module is licensed under the GNU GPL.
	20	+ */
	21	+
	22	+#include <stdio.h>
	23	+#include <netdb.h>
	24	+#include <stdlib.h>
	25	+#include <getopt.h>
	26	+#include <iptables.h>
	27	+
	28	+/* Function which prints out usage message. */
	29	+static void
	30	+help(void)
	31	+{
	32	+ printf("stealth v%s takes no options\n\n", IPTABLES_VERSION);
	33	+}
	34	+
	35	+static struct option opts[] = {
	36	+ {0}
	37	+};
	38	+
	39	+/* Initialize the match. */
	40	+static void
	41	+init(struct ipt_entry_match m, unsigned int nfcache)
	42	+{
	43	+ *nfcache \|= NFC_UNKNOWN;
	44	+}
	45	+
	46	+static int
	47	+parse(int c, char *argv, int invert, unsigned int flags,
	48	+ const struct ipt_entry *entry,
	49	+ unsigned int *nfcache,
	50	+ struct ipt_entry_match **match)
	51	+{
	52	+ return 0;
	53	+}
	54	+
	55	+static void
	56	+final_check(unsigned int flags)
	57	+{
	58	+ return;
	59	+}
	60	+
	61	+static
	62	+struct iptables_match stealth = {
	63	+ NULL,
	64	+ "stealth",
	65	+ IPTABLES_VERSION,
	66	+ IPT_ALIGN(0),
	67	+ IPT_ALIGN(0),
	68	+ &help,
	69	+ &init,
	70	+ &parse,
	71	+ &final_check,
	72	+ NULL,
	73	+ NULL,
74	+ opts
75	+};
76	+
77	+void _init(void)
78	+{
79	+ register_match(&stealth);
80	+}