]>
Commit | Line | Data |
---|---|---|
2380c486 JR |
1 | diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/Kconfig linux-2.6.21.a/net/ipv4/netfilter/Kconfig |
2 | --- linux-2.6.21.b/net/ipv4/netfilter/Kconfig 2007-05-30 11:11:52.000000000 +0200 | |
3 | +++ linux-2.6.21.a/net/ipv4/netfilter/Kconfig 2007-05-30 11:18:08.000000000 +0200 | |
4 | @@ -668,5 +668,15 @@ config IP_NF_ARP_MANGLE | |
5 | Allows altering the ARP packet payload: source and destination | |
6 | hardware and network addresses. | |
7 | ||
8 | +config IP_NF_TARGET_IPV4OPTSSTRIP | |
9 | + tristate 'IPV4OPTSSTRIP target support' | |
10 | + depends on IP_NF_MANGLE | |
11 | + help | |
12 | + This option adds an IPV4OPTSSTRIP target. | |
13 | + This target allows you to strip all IP options in a packet. | |
14 | + | |
15 | + If you want to compile it as a module, say M here and read | |
16 | + Documentation/modules.txt. If unsure, say `N'. | |
17 | + | |
18 | endmenu | |
19 | ||
92d182d2 AM |
20 | --- linux-3.4/net/ipv4/netfilter/Makefile~ 2012-05-21 08:42:02.000000000 +0200 |
21 | +++ linux-3.4/net/ipv4/netfilter/Makefile 2012-05-21 08:45:09.247956356 +0200 | |
2380c486 | 22 | @@ -54,6 +54,7 @@ |
92d182d2 | 23 | # targets |
2380c486 JR |
24 | obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o |
25 | obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o | |
2380c486 JR |
26 | +obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o |
27 | obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) += ipt_MASQUERADE.o | |
28 | obj-$(CONFIG_IP_NF_TARGET_NETMAP) += ipt_NETMAP.o | |
29 | obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o | |
30 | diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c | |
31 | --- linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 1970-01-01 01:00:00.000000000 +0100 | |
32 | +++ linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 2007-05-30 11:18:08.000000000 +0200 | |
7c99cdc1 | 33 | @@ -0,0 +1,75 @@ |
2380c486 JR |
34 | +/** |
35 | + * Strip all IP options in the IP packet header. | |
36 | + * | |
37 | + * (C) 2001 by Fabrice MARIE <fabrice@netfilter.org> | |
38 | + * This software is distributed under GNU GPL v2, 1991 | |
39 | + */ | |
40 | + | |
41 | +#include <linux/module.h> | |
42 | +#include <linux/skbuff.h> | |
43 | +#include <net/ip.h> | |
44 | +#include <net/checksum.h> | |
45 | +#include <linux/netfilter/x_tables.h> | |
46 | +#include <linux/netfilter_ipv4/ip_tables.h> | |
47 | + | |
48 | +MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>"); | |
49 | +MODULE_DESCRIPTION("Strip all options in IPv4 packets"); | |
50 | +MODULE_LICENSE("GPL"); | |
51 | + | |
52 | +static unsigned int | |
7c99cdc1 | 53 | +target(struct sk_buff *skb, const struct xt_action_param *par) |
2380c486 JR |
54 | +{ |
55 | + struct iphdr *iph; | |
56 | + struct ip_options *opt; | |
7c99cdc1 | 57 | + unsigned char *optiph; |
2380c486 JR |
58 | + int l; |
59 | + | |
60 | + if (!skb_make_writable(skb, skb->len)) | |
61 | + return NF_DROP; | |
62 | + | |
63 | + iph = ip_hdr(skb); | |
2380c486 JR |
64 | + |
65 | + /* if no options in packet then nothing to clear. */ | |
66 | + if (iph->ihl * 4 == sizeof(struct iphdr)) | |
711f58d2 | 67 | + return XT_CONTINUE; |
2380c486 JR |
68 | + |
69 | + /* else clear all options */ | |
7c99cdc1 JR |
70 | + optiph = skb_network_header(skb); |
71 | + l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen; | |
2380c486 JR |
72 | + memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); |
73 | + memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l); | |
74 | + opt = &(IPCB(skb)->opt); | |
75 | + opt->optlen = l; | |
76 | + | |
711f58d2 | 77 | + return XT_CONTINUE; |
2380c486 JR |
78 | +} |
79 | + | |
7c99cdc1 JR |
80 | +static int |
81 | +checkentry(const struct xt_tgchk_param *par) | |
2380c486 | 82 | +{ |
7c99cdc1 JR |
83 | + if (strcmp(par->table, "mangle")) { |
84 | + printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", par->table); | |
2380c486 JR |
85 | + return 0; |
86 | + } | |
87 | + /* nothing else to check because no parameters */ | |
88 | + return 1; | |
89 | +} | |
90 | + | |
711f58d2 | 91 | +static struct xt_target ipt_ipv4optsstrip_reg = { |
2380c486 JR |
92 | + .name = "IPV4OPTSSTRIP", |
93 | + .target = target, | |
94 | + .checkentry = checkentry, | |
95 | + .me = THIS_MODULE }; | |
96 | + | |
97 | +static int __init init(void) | |
98 | +{ | |
99 | + return xt_register_target(&ipt_ipv4optsstrip_reg); | |
100 | +} | |
101 | + | |
102 | +static void __exit fini(void) | |
103 | +{ | |
104 | + xt_unregister_target(&ipt_ipv4optsstrip_reg); | |
105 | +} | |
106 | + | |
107 | +module_init(init); | |
108 | +module_exit(fini); |