ipt_REJECT-fake-source.patch.userspace

   1 --- userspace/extensions/libipt_REJECT.c.original       2002-06-24 13:34:59.000000000 +0800
   2 +++ userspace/extensions/libipt_REJECT.c        2002-06-21 18:16:29.000000000 +0800
   3 @@ -6,6 +6,7 @@
   4  #include <string.h>
   5  #include <stdlib.h>
   6  #include <getopt.h>
   7 +#include <netdb.h>
   8  #include <iptables.h>
   9  #include <linux/netfilter_ipv4/ip_tables.h>
  10  #include <linux/netfilter_ipv4/ipt_REJECT.h>
  11 @@ -52,7 +53,7 @@
  12         printf("\n");
  13  }
  14
  15 -/* Saves the union ipt_targinfo in parsable form to stdout. */
  16 +/* Saves the struct ipt_targinfo in parsable form to stdout. */
  17
  18  /* Function which prints out usage message. */
  19  static void
  20 @@ -62,14 +63,18 @@
  21  "REJECT options:\n"
  22  "--reject-with type              drop input packet and send back\n"
  23  "                                a reply packet according to type:\n");
  24 -
  25         print_reject_types();
  26 +       printf(
  27 +"--fake-source                   fake the source address with the destination\n"
  28 +"                                address of the matched packet (useful for\n"
  29 +"                                port unreachable ICMP message).\n");
  30
  31         printf("(*) See man page or read the INCOMPATIBILITES file for compatibility issues.\n");
  32  }
  33
  34  static struct option opts[] = {
  35         { "reject-with", 1, 0, '1' },
  36 +       { "fake-source", 0, 0, '2' },
  37         { 0 }
  38  };
  39
  40 @@ -79,6 +84,7 @@
  41
  42         /* default */
  43         reject->with = IPT_ICMP_PORT_UNREACHABLE;
  44 +       reject->fake_source_address = 0;  /* by default we don't fake */
  45
  46         /* Can't cache this */
  47         *nfcache |= NFC_UNKNOWN;
  48 @@ -113,6 +119,21 @@
  49                         fprintf(stderr, "--reject-with echo-reply no longer"
  50                                 " supported\n");
  51                 exit_error(PARAMETER_PROBLEM, "unknown reject type `%s'",optarg);
  52 +               if ((reject->fake_source_address != 0) && (reject->with == IPT_TCP_RESET))
  53 +                       exit_error(PARAMETER_PROBLEM,
  54 +                               "Cannot use fake source address with TCP_RESET for REJECT");
  55 +
  56 +               break;
  57 +       case '2':
  58 +               if (invert)
  59 +                       exit_error(PARAMETER_PROBLEM,
  60 +                               "unexpected '!' with --fake-source");
  61 +               if (reject->with == IPT_TCP_RESET)
  62 +                        exit_error(PARAMETER_PROBLEM,
  63 +                                "Cannot use fake source address with TCP_RESET for REJECT");
  64 +               reject->fake_source_address = 1;
  65 +               return 1;
  66 +               break;
  67         default:
  68                 /* Fall through */
  69                 break;
  70 @@ -140,6 +161,8 @@
  71                         break;
  72         }
  73         printf("reject-with %s ", reject_table[i].name);
  74 +       if (reject->fake_source_address != 0)
  75 +                        printf("faked-source ");
  76  }
  77
  78  /* Saves ipt_reject in parsable form to stdout. */
  79 @@ -154,6 +177,8 @@
  80                         break;
  81
  82         printf("--reject-with %s ", reject_table[i].name);
  83 +       if (reject->fake_source_address != 0)
  84 +               printf("--fake-source ");
  85  }
  86
  87  static