]>
Commit | Line | Data |
---|---|---|
01bb4d10 AM |
1 | diff -ur linux-5.9/net/ipv4/netfilter.org/Kconfig linux-5.9/net/ipv4/netfilter/Kconfig |
2 | --- linux-5.9/net/ipv4/netfilter.org/Kconfig 2020-10-11 23:15:50.000000000 +0200 | |
3 | +++ linux-5.9/net/ipv4/netfilter/Kconfig 2020-11-03 13:07:22.874511004 +0100 | |
4 | @@ -356,5 +356,15 @@ | |
5 | ||
6 | endif # IP_NF_ARPTABLES | |
2380c486 JR |
7 | |
8 | +config IP_NF_TARGET_IPV4OPTSSTRIP | |
9 | + tristate 'IPV4OPTSSTRIP target support' | |
10 | + depends on IP_NF_MANGLE | |
11 | + help | |
12 | + This option adds an IPV4OPTSSTRIP target. | |
13 | + This target allows you to strip all IP options in a packet. | |
14 | + | |
15 | + If you want to compile it as a module, say M here and read | |
16 | + Documentation/modules.txt. If unsure, say `N'. | |
17 | + | |
18 | endmenu | |
19 | ||
01bb4d10 AM |
20 | diff -ur linux-5.9/net/ipv4/netfilter.org/Makefile linux-5.9/net/ipv4/netfilter/Makefile |
21 | --- linux-5.9/net/ipv4/netfilter.org/Makefile 2020-10-11 23:15:50.000000000 +0200 | |
22 | +++ linux-5.9/net/ipv4/netfilter/Makefile 2020-11-03 13:07:22.874511004 +0100 | |
23 | @@ -48,6 +48,7 @@ | |
92d182d2 | 24 | # targets |
2380c486 JR |
25 | obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o |
26 | obj-$(CONFIG_IP_NF_TARGET_ECN) += ipt_ECN.o | |
2380c486 | 27 | +obj-$(CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP) += ipt_IPV4OPTSSTRIP.o |
7543edb3 AM |
28 | obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o |
29 | obj-$(CONFIG_IP_NF_TARGET_SYNPROXY) += ipt_SYNPROXY.o | |
30 | ||
2380c486 JR |
31 | diff -NurpP --minimal linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c |
32 | --- linux-2.6.21.b/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 1970-01-01 01:00:00.000000000 +0100 | |
33 | +++ linux-2.6.21.a/net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c 2007-05-30 11:18:08.000000000 +0200 | |
3f5e7cb8 | 34 | @@ -0,0 +1,75 @@ |
2380c486 JR |
35 | +/** |
36 | + * Strip all IP options in the IP packet header. | |
37 | + * | |
38 | + * (C) 2001 by Fabrice MARIE <fabrice@netfilter.org> | |
39 | + * This software is distributed under GNU GPL v2, 1991 | |
40 | + */ | |
41 | + | |
42 | +#include <linux/module.h> | |
43 | +#include <linux/skbuff.h> | |
44 | +#include <net/ip.h> | |
45 | +#include <net/checksum.h> | |
46 | +#include <linux/netfilter/x_tables.h> | |
47 | +#include <linux/netfilter_ipv4/ip_tables.h> | |
48 | + | |
49 | +MODULE_AUTHOR("Fabrice MARIE <fabrice@netfilter.org>"); | |
50 | +MODULE_DESCRIPTION("Strip all options in IPv4 packets"); | |
51 | +MODULE_LICENSE("GPL"); | |
52 | + | |
53 | +static unsigned int | |
3f5e7cb8 | 54 | +target(struct sk_buff *skb, const struct xt_action_param *par) |
2380c486 JR |
55 | +{ |
56 | + struct iphdr *iph; | |
57 | + struct ip_options *opt; | |
3f5e7cb8 | 58 | + unsigned char *optiph; |
2380c486 JR |
59 | + int l; |
60 | + | |
eca34b5c | 61 | + if (skb_ensure_writable(skb, skb->len)) |
2380c486 JR |
62 | + return NF_DROP; |
63 | + | |
64 | + iph = ip_hdr(skb); | |
2380c486 JR |
65 | + |
66 | + /* if no options in packet then nothing to clear. */ | |
67 | + if (iph->ihl * 4 == sizeof(struct iphdr)) | |
711f58d2 | 68 | + return XT_CONTINUE; |
2380c486 JR |
69 | + |
70 | + /* else clear all options */ | |
3f5e7cb8 JR |
71 | + optiph = skb_network_header(skb); |
72 | + l = ((struct ip_options *)(&(IPCB(skb)->opt)))->optlen; | |
2380c486 JR |
73 | + memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options)); |
74 | + memset(optiph+sizeof(struct iphdr), IPOPT_NOOP, l); | |
75 | + opt = &(IPCB(skb)->opt); | |
76 | + opt->optlen = l; | |
77 | + | |
3f5e7cb8 | 78 | + return XT_CONTINUE; |
2380c486 JR |
79 | +} |
80 | + | |
3f5e7cb8 JR |
81 | +static int |
82 | +checkentry(const struct xt_tgchk_param *par) | |
2380c486 | 83 | +{ |
3f5e7cb8 JR |
84 | + if (strcmp(par->table, "mangle")) { |
85 | + printk(KERN_WARNING "IPV4OPTSSTRIP: can only be called from \"mangle\" table, not \"%s\"\n", par->table); | |
2380c486 JR |
86 | + return 0; |
87 | + } | |
88 | + /* nothing else to check because no parameters */ | |
89 | + return 1; | |
90 | +} | |
91 | + | |
711f58d2 | 92 | +static struct xt_target ipt_ipv4optsstrip_reg = { |
2380c486 JR |
93 | + .name = "IPV4OPTSSTRIP", |
94 | + .target = target, | |
95 | + .checkentry = checkentry, | |
96 | + .me = THIS_MODULE }; | |
97 | + | |
98 | +static int __init init(void) | |
99 | +{ | |
100 | + return xt_register_target(&ipt_ipv4optsstrip_reg); | |
101 | +} | |
102 | + | |
103 | +static void __exit fini(void) | |
104 | +{ | |
105 | + xt_unregister_target(&ipt_ipv4optsstrip_reg); | |
106 | +} | |
107 | + | |
108 | +module_init(init); | |
109 | +module_exit(fini); |