target/linux/generic-2.4/patches/605-netfilter_TTL.patch

   1 Index: linux-2.4.35.4/Documentation/Configure.help
   2 ===================================================================
   3 --- linux-2.4.35.4.orig/Documentation/Configure.help
   4 +++ linux-2.4.35.4/Documentation/Configure.help
   5 @@ -3209,6 +3209,15 @@ CONFIG_IP_NF_TARGET_LOG
   6    If you want to compile it as a module, say M here and read
   7    <file:Documentation/modules.txt>.  If unsure, say `N'.
   8
   9 +TTL target support
  10 +CONFIG_IP_NF_TARGET_TTL
  11 +  This option adds a `TTL' target, which enables the user to set
  12 +  the TTL value or increment / decrement the TTL value by a given
  13 +  amount.
  14 +
  15 +  If you want to compile it as a module, say M here and read
  16 +  Documentation/modules.txt.  If unsure, say `N'.
  17 +
  18  ipchains (2.2-style) support
  19  CONFIG_IP_NF_COMPAT_IPCHAINS
  20    This option places ipchains (with masquerading and redirection
  21 Index: linux-2.4.35.4/include/linux/netfilter_ipv4/ipt_TTL.h
  22 ===================================================================
  23 --- /dev/null
  24 +++ linux-2.4.35.4/include/linux/netfilter_ipv4/ipt_TTL.h
  25 @@ -0,0 +1,21 @@
  26 +/* TTL modification module for IP tables
  27 + * (C) 2000 by Harald Welte <laforge@gnumonks.org> */
  28 +
  29 +#ifndef _IPT_TTL_H
  30 +#define _IPT_TTL_H
  31 +
  32 +enum {
  33 +       IPT_TTL_SET = 0,
  34 +       IPT_TTL_INC,
  35 +       IPT_TTL_DEC
  36 +};
  37 +
  38 +#define IPT_TTL_MAXMODE        IPT_TTL_DEC
  39 +
  40 +struct ipt_TTL_info {
  41 +       u_int8_t        mode;
  42 +       u_int8_t        ttl;
  43 +};
  44 +
  45 +
  46 +#endif
  47 Index: linux-2.4.35.4/net/ipv4/netfilter/Config.in
  48 ===================================================================
  49 --- linux-2.4.35.4.orig/net/ipv4/netfilter/Config.in
  50 +++ linux-2.4.35.4/net/ipv4/netfilter/Config.in
  51 @@ -125,6 +125,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ];
  52      dep_tristate '    MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE
  53    fi
  54    dep_tristate '  LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES
  55 +  dep_tristate '  TTL target support' CONFIG_IP_NF_TARGET_TTL $CONFIG_IP_NF_IPTABLES
  56    dep_tristate '  ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES
  57    dep_tristate '  TCPMSS target support' CONFIG_IP_NF_TARGET_TCPMSS $CONFIG_IP_NF_IPTABLES
  58  fi
  59 Index: linux-2.4.35.4/net/ipv4/netfilter/ipt_TTL.c
  60 ===================================================================
  61 --- /dev/null
  62 +++ linux-2.4.35.4/net/ipv4/netfilter/ipt_TTL.c
  63 @@ -0,0 +1,110 @@
  64 +/* TTL modification target for IP tables
  65 + * (C) 2000 by Harald Welte <laforge@gnumonks.org>
  66 + *
  67 + * Version: $Revision: 1.1 $
  68 + *
  69 + * This software is distributed under the terms of GNU GPL
  70 + */
  71 +
  72 +#include <linux/module.h>
  73 +#include <linux/skbuff.h>
  74 +#include <linux/ip.h>
  75 +#include <net/checksum.h>
  76 +
  77 +#include <linux/netfilter_ipv4/ip_tables.h>
  78 +#include <linux/netfilter_ipv4/ipt_TTL.h>
  79 +
  80 +MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>");
  81 +MODULE_DESCRIPTION("IP tables TTL modification module");
  82 +MODULE_LICENSE("GPL");
  83 +
  84 +static unsigned int ipt_ttl_target(struct sk_buff **pskb, unsigned int hooknum,
  85 +               const struct net_device *in, const struct net_device *out,
  86 +               const void *targinfo, void *userinfo)
  87 +{
  88 +       struct iphdr *iph = (*pskb)->nh.iph;
  89 +       const struct ipt_TTL_info *info = targinfo;
  90 +       u_int16_t diffs[2];
  91 +       int new_ttl;
  92 +
  93 +       switch (info->mode) {
  94 +               case IPT_TTL_SET:
  95 +                       new_ttl = info->ttl;
  96 +                       break;
  97 +               case IPT_TTL_INC:
  98 +                       new_ttl = iph->ttl + info->ttl;
  99 +                       if (new_ttl > 255)
 100 +                               new_ttl = 255;
 101 +                       break;
 102 +               case IPT_TTL_DEC:
 103 +                       new_ttl = iph->ttl - info->ttl;
 104 +                       if (new_ttl < 0)
 105 +                               new_ttl = 0;
 106 +                       break;
 107 +               default:
 108 +                       new_ttl = iph->ttl;
 109 +                       break;
 110 +       }
 111 +
 112 +       if (new_ttl != iph->ttl) {
 113 +               diffs[0] = htons(((unsigned)iph->ttl) << 8) ^ 0xFFFF;
 114 +               iph->ttl = new_ttl;
 115 +               diffs[1] = htons(((unsigned)iph->ttl) << 8);
 116 +               iph->check = csum_fold(csum_partial((char *)diffs,
 117 +                                                   sizeof(diffs),
 118 +                                                   iph->check^0xFFFF));
 119 +                                                                                               (*pskb)->nfcache |= NFC_ALTERED;
 120 +       }
 121 +
 122 +       return IPT_CONTINUE;
 123 +}
 124 +
 125 +static int ipt_ttl_checkentry(const char *tablename,
 126 +               const struct ipt_entry *e,
 127 +               void *targinfo,
 128 +               unsigned int targinfosize,
 129 +               unsigned int hook_mask)
 130 +{
 131 +       struct ipt_TTL_info *info = targinfo;
 132 +
 133 +       if (targinfosize != IPT_ALIGN(sizeof(struct ipt_TTL_info))) {
 134 +               printk(KERN_WARNING "TTL: targinfosize %u != %Zu\n",
 135 +                               targinfosize,
 136 +                               IPT_ALIGN(sizeof(struct ipt_TTL_info)));
 137 +               return 0;
 138 +       }
 139 +
 140 +       if (strcmp(tablename, "mangle")) {
 141 +               printk(KERN_WARNING "TTL: can only be called from \"mangle\" table, not \"%s\"\n", tablename);
 142 +               return 0;
 143 +       }
 144 +
 145 +       if (info->mode > IPT_TTL_MAXMODE) {
 146 +               printk(KERN_WARNING "TTL: invalid or unknown Mode %u\n",
 147 +                       info->mode);
 148 +               return 0;
 149 +       }
 150 +
 151 +       if ((info->mode != IPT_TTL_SET) && (info->ttl == 0)) {
 152 +               printk(KERN_WARNING "TTL: increment/decrement doesn't make sense with value 0\n");
 153 +               return 0;
 154 +       }
 155 +
 156 +       return 1;
 157 +}
 158 +
 159 +static struct ipt_target ipt_TTL = { { NULL, NULL }, "TTL",
 160 +       ipt_ttl_target, ipt_ttl_checkentry, NULL, THIS_MODULE };
 161 +
 162 +static int __init init(void)
 163 +{
 164 +       return ipt_register_target(&ipt_TTL);
 165 +}
 166 +
 167 +static void __exit fini(void)
 168 +{
 169 +       ipt_unregister_target(&ipt_TTL);
 170 +}
 171 +
 172 +module_init(init);
 173 +module_exit(fini);
 174 Index: linux-2.4.35.4/net/ipv4/netfilter/Makefile
 175 ===================================================================
 176 --- linux-2.4.35.4.orig/net/ipv4/netfilter/Makefile
 177 +++ linux-2.4.35.4/net/ipv4/netfilter/Makefile
 178 @@ -109,6 +109,7 @@ obj-$(CONFIG_IP_NF_TARGET_MASQUERADE) +=
 179  obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o
 180  obj-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic.o
 181  obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o
 182 +obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
 183  obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
 184  obj-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS.o
 185