refresh all package patches in the buildroot using quilt
[openwrt/svn-archive/archive.git] / package / iptables / patches / 008-chaostables.patch
1 Index: iptables-1.3.7/extensions/.CHAOS-test
2 ===================================================================
3 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
4 +++ iptables-1.3.7/extensions/.CHAOS-test 2007-06-04 13:21:44.537205984 +0200
5 @@ -0,0 +1,2 @@
6 +#!/bin/sh
7 +[ -f "$KERNEL_DIR/include/linux/netfilter/xt_CHAOS.h" ] && echo "CHAOS";
8 Index: iptables-1.3.7/extensions/.DELUDE-test
9 ===================================================================
10 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
11 +++ iptables-1.3.7/extensions/.DELUDE-test 2007-06-04 13:21:44.537205984 +0200
12 @@ -0,0 +1,2 @@
13 +#!/bin/sh
14 +echo "DELUDE";
15 Index: iptables-1.3.7/extensions/libipt_CHAOS.c
16 ===================================================================
17 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
18 +++ iptables-1.3.7/extensions/libipt_CHAOS.c 2007-06-04 13:21:44.537205984 +0200
19 @@ -0,0 +1,111 @@
20 +/*
21 + CHAOS target for iptables
22 +
23 + Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007
24 + released under the terms of the GNU General Public
25 + License version 2.x and only versions 2.x.
26 +*/
27 +#include <getopt.h>
28 +#include <stdio.h>
29 +#include <string.h>
30 +
31 +#include <iptables.h>
32 +#include <linux/netfilter_ipv4/ip_tables.h>
33 +#include <linux/netfilter/xt_CHAOS.h>
34 +
35 +static void libipt_chaos_help(void)
36 +{
37 + printf(
38 + "CHAOS target v%s options:\n"
39 + " --delude Enable DELUDE processing for TCP\n"
40 + " --tarpit Enable TARPIT processing for TCP\n",
41 + IPTABLES_VERSION);
42 + return;
43 +}
44 +
45 +static int libipt_chaos_parse(int c, char **argv, int invert,
46 + unsigned int *flags, const struct ipt_entry *entry,
47 + struct ipt_entry_target **target)
48 +{
49 + struct xt_chaos_info *info = (void *)((*target)->data);
50 + switch(c) {
51 + case 'd':
52 + info->variant = XTCHAOS_DELUDE;
53 + *flags |= 0x02;
54 + return 1;
55 + case 't':
56 + info->variant = XTCHAOS_TARPIT;
57 + *flags |= 0x01;
58 + return 1;
59 + }
60 + return 0;
61 +}
62 +
63 +static void libipt_chaos_check(unsigned int flags)
64 +{
65 + if(flags != 0x03)
66 + return;
67 + /* If flags == 0x03, both were specified, which should not be. */
68 + exit_error(PARAMETER_PROBLEM,
69 + "CHAOS: only one of --tarpit or --delude may be specified");
70 + return;
71 +}
72 +
73 +static void libipt_chaos_print(const struct ipt_ip *ip,
74 + const struct ipt_entry_target *target, int numeric)
75 +{
76 + const struct xt_chaos_info *info = (const void *)target->data;
77 + switch(info->variant) {
78 + case XTCHAOS_DELUDE:
79 + printf("DELUDE ");
80 + break;
81 + case XTCHAOS_TARPIT:
82 + printf("TARPIT ");
83 + break;
84 + default:
85 + break;
86 + }
87 + return;
88 +}
89 +
90 +static void libipt_chaos_save(const struct ipt_ip *ip,
91 + const struct ipt_entry_target *target)
92 +{
93 + const struct xt_chaos_info *info = (const void *)target->data;
94 + switch(info->variant) {
95 + case XTCHAOS_DELUDE:
96 + printf("--delude ");
97 + break;
98 + case XTCHAOS_TARPIT:
99 + printf("--tarpit ");
100 + break;
101 + default:
102 + break;
103 + }
104 + return;
105 +}
106 +
107 +static struct option libipt_chaos_opts[] = {
108 + {"delude", 0, NULL, 'd'},
109 + {"tarpit", 0, NULL, 't'},
110 + {NULL},
111 +};
112 +
113 +static struct iptables_target libipt_chaos_info = {
114 + .name = "CHAOS",
115 + .version = IPTABLES_VERSION,
116 + .size = IPT_ALIGN(sizeof(struct xt_chaos_info)),
117 + .userspacesize = IPT_ALIGN(sizeof(struct xt_chaos_info)),
118 + .help = libipt_chaos_help,
119 + .parse = libipt_chaos_parse,
120 + .final_check = libipt_chaos_check,
121 + .print = libipt_chaos_print,
122 + .save = libipt_chaos_save,
123 + .extra_opts = libipt_chaos_opts,
124 +};
125 +
126 +static __attribute__((constructor)) void libipt_chaos_init(void)
127 +{
128 + register_target(&libipt_chaos_info);
129 + return;
130 +}
131 Index: iptables-1.3.7/extensions/libipt_DELUDE.c
132 ===================================================================
133 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
134 +++ iptables-1.3.7/extensions/libipt_DELUDE.c 2007-06-04 13:21:44.537205984 +0200
135 @@ -0,0 +1,66 @@
136 +/*
137 + DELUDE target for iptables
138 +
139 + Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007
140 + released under the terms of the GNU General Public
141 + License version 2.x and only versions 2.x.
142 +*/
143 +#include <getopt.h>
144 +#include <stdio.h>
145 +#include <string.h>
146 +
147 +#include <iptables.h>
148 +#include <linux/netfilter_ipv4/ip_tables.h>
149 +
150 +static void libipt_delude_help(void)
151 +{
152 + printf("DELUDE takes no options\n");
153 + return;
154 +}
155 +
156 +static int libipt_delude_parse(int c, char **argv, int invert,
157 + unsigned int *flags, const struct ipt_entry *entry,
158 + struct ipt_entry_target **target)
159 +{
160 + return 0;
161 +}
162 +
163 +static void libipt_delude_check(unsigned int flags)
164 +{
165 + return;
166 +}
167 +
168 +static void libipt_delude_print(const struct ipt_ip *ip,
169 + const struct ipt_entry_target *target, int numeric)
170 +{
171 + return;
172 +}
173 +
174 +static void libipt_delude_save(const struct ipt_ip *ip,
175 + const struct ipt_entry_target *target)
176 +{
177 + return;
178 +}
179 +
180 +static struct option libipt_delude_opts[] = {
181 + {NULL},
182 +};
183 +
184 +static struct iptables_target libipt_delude_info = {
185 + .name = "DELUDE",
186 + .version = IPTABLES_VERSION,
187 + .size = IPT_ALIGN(0),
188 + .userspacesize = IPT_ALIGN(0),
189 + .help = libipt_delude_help,
190 + .parse = libipt_delude_parse,
191 + .final_check = libipt_delude_check,
192 + .print = libipt_delude_print,
193 + .save = libipt_delude_save,
194 + .extra_opts = libipt_delude_opts,
195 +};
196 +
197 +static __attribute__((constructor)) void libipt_delude_init(void)
198 +{
199 + register_target(&libipt_delude_info);
200 + return;
201 +}
202 Index: iptables-1.3.7/extensions/libipt_portscan.c
203 ===================================================================
204 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
205 +++ iptables-1.3.7/extensions/libipt_portscan.c 2007-06-04 13:21:44.538205832 +0200
206 @@ -0,0 +1,129 @@
207 +/*
208 + portscan match for iptables
209 +
210 + Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007
211 + released under the terms of the GNU General Public
212 + License version 2.x and only versions 2.x.
213 +*/
214 +#include <stdio.h>
215 +#include <string.h>
216 +#include <stdlib.h>
217 +#include <getopt.h>
218 +
219 +#include <iptables.h>
220 +#include <linux/netfilter_ipv4/ip_tables.h>
221 +#include <linux/netfilter/xt_portscan.h>
222 +
223 +static void libipt_portscan_help(void)
224 +{
225 + printf(
226 + "portscan match v%s options:\n"
227 + "(Combining them will make them match by OR-logic)\n"
228 + " --stealth Match TCP Stealth packets\n"
229 + " --synscan Match TCP SYN scans\n"
230 + " --cnscan Match TCP Connect scans\n"
231 + " --grscan Match Banner Grabbing scans\n",
232 + IPTABLES_VERSION);
233 + return;
234 +}
235 +
236 +static void libipt_portscan_mtinit(struct ipt_entry_match *match,
237 + unsigned int *nfcache)
238 +{
239 + /* Cannot cache this */
240 + *nfcache |= NFC_UNKNOWN;
241 + return;
242 +}
243 +
244 +static int libipt_portscan_parse(int c, char **argv, int invert,
245 + unsigned int *flags, const struct ipt_entry *entry, unsigned int *nfc,
246 + struct ipt_entry_match **match)
247 +{
248 + struct xt_portscan_info *info = (void *)((*match)->data);
249 +
250 + switch(c) {
251 + case 'c':
252 + info->match_cn = 1;
253 + return 1;
254 + case 'g':
255 + info->match_gr = 1;
256 + return 1;
257 + case 's':
258 + info->match_syn = 1;
259 + return 1;
260 + case 'x':
261 + info->match_stealth = 1;
262 + return 1;
263 + default:
264 + return 0;
265 + }
266 +}
267 +
268 +static void libipt_portscan_check(unsigned int flags)
269 +{
270 + return;
271 +}
272 +
273 +static void libipt_portscan_print(const struct ipt_ip *ip,
274 + const struct ipt_entry_match *match, int numeric)
275 +{
276 + const struct xt_portscan_info *info = (const void *)(match->data);
277 + const char *s = "";
278 +
279 + printf("portscan ");
280 + if(info->match_stealth) {
281 + printf("STEALTH");
282 + s = ",";
283 + }
284 + if(info->match_syn) {
285 + printf("%sSYNSCAN", s);
286 + s = ",";
287 + }
288 + if(info->match_cn) {
289 + printf("%sCNSCAN", s);
290 + s = ",";
291 + }
292 + if(info->match_gr)
293 + printf("%sGRSCAN", s);
294 + printf(" ");
295 + return;
296 +}
297 +
298 +static void libipt_portscan_save(const struct ipt_ip *ip,
299 + const struct ipt_entry_match *match)
300 +{
301 + const struct xt_portscan_info *info = (const void *)(match->data);
302 + if(info->match_stealth) printf("--stealth ");
303 + if(info->match_syn) printf("--synscan ");
304 + if(info->match_cn) printf("--cnscan ");
305 + if(info->match_gr) printf("--grscan ");
306 + return;
307 +}
308 +
309 +static struct option libipt_portscan_opts[] = {
310 + {"stealth", 0, NULL, 'x'},
311 + {"synscan", 0, NULL, 's'},
312 + {"cnscan", 0, NULL, 'c'},
313 + {"grscan", 0, NULL, 'g'},
314 + {NULL},
315 +};
316 +
317 +static struct iptables_match libipt_portscan_info = {
318 + .name = "portscan",
319 + .version = IPTABLES_VERSION,
320 + .size = IPT_ALIGN(sizeof(struct xt_portscan_info)),
321 + .userspacesize = IPT_ALIGN(sizeof(struct xt_portscan_info)),
322 + .help = libipt_portscan_help,
323 + .init = libipt_portscan_mtinit,
324 + .parse = libipt_portscan_parse,
325 + .final_check = libipt_portscan_check,
326 + .print = libipt_portscan_print,
327 + .save = libipt_portscan_save,
328 + .extra_opts = libipt_portscan_opts,
329 +};
330 +
331 +static __attribute__((constructor)) void libipt_portscan_init(void)
332 +{
333 + register_match(&libipt_portscan_info);
334 + return;
335 +}
336 Index: iptables-1.3.7/extensions/.portscan-test
337 ===================================================================
338 --- /dev/null 1970-01-01 00:00:00.000000000 +0000
339 +++ iptables-1.3.7/extensions/.portscan-test 2007-06-04 13:21:44.538205832 +0200
340 @@ -0,0 +1,2 @@
341 +#!/bin/sh
342 +[ -f "$KERNEL_DIR/include/linux/netfilter/xt_portscan.h" ] && echo "portscan";