From 277ef7c8af7d7e9a57071aa88888b73cdb337f60 Mon Sep 17 00:00:00 2001 From: nbd Date: Wed, 27 Apr 2005 09:12:05 +0000 Subject: [PATCH] add netfilter TTL module git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@730 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- .../linux/kernel-patches/312-netfilter-TTL | 180 ++++++++++++++++++ package/linux/linux.config | 1 + 2 files changed, 181 insertions(+) create mode 100644 package/linux/kernel-patches/312-netfilter-TTL diff --git a/package/linux/kernel-patches/312-netfilter-TTL b/package/linux/kernel-patches/312-netfilter-TTL new file mode 100644 index 000000000..f630f61e3 --- /dev/null +++ b/package/linux/kernel-patches/312-netfilter-TTL @@ -0,0 +1,180 @@ +diff -urN linux-2.4.30.old/Documentation/Configure.help linux-2.4.30.dev/Documentation/Configure.help +--- linux-2.4.30.old/Documentation/Configure.help 2005-04-27 11:35:46.000000000 +0200 ++++ linux-2.4.30.dev/Documentation/Configure.help 2005-04-27 11:43:49.000000000 +0200 +@@ -3209,6 +3209,15 @@ + If you want to compile it as a module, say M here and read + . If unsure, say `N'. + ++TTL target support ++CONFIG_IP_NF_TARGET_TTL ++ This option adds a `TTL' target, which enables the user to set ++ the TTL value or increment / decrement the TTL value by a given ++ amount. ++ ++ If you want to compile it as a module, say M here and read ++ Documentation/modules.txt. If unsure, say `N'. ++ + ipchains (2.2-style) support + CONFIG_IP_NF_COMPAT_IPCHAINS + This option places ipchains (with masquerading and redirection +diff -urN linux-2.4.30.old/include/linux/netfilter_ipv4/ipt_TTL.h linux-2.4.30.dev/include/linux/netfilter_ipv4/ipt_TTL.h +--- linux-2.4.30.old/include/linux/netfilter_ipv4/ipt_TTL.h 1970-01-01 01:00:00.000000000 +0100 ++++ linux-2.4.30.dev/include/linux/netfilter_ipv4/ipt_TTL.h 2005-04-27 11:43:49.000000000 +0200 +@@ -0,0 +1,21 @@ ++/* TTL modification module for IP tables ++ * (C) 2000 by Harald Welte */ ++ ++#ifndef _IPT_TTL_H ++#define _IPT_TTL_H ++ ++enum { ++ IPT_TTL_SET = 0, ++ IPT_TTL_INC, ++ IPT_TTL_DEC ++}; ++ ++#define IPT_TTL_MAXMODE IPT_TTL_DEC ++ ++struct ipt_TTL_info { ++ u_int8_t mode; ++ u_int8_t ttl; ++}; ++ ++ ++#endif +diff -urN linux-2.4.30.old/net/ipv4/netfilter/Config.in linux-2.4.30.dev/net/ipv4/netfilter/Config.in +--- linux-2.4.30.old/net/ipv4/netfilter/Config.in 2005-04-27 11:35:45.000000000 +0200 ++++ linux-2.4.30.dev/net/ipv4/netfilter/Config.in 2005-04-27 11:43:49.000000000 +0200 +@@ -129,6 +129,7 @@ + dep_tristate ' MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE + fi + dep_tristate ' LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES ++ dep_tristate ' TTL target support' CONFIG_IP_NF_TARGET_TTL $CONFIG_IP_NF_IPTABLES + dep_tristate ' ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES + dep_tristate ' TCPMSS target support' CONFIG_IP_NF_TARGET_TCPMSS $CONFIG_IP_NF_IPTABLES + fi +diff -urN linux-2.4.30.old/net/ipv4/netfilter/ipt_TTL.c linux-2.4.30.dev/net/ipv4/netfilter/ipt_TTL.c +--- linux-2.4.30.old/net/ipv4/netfilter/ipt_TTL.c 1970-01-01 01:00:00.000000000 +0100 ++++ linux-2.4.30.dev/net/ipv4/netfilter/ipt_TTL.c 2005-04-27 11:43:49.000000000 +0200 +@@ -0,0 +1,110 @@ ++/* TTL modification target for IP tables ++ * (C) 2000 by Harald Welte ++ * ++ * Version: $Revision$ ++ * ++ * This software is distributed under the terms of GNU GPL ++ */ ++ ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++MODULE_AUTHOR("Harald Welte "); ++MODULE_DESCRIPTION("IP tables TTL modification module"); ++MODULE_LICENSE("GPL"); ++ ++static unsigned int ipt_ttl_target(struct sk_buff **pskb, unsigned int hooknum, ++ const struct net_device *in, const struct net_device *out, ++ const void *targinfo, void *userinfo) ++{ ++ struct iphdr *iph = (*pskb)->nh.iph; ++ const struct ipt_TTL_info *info = targinfo; ++ u_int16_t diffs[2]; ++ int new_ttl; ++ ++ switch (info->mode) { ++ case IPT_TTL_SET: ++ new_ttl = info->ttl; ++ break; ++ case IPT_TTL_INC: ++ new_ttl = iph->ttl + info->ttl; ++ if (new_ttl > 255) ++ new_ttl = 255; ++ break; ++ case IPT_TTL_DEC: ++ new_ttl = iph->ttl - info->ttl; ++ if (new_ttl < 0) ++ new_ttl = 0; ++ break; ++ default: ++ new_ttl = iph->ttl; ++ break; ++ } ++ ++ if (new_ttl != iph->ttl) { ++ diffs[0] = htons(((unsigned)iph->ttl) << 8) ^ 0xFFFF; ++ iph->ttl = new_ttl; ++ diffs[1] = htons(((unsigned)iph->ttl) << 8); ++ iph->check = csum_fold(csum_partial((char *)diffs, ++ sizeof(diffs), ++ iph->check^0xFFFF)); ++ (*pskb)->nfcache |= NFC_ALTERED; ++ } ++ ++ return IPT_CONTINUE; ++} ++ ++static int ipt_ttl_checkentry(const char *tablename, ++ const struct ipt_entry *e, ++ void *targinfo, ++ unsigned int targinfosize, ++ unsigned int hook_mask) ++{ ++ struct ipt_TTL_info *info = targinfo; ++ ++ if (targinfosize != IPT_ALIGN(sizeof(struct ipt_TTL_info))) { ++ printk(KERN_WARNING "TTL: targinfosize %u != %Zu\n", ++ targinfosize, ++ IPT_ALIGN(sizeof(struct ipt_TTL_info))); ++ return 0; ++ } ++ ++ if (strcmp(tablename, "mangle")) { ++ printk(KERN_WARNING "TTL: can only be called from \"mangle\" table, not \"%s\"\n", tablename); ++ return 0; ++ } ++ ++ if (info->mode > IPT_TTL_MAXMODE) { ++ printk(KERN_WARNING "TTL: invalid or unknown Mode %u\n", ++ info->mode); ++ return 0; ++ } ++ ++ if ((info->mode != IPT_TTL_SET) && (info->ttl == 0)) { ++ printk(KERN_WARNING "TTL: increment/decrement doesn't make sense with value 0\n"); ++ return 0; ++ } ++ ++ return 1; ++} ++ ++static struct ipt_target ipt_TTL = { { NULL, NULL }, "TTL", ++ ipt_ttl_target, ipt_ttl_checkentry, NULL, THIS_MODULE }; ++ ++static int __init init(void) ++{ ++ return ipt_register_target(&ipt_TTL); ++} ++ ++static void __exit fini(void) ++{ ++ ipt_unregister_target(&ipt_TTL); ++} ++ ++module_init(init); ++module_exit(fini); +diff -urN linux-2.4.30.old/net/ipv4/netfilter/Makefile linux-2.4.30.dev/net/ipv4/netfilter/Makefile +--- linux-2.4.30.old/net/ipv4/netfilter/Makefile 2005-04-27 11:35:45.000000000 +0200 ++++ linux-2.4.30.dev/net/ipv4/netfilter/Makefile 2005-04-27 11:43:49.000000000 +0200 +@@ -112,6 +112,7 @@ + obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += ipt_REDIRECT.o + obj-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic.o + obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o ++obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o + obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o + obj-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS.o + diff --git a/package/linux/linux.config b/package/linux/linux.config index abbafc19b..d71a44df3 100644 --- a/package/linux/linux.config +++ b/package/linux/linux.config @@ -399,6 +399,7 @@ CONFIG_IP_NF_TARGET_ECN=m CONFIG_IP_NF_TARGET_DSCP=m CONFIG_IP_NF_TARGET_MARK=y CONFIG_IP_NF_TARGET_LOG=y +CONFIG_IP_NF_TARGET_TTL=m CONFIG_IP_NF_TARGET_ULOG=m CONFIG_IP_NF_TARGET_TCPMSS=y CONFIG_IP_NF_ARPTABLES=m