Changeset 10320


Ignore:
Timestamp:
2008-01-30T09:05:47+01:00 (10 years ago)
Author:
juhosg
Message:

[kernel] nefilter: fix chaostables on 2.6.24

Location:
trunk/target/linux/generic-2.6
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/target/linux/generic-2.6/config-2.6.24

    r10298 r10320  
    785785CONFIG_NETFILTER_XT_MATCH_TCPMSS=m 
    786786CONFIG_NETFILTER_XT_MATCH_U32=m 
    787 # CONFIG_NETFILTER_XT_TARGET_CHAOS is not set 
     787CONFIG_NETFILTER_XT_TARGET_CHAOS=m 
    788788CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m 
    789789CONFIG_NETFILTER_XT_TARGET_CONNMARK=m 
  • trunk/target/linux/generic-2.6/patches-2.6.24/170-netfilter_chaostables.patch

    r10291 r10320  
    223223+/* CHAOS functions */ 
    224224+static void xt_chaos_total(const struct xt_chaos_info *info, 
    225 +    struct sk_buff **pskb, const struct net_device *in, 
     225+    struct sk_buff *skb, const struct net_device *in, 
    226226+    const struct net_device *out, unsigned int hooknum) 
    227227+{ 
    228 +       const int protoff = ip_hdrlen(*pskb); 
    229 +       const int offset  = ntohs(ip_hdr(*pskb)->frag_off) & IP_OFFSET; 
     228+       const int protoff = ip_hdrlen(skb); 
     229+       const int offset  = ntohs(ip_hdr(skb)->frag_off) & IP_OFFSET; 
    230230+       const struct xt_target *destiny; 
    231231+       bool hotdrop = false; 
    232232+       int ret; 
    233233+ 
    234 +       ret = xm_tcp->match(*pskb, in, out, xm_tcp, &tcp_params, 
     234+       ret = xm_tcp->match(skb, in, out, xm_tcp, &tcp_params, 
    235235+                           offset, protoff, &hotdrop); 
    236236+       if(!ret || hotdrop || (unsigned int)net_random() > delude_percentage) 
     
    239239+       destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude; 
    240240+#ifdef HAVE_TARGUSERINFO 
    241 +       destiny->target(pskb, in, out, hooknum, destiny, NULL, NULL); 
     241+       destiny->target(skb, in, out, hooknum, destiny, NULL, NULL); 
    242242+#else 
    243 +       destiny->target(pskb, in, out, hooknum, destiny, NULL); 
     243+       destiny->target(skb, in, out, hooknum, destiny, NULL); 
    244244+#endif 
    245245+       return; 
    246246+} 
    247247+ 
    248 +static unsigned int xt_chaos_target(struct sk_buff **pskb, 
     248+static unsigned int xt_chaos_target(struct sk_buff *skb, 
    249249+    const struct net_device *in, const struct net_device *out, 
    250250+    unsigned int hooknum, const struct xt_target *target, const void *targinfo 
     
    266266+       if((unsigned int)net_random() <= reject_percentage) 
    267267+#ifdef HAVE_TARGUSERINFO 
    268 +               return xt_reject->target(pskb, in, out, hooknum, target, 
     268+               return xt_reject->target(skb, in, out, hooknum, target, 
    269269+                      &reject_params, userinfo); 
    270270+#else 
    271 +               return xt_reject->target(pskb, in, out, hooknum, target, 
     271+               return xt_reject->target(skb, in, out, hooknum, target, 
    272272+                      &reject_params); 
    273273+#endif 
    274274+ 
    275275+       /* TARPIT/DELUDE may not be called from the OUTPUT chain */ 
    276 +       if(ip_hdr(*pskb)->protocol == IPPROTO_TCP && 
     276+       if(ip_hdr(skb)->protocol == IPPROTO_TCP && 
    277277+         info->variant != XTCHAOS_NORMAL && hooknum != NF_IP_LOCAL_OUT) 
    278 +               xt_chaos_total(info, pskb, in, out, hooknum); 
     278+               xt_chaos_total(info, skb, in, out, hooknum); 
    279279+ 
    280280+       return NF_DROP; 
     
    588588+               addr_type = RTN_LOCAL; 
    589589+ 
    590 +       if (ip_route_me_harder(&nskb, addr_type)) 
     590+       if (ip_route_me_harder(nskb, addr_type)) 
    591591+               goto free_nskb; 
    592592+ 
     
    615615+} 
    616616+ 
    617 +static unsigned int xt_delude_target(struct sk_buff **pskb, 
     617+static unsigned int xt_delude_target(struct sk_buff *skb, 
    618618+    const struct net_device *in, const struct net_device *out, 
    619619+    unsigned int hooknum, const struct xt_target *target, const void *targinfo 
     
    627627+          This means that the iptables jump stack is now crap.  We 
    628628+          must return an absolute verdict. --RR */ 
    629 +       send_reset(*pskb, hooknum); 
     629+       send_reset(skb, hooknum); 
    630630+       return NF_DROP; 
    631631+} 
     
    887887+               unsigned int n; 
    888888+               n = xt_portscan_full(ctdata->mark & connmark_mask, ctstate, 
    889 +                   in == &loopback_dev, tcph, 
     889+                   (in->flags && IFF_LOOPBACK) == IFF_LOOPBACK, tcph, 
    890890+                   skb->len - protoff - 4 * tcph->doff); 
    891891+ 
Note: See TracChangeset for help on using the changeset viewer.