aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGabor Juhos <juhosg@openwrt.org>2008-01-30 08:05:47 +0000
committerGabor Juhos <juhosg@openwrt.org>2008-01-30 08:05:47 +0000
commitc142433b4ff385176eb822f850b420ee22f865b6 (patch)
tree5a0c617c4023f72bcd8948a84e810b80cb270b23
parent1f31eee863e33ef0ea2662a8a41cf4ab8eb9bfda (diff)
downloadmaster-187ad058-c142433b4ff385176eb822f850b420ee22f865b6.tar.gz
master-187ad058-c142433b4ff385176eb822f850b420ee22f865b6.tar.bz2
master-187ad058-c142433b4ff385176eb822f850b420ee22f865b6.zip
[kernel] nefilter: fix chaostables on 2.6.24
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@10320 3c298f89-4303-0410-b956-a3cf2f4a3e73
-rw-r--r--target/linux/generic-2.6/config-2.6.242
-rw-r--r--target/linux/generic-2.6/patches-2.6.24/170-netfilter_chaostables.patch30
2 files changed, 16 insertions, 16 deletions
diff --git a/target/linux/generic-2.6/config-2.6.24 b/target/linux/generic-2.6/config-2.6.24
index e2327b16c8..98643377b2 100644
--- a/target/linux/generic-2.6/config-2.6.24
+++ b/target/linux/generic-2.6/config-2.6.24
@@ -784,7 +784,7 @@ CONFIG_NETFILTER_XT_MATCH_STATE=y
CONFIG_NETFILTER_XT_MATCH_STRING=m
CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
CONFIG_NETFILTER_XT_MATCH_U32=m
-# CONFIG_NETFILTER_XT_TARGET_CHAOS is not set
+CONFIG_NETFILTER_XT_TARGET_CHAOS=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
CONFIG_NETFILTER_XT_TARGET_DELUDE=m
diff --git a/target/linux/generic-2.6/patches-2.6.24/170-netfilter_chaostables.patch b/target/linux/generic-2.6/patches-2.6.24/170-netfilter_chaostables.patch
index 50d10581d9..b55aeb1eb3 100644
--- a/target/linux/generic-2.6/patches-2.6.24/170-netfilter_chaostables.patch
+++ b/target/linux/generic-2.6/patches-2.6.24/170-netfilter_chaostables.patch
@@ -222,30 +222,30 @@ Index: linux-2.6.23/net/netfilter/xt_CHAOS.c
+
+/* CHAOS functions */
+static void xt_chaos_total(const struct xt_chaos_info *info,
-+ struct sk_buff **pskb, const struct net_device *in,
++ struct sk_buff *skb, const struct net_device *in,
+ const struct net_device *out, unsigned int hooknum)
+{
-+ const int protoff = ip_hdrlen(*pskb);
-+ const int offset = ntohs(ip_hdr(*pskb)->frag_off) & IP_OFFSET;
++ const int protoff = ip_hdrlen(skb);
++ const int offset = ntohs(ip_hdr(skb)->frag_off) & IP_OFFSET;
+ const struct xt_target *destiny;
+ bool hotdrop = false;
+ int ret;
+
-+ ret = xm_tcp->match(*pskb, in, out, xm_tcp, &tcp_params,
++ ret = xm_tcp->match(skb, in, out, xm_tcp, &tcp_params,
+ offset, protoff, &hotdrop);
+ if(!ret || hotdrop || (unsigned int)net_random() > delude_percentage)
+ return;
+
+ destiny = (info->variant == XTCHAOS_TARPIT) ? xt_tarpit : xt_delude;
+#ifdef HAVE_TARGUSERINFO
-+ destiny->target(pskb, in, out, hooknum, destiny, NULL, NULL);
++ destiny->target(skb, in, out, hooknum, destiny, NULL, NULL);
+#else
-+ destiny->target(pskb, in, out, hooknum, destiny, NULL);
++ destiny->target(skb, in, out, hooknum, destiny, NULL);
+#endif
+ return;
+}
+
-+static unsigned int xt_chaos_target(struct sk_buff **pskb,
++static unsigned int xt_chaos_target(struct sk_buff *skb,
+ const struct net_device *in, const struct net_device *out,
+ unsigned int hooknum, const struct xt_target *target, const void *targinfo
+#ifdef HAVE_TARGUSERINFO
@@ -265,17 +265,17 @@ Index: linux-2.6.23/net/netfilter/xt_CHAOS.c
+
+ if((unsigned int)net_random() <= reject_percentage)
+#ifdef HAVE_TARGUSERINFO
-+ return xt_reject->target(pskb, in, out, hooknum, target,
++ return xt_reject->target(skb, in, out, hooknum, target,
+ &reject_params, userinfo);
+#else
-+ return xt_reject->target(pskb, in, out, hooknum, target,
++ return xt_reject->target(skb, in, out, hooknum, target,
+ &reject_params);
+#endif
+
+ /* TARPIT/DELUDE may not be called from the OUTPUT chain */
-+ if(ip_hdr(*pskb)->protocol == IPPROTO_TCP &&
++ if(ip_hdr(skb)->protocol == IPPROTO_TCP &&
+ info->variant != XTCHAOS_NORMAL && hooknum != NF_IP_LOCAL_OUT)
-+ xt_chaos_total(info, pskb, in, out, hooknum);
++ xt_chaos_total(info, skb, in, out, hooknum);
+
+ return NF_DROP;
+}
@@ -587,7 +587,7 @@ Index: linux-2.6.23/net/netfilter/xt_DELUDE.c
+ )
+ addr_type = RTN_LOCAL;
+
-+ if (ip_route_me_harder(&nskb, addr_type))
++ if (ip_route_me_harder(nskb, addr_type))
+ goto free_nskb;
+
+ nskb->ip_summed = CHECKSUM_NONE;
@@ -614,7 +614,7 @@ Index: linux-2.6.23/net/netfilter/xt_DELUDE.c
+ kfree_skb(nskb);
+}
+
-+static unsigned int xt_delude_target(struct sk_buff **pskb,
++static unsigned int xt_delude_target(struct sk_buff *skb,
+ const struct net_device *in, const struct net_device *out,
+ unsigned int hooknum, const struct xt_target *target, const void *targinfo
+#ifdef HAVE_TARGUSERINFO
@@ -626,7 +626,7 @@ Index: linux-2.6.23/net/netfilter/xt_DELUDE.c
+ /* WARNING: This code causes reentry within iptables.
+ This means that the iptables jump stack is now crap. We
+ must return an absolute verdict. --RR */
-+ send_reset(*pskb, hooknum);
++ send_reset(skb, hooknum);
+ return NF_DROP;
+}
+
@@ -886,7 +886,7 @@ Index: linux-2.6.23/net/netfilter/xt_portscan.c
+ {
+ unsigned int n;
+ n = xt_portscan_full(ctdata->mark & connmark_mask, ctstate,
-+ in == &loopback_dev, tcph,
++ (in->flags && IFF_LOOPBACK) == IFF_LOOPBACK, tcph,
+ skb->len - protoff - 4 * tcph->doff);
+
+ ctdata->mark = (ctdata->mark & ~connmark_mask) | n;