diff options
Diffstat (limited to 'target/linux/generic-2.4/patches/621-netfilter_random.patch')
-rw-r--r-- | target/linux/generic-2.4/patches/621-netfilter_random.patch | 309 |
1 files changed, 0 insertions, 309 deletions
diff --git a/target/linux/generic-2.4/patches/621-netfilter_random.patch b/target/linux/generic-2.4/patches/621-netfilter_random.patch deleted file mode 100644 index fbc648b1bc..0000000000 --- a/target/linux/generic-2.4/patches/621-netfilter_random.patch +++ /dev/null @@ -1,309 +0,0 @@ ---- a/Documentation/Configure.help -+++ b/Documentation/Configure.help -@@ -2914,6 +2914,15 @@ CONFIG_IP_NF_MATCH_MAC - If you want to compile it as a module, say M here and read - <file:Documentation/modules.txt>. If unsure, say `N'. - -+Random match support -+CONFIG_IP_NF_MATCH_RANDOM -+ This option adds a `random' match, -+ which allow you to match packets randomly -+ following a given probability. -+ -+ If you want to compile it as a module, say M here and read -+ Documentation/modules.txt. If unsure, say `N'. -+ - Netfilter MARK match support - CONFIG_IP_NF_MATCH_MARK - Netfilter mark matching allows you to match packets based on the -@@ -3229,6 +3238,7 @@ CONFIG_IP_NF_MATCH_HELPER - If you want to compile it as a module, say M here and read - Documentation/modules.txt. If unsure, say `Y'. - -+ - TCPMSS match support - CONFIG_IP_NF_MATCH_TCPMSS - This option adds a `tcpmss' match, which allows you to examine the -@@ -3318,6 +3328,14 @@ CONFIG_IP6_NF_MATCH_MAC - If you want to compile it as a module, say M here and read - <file:Documentation/modules.txt>. If unsure, say `N'. - -+CONFIG_IP6_NF_MATCH_RANDOM -+ This option adds a `random' match, -+ which allow you to match packets randomly -+ following a given probability. -+ -+ If you want to compile it as a module, say M here and read -+ Documentation/modules.txt. If unsure, say `N'. -+ - length match support - CONFIG_IP6_NF_MATCH_LENGTH - This option allows you to match the length of a packet against a ---- /dev/null -+++ b/include/linux/netfilter_ipv4/ipt_random.h -@@ -0,0 +1,11 @@ -+#ifndef _IPT_RAND_H -+#define _IPT_RAND_H -+ -+#include <linux/param.h> -+#include <linux/types.h> -+ -+struct ipt_rand_info { -+ u_int8_t average; -+}; -+ -+#endif /*_IPT_RAND_H*/ ---- /dev/null -+++ b/include/linux/netfilter_ipv6/ip6t_random.h -@@ -0,0 +1,11 @@ -+#ifndef _IP6T_RAND_H -+#define _IP6T_RAND_H -+ -+#include <linux/param.h> -+#include <linux/types.h> -+ -+struct ip6t_rand_info { -+ u_int8_t average; -+}; -+ -+#endif /*_IP6T_RAND_H*/ ---- a/net/ipv4/netfilter/Config.in -+++ b/net/ipv4/netfilter/Config.in -@@ -32,6 +32,7 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; - dep_tristate ' netfilter MARK match support' CONFIG_IP_NF_MATCH_MARK $CONFIG_IP_NF_IPTABLES - dep_tristate ' Multiple port match support' CONFIG_IP_NF_MATCH_MULTIPORT $CONFIG_IP_NF_IPTABLES - dep_tristate ' TOS match support' CONFIG_IP_NF_MATCH_TOS $CONFIG_IP_NF_IPTABLES -+ dep_tristate ' random match support' CONFIG_IP_NF_MATCH_RANDOM $CONFIG_IP_NF_IPTABLES - dep_tristate ' condition match support' CONFIG_IP_NF_MATCH_CONDITION $CONFIG_IP_NF_IPTABLES - dep_tristate ' recent match support' CONFIG_IP_NF_MATCH_RECENT $CONFIG_IP_NF_IPTABLES - dep_tristate ' ECN match support' CONFIG_IP_NF_MATCH_ECN $CONFIG_IP_NF_IPTABLES ---- /dev/null -+++ b/net/ipv4/netfilter/ipt_random.c -@@ -0,0 +1,96 @@ -+/* -+ This is a module which is used for a "random" match support. -+ This file is distributed under the terms of the GNU General Public -+ License (GPL). Copies of the GPL can be obtained from: -+ ftp://prep.ai.mit.edu/pub/gnu/GPL -+ -+ 2001-10-14 Fabrice MARIE <fabrice@netfilter.org> : initial implementation. -+*/ -+ -+#include <linux/module.h> -+#include <linux/skbuff.h> -+#include <linux/ip.h> -+#include <linux/random.h> -+#include <net/tcp.h> -+#include <linux/spinlock.h> -+#include <linux/netfilter_ipv4/ip_tables.h> -+#include <linux/netfilter_ipv4/ipt_random.h> -+ -+MODULE_LICENSE("GPL"); -+ -+static int -+ipt_rand_match(const struct sk_buff *pskb, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *matchinfo, -+ int offset, -+ const void *hdr, -+ u_int16_t datalen, -+ int *hotdrop) -+{ -+ /* Parameters from userspace */ -+ const struct ipt_rand_info *info = matchinfo; -+ u_int8_t random_number; -+ -+ /* get 1 random number from the kernel random number generation routine */ -+ get_random_bytes((void *)(&random_number), 1); -+ -+ /* Do we match ? */ -+ if (random_number <= info->average) -+ return 1; -+ else -+ return 0; -+} -+ -+static int -+ipt_rand_checkentry(const char *tablename, -+ const struct ipt_ip *e, -+ void *matchinfo, -+ unsigned int matchsize, -+ unsigned int hook_mask) -+{ -+ /* Parameters from userspace */ -+ const struct ipt_rand_info *info = matchinfo; -+ -+ if (matchsize != IPT_ALIGN(sizeof(struct ipt_rand_info))) { -+ printk("ipt_random: matchsize %u != %u\n", matchsize, -+ IPT_ALIGN(sizeof(struct ipt_rand_info))); -+ return 0; -+ } -+ -+ /* must be 1 <= average % <= 99 */ -+ /* 1 x 2.55 = 2 */ -+ /* 99 x 2.55 = 252 */ -+ if ((info->average < 2) || (info->average > 252)) { -+ printk("ipt_random: invalid average %u\n", info->average); -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static struct ipt_match ipt_rand_reg = { -+ {NULL, NULL}, -+ "random", -+ ipt_rand_match, -+ ipt_rand_checkentry, -+ NULL, -+ THIS_MODULE }; -+ -+static int __init init(void) -+{ -+ if (ipt_register_match(&ipt_rand_reg)) -+ return -EINVAL; -+ -+ printk("ipt_random match loaded\n"); -+ return 0; -+} -+ -+static void __exit fini(void) -+{ -+ ipt_unregister_match(&ipt_rand_reg); -+ printk("ipt_random match unloaded\n"); -+} -+ -+module_init(init); -+module_exit(fini); ---- a/net/ipv4/netfilter/Makefile -+++ b/net/ipv4/netfilter/Makefile -@@ -93,6 +93,8 @@ obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_o - obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o - obj-$(CONFIG_IP_NF_MATCH_CONDITION) += ipt_condition.o - -+obj-$(CONFIG_IP_NF_MATCH_RANDOM) += ipt_random.o -+ - obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o - - obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o ---- a/net/ipv6/netfilter/Config.in -+++ b/net/ipv6/netfilter/Config.in -@@ -19,6 +19,7 @@ if [ "$CONFIG_IP6_NF_IPTABLES" != "n" ]; - dep_tristate ' limit match support' CONFIG_IP6_NF_MATCH_LIMIT $CONFIG_IP6_NF_IPTABLES - dep_tristate ' condition match support' CONFIG_IP6_NF_MATCH_CONDITION $CONFIG_IP6_NF_IPTABLES - dep_tristate ' MAC address match support' CONFIG_IP6_NF_MATCH_MAC $CONFIG_IP6_NF_IPTABLES -+ dep_tristate ' Random match support' CONFIG_IP6_NF_MATCH_RANDOM $CONFIG_IP6_NF_IPTABLES - if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then - dep_tristate ' Routing header match support (EXPERIMENTAL)' CONFIG_IP6_NF_MATCH_RT $CONFIG_IP6_NF_IPTABLES - fi ---- /dev/null -+++ b/net/ipv6/netfilter/ip6t_random.c -@@ -0,0 +1,97 @@ -+/* -+ This is a module which is used for a "random" match support. -+ This file is distributed under the terms of the GNU General Public -+ License (GPL). Copies of the GPL can be obtained from: -+ ftp://prep.ai.mit.edu/pub/gnu/GPL -+ -+ 2001-10-14 Fabrice MARIE <fabrice@netfilter.org> : initial implementation. -+ 2003-04-30 Maciej Soltysiak <solt@dns.toxicfilms.tv> : IPv6 Port -+*/ -+ -+#include <linux/module.h> -+#include <linux/skbuff.h> -+#include <linux/ip.h> -+#include <linux/random.h> -+#include <net/tcp.h> -+#include <linux/spinlock.h> -+#include <linux/netfilter_ipv6/ip6_tables.h> -+#include <linux/netfilter_ipv6/ip6t_random.h> -+ -+MODULE_LICENSE("GPL"); -+ -+static int -+ip6t_rand_match(const struct sk_buff *pskb, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *matchinfo, -+ int offset, -+ const void *hdr, -+ u_int16_t datalen, -+ int *hotdrop) -+{ -+ /* Parameters from userspace */ -+ const struct ip6t_rand_info *info = matchinfo; -+ u_int8_t random_number; -+ -+ /* get 1 random number from the kernel random number generation routine */ -+ get_random_bytes((void *)(&random_number), 1); -+ -+ /* Do we match ? */ -+ if (random_number <= info->average) -+ return 1; -+ else -+ return 0; -+} -+ -+static int -+ip6t_rand_checkentry(const char *tablename, -+ const struct ip6t_ip6 *e, -+ void *matchinfo, -+ unsigned int matchsize, -+ unsigned int hook_mask) -+{ -+ /* Parameters from userspace */ -+ const struct ip6t_rand_info *info = matchinfo; -+ -+ if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_rand_info))) { -+ printk("ip6t_random: matchsize %u != %u\n", matchsize, -+ IP6T_ALIGN(sizeof(struct ip6t_rand_info))); -+ return 0; -+ } -+ -+ /* must be 1 <= average % <= 99 */ -+ /* 1 x 2.55 = 2 */ -+ /* 99 x 2.55 = 252 */ -+ if ((info->average < 2) || (info->average > 252)) { -+ printk("ip6t_random: invalid average %u\n", info->average); -+ return 0; -+ } -+ -+ return 1; -+} -+ -+static struct ip6t_match ip6t_rand_reg = { -+ {NULL, NULL}, -+ "random", -+ ip6t_rand_match, -+ ip6t_rand_checkentry, -+ NULL, -+ THIS_MODULE }; -+ -+static int __init init(void) -+{ -+ if (ip6t_register_match(&ip6t_rand_reg)) -+ return -EINVAL; -+ -+ printk("ip6t_random match loaded\n"); -+ return 0; -+} -+ -+static void __exit fini(void) -+{ -+ ip6t_unregister_match(&ip6t_rand_reg); -+ printk("ip6t_random match unloaded\n"); -+} -+ -+module_init(init); -+module_exit(fini); ---- a/net/ipv6/netfilter/Makefile -+++ b/net/ipv6/netfilter/Makefile -@@ -32,6 +32,7 @@ obj-$(CONFIG_IP6_NF_TARGET_MARK) += ip6t - obj-$(CONFIG_IP6_NF_TARGET_IMQ) += ip6t_IMQ.o - obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o - obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o -+obj-$(CONFIG_IP6_NF_MATCH_RANDOM) += ip6t_random.o - obj-$(CONFIG_IP6_NF_MATCH_HL) += ip6t_hl.o - - include $(TOPDIR)/Rules.make |