summaryrefslogtreecommitdiff
path: root/package/iptables/patches/008-chaostables.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/iptables/patches/008-chaostables.patch')
-rw-r--r--package/iptables/patches/008-chaostables.patch342
1 files changed, 0 insertions, 342 deletions
diff --git a/package/iptables/patches/008-chaostables.patch b/package/iptables/patches/008-chaostables.patch
deleted file mode 100644
index 60b0779..0000000
--- a/package/iptables/patches/008-chaostables.patch
+++ /dev/null
@@ -1,342 +0,0 @@
-Index: iptables-1.3.8/extensions/.CHAOS-test
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ iptables-1.3.8/extensions/.CHAOS-test 2007-07-31 15:27:57.000000000 -0500
-@@ -0,0 +1,2 @@
-+#!/bin/sh
-+[ -f "$KERNEL_DIR/include/linux/netfilter/xt_CHAOS.h" ] && echo "CHAOS";
-Index: iptables-1.3.8/extensions/.DELUDE-test
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ iptables-1.3.8/extensions/.DELUDE-test 2007-07-31 15:27:57.000000000 -0500
-@@ -0,0 +1,2 @@
-+#!/bin/sh
-+echo "DELUDE";
-Index: iptables-1.3.8/extensions/libipt_CHAOS.c
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ iptables-1.3.8/extensions/libipt_CHAOS.c 2007-07-31 15:27:57.000000000 -0500
-@@ -0,0 +1,111 @@
-+/*
-+ CHAOS target for iptables
-+
-+ Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007
-+ released under the terms of the GNU General Public
-+ License version 2.x and only versions 2.x.
-+*/
-+#include <getopt.h>
-+#include <stdio.h>
-+#include <string.h>
-+
-+#include <iptables.h>
-+#include <linux/netfilter_ipv4/ip_tables.h>
-+#include <linux/netfilter/xt_CHAOS.h>
-+
-+static void libipt_chaos_help(void)
-+{
-+ printf(
-+ "CHAOS target v%s options:\n"
-+ " --delude Enable DELUDE processing for TCP\n"
-+ " --tarpit Enable TARPIT processing for TCP\n",
-+ IPTABLES_VERSION);
-+ return;
-+}
-+
-+static int libipt_chaos_parse(int c, char **argv, int invert,
-+ unsigned int *flags, const struct ipt_entry *entry,
-+ struct ipt_entry_target **target)
-+{
-+ struct xt_chaos_info *info = (void *)((*target)->data);
-+ switch(c) {
-+ case 'd':
-+ info->variant = XTCHAOS_DELUDE;
-+ *flags |= 0x02;
-+ return 1;
-+ case 't':
-+ info->variant = XTCHAOS_TARPIT;
-+ *flags |= 0x01;
-+ return 1;
-+ }
-+ return 0;
-+}
-+
-+static void libipt_chaos_check(unsigned int flags)
-+{
-+ if(flags != 0x03)
-+ return;
-+ /* If flags == 0x03, both were specified, which should not be. */
-+ exit_error(PARAMETER_PROBLEM,
-+ "CHAOS: only one of --tarpit or --delude may be specified");
-+ return;
-+}
-+
-+static void libipt_chaos_print(const struct ipt_ip *ip,
-+ const struct ipt_entry_target *target, int numeric)
-+{
-+ const struct xt_chaos_info *info = (const void *)target->data;
-+ switch(info->variant) {
-+ case XTCHAOS_DELUDE:
-+ printf("DELUDE ");
-+ break;
-+ case XTCHAOS_TARPIT:
-+ printf("TARPIT ");
-+ break;
-+ default:
-+ break;
-+ }
-+ return;
-+}
-+
-+static void libipt_chaos_save(const struct ipt_ip *ip,
-+ const struct ipt_entry_target *target)
-+{
-+ const struct xt_chaos_info *info = (const void *)target->data;
-+ switch(info->variant) {
-+ case XTCHAOS_DELUDE:
-+ printf("--delude ");
-+ break;
-+ case XTCHAOS_TARPIT:
-+ printf("--tarpit ");
-+ break;
-+ default:
-+ break;
-+ }
-+ return;
-+}
-+
-+static struct option libipt_chaos_opts[] = {
-+ {"delude", 0, NULL, 'd'},
-+ {"tarpit", 0, NULL, 't'},
-+ {NULL},
-+};
-+
-+static struct iptables_target libipt_chaos_info = {
-+ .name = "CHAOS",
-+ .version = IPTABLES_VERSION,
-+ .size = IPT_ALIGN(sizeof(struct xt_chaos_info)),
-+ .userspacesize = IPT_ALIGN(sizeof(struct xt_chaos_info)),
-+ .help = libipt_chaos_help,
-+ .parse = libipt_chaos_parse,
-+ .final_check = libipt_chaos_check,
-+ .print = libipt_chaos_print,
-+ .save = libipt_chaos_save,
-+ .extra_opts = libipt_chaos_opts,
-+};
-+
-+static __attribute__((constructor)) void libipt_chaos_init(void)
-+{
-+ register_target(&libipt_chaos_info);
-+ return;
-+}
-Index: iptables-1.3.8/extensions/libipt_DELUDE.c
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ iptables-1.3.8/extensions/libipt_DELUDE.c 2007-07-31 15:27:57.000000000 -0500
-@@ -0,0 +1,66 @@
-+/*
-+ DELUDE target for iptables
-+
-+ Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007
-+ released under the terms of the GNU General Public
-+ License version 2.x and only versions 2.x.
-+*/
-+#include <getopt.h>
-+#include <stdio.h>
-+#include <string.h>
-+
-+#include <iptables.h>
-+#include <linux/netfilter_ipv4/ip_tables.h>
-+
-+static void libipt_delude_help(void)
-+{
-+ printf("DELUDE takes no options\n");
-+ return;
-+}
-+
-+static int libipt_delude_parse(int c, char **argv, int invert,
-+ unsigned int *flags, const struct ipt_entry *entry,
-+ struct ipt_entry_target **target)
-+{
-+ return 0;
-+}
-+
-+static void libipt_delude_check(unsigned int flags)
-+{
-+ return;
-+}
-+
-+static void libipt_delude_print(const struct ipt_ip *ip,
-+ const struct ipt_entry_target *target, int numeric)
-+{
-+ return;
-+}
-+
-+static void libipt_delude_save(const struct ipt_ip *ip,
-+ const struct ipt_entry_target *target)
-+{
-+ return;
-+}
-+
-+static struct option libipt_delude_opts[] = {
-+ {NULL},
-+};
-+
-+static struct iptables_target libipt_delude_info = {
-+ .name = "DELUDE",
-+ .version = IPTABLES_VERSION,
-+ .size = IPT_ALIGN(0),
-+ .userspacesize = IPT_ALIGN(0),
-+ .help = libipt_delude_help,
-+ .parse = libipt_delude_parse,
-+ .final_check = libipt_delude_check,
-+ .print = libipt_delude_print,
-+ .save = libipt_delude_save,
-+ .extra_opts = libipt_delude_opts,
-+};
-+
-+static __attribute__((constructor)) void libipt_delude_init(void)
-+{
-+ register_target(&libipt_delude_info);
-+ return;
-+}
-Index: iptables-1.3.8/extensions/libipt_portscan.c
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ iptables-1.3.8/extensions/libipt_portscan.c 2007-07-31 15:27:57.000000000 -0500
-@@ -0,0 +1,129 @@
-+/*
-+ portscan match for iptables
-+
-+ Copyright © Jan Engelhardt <jengelh [at] gmx de>, 2006 - 2007
-+ released under the terms of the GNU General Public
-+ License version 2.x and only versions 2.x.
-+*/
-+#include <stdio.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <getopt.h>
-+
-+#include <iptables.h>
-+#include <linux/netfilter_ipv4/ip_tables.h>
-+#include <linux/netfilter/xt_portscan.h>
-+
-+static void libipt_portscan_help(void)
-+{
-+ printf(
-+ "portscan match v%s options:\n"
-+ "(Combining them will make them match by OR-logic)\n"
-+ " --stealth Match TCP Stealth packets\n"
-+ " --synscan Match TCP SYN scans\n"
-+ " --cnscan Match TCP Connect scans\n"
-+ " --grscan Match Banner Grabbing scans\n",
-+ IPTABLES_VERSION);
-+ return;
-+}
-+
-+static void libipt_portscan_mtinit(struct ipt_entry_match *match,
-+ unsigned int *nfcache)
-+{
-+ /* Cannot cache this */
-+ *nfcache |= NFC_UNKNOWN;
-+ return;
-+}
-+
-+static int libipt_portscan_parse(int c, char **argv, int invert,
-+ unsigned int *flags, const struct ipt_entry *entry, unsigned int *nfc,
-+ struct ipt_entry_match **match)
-+{
-+ struct xt_portscan_info *info = (void *)((*match)->data);
-+
-+ switch(c) {
-+ case 'c':
-+ info->match_cn = 1;
-+ return 1;
-+ case 'g':
-+ info->match_gr = 1;
-+ return 1;
-+ case 's':
-+ info->match_syn = 1;
-+ return 1;
-+ case 'x':
-+ info->match_stealth = 1;
-+ return 1;
-+ default:
-+ return 0;
-+ }
-+}
-+
-+static void libipt_portscan_check(unsigned int flags)
-+{
-+ return;
-+}
-+
-+static void libipt_portscan_print(const struct ipt_ip *ip,
-+ const struct ipt_entry_match *match, int numeric)
-+{
-+ const struct xt_portscan_info *info = (const void *)(match->data);
-+ const char *s = "";
-+
-+ printf("portscan ");
-+ if(info->match_stealth) {
-+ printf("STEALTH");
-+ s = ",";
-+ }
-+ if(info->match_syn) {
-+ printf("%sSYNSCAN", s);
-+ s = ",";
-+ }
-+ if(info->match_cn) {
-+ printf("%sCNSCAN", s);
-+ s = ",";
-+ }
-+ if(info->match_gr)
-+ printf("%sGRSCAN", s);
-+ printf(" ");
-+ return;
-+}
-+
-+static void libipt_portscan_save(const struct ipt_ip *ip,
-+ const struct ipt_entry_match *match)
-+{
-+ const struct xt_portscan_info *info = (const void *)(match->data);
-+ if(info->match_stealth) printf("--stealth ");
-+ if(info->match_syn) printf("--synscan ");
-+ if(info->match_cn) printf("--cnscan ");
-+ if(info->match_gr) printf("--grscan ");
-+ return;
-+}
-+
-+static struct option libipt_portscan_opts[] = {
-+ {"stealth", 0, NULL, 'x'},
-+ {"synscan", 0, NULL, 's'},
-+ {"cnscan", 0, NULL, 'c'},
-+ {"grscan", 0, NULL, 'g'},
-+ {NULL},
-+};
-+
-+static struct iptables_match libipt_portscan_info = {
-+ .name = "portscan",
-+ .version = IPTABLES_VERSION,
-+ .size = IPT_ALIGN(sizeof(struct xt_portscan_info)),
-+ .userspacesize = IPT_ALIGN(sizeof(struct xt_portscan_info)),
-+ .help = libipt_portscan_help,
-+ .init = libipt_portscan_mtinit,
-+ .parse = libipt_portscan_parse,
-+ .final_check = libipt_portscan_check,
-+ .print = libipt_portscan_print,
-+ .save = libipt_portscan_save,
-+ .extra_opts = libipt_portscan_opts,
-+};
-+
-+static __attribute__((constructor)) void libipt_portscan_init(void)
-+{
-+ register_match(&libipt_portscan_info);
-+ return;
-+}
-Index: iptables-1.3.8/extensions/.portscan-test
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ iptables-1.3.8/extensions/.portscan-test 2007-07-31 15:27:57.000000000 -0500
-@@ -0,0 +1,2 @@
-+#!/bin/sh
-+[ -f "$KERNEL_DIR/include/linux/netfilter/xt_portscan.h" ] && echo "portscan";