[netfilter-cvslog] r4137 - in
trunk/patch-o-matic-ng/patchlets/random: . linux-2.6
linux-2.6/include linux-2.6/include/linux
linux-2.6/include/linux/netfilter_ipv4
linux-2.6/include/linux/netfilter_ipv6 linux-2.6/net
linux-2.6/net/ipv4 linux-2.6/net/ipv4/netfilter
linux-2.6/net/ipv6 linux-2.6/net/ipv6/netfilter
kadlec at netfilter.org
kadlec at netfilter.org
Wed Jul 20 10:47:23 CEST 2005
Author: kadlec at netfilter.org
Date: 2005-07-20 10:47:22 +0200 (Wed, 20 Jul 2005)
New Revision: 4137
Added:
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/include/
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/include/linux/
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/include/linux/netfilter_ipv4/
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/include/linux/netfilter_ipv4/ipt_random.h
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/include/linux/netfilter_ipv6/
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/include/linux/netfilter_ipv6/ip6t_random.h
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv4/
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv4/netfilter/
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv4/netfilter/Kconfig.ladd
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv4/netfilter/Makefile.ladd
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv4/netfilter/ipt_random.c
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv6/
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv6/netfilter/
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv6/netfilter/Kconfig.ladd
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv6/netfilter/Makefile.ladd
trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv6/netfilter/ip6t_random.c
Modified:
trunk/patch-o-matic-ng/patchlets/random/info
Log:
random match ported by Sean Donner to 2.6 added (JK)
Modified: trunk/patch-o-matic-ng/patchlets/random/info
===================================================================
--- trunk/patch-o-matic-ng/patchlets/random/info 2005-07-19 22:03:49 UTC (rev 4136)
+++ trunk/patch-o-matic-ng/patchlets/random/info 2005-07-20 08:47:22 UTC (rev 4137)
@@ -2,4 +2,3 @@
Author: Fabrice MARIE <fabrice at netfilter.org>
Status: Works
Repository: base
-Requires: linux < 2.6.0
Added: trunk/patch-o-matic-ng/patchlets/random/linux-2.6/include/linux/netfilter_ipv4/ipt_random.h
===================================================================
--- trunk/patch-o-matic-ng/patchlets/random/linux-2.6/include/linux/netfilter_ipv4/ipt_random.h 2005-07-19 22:03:49 UTC (rev 4136)
+++ trunk/patch-o-matic-ng/patchlets/random/linux-2.6/include/linux/netfilter_ipv4/ipt_random.h 2005-07-20 08:47:22 UTC (rev 4137)
@@ -0,0 +1,11 @@
+#ifndef _IPT_RAND_H
+#define _IPT_RAND_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+struct ipt_rand_info {
+ u_int8_t average;
+};
+
+#endif /*_IPT_RAND_H*/
Added: trunk/patch-o-matic-ng/patchlets/random/linux-2.6/include/linux/netfilter_ipv6/ip6t_random.h
===================================================================
--- trunk/patch-o-matic-ng/patchlets/random/linux-2.6/include/linux/netfilter_ipv6/ip6t_random.h 2005-07-19 22:03:49 UTC (rev 4136)
+++ trunk/patch-o-matic-ng/patchlets/random/linux-2.6/include/linux/netfilter_ipv6/ip6t_random.h 2005-07-20 08:47:22 UTC (rev 4137)
@@ -0,0 +1,11 @@
+#ifndef _IP6T_RAND_H
+#define _IP6T_RAND_H
+
+#include <linux/param.h>
+#include <linux/types.h>
+
+struct ip6t_rand_info {
+ u_int8_t average;
+};
+
+#endif /*_IP6T_RAND_H*/
Added: trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv4/netfilter/Kconfig.ladd
===================================================================
--- trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv4/netfilter/Kconfig.ladd 2005-07-19 22:03:49 UTC (rev 4136)
+++ trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv4/netfilter/Kconfig.ladd 2005-07-20 08:47:22 UTC (rev 4137)
@@ -0,0 +1,10 @@
+config IP_NF_MATCH_RANDOM
+ tristate 'random match support'
+ depends on IP_NF_IPTABLES
+ help
+ This option adds a `random' match,
+ which allow you to match packets randomly
+ following a given probability.
+
+ If you want to compile it as a module, say M here and read
+ Documentation/modules.txt. If unsure, say `N'.
Added: trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv4/netfilter/Makefile.ladd
===================================================================
--- trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv4/netfilter/Makefile.ladd 2005-07-19 22:03:49 UTC (rev 4136)
+++ trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv4/netfilter/Makefile.ladd 2005-07-20 08:47:22 UTC (rev 4137)
@@ -0,0 +1,3 @@
+obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o
+
+obj-$(CONFIG_IP_NF_MATCH_RANDOM) += ipt_random.o
Added: trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv4/netfilter/ipt_random.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv4/netfilter/ipt_random.c 2005-07-19 22:03:49 UTC (rev 4136)
+++ trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv4/netfilter/ipt_random.c 2005-07-20 08:47:22 UTC (rev 4137)
@@ -0,0 +1,92 @@
+/*
+ This is a module which is used for a "random" match support.
+ This file is distributed under the terms of the GNU General Public
+ License (GPL). Copies of the GPL can be obtained from:
+ ftp://prep.ai.mit.edu/pub/gnu/GPL
+
+ 2001-10-14 Fabrice MARIE <fabrice at netfilter.org> : initial implementation.
+*/
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/ip.h>
+#include <linux/random.h>
+#include <net/tcp.h>
+#include <linux/spinlock.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ipt_random.h>
+
+MODULE_LICENSE("GPL");
+
+static int
+ipt_rand_match(const struct sk_buff *pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *matchinfo,
+ int offset,
+ int *hotdrop)
+{
+ /* Parameters from userspace */
+ const struct ipt_rand_info *info = matchinfo;
+ u_int8_t random_number;
+
+ /* get 1 random number from the kernel random number generation routine */
+ get_random_bytes((void *)(&random_number), 1);
+
+ /* Do we match ? */
+ if (random_number <= info->average)
+ return 1;
+ else
+ return 0;
+}
+
+static int
+ipt_rand_checkentry(const char *tablename,
+ const struct ipt_ip *e,
+ void *matchinfo,
+ unsigned int matchsize,
+ unsigned int hook_mask)
+{
+ /* Parameters from userspace */
+ const struct ipt_rand_info *info = matchinfo;
+
+ if (matchsize != IPT_ALIGN(sizeof(struct ipt_rand_info))) {
+ printk("ipt_random: matchsize %u != %u\n", matchsize,
+ IPT_ALIGN(sizeof(struct ipt_rand_info)));
+ return 0;
+ }
+
+ /* must be 1 <= average % <= 99 */
+ /* 1 x 2.55 = 2 */
+ /* 99 x 2.55 = 252 */
+ if ((info->average < 2) || (info->average > 252)) {
+ printk("ipt_random: invalid average %u\n", info->average);
+ return 0;
+ }
+
+ return 1;
+}
+
+static struct ipt_match ipt_rand_reg = {
+ .name = "random",
+ .match = ipt_rand_match,
+ .checkentry = ipt_rand_checkentry,
+ .me = THIS_MODULE };
+
+static int __init init(void)
+{
+ if (ipt_register_match(&ipt_rand_reg))
+ return -EINVAL;
+
+ printk("ipt_random match loaded\n");
+ return 0;
+}
+
+static void __exit fini(void)
+{
+ ipt_unregister_match(&ipt_rand_reg);
+ printk("ipt_random match unloaded\n");
+}
+
+module_init(init);
+module_exit(fini);
Added: trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv6/netfilter/Kconfig.ladd
===================================================================
--- trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv6/netfilter/Kconfig.ladd 2005-07-19 22:03:49 UTC (rev 4136)
+++ trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv6/netfilter/Kconfig.ladd 2005-07-20 08:47:22 UTC (rev 4137)
@@ -0,0 +1,10 @@
+config IP6_NF_MATCH_RANDOM
+ tristate 'Random match support'
+ depends on IP6_NF_IPTABLES
+ help
+ This option adds a `random' match,
+ which allow you to match packets randomly
+ following a given probability.
+
+ If you want to compile it as a module, say M here and read
+ Documentation/modules.txt. If unsure, say `N'.
Added: trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv6/netfilter/Makefile.ladd
===================================================================
--- trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv6/netfilter/Makefile.ladd 2005-07-19 22:03:49 UTC (rev 4136)
+++ trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv6/netfilter/Makefile.ladd 2005-07-20 08:47:22 UTC (rev 4137)
@@ -0,0 +1,3 @@
+obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o
+
+obj-$(CONFIG_IP6_NF_MATCH_RANDOM) += ip6t_random.o
Added: trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv6/netfilter/ip6t_random.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv6/netfilter/ip6t_random.c 2005-07-19 22:03:49 UTC (rev 4136)
+++ trunk/patch-o-matic-ng/patchlets/random/linux-2.6/net/ipv6/netfilter/ip6t_random.c 2005-07-20 08:47:22 UTC (rev 4137)
@@ -0,0 +1,97 @@
+/*
+ This is a module which is used for a "random" match support.
+ This file is distributed under the terms of the GNU General Public
+ License (GPL). Copies of the GPL can be obtained from:
+ ftp://prep.ai.mit.edu/pub/gnu/GPL
+
+ 2001-10-14 Fabrice MARIE <fabrice at netfilter.org> : initial implementation.
+ 2003-04-30 Maciej Soltysiak <solt at dns.toxicfilms.tv> : IPv6 Port
+*/
+
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/ip.h>
+#include <linux/random.h>
+#include <net/tcp.h>
+#include <linux/spinlock.h>
+#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter_ipv6/ip6t_random.h>
+
+MODULE_LICENSE("GPL");
+
+static int
+ip6t_rand_match(const struct sk_buff *pskb,
+ const struct net_device *in,
+ const struct net_device *out,
+ const void *matchinfo,
+ int offset,
+ const void *hdr,
+ u_int16_t datalen,
+ int *hotdrop)
+{
+ /* Parameters from userspace */
+ const struct ip6t_rand_info *info = matchinfo;
+ u_int8_t random_number;
+
+ /* get 1 random number from the kernel random number generation routine */
+ get_random_bytes((void *)(&random_number), 1);
+
+ /* Do we match ? */
+ if (random_number <= info->average)
+ return 1;
+ else
+ return 0;
+}
+
+static int
+ip6t_rand_checkentry(const char *tablename,
+ const struct ip6t_ip6 *e,
+ void *matchinfo,
+ unsigned int matchsize,
+ unsigned int hook_mask)
+{
+ /* Parameters from userspace */
+ const struct ip6t_rand_info *info = matchinfo;
+
+ if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_rand_info))) {
+ printk("ip6t_random: matchsize %u != %u\n", matchsize,
+ IP6T_ALIGN(sizeof(struct ip6t_rand_info)));
+ return 0;
+ }
+
+ /* must be 1 <= average % <= 99 */
+ /* 1 x 2.55 = 2 */
+ /* 99 x 2.55 = 252 */
+ if ((info->average < 2) || (info->average > 252)) {
+ printk("ip6t_random: invalid average %u\n", info->average);
+ return 0;
+ }
+
+ return 1;
+}
+
+static struct ip6t_match ip6t_rand_reg = {
+ {NULL, NULL},
+ "random",
+ ip6t_rand_match,
+ ip6t_rand_checkentry,
+ NULL,
+ THIS_MODULE };
+
+static int __init init(void)
+{
+ if (ip6t_register_match(&ip6t_rand_reg))
+ return -EINVAL;
+
+ printk("ip6t_random match loaded\n");
+ return 0;
+}
+
+static void __exit fini(void)
+{
+ ip6t_unregister_match(&ip6t_rand_reg);
+ printk("ip6t_random match unloaded\n");
+}
+
+module_init(init);
+module_exit(fini);
More information about the netfilter-cvslog
mailing list