You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
170 lines
4.9 KiB
170 lines
4.9 KiB
diff -uNr linux-2.6.11/net/ipv4/netfilter/Kconfig linux-2.6.11-work/net/ipv4/netfilter/Kconfig
|
|
--- linux-2.6.11/net/ipv4/netfilter/Kconfig 2005-03-12 16:48:12.000000000 +0100
|
|
+++ linux-2.6.11-work/net/ipv4/netfilter/Kconfig 2005-03-09 21:11:14.000000000 +0100
|
|
@@ -99,6 +99,12 @@
|
|
|
|
To compile it as a module, choose M here. If unsure, say Y.
|
|
|
|
+config IP_NF_CT_FLUSH
|
|
+ tristate "Conntrack userspace flush"
|
|
+ depends on IP_NF_CONNTRACK
|
|
+ help
|
|
+ To compile it as a module, choose M here. If unsure, say N.
|
|
+
|
|
config IP_NF_QUEUE
|
|
tristate "Userspace queueing via NETLINK"
|
|
help
|
|
diff -uNr linux-2.6.11/net/ipv4/netfilter/Makefile linux-2.6.11-work/net/ipv4/netfilter/Makefile
|
|
--- linux-2.6.11/net/ipv4/netfilter/Makefile 2005-03-12 16:48:21.000000000 +0100
|
|
+++ linux-2.6.11-work/net/ipv4/netfilter/Makefile 2005-03-09 21:18:03.000000000 +0100
|
|
@@ -88,3 +88,5 @@
|
|
obj-$(CONFIG_IP_NF_ARPFILTER) += arptable_filter.o
|
|
|
|
obj-$(CONFIG_IP_NF_QUEUE) += ip_queue.o
|
|
+
|
|
+obj-$(CONFIG_IP_NF_CT_FLUSH) += ct_flush.o
|
|
diff -uNr linux-2.6.11/net/ipv4/netfilter/ct_flush.c linux-2.6.11-work/net/ipv4/netfilter/ct_flush.c
|
|
--- linux-2.6.11/net/ipv4/netfilter/ct_flush.c 1970-01-01 01:00:00.000000000 +0100
|
|
+++ linux-2.6.11-work/net/ipv4/netfilter/ct_flush.c 2005-03-12 13:56:25.000000000 +0100
|
|
@@ -0,0 +1,118 @@
|
|
+#include <linux/config.h>
|
|
+#include <linux/types.h>
|
|
+#include <linux/ip.h>
|
|
+#include <linux/netfilter.h>
|
|
+#include <linux/netfilter_ipv4.h>
|
|
+#include <linux/module.h>
|
|
+#include <net/checksum.h>
|
|
+#include <net/ip.h>
|
|
+#include <linux/fs.h>
|
|
+#include <linux/miscdevice.h>
|
|
+
|
|
+#include <linux/netfilter_ipv4/ip_conntrack.h>
|
|
+#include <linux/netfilter_ipv4/ip_conntrack_core.h>
|
|
+
|
|
+#include "ct_flush.h"
|
|
+
|
|
+MODULE_LICENSE("GPL");
|
|
+MODULE_AUTHOR("Olaf Rempel <razzor@kopf-tisch.de>");
|
|
+MODULE_DESCRIPTION("connection tracking flush module");
|
|
+
|
|
+//#define DEBUG
|
|
+
|
|
+static int ct_flush_match_real(struct ip_conntrack_tuple *tp, struct search_pattern *pat) {
|
|
+ /* compare proto only if one is given */
|
|
+ if (pat->proto != 0 && tp->dst.protonum != pat->proto)
|
|
+ return 0;
|
|
+
|
|
+ /* compare src-ip */
|
|
+ if ((tp->src.ip ^ pat->src.ip) & pat->src.mask)
|
|
+ return 0;
|
|
+
|
|
+ /* compare dst-ip */
|
|
+ if ((tp->dst.ip ^ pat->dst.ip) & pat->dst.mask)
|
|
+ return 0;
|
|
+
|
|
+ /* check ports only if tcp/udp */
|
|
+ if (pat->proto != IPPROTO_TCP && pat->proto != IPPROTO_UDP)
|
|
+ return 1;
|
|
+
|
|
+ /* compare src-portrange */
|
|
+ if (tp->src.u.all < pat->src.portlo || tp->src.u.all > pat->src.porthi)
|
|
+ return 0;
|
|
+
|
|
+ /* compare dst-portrange */
|
|
+ if (tp->dst.u.all < pat->dst.portlo || tp->dst.u.all > pat->dst.porthi)
|
|
+ return 0;
|
|
+
|
|
+ return 1;
|
|
+}
|
|
+
|
|
+static int ct_flush_match(struct ip_conntrack *ct, void *data) {
|
|
+ if (ct_flush_match_real(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple, data) ||
|
|
+ ct_flush_match_real(&ct->tuplehash[IP_CT_DIR_REPLY].tuple, data)) {
|
|
+ ((struct search_pattern *)data)->count++;
|
|
+ return 1;
|
|
+ }
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static int ct_flush_open(struct inode *inode, struct file *file) {
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static int ct_flush_close(struct inode *inode, struct file *file) {
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static int ct_flush_ioctl(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg) {
|
|
+ struct search_pattern pat;
|
|
+ int ret = 0;
|
|
+
|
|
+ switch (cmd) {
|
|
+ case IOCTL_CT_FLUSH:
|
|
+ if (copy_from_user(&pat, (struct search_pattern *)arg, sizeof(pat)))
|
|
+ return -EFAULT;
|
|
+
|
|
+ ip_ct_iterate_cleanup(ct_flush_match, &pat);
|
|
+#ifdef DEBUG
|
|
+ printk(KERN_DEBUG "ct_flush: proto: %u src: %u.%u.%u.%u/%u.%u.%u.%u %u:%u dst: %u.%u.%u.%u/%u.%u.%u.%u %u:%u found: %u\n",
|
|
+ pat.proto,
|
|
+ NIPQUAD(pat.src.ip), NIPQUAD(pat.src.mask), ntohs(pat.src.portlo), ntohs(pat.src.porthi),
|
|
+ NIPQUAD(pat.dst.ip), NIPQUAD(pat.dst.mask), ntohs(pat.dst.portlo), ntohs(pat.dst.porthi),
|
|
+ pat.count);
|
|
+#endif
|
|
+ if (copy_to_user((void *)arg, &pat, sizeof(pat)))
|
|
+ return -EFAULT;
|
|
+ break;
|
|
+ }
|
|
+ return ret;
|
|
+}
|
|
+
|
|
+static struct file_operations ct_flush_fops =
|
|
+{
|
|
+ .owner = THIS_MODULE,
|
|
+ .llseek = no_llseek,
|
|
+ .ioctl = ct_flush_ioctl,
|
|
+ .open = ct_flush_open,
|
|
+ .release = ct_flush_close,
|
|
+};
|
|
+
|
|
+static struct miscdevice ct_flush_miscdev =
|
|
+{
|
|
+ .minor = CT_FLUSH_MINOR,
|
|
+ .name = "ct_flush",
|
|
+ .fops = &ct_flush_fops,
|
|
+};
|
|
+
|
|
+static int __init init(void) {
|
|
+ misc_register(&ct_flush_miscdev);
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+static void __exit fini(void) {
|
|
+ misc_deregister(&ct_flush_miscdev);
|
|
+}
|
|
+
|
|
+module_init(init);
|
|
+module_exit(fini);
|
|
diff -uNr linux-2.6.11/net/ipv4/netfilter/ct_flush.h linux-2.6.11-work/net/ipv4/netfilter/ct_flush.h
|
|
--- linux-2.6.11/net/ipv4/netfilter/ct_flush.h 1970-01-01 01:00:00.000000000 +0100
|
|
+++ linux-2.6.11-work/net/ipv4/netfilter/ct_flush.h 2005-03-12 14:29:47.000000000 +0100
|
|
@@ -0,0 +1,18 @@
|
|
+#ifndef _IP_CT_FLUSH_H
|
|
+#define _IP_CT_FLUSH_H
|
|
+
|
|
+struct search_pattern {
|
|
+ struct {
|
|
+ u_int32_t ip;
|
|
+ u_int32_t mask;
|
|
+ u_int16_t portlo;
|
|
+ u_int16_t porthi;
|
|
+ } src, dst;
|
|
+ u_int8_t proto;
|
|
+ u_int32_t count;
|
|
+};
|
|
+
|
|
+#define CT_FLUSH_MINOR 243
|
|
+#define IOCTL_CT_FLUSH _IOWR('W', 0, struct search_pattern)
|
|
+
|
|
+#endif
|