Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
161 lines (156 sloc) 3.9 KB
--- /dev/null 2011-06-01 08:56:13.088011215 +0800
+++ b/net/netfilter/xt_IPID.c 2011-06-01 09:46:42.000000000 +0800
@@ -0,0 +1,97 @@
+/* IPID modification target for IP tables
+ * This software is distributed under the terms of GNU GPL
+ */
+
+
+#include <linux/module.h>
+#include <linux/types.h>
+#include <linux/skbuff.h>
+#include <linux/ip.h>
+#include <net/checksum.h>
+#include <linux/random.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter_ipv4/ipt_IPID.h>
+
+MODULE_AUTHOR("forgotfun<forgotfun@gmail.com>");
+MODULE_DESCRIPTION("IP tables IPID modification module");
+MODULE_LICENSE("GPL");
+
+
+/* 对网卡名进行 hash */
+u_int16_t get_id(const char name []){
+ u_int16_t i=0;
+ u_int16_t o=0;
+ while(name[i] != '\0'){
+ o ^= name[i];
+ i++;
+ }
+ return(o);
+}
+
+static unsigned int
+ipid_tg(struct sk_buff *skb, const struct xt_target_param *par)
+
+{
+ struct iphdr *iph;
+ const struct ipt_IPID_info *info = par->targinfo;
+ static u_int16_t new_ipid[255];
+ u_int16_t id;
+
+ if (!skb_make_writable(skb, skb->len))
+ return NF_DROP;
+
+ iph = ip_hdr(skb);
+
+ id=get_id(par->out->name);
+
+ switch(info->mode){
+ case IP_IPID_PACE:
+ new_ipid[id] += info->ipid;
+ break;
+ case IP_IPID_CHAOTIC:
+ default:
+ get_random_bytes(&(new_ipid[id]),sizeof(new_ipid[id]));
+ }
+ iph->id = htons(new_ipid[id]);
+ iph->check = 0;
+ iph->check = ip_fast_csum((char *)iph,iph->ihl);
+
+ return XT_CONTINUE;
+}
+
+
+static bool ipid_tg_check(const struct xt_tgchk_param *par)
+{
+ if(strcmp(par->table, "mangle") != 0 ){
+ printk(KERN_WARNING "IPID: can only be called from \'mangle\' table, not \'%s\'.\n", par->table);
+ return false;
+ }
+
+ return true;
+
+}
+
+static struct xt_target ipid_tg_reg __read_mostly = {
+ .name = "IPID",
+ .revision = 0,
+ .family = NFPROTO_UNSPEC,
+ .checkentry = ipid_tg_check,
+ .target = ipid_tg,
+ .targetsize = sizeof(struct ipt_IPID_info),
+ .table = "mangle",
+ .me = THIS_MODULE,
+};
+
+
+static int __init ipid_tg_init(void)
+{
+ return xt_register_target(&ipid_tg_reg);
+}
+
+static void __exit ipid_tg_exit(void)
+{
+ xt_unregister_target(&ipid_tg_reg);
+}
+
+module_init(ipid_tg_init);
+module_exit(ipid_tg_exit);
--- /dev/null 2011-05-18 12:43:03.817596999 +0800
+++ b/include/linux/netfilter_ipv4/ipt_IPID.h 2007-09-05 10:31:21.000000000 +0800
@@ -0,0 +1,19 @@
+/* IPID modification module for IP tables */
+
+#ifndef _IPT_IPID_H
+#define _IPT_IPID_H
+
+//#define IP_IPID_PACE 0
+//#define IP_IPID_CHAOTIC 1
+enum {
+ IP_IPID_PACE = 0,
+ IP_IPID_CHAOTIC
+}IP_IPID;
+
+struct ipt_IPID_info {
+ u_int8_t mode;
+ u_int16_t ipid;
+};
+
+
+#endif
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -381,6 +381,22 @@
since you can easily create immortal packets that loop
forever on the network.
+config NETFILTER_XT_TARGET_IPID
+ tristate '"IPID" hoplimit target support'
+ depends on IP_NF_MANGLE || IP6_NF_MANGLE
+ depends on NETFILTER_ADVANCED
+ ---help---
+ This option adds the "IPID" (for IPv6) and "IPID" (for IPv4)
+ targets, which enable the user to change the
+ hoplimit/time-to-live value of the IP header.
+
+ While it is safe to decrement the hoplimit/TTL value, the
+ modules also allow to increment and set the hoplimit value of
+ the header to arbitrary values. This is EXTREMELY DANGEROUS
+ since you can easily create immortal packets that loop
+ forever on the network.
+
+
config NETFILTER_XT_TARGET_LED
tristate '"LED" target support'
depends on LEDS_CLASS && LEDS_TRIGGERS
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -47,6 +47,7 @@
obj-$(CONFIG_NETFILTER_XT_TARGET_CONNSECMARK) += xt_CONNSECMARK.o
obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o
+obj-$(CONFIG_NETFILTER_XT_TARGET_IPID) += xt_IPID.o
obj-$(CONFIG_NETFILTER_XT_TARGET_IMQ) += xt_IMQ.o
obj-$(CONFIG_NETFILTER_XT_TARGET_LED) += xt_LED.o
obj-$(CONFIG_NETFILTER_XT_TARGET_MARK) += xt_MARK.o
You can’t perform that action at this time.