| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 Oct 2010 13:46:36 +0200
From: Nicola Padovano <nicola.padovano@...il.com>
To: Jan Engelhardt <jengelh@...ozas.de>
Cc: Eric Dumazet <eric.dumazet@...il.com>,
Stephen Hemminger <shemminger@...tta.com>,
netfilter-devel <netfilter-devel@...r.kernel.org>,
netdev@...r.kernel.org
Subject: Re: checkentry function
On Tue, Oct 5, 2010 at 1:32 PM, Jan Engelhardt <jengelh@...ozas.de> wrote:
> On Tuesday 2010-10-05 13:16, Nicola Padovano wrote:
>>>
>>> Could you read source code of _current_ existing modules , and use
>>> copy/paste ?
>>>
>>> static int hashlimit_mt_check(const struct xt_mtchk_param *par)
>>> {
>>> ...
>>> }
>>
>>as i've written in a previously mail this is the checkentry function
>>that i use in my source code to check if the iptables command line is
>>a right line.
>>
>>[CHECK_ENTRY_CODE]
>>static bool xt_tarpit_check(const char *tablename, const void *entry,
>> const struct xt_target *target, void *targinfo,
>> unsigned int hook_mask)
>>
>>i don't know what "static int hashlimit_mt_check(const struct
>>xt_mtchk_param *par)" is...
>
> It's the proper function header.
>
this is the whole code:
[WHOLE_CODE]
static void function_target(const struct sk_buff *oskb,
struct rtable *ort)
{
...
}
/*
* target function, called everyone the rule is satisfied
* standard behaviour: NF_DROP
*/
static unsigned int xt_tar_target(struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
unsigned int hooknum,
const struct xt_target *target,
const void *targinfo)
{
struct rtable *rt = (void *)skb->_skb_refdst;
function_target(skb,rt);
return NF_DROP;
}
/*
* xt_tarpit_check, it allows only:
* 1. raw table & PRE_ROUTING hook or
* 2. filter table & (LOCAL_IN or FORWARD) hook
*/
static bool xt_function_check(const char *tablename, const void *entry,
const struct xt_target *target, void *targinfo,
unsigned int hook_mask)
{
if (strcmp(tablename, "filter"))
{
printk(KERN_INFO "!=filter %s\n",tablename);
return false;
}
return true;
}
static struct xt_target xt_tar_reg = {
.name = "FUN", /* target name */
.family = AF_INET, /* level 3 protocol */
.proto = IPPROTO_TCP, /* we recognize only tcp protocol */
.target = xt_tar_target, /* pointer to target function */
.checkentry = xt_function_check, /* pointer to check-entry function */
.me = THIS_MODULE,
};
/*
* initing module function
*/
static int __init xt_tar_init(void)
{
return xt_register_target(&xt_tar_reg);
}
/*
* delete module
*/
static void __exit xt_tar_exit(void)
{
xt_unregister_target(&xt_tar_reg);
printk(KERN_INFO "TARPIT> !!!exit!!! \n");
}
module_init(xt_tar_init);
module_exit(xt_tar_exit);
/* information about the module and its author */
MODULE_DESCRIPTION("TARPIT target, info: http://npadovano.altervista.org");
MODULE_AUTHOR("Nicola Padovano <nicola.padovano@...il.com>");
MODULE_LICENSE("GPL");
MODULE_ALIAS("xt_TAR");
[/WHOLE_CODE]
--
Nicola Padovano
e-mail: nicola.padovano@...il.com
web: http://npadovano.altervista.org
"My only ambition is not be anything at all; it seems the most
sensible thing" (C. Bukowski)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists