SOURCES (LINUX_2_6): linux-2.6-nf-osf.patch - snap 20051028 for 2....
cieciwa
cieciwa at pld-linux.org
Fri Oct 28 14:34:03 CEST 2005
Author: cieciwa Date: Fri Oct 28 12:34:03 2005 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- snap 20051028 for 2.6.14.
---- Files affected:
SOURCES:
linux-2.6-nf-osf.patch (1.1.2.1 -> 1.1.2.2)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-nf-osf.patch
diff -u SOURCES/linux-2.6-nf-osf.patch:1.1.2.1 SOURCES/linux-2.6-nf-osf.patch:1.1.2.2
--- SOURCES/linux-2.6-nf-osf.patch:1.1.2.1 Thu Sep 15 10:19:31 2005
+++ SOURCES/linux-2.6-nf-osf.patch Fri Oct 28 14:33:58 2005
@@ -1,12 +1,12 @@
include/linux/netfilter_ipv4/ipt_osf.h | 151 +++++
net/ipv4/netfilter/Kconfig | 22
- net/ipv4/netfilter/Makefile | 3
+ net/ipv4/netfilter/Makefile | 1
net/ipv4/netfilter/ipt_osf.c | 854 +++++++++++++++++++++++++++++++++
- 4 files changed, 1030 insertions(+)
+ 4 files changed, 1028 insertions(+)
-diff -uNr linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ipt_osf.h linux-2.6.13.1/include/linux/netfilter_ipv4/ipt_osf.h
---- linux-2.6.13.1/include.orig/linux/netfilter_ipv4/ipt_osf.h 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.13.1/include/linux/netfilter_ipv4/ipt_osf.h 2005-09-15 10:18:40.315124250 +0200
+diff -Nur --exclude '*.orig' linux-2.6.14.org/include/linux/netfilter_ipv4/ipt_osf.h linux-2.6.14/include/linux/netfilter_ipv4/ipt_osf.h
+--- linux-2.6.14.org/include/linux/netfilter_ipv4/ipt_osf.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/include/linux/netfilter_ipv4/ipt_osf.h 2005-10-28 14:18:20.000000000 +0200
@@ -0,0 +1,151 @@
+/*
+ * ipt_osf.h
@@ -159,9 +159,45 @@
+#endif /* __KERNEL__ */
+
+#endif /* _IPT_OSF_H */
-diff -uNr linux-2.6.13.1/net.orig/ipv4/netfilter/ipt_osf.c linux-2.6.13.1/net/ipv4/netfilter/ipt_osf.c
---- linux-2.6.13.1/net.orig/ipv4/netfilter/ipt_osf.c 1970-01-01 01:00:00.000000000 +0100
-+++ linux-2.6.13.1/net/ipv4/netfilter/ipt_osf.c 2005-09-15 10:18:40.319124500 +0200
+diff -Nur --exclude '*.orig' linux-2.6.14.org/net/ipv4/netfilter/Kconfig linux-2.6.14/net/ipv4/netfilter/Kconfig
+--- linux-2.6.14.org/net/ipv4/netfilter/Kconfig 2005-10-28 02:02:08.000000000 +0200
++++ linux-2.6.14/net/ipv4/netfilter/Kconfig 2005-10-28 14:18:20.000000000 +0200
+@@ -821,5 +821,27 @@
+ Allows altering the ARP packet payload: source and destination
+ hardware and network addresses.
+
++config IP_NF_MATCH_OSF
++ tristate 'OSF match support'
++ depends on IP_NF_IPTABLES
++ help
++
++ The idea of passive OS fingerprint matching exists for quite a long time,
++ but was created as extension fo OpenBSD pf only some weeks ago.
++ Original idea was lurked in some OpenBSD mailing list (thanks
++ grange at open...) and than adopted for Linux netfilter in form of this code.
++
++ Original table was created by Michal Zalewski <lcamtuf at coredump.cx> for
++ his excellent p0f and than changed a bit for more convenience.
++
++ This module compares some data(WS, MSS, options and it's order, ttl,
++ df and others) from first SYN packet (actually from packets with SYN
++ bit set) with hardcoded in fingers[] table ones.
++
++ If you say Y here, try iptables -m osf --help for more information.
++
++ If you want to compile it as a module, say M here and read
++ Documentation/modules.txt. If unsure, say `N'.
++
+ endmenu
+
+diff -Nur --exclude '*.orig' linux-2.6.14.org/net/ipv4/netfilter/Makefile linux-2.6.14/net/ipv4/netfilter/Makefile
+--- linux-2.6.14.org/net/ipv4/netfilter/Makefile 2005-10-28 02:02:08.000000000 +0200
++++ linux-2.6.14/net/ipv4/netfilter/Makefile 2005-10-28 14:18:20.000000000 +0200
+@@ -0,0 +0,1 @@
++obj-$(CONFIG_IP_NF_MATCH_OSF) += ipt_osf.o
+diff -Nur --exclude '*.orig' linux-2.6.14.org/net/ipv4/netfilter/ipt_osf.c linux-2.6.14/net/ipv4/netfilter/ipt_osf.c
+--- linux-2.6.14.org/net/ipv4/netfilter/ipt_osf.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/net/ipv4/netfilter/ipt_osf.c 2005-10-28 14:18:20.000000000 +0200
@@ -0,0 +1,854 @@
+/*
+ * ipt_osf.c
@@ -1017,39 +1053,3 @@
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Evgeniy Polyakov <johnpol at 2ka.mipt.ru>");
+MODULE_DESCRIPTION("Passive OS fingerprint matching.");
-diff -uNr linux-2.6.13.1/net.orig/ipv4/netfilter/Kconfig linux-2.6.13.1/net/ipv4/netfilter/Kconfig
---- linux-2.6.13.1/net.orig/ipv4/netfilter/Kconfig 2005-09-15 10:12:52.000000000 +0200
-+++ linux-2.6.13.1/net/ipv4/netfilter/Kconfig 2005-09-15 10:18:40.323124750 +0200
-@@ -716,5 +716,27 @@
- If you want to compile it as a module, say M here and read
- Documentation/modules.txt. If unsure, say `N'.
-
-+config IP_NF_MATCH_OSF
-+ tristate 'OSF match support'
-+ depends on IP_NF_IPTABLES
-+ help
-+
-+ The idea of passive OS fingerprint matching exists for quite a long time,
-+ but was created as extension fo OpenBSD pf only some weeks ago.
-+ Original idea was lurked in some OpenBSD mailing list (thanks
-+ grange at open...) and than adopted for Linux netfilter in form of this code.
-+
-+ Original table was created by Michal Zalewski <lcamtuf at coredump.cx> for
-+ his excellent p0f and than changed a bit for more convenience.
-+
-+ This module compares some data(WS, MSS, options and it's order, ttl,
-+ df and others) from first SYN packet (actually from packets with SYN
-+ bit set) with hardcoded in fingers[] table ones.
-+
-+ If you say Y here, try iptables -m osf --help for more information.
-+
-+ If you want to compile it as a module, say M here and read
-+ Documentation/modules.txt. If unsure, say `N'.
-+
- endmenu
-
-diff -uNr linux-2.6.13.1/net.orig/ipv4/netfilter/Makefile linux-2.6.13.1/net/ipv4/netfilter/Makefile
---- linux-2.6.13.1/net.orig/ipv4/netfilter/Makefile 2005-09-15 10:12:52.000000000 +0200
-+++ linux-2.6.13.1/net/ipv4/netfilter/Makefile 2005-09-15 10:18:40.327125000 +0200
-@@ -0,0 +0,1 @@
-+obj-$(CONFIG_IP_NF_MATCH_OSF) += ipt_osf.o
================================================================
---- CVS-web:
http://cvs.pld-linux.org/SOURCES/linux-2.6-nf-osf.patch?r1=1.1.2.1&r2=1.1.2.2&f=u
More information about the pld-cvs-commit
mailing list