SOURCES: grsecurity-1.2.11-iptables.patch (NEW) - stealth module f...

zbyniu zbyniu at pld-linux.org
Fri May 12 21:59:05 CEST 2006 

Author: zbyniu                       Date: Fri May 12 19:59:05 2006 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- stealth module from grsec revival

---- Files affected:
SOURCES:
   grsecurity-1.2.11-iptables.patch (1.7 -> 1.8)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/grsecurity-1.2.11-iptables.patch
diff -u /dev/null SOURCES/grsecurity-1.2.11-iptables.patch:1.8
--- /dev/null	Fri May 12 21:59:05 2006
+++ SOURCES/grsecurity-1.2.11-iptables.patch	Fri May 12 21:59:00 2006
@@ -0,0 +1,74 @@
+diff -urN iptables-1.2.11/extensions/libipt_stealth.c iptables-1.2.11/extensions/libipt_stealth.c
+--- iptables-1.2.11/extensions/libipt_stealth.c	1969-12-31 19:00:00 -0500
++++ iptables-1.2.11/extensions/libipt_stealth.c	2004-07-13 21:14:15 -0400
+@@ -0,0 +1,64 @@
++/* Shared library add-on to iptables to add stealth support.
++ * Copyright (C) 2002 Brad Spengler  <spender at grsecurity.net>
++ * This netfilter module is licensed under the GNU GPL.
++ */
++
++#include <stdio.h>
++#include <netdb.h>
++#include <stdlib.h>
++#include <getopt.h>
++#include <iptables.h>
++
++/* Function which prints out usage message. */
++static void
++help(void)
++{
++	printf("stealth v%s takes no options\n\n", IPTABLES_VERSION);
++}
++
++static struct option opts[] = {
++	{0}
++};
++
++/* Initialize the match. */
++static void
++init(struct ipt_entry_match *m, unsigned int *nfcache)
++{
++	*nfcache |= NFC_UNKNOWN;
++}
++
++static int
++parse(int c, char **argv, int invert, unsigned int *flags,
++	const struct ipt_entry *entry,
++	unsigned int *nfcache,
++	struct ipt_entry_match **match)
++{
++	return 0;
++}
++
++static void
++final_check(unsigned int flags)
++{
++	return;
++}
++
++static
++struct iptables_match stealth = {
++	.next		= NULL,
++	.name		= "stealth",
++	.version	= IPTABLES_VERSION,
++	.size		= IPT_ALIGN(0),
++	.userspacesize	= IPT_ALIGN(0),
++	.help		= &help,
++	.init		= &init, 
++	.parse		= &parse,
++	.final_check	= &final_check,
++	.print		= NULL,
++	.save		= NULL,
++	.extra_opts	= opts
++};
++
++void _init(void)
++{
++	register_match(&stealth);
++}
+diff -urN iptables-1.3.5.org/extensions/.stealth-test iptables-1.3.5/extensions/.stealth-test
+--- iptables-1.3.5.org/extensions/.stealth-test	1970-01-01 01:00:00.000000000 +0100
++++ iptables-1.3.5/extensions/.stealth-test	2006-05-12 20:39:08.730709250 +0200
+@@ -0,0 +1,2 @@
++#!/bin/sh
++[ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_stealth.c ] && echo stealth
================================================================

More information about the pld-cvs-commit mailing list