SOURCES (LINUX_2_6): kernel-2.6.18-layer7-2.7-2.6.19-fix.patch (NE...

Fri Dec 15 03:15:58 CET 2006

Author: mguevara                     Date: Fri Dec 15 02:15:58 2006 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- crude 2.6.19 fix - uses skb_copy to not to cheat with writing to const 
  skbuf struct (which standard layer7 do by not declaring match 1st arg
  as const)
- aka "late night fix may be stup^H^H^H^H^H not optimal"

---- Files affected:
SOURCES:
   kernel-2.6.18-layer7-2.7-2.6.19-fix.patch (NONE -> 1.1.2.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/kernel-2.6.18-layer7-2.7-2.6.19-fix.patch
diff -u /dev/null SOURCES/kernel-2.6.18-layer7-2.7-2.6.19-fix.patch:1.1.2.1

--- /dev/null	Fri Dec 15 03:15:58 2006
+++ SOURCES/kernel-2.6.18-layer7-2.7-2.6.19-fix.patch	Fri Dec 15 03:15:53 2006
@@ -0,0 +1,59 @@
+--- linux-2.6.19/net/ipv4/netfilter/ipt_layer7.c	2006-12-15 02:28:16.000000000 +0100
++++ linux-2.6.19-buildable/net/ipv4/netfilter/ipt_layer7.c	2006-12-15 03:21:05.000000000 +0100
+@@ -24,6 +24,7 @@
+ #include <net/ip.h>
+ #include <net/tcp.h>
+ #include <linux/spinlock.h>
++#include <linux/version.h>
+ 
+ #include "regexp/regexp.c"
+ 
+@@ -329,9 +330,12 @@ static int add_data(struct ip_conntrack 
+ }
+ 
+ /* Returns true on match and false otherwise.  */
+-static int match(/* const */ struct sk_buff *skb,
+-	const struct net_device *in, const struct net_device *out,
+-	const struct xt_match *match, const void *matchinfo,
++static int 
++match(const struct sk_buff *skb1,
++	const struct net_device *in, 
++	const struct net_device *out,
++	const struct xt_match *match, 
++	const void *matchinfo,
+ 	int offset, unsigned int protoff, int *hotdrop)
+ {
+ 	struct ipt_layer7_info * info = (struct ipt_layer7_info *)matchinfo;
+@@ -340,6 +344,12 @@ static int match(/* const */ struct sk_b
+ 	unsigned char * app_data;
+ 	unsigned int pattern_result, appdatalen;
+ 	regexp * comppattern;
++	/* slow */
++	struct sk_buff *skb = skb_copy(skb1, GFP_ATOMIC);
++	/* fast but we break const */
++	/* 
++	struct sk_buff *skb = (struct sk_buff*) skb1;
++	*/
+ 
+ 	if(!can_handle(skb)){
+ 		DPRINTK("layer7: This is some protocol I can't handle.\n");
+@@ -457,13 +467,18 @@ static int match(/* const */ struct sk_b
+ }
+ 
+ static int checkentry(const char *tablename, const void *ip,
+-	const struct xt_match *match, void *matchinfo, unsigned int matchsize,
++	const struct xt_match *match, void *matchinfo, 
++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
++	unsigned int matchsize,
++#endif
+ 	unsigned int hook_mask)
+ {
+ //        struct ipt_layer7_info * info = (struct ipt_layer7_info *)matchinfo;
+ 
++#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
+ 	if (matchsize != IPT_ALIGN(sizeof(struct ipt_layer7_info)))
+ 		return 0;
++#endif
+ 
+ 	return 1;
+ }
================================================================
