anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-08 13:44:56 +02:00
Code Issues Releases Wiki Activity

xt_pknock: support UDPLITE

Browse Source
This commit is contained in:
Jan Engelhardt
2011-08-12 15:42:14 +02:00
parent 5ef3a7c436
commit 04aed87cb6
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
doc/changelog.txt
View File

@@ -4,6 +4,7 @@ HEAD
- xt_CHECKSUM: abort build when the feature is already provided by mainline - xt_CHECKSUM: abort build when the feature is already provided by mainline
- xt_TARPIT: fix kernel warning about RTAX_HOPLIMIT being used - xt_TARPIT: fix kernel warning about RTAX_HOPLIMIT being used
- xt_TEE: abort build when the feature is already provided by mainline - xt_TEE: abort build when the feature is already provided by mainline
- xt_pknock: support UDPLITE
- xt_psd: restore functionality with UDP - xt_psd: restore functionality with UDP
- xt_psd: support UDPLITE - xt_psd: support UDPLITE
- update to ipset 6.8 - update to ipset 6.8

8
extensions/pknock/xt_pknock.c
View File

@@ -881,7 +881,7 @@ update_peer(struct peer *peer, const struct xt_pknock_mtinfo *info,
/* If security is needed. */ /* If security is needed. */
if (info->option & XT_PKNOCK_OPENSECRET ) { if (info->option & XT_PKNOCK_OPENSECRET ) {
if (hdr->proto != IPPROTO_UDP) if (hdr->proto != IPPROTO_UDP && hdr->proto != IPPROTO_UDPLITE)
return false; return false;
if (!pass_security(peer, info, hdr->payload, hdr->payload_len)) if (!pass_security(peer, info, hdr->payload, hdr->payload_len))
@@ -982,6 +982,7 @@ static bool pknock_mt(const struct sk_buff *skb,
break; break;
case IPPROTO_UDP: case IPPROTO_UDP:
case IPPROTO_UDPLITE:
#ifdef PK_CRYPTO #ifdef PK_CRYPTO
hdr_len = (iph->ihl * 4) + sizeof(struct udphdr); hdr_len = (iph->ihl * 4) + sizeof(struct udphdr);
break; break;
@@ -1013,7 +1014,7 @@ static bool pknock_mt(const struct sk_buff *skb,
goto out; goto out;
} }
if (iph->protocol == IPPROTO_UDP) { if (iph->protocol == IPPROTO_UDP || iph->protocol == IPPROTO_UDPLITE) {
hdr.payload = (void *)iph + hdr_len; hdr.payload = (void *)iph + hdr_len;
hdr.payload_len = skb->len - hdr_len; hdr.payload_len = skb->len - hdr_len;
} }
@@ -1022,7 +1023,8 @@ static bool pknock_mt(const struct sk_buff *skb,
if (info->option & XT_PKNOCK_KNOCKPORT) { if (info->option & XT_PKNOCK_KNOCKPORT) {
if ((ret = is_allowed(peer))) { if ((ret = is_allowed(peer))) {
if (info->option & XT_PKNOCK_CLOSESECRET && if (info->option & XT_PKNOCK_CLOSESECRET &&
iph->protocol == IPPROTO_UDP) (iph->protocol == IPPROTO_UDP ||
iph->protocol == IPPROTO_UDPLITE))
{ {
if (is_close_knock(peer, info, hdr.payload, hdr.payload_len)) if (is_close_knock(peer, info, hdr.payload, hdr.payload_len))
{ {