From e3988b50b50ed669a094ab51db46fff3ca0286a8 Mon Sep 17 00:00:00 2001
From: Jan Engelhardt <jengelh@medozas.de>
Date: Wed, 25 Mar 2009 19:29:45 +0100
Subject: [PATCH] Add the "STEAL" target from the "demos" branch

---
 doc/changelog.txt          |  1 +
 extensions/Kbuild          |  1 +
 extensions/Mbuild          |  1 +
 extensions/libxt_STEAL.c   | 33 +++++++++++++++++++
 extensions/libxt_STEAL.man |  2 ++
 extensions/xt_STEAL.c      | 66 ++++++++++++++++++++++++++++++++++++++
 mconfig                    |  1 +
 7 files changed, 105 insertions(+)
 create mode 100644 extensions/libxt_STEAL.c
 create mode 100644 extensions/libxt_STEAL.man
 create mode 100644 extensions/xt_STEAL.c

diff --git a/doc/changelog.txt b/doc/changelog.txt
index c447534..572f555 100644
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -2,6 +2,7 @@
 
 - fuzzy: need to account for kernel-level modified variables in .userspacesize
 - geoip: remove XT_ALIGN from .userspacesize when used with offsetof
+- add "STEAL" target
 
 
 Xtables-addons 1.13 (March 23 2009)
diff --git a/extensions/Kbuild b/extensions/Kbuild
index b50308a..bb71204 100644
--- a/extensions/Kbuild
+++ b/extensions/Kbuild
@@ -12,6 +12,7 @@ obj-${build_ECHO}        += xt_ECHO.o
 obj-${build_IPMARK}      += xt_IPMARK.o
 obj-${build_LOGMARK}     += xt_LOGMARK.o
 obj-${build_SYSRQ}       += xt_SYSRQ.o
+obj-${build_STEAL}       += xt_STEAL.o
 obj-${build_TARPIT}      += xt_TARPIT.o
 obj-${build_TEE}         += xt_TEE.o
 obj-${build_condition}   += xt_condition.o
diff --git a/extensions/Mbuild b/extensions/Mbuild
index feaca7b..35c2ca8 100644
--- a/extensions/Mbuild
+++ b/extensions/Mbuild
@@ -4,6 +4,7 @@ obj-${build_DHCPADDR}    += libxt_DHCPADDR.so libxt_dhcpaddr.so
 obj-${build_ECHO}        += libxt_ECHO.so
 obj-${build_IPMARK}      += libxt_IPMARK.so
 obj-${build_LOGMARK}     += libxt_LOGMARK.so
+obj-${build_STEAL}       += libxt_STEAL.so
 obj-${build_SYSRQ}       += libxt_SYSRQ.so
 obj-${build_TARPIT}      += libxt_TARPIT.so
 obj-${build_TEE}         += libxt_TEE.so
diff --git a/extensions/libxt_STEAL.c b/extensions/libxt_STEAL.c
new file mode 100644
index 0000000..2b399ed
--- /dev/null
+++ b/extensions/libxt_STEAL.c
@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include <xtables.h>
+
+static void steal_tg_help(void)
+{
+	printf("STEAL takes no options\n\n");
+}
+
+static int steal_tg_parse(int c, char **argv, int invert, unsigned int *flags,
+                          const void *entry, struct xt_entry_target **target)
+{
+	return 0;
+}
+
+static void steal_tg_check(unsigned int flags)
+{
+}
+
+static struct xtables_target steal_tg_reg = {
+	.version       = XTABLES_VERSION,
+	.name          = "STEAL",
+	.family        = AF_INET,
+	.size          = XT_ALIGN(0),
+	.userspacesize = XT_ALIGN(0),
+	.help          = steal_tg_help,
+	.parse         = steal_tg_parse,
+	.final_check   = steal_tg_check,
+};
+
+static void _init(void)
+{
+	xtables_register_target(&steal_tg_reg);
+}
diff --git a/extensions/libxt_STEAL.man b/extensions/libxt_STEAL.man
new file mode 100644
index 0000000..7234329
--- /dev/null
+++ b/extensions/libxt_STEAL.man
@@ -0,0 +1,2 @@
+Like the DROP target, but does not throw an error like DROP when used in the
+\fBOUTPUT\fP chain.
diff --git a/extensions/xt_STEAL.c b/extensions/xt_STEAL.c
new file mode 100644
index 0000000..b06d0fb
--- /dev/null
+++ b/extensions/xt_STEAL.c
@@ -0,0 +1,66 @@
+/*
+ *	"STEAL" demo target extension for Xtables
+ *	written by Jan Engelhardt <jengelh [at] medozas de>, 2008 - 2009
+ *	placed in the Public Domain
+ */
+#include <linux/netfilter.h>
+#include <linux/skbuff.h>
+#include "compat_xtables.h"
+
+static unsigned int
+steal_tg(struct sk_buff **pskb, const struct xt_target_param *par)
+{
+	kfree_skb(*pskb);
+	return NF_STOLEN;
+}
+
+static struct xt_target steal_tg_reg[] __read_mostly = {
+	{
+		.name     = "STEAL",
+		.revision = 0,
+		.family   = NFPROTO_UNSPEC,
+		.target   = steal_tg,
+		.me       = THIS_MODULE,
+	},
+	{
+		.name     = "STEAL",
+		.revision = 0,
+		.family   = NFPROTO_IPV6,
+		.target   = steal_tg,
+		.me       = THIS_MODULE,
+	},
+	{
+		.name     = "STEAL",
+		.revision = 0,
+		.family   = NFPROTO_ARP,
+		.target   = steal_tg,
+		.me       = THIS_MODULE,
+	},
+	{
+		.name     = "STEAL",
+		.revision = 0,
+		.family   = NFPROTO_BRIDGE,
+		.target   = steal_tg,
+		.me       = THIS_MODULE,
+	},
+};
+
+static int __init steal_tg_init(void)
+{
+	return xt_register_targets(steal_tg_reg, ARRAY_SIZE(steal_tg_reg));
+}
+
+static void __exit steal_tg_exit(void)
+{
+	xt_unregister_targets(steal_tg_reg, ARRAY_SIZE(steal_tg_reg));
+}
+
+module_init(steal_tg_init);
+module_exit(steal_tg_exit);
+MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
+MODULE_DESCRIPTION("Xtables: Silently DROP packets on output chain");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS("ipt_STEAL");
+MODULE_ALIAS("ip6t_STEAL");
+MODULE_ALIAS("arpt_STEAL");
+MODULE_ALIAS("ebt_STEAL");
diff --git a/mconfig b/mconfig
index 31990a6..35fb1c1 100644
--- a/mconfig
+++ b/mconfig
@@ -6,6 +6,7 @@ build_DHCPADDR=m
 build_ECHO=
 build_IPMARK=m
 build_LOGMARK=m
+build_STEAL=m
 build_SYSRQ=m
 build_TARPIT=m
 build_TEE=m