Add the "STEAL" target from the "demos" branch

doc/changelog.txt

@@ -2,6 +2,7 @@
 
 - fuzzy: need to account for kernel-level modified variables in .userspacesize
 - geoip: remove XT_ALIGN from .userspacesize when used with offsetof
+- add "STEAL" target
 
 
 Xtables-addons 1.13 (March 23 2009)

extensions/Kbuild

@@ -12,6 +12,7 @@ obj-${build_ECHO}        += xt_ECHO.o
 obj-${build_IPMARK}      += xt_IPMARK.o
 obj-${build_LOGMARK}     += xt_LOGMARK.o
 obj-${build_SYSRQ}       += xt_SYSRQ.o
+obj-${build_STEAL}       += xt_STEAL.o
 obj-${build_TARPIT}      += xt_TARPIT.o
 obj-${build_TEE}         += xt_TEE.o
 obj-${build_condition}   += xt_condition.o

extensions/Mbuild

@@ -4,6 +4,7 @@ obj-${build_DHCPADDR}    += libxt_DHCPADDR.so libxt_dhcpaddr.so
 obj-${build_ECHO}        += libxt_ECHO.so
 obj-${build_IPMARK}      += libxt_IPMARK.so
 obj-${build_LOGMARK}     += libxt_LOGMARK.so
+obj-${build_STEAL}       += libxt_STEAL.so
 obj-${build_SYSRQ}       += libxt_SYSRQ.so
 obj-${build_TARPIT}      += libxt_TARPIT.so
 obj-${build_TEE}         += libxt_TEE.so

extensions/libxt_STEAL.c

@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include <xtables.h>
+
+static void steal_tg_help(void)
+{
+	printf("STEAL takes no options\n\n");
+}
+
+static int steal_tg_parse(int c, char **argv, int invert, unsigned int *flags,
+                          const void *entry, struct xt_entry_target **target)
+{
+	return 0;
+}
+
+static void steal_tg_check(unsigned int flags)
+{
+}
+
+static struct xtables_target steal_tg_reg = {
+	.version       = XTABLES_VERSION,
+	.name          = "STEAL",
+	.family        = AF_INET,
+	.size          = XT_ALIGN(0),
+	.userspacesize = XT_ALIGN(0),
+	.help          = steal_tg_help,
+	.parse         = steal_tg_parse,
+	.final_check   = steal_tg_check,
+};
+
+static void _init(void)
+{
+	xtables_register_target(&steal_tg_reg);
+}

extensions/libxt_STEAL.man

@@ -0,0 +1,2 @@
+Like the DROP target, but does not throw an error like DROP when used in the
+\fBOUTPUT\fP chain.

extensions/xt_STEAL.c

@@ -0,0 +1,66 @@
+/*
+ *	"STEAL" demo target extension for Xtables
+ *	written by Jan Engelhardt <jengelh [at] medozas de>, 2008 - 2009
+ *	placed in the Public Domain
+ */
+#include <linux/netfilter.h>
+#include <linux/skbuff.h>
+#include "compat_xtables.h"
+
+static unsigned int
+steal_tg(struct sk_buff **pskb, const struct xt_target_param *par)
+{
+	kfree_skb(*pskb);
+	return NF_STOLEN;
+}
+
+static struct xt_target steal_tg_reg[] __read_mostly = {
+	{
+		.name     = "STEAL",
+		.revision = 0,
+		.family   = NFPROTO_UNSPEC,
+		.target   = steal_tg,
+		.me       = THIS_MODULE,
+	},
+	{
+		.name     = "STEAL",
+		.revision = 0,
+		.family   = NFPROTO_IPV6,
+		.target   = steal_tg,
+		.me       = THIS_MODULE,
+	},
+	{
+		.name     = "STEAL",
+		.revision = 0,
+		.family   = NFPROTO_ARP,
+		.target   = steal_tg,
+		.me       = THIS_MODULE,
+	},
+	{
+		.name     = "STEAL",
+		.revision = 0,
+		.family   = NFPROTO_BRIDGE,
+		.target   = steal_tg,
+		.me       = THIS_MODULE,
+	},
+};
+
+static int __init steal_tg_init(void)
+{
+	return xt_register_targets(steal_tg_reg, ARRAY_SIZE(steal_tg_reg));
+}
+
+static void __exit steal_tg_exit(void)
+{
+	xt_unregister_targets(steal_tg_reg, ARRAY_SIZE(steal_tg_reg));
+}
+
+module_init(steal_tg_init);
+module_exit(steal_tg_exit);
+MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
+MODULE_DESCRIPTION("Xtables: Silently DROP packets on output chain");
+MODULE_LICENSE("GPL");
+MODULE_ALIAS("ipt_STEAL");
+MODULE_ALIAS("ip6t_STEAL");
+MODULE_ALIAS("arpt_STEAL");
+MODULE_ALIAS("ebt_STEAL");

mconfig

@@ -6,6 +6,7 @@ build_DHCPADDR=m
 build_ECHO=
 build_IPMARK=m
 build_LOGMARK=m
+build_STEAL=m
 build_SYSRQ=m
 build_TARPIT=m
 build_TEE=m