anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-07 13:15:12 +02:00
Code Issues Releases Wiki Activity
812 Commits 5 Branches 85 Tags
2ba833fe479d1f41b8cfd4574df0f7756fca91eb
Commit Graph

40 Commits

Author SHA1 Message Date
Florian Westphal
2ba833fe47 xt_psd: move L4 header fetching into helper 
Also start splitting psd_match into two functions, one to do initial
sanity checking and header retrieval, one to do the actual work.
 2012-09-18 02:47:30 +02:00
Florian Westphal
77240e0918 xt_psd: use tcph->dest directly 
This allows us to move more code away from the main match function.
 2012-09-18 02:45:17 +02:00
Florian Westphal
651e60f8d7 xt_psd: move table cleanup into helper 2012-09-18 02:43:04 +02:00
Florian Westphal
54ac2a899a xt_psd: split struct host into generic and AF-dependent structure 2012-09-18 02:42:22 +02:00
Florian Westphal
61d2be172d xt_psd: remove unneeded variables, make hash unsigned 
- dest port and dest address were only written, never read
- struct inaddr isn't needed either, just look at iph->saddr
 2012-09-18 02:41:15 +02:00
Florian Westphal
093f3b0a97 xt_psd: move match functionality to helpers 
Reduce line count and to allow code reuse when IPv6 support will be
introduced.
 2012-09-17 04:44:29 +02:00
Florian Westphal
57d25f22f1 xt_psd: avoid if (c=h) do {..} while (c = c->next) 
It is aquivalent to c=h; while (c) { ..; c = c->next; }
which is a bit easier to read.
 2012-09-17 04:42:56 +02:00
Florian Westphal
2f18ab31ec xt_psd: move parts of main match function to helpers 
The match function is way too large, start to split this into smaller
chunks.
 2012-09-17 00:02:49 +02:00
Florian Westphal
12d0a8702c xt_psd: consider protocol when searching port list 
If we saw a TCP packet on port X, and we receive a UDP packet from the
same host to port X, we counted this as "port X", and did not see this
as a new packet.

Change compare to also consider protocol number and move it to a helper
to de-bloat the overlay large match function.

This change makes psd more aggressive with mixed TCP/UDP traffic.
 2012-09-17 00:02:45 +02:00
Florian Westphal
d66d07d01d psd: move defines to user/kernelspace part where possible 
Some of these defines have no meaning in userspace, so there
is no need to make those available.
 2012-06-15 15:17:30 +02:00
Florian Westphal
3736a265d8 psd: reduce size of struct host 
We can use u16, saving 8 bytes total (weight cannot exceed
PSD_MAX_RATE, 10000). Also re-format comments & struct initializers.

No functional changes.
 2012-06-15 15:17:21 +02:00
Jan Engelhardt
5b2649b1a2 psd: re-format comments 2012-06-15 15:16:31 +02:00
Florian Westphal
f6b8767228 psd: add basic validation of userspace matchinfo data 
psd multiplies weight_thresh by HZ, so it could overflow.

Userspace libxt_psd refuses values exceeding PSD_MAX_RATE, so check
that on kernel side, too.

Also, setting 0 weight for both privileged and highports will cause
psd to never match at all.

Reject 0 weight threshold, too because it makes no sense (triggers
match for every initial packet).
 2012-06-15 15:11:32 +02:00
Florian Westphal
ac58f2e94b psd: rip out scanlogd leftovers 
scanlogd remembers tcp flags and uses the *_CHANGING values in its
logger function to determine the best log format to use (e.g. TTL is
not logged if HF_TTL_CHANGING was set, as TTL values were different).

As psd does not log at all, we do not need track this.

Also get rid of bogus/misleading comments.
 2012-06-15 15:09:26 +02:00
Florian Westphal
759546f8d0 xt_psd: avoid crash due to curr->next corruption 
curr->ports[] is of size SCAN_MAX_COUNT - 1, so under certain
conditions we wrote past end of array, corrupting ->next pointer
of the adjacent host entry.

Reported-and-tested-by: Serge Leschinsky <serge.leschinsky@gmail.com>
 2012-04-18 14:30:22 +02:00
Jan Engelhardt
01d864f4fc xt_psd: resolve compiler warning 
xt_psd.c: In function "xt_psd_match":
xt_psd.c:253:27: warning: "tcph" may be used uninitialized in this
function [-Wuninitialized]
 2011-08-11 15:50:08 +02:00
Jan Engelhardt
071c95b750 xt_psd: compact temporary skb buffers 2011-08-11 15:49:40 +02:00
Jan Engelhardt
a141cc311c xt_psd: support UDPLITE 2011-08-11 15:47:20 +02:00
Jan Engelhardt
7e92ce7ce6 xt_psd: move early bail-out code above skb_header_pointer 2011-08-11 15:46:53 +02:00
Jan Engelhardt
21da1dfea5 xt_psd: cleanup and reduce number of condition checks 2011-08-11 15:46:53 +02:00
Jan Engelhardt
6c17eb46b5 xt_psd: restore skb_header_pointer functionality for UDP 2011-08-11 15:46:53 +02:00
Jan Engelhardt
9a18a05d02 compat_xtables: move to 2.6.35 xt_action_param (2/3) 2010-05-13 19:45:52 +02:00
Jan Engelhardt
5b472be9bb compat_xtables: move to 2.6.35 xt_action_param (1/3) 2010-05-13 19:28:37 +02:00
Jan Engelhardt
7512101bca modules: replace AF/PF with NFPROTO 2010-03-16 23:37:05 +01:00
Florian Westphal
342ccf62b2 psd: byteswap constant value instead 
htons(CONSTANT) is computed at compile time.
reduces .text by 4 bytes on x86.

Signed-off-by: Florian Westphal <fwestphal@astaro.com>
 2009-09-11 21:38:23 +02:00
Florian Westphal
adabd647b1 psd: use skb_header_pointer 
Do not rely on tcphdr being in the linear area.

Signed-off-by: Florian Westphal <fwestphal@astaro.com>
 2009-09-11 21:38:00 +02:00
Jan Engelhardt
83e474f9ab psd: move pr_ prefix into pr_fmt 2009-08-28 12:32:23 +02:00
Jan Engelhardt
efd4c91557 psd: style: remove braces for single statements in ifs 2009-08-16 12:40:44 +02:00
Jan Engelhardt
65a257a67d psd: style: add explicit comparisons where not used in bool context 2009-08-14 20:26:37 +02:00
Jan Engelhardt
5b07e04600 psd: style: break double statements 2009-08-14 20:24:36 +02:00
Jan Engelhardt
6b175b40cb psd: jiffies is an unsigned long, fix compiler warning 
"jiffies" has always been unsigned long, not clock_t.

xt_psd.c:176:7: warning: comparison of distinct pointer types lacks a cast
 2009-08-14 20:19:13 +02:00
Jan Engelhardt
0887365f8b psd: remove whitespace at EOL 2009-08-14 20:15:00 +02:00
Mohd Nawawi Mohamad Jamili
380b1b6997 psd: fix revision mismatch 2009-08-13 13:11:18 +02:00
Jan Engelhardt
8e5219636a psd: tag match reg struct as __read_mostly 2009-08-13 01:04:26 +02:00
Jan Engelhardt
502c1c05aa psd: return correct status from init 2009-08-13 00:46:33 +02:00
Jan Engelhardt
a7ceccc0f4 psd: bss is always zero-initialized 2009-08-13 00:45:52 +02:00
Jan Engelhardt
10bd08d0f3 psd: remove empty checkentry function 2009-08-13 00:44:39 +02:00
Jan Engelhardt
1e5315d338 psd: replace open-coded access by skb handling functions 
pskb->network_header would not even compile under older kernels.

This also fixes the compile warning:
xt_psd.c:116:18: warning: cast to pointer from integer of different size
 2009-08-13 00:42:01 +02:00
Jan Engelhardt
579484ed70 psd: avoid shadowing of function 
ip_hdr and tcp_hdr are actually functions. Because we need them means
they must not be shadowed by variables.
 2009-08-13 00:38:39 +02:00
Mohd Nawawi Mohamad Jamili
2aa32d4bce psd: import 20090807 code base 2009-08-12 21:59:33 +02:00