anonfunc/xtables-addons
1
0
Fork 0
mirror of git://git.code.sf.net/p/xtables-addons/xtables-addons synced 2025-09-08 05:34:58 +02:00
Code Issues Releases Wiki Activity
404 Commits 5 Branches 85 Tags
82a8524f1aeb2bc23b814f65c138211da261d3d8
Commit Graph

404 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jan Engelhardt
82a8524f1a pknock: add CONNECTOR guards 2009-10-09 18:15:27 +02:00
Jan Engelhardt
6bb354d3f0 pknock: add Kconfig file 2009-10-09 18:11:49 +02:00
Jan Engelhardt
5184176c3b pknock: move into separate directory 
There will be a number of pknock-related tools, e.g. the trigger
programs, so move that out to its own directory.
 2009-10-09 17:50:05 +02:00
Jan Engelhardt
f1dc7f960c pknock: peer can never be NULL in the hash iterator 
Given that pos is non-NULL, list_entry won't make it NULL.
 2009-10-07 23:59:44 +02:00
Jan Engelhardt
370f47b000 pknock: reduce indent in remove_rule 2009-10-07 23:59:05 +02:00
Jan Engelhardt
8e812620f0 pknock: avoid crash on memory allocation failure and fix memleak 
If rule->peer_head==NULL due to an unsuccessful allocation, peer_gc
(and perhaps other places) may crash when they try to access it.
Since I see no deferred retry for allocation, the only option is to
fail in add_rule, clean it up, and return false instead.
Independent of that problem, it also needs to free peer_head in case
the status_proc allocation fails.
 2009-10-07 01:12:03 +02:00
Jan Engelhardt
204b612e23 pknock: add_rule must happen after info struct checks 
This avoids unnecessarily creating pknock rules if there is an error
with any of the match parameters.
 2009-10-07 01:12:03 +02:00
Jan Engelhardt
c2c86f4b3d pknock: remove old-style intraposition negation support 2009-10-07 01:12:03 +02:00
Jan Rafaj
e0276b4875 pknock: disallow running peer_gc too early 
It is no longer possible to specify gc_expir_time with a time lower
than its default value (65000 msecs). This is to avoid running
peer_gc() earlier than 1 minute [well, 65 s actually] in the future,
which would otherwise render anti-spoof protection in SPA mode
non-functional.
 2009-10-04 21:00:04 +02:00
Jan Rafaj
1bc7f1be67 pknock: add module parameter descriptions 2009-10-04 21:00:04 +02:00
Jan Engelhardt
3c3adcbd07 pknock: remove some extraneous messages and source lines 
- $Id$ in a comment is pointless.
- remove unneeded/commented-out includes.
- remove warning messages on allocation failure
  (if that happens it is almost too late anyway;
  not wanting to spam the logs)
- remove warning messages about unhandled packets
  (attacker filling up logs)
 2009-10-04 21:00:01 +02:00
Jan Engelhardt
da6a9b932c pknock: use NIPQUAD_FMT 2009-10-04 00:42:13 +02:00
Jan Engelhardt
5f290cd4a0 pknock: mark peer address as __be32 
Since the address is now stored in its original network byte order,
let's annotate that this is indeed the case.
 2009-10-04 00:42:13 +02:00
Jan Rafaj
181a9cab43 pknock: store peer address in network byte order 
The conversions from and to host order can be saved, as nothing
really depends on them.
 2009-10-04 00:42:13 +02:00
Jan Rafaj
a819458cba pknock: do call sg_init_table 2009-10-04 00:42:13 +02:00
Jan Engelhardt
654862af21 pknock: use more efficient method to obtain seconds 2009-10-04 00:42:13 +02:00
Jan Rafaj
0d8ae29a60 pknock: "strict" and "checkip" flags were not displayed in iptables -L 2009-10-04 00:42:13 +02:00
Jan Engelhardt
e05a4d9586 pknock: use sizeof() where meaningful 2009-10-04 00:42:11 +02:00
Jan Rafaj
00199427ac pknock: rename symbols in libxt_pknock 2009-10-03 13:30:56 +02:00
Jan Engelhardt
35b00f8c3f pknock: remove redundant --t parameter 
One can already specify --t on the command line as a synonym for
--time because getopt already allows unambiguous abbrevations.
 2009-10-03 13:08:26 +02:00
Jan Engelhardt
1f3150bdf9 pknock: remove trailing whitespace 2009-10-03 01:43:00 +02:00
Jan Engelhardt
13c73af796 pknock: remove unneeded braces 2009-10-03 01:26:31 +02:00
Jan Engelhardt
ba9a3efec1 pknock: use preincrements where possible 
Preincrements are much less error-prone and even do not need extra
parentheses.
 2009-10-03 01:26:31 +02:00
Jan Engelhardt
f474c7d4d4 pknock: rename IPT_PKNOCK_* -> XT_PKNOCK_* 2009-10-03 01:26:31 +02:00
Jan Engelhardt
4a350ddd03 pknock: move more kernel parts from include file to .c 
All of this does not seem to have a userspace part.
 2009-10-03 01:26:31 +02:00
Jan Engelhardt
628d137f12 pknock: rename struct ipt_pknock -> xt_pknock_mtinfo 
Streamline symbols; use xt_*_mtinfo as other modules do.
 2009-10-03 01:26:31 +02:00
Jan Engelhardt
28ecf45548 pknock: redo inline hints 
The compiler is usually smart enough to decide this on its own.
Some functions however do not warrant even the hint keyword.
 2009-10-03 01:26:31 +02:00
Jan Engelhardt
58839b9b86 pknock: use bools for two-state ints 2009-10-03 01:26:31 +02:00
Jan Engelhardt
e436948ebd pknock: use explicit tests for non-bool types 2009-10-03 01:26:30 +02:00
Jan Engelhardt
79d54ebd7c pknock: split long instructions, esp. allocations in if() 2009-10-03 01:26:28 +02:00
Jan Engelhardt
d116000784 pknock: fix return values and memleak in has_secret 
First, there is a memory leak - when the crypto functions fail,
hexresult was not freed. Second, in that error case, the return value
is simply passed up to the caller, ignoring the different meanings of
0 and 1 between crypto and pknock.
 2009-09-30 01:19:59 +02:00
Jan Engelhardt
4b5f0b12d9 pknock: remove initialization of data where not needed 
bss will be set to zero anyway.
For automatic variables, the preinit is not always needed
(gcc will warn about it).
 2009-09-30 01:19:58 +02:00
Jan Engelhardt
c8dde526f2 pknock: use unsigned qualifiers where they are due 2009-09-30 01:19:39 +02:00
Jan Engelhardt
3058e42a21 pknock: remove pointless casts 2009-09-30 00:49:30 +02:00
Jan Engelhardt
40b30f7f27 pknock: add const qualifiers 2009-09-30 00:49:29 +02:00
Jan Engelhardt
aaad5f53ac pknock: remove pointless sizeof(char) 
sizeof(char) is defined to be 1, anyway.
 2009-09-30 00:09:07 +02:00
Jan Engelhardt
db1057158f pknock: return -ENXIO for problems during init 
Some functions like the crypto init or proc_mkdir do not return an
error value. Replace the -1, which is actually EPERM, and looks a
little out of place, and use ENXIO instead. (After all, the requested
objects were not there after the request of initialization.)
 2009-09-30 00:05:42 +02:00
Jan Rafaj
713c31e8f7 pknock: guard off crypto code from kernels before 2.6.19 2009-09-29 23:47:03 +02:00
Jan Engelhardt
e5ffb39750 pknock: rename DEBUGP to pk_debug and always enable 
Since pr_debug depends on #if DEBUG anyway, there is no need to
contain DEBUGP/pk_debug within a further if. Rename from DEBUGP to
pk_debug, because DEBUGP is flagged by Xtables-addons (- and that's
good so, because often DEBUGPs should have been pr_debug instead).
 2009-09-29 23:45:29 +02:00
Jan Rafaj
19067393b6 pknock: replace printks by pr_debug 
The printk calls were protected using #if DEBUG anyway, so they can
just be changed to pr_debug. pr_debug also depends on #if DEBUG, and
takes care of the module prefix.
 2009-09-29 23:45:29 +02:00
Jan Engelhardt
1de82a88a1 pknock: avoid accidental deletion of rules 
If DEBUG was not defined, and no rule was effectively found, the
"rule" variable may still be non-NULL, and possibly cause deletion.
Therefore, always check for the rule having been found.
 2009-09-29 23:45:29 +02:00
Jan Engelhardt
9928c864ab pknock: drop evil-tinygram warning messages 
The duprintf macro then also becomes unneeded.
 2009-09-29 23:45:28 +02:00
Jan Engelhardt
45515a0afd pknock: bump internal match revision number 
Do this so that previous iptables installations do not mistakenly
operate with our new xt_pknock.
 2009-09-29 23:45:28 +02:00
Jan Engelhardt
75f80fa8f8 pknock: move struct ipt_pknock_crypto to xt_pknock.c 
It is only used in xt_pknock.c, and only once, so also make it an
anonymous struct.
 2009-09-29 23:45:28 +02:00
Jan Engelhardt
d8dc72d151 pknock: only use size-fixated types 
Types with variadic size are a no-no.
 2009-09-29 23:36:53 +02:00
Jan Engelhardt
cee3d25d49 pknock: improve sizeof(struct ipt_pknock) by relayouting members 
Stuffing struct holes as reported by pahole(1).
 2009-09-29 19:36:14 +02:00
Jan Engelhardt
afbeb2fb47 pknock: improve sizeof(struct ipt_pknock) by using "even" field sizes 
The field sizes were 33, which makes for lots of padding holes.
 2009-09-29 19:36:14 +02:00
Jan Rafaj
c0dc0858de pknock: renaming of functions and prefix-name 2009-09-29 19:36:01 +02:00
Jan Rafaj
b04317576b pknock: add MODULE_ALIAS for pknock 
Needed for autoloading.
 2009-09-29 15:05:05 +02:00
Jan Rafaj
af2bbf0352 pknock: fit to Xtables-addons API 2009-09-29 15:03:45 +02:00