Adds fragment offset arg to ipv6_skip_exthdr() and also removes usage
of ipv6_addr_copy() in favor or direct assignment.
Signed-off-by: Josh Hunt <johunt@akamai.com>
This adds IPv6 support for the tarpit target. It performs the same
functionality as the v4 version, but with IPv6 connections.
Signed-off-by: Josh Hunt <johunt@akamai.com>
Creates a generic function to perform the tcp header manipulation in.
Done in preparation for IPv6 support. This allows us to share code
between v4 and v6 processing.
Signed-off-by: Josh Hunt <johunt@akamai.com>
xt_ECHO fails to build on PPC because csum_ipv6_magic is declared in
<net/ip6_checksum.h>, which is not implicitly included from other
headers on PPC causing build failures due to this function being
undefined. So, include this header explicitly.
Note: Same cause as <http://bugzilla.netfilter.org/show_bug.cgi?id=307>.
xt_DNETMAP.c: In function 'dnetmap_tg_proc_write':
xt_DNETMAP.c:703:3: error: implicit declaration of function 'in4_pton'
[-Werror=implicit-function-declaration]
psd multiplies weight_thresh by HZ, so it could overflow.
Userspace libxt_psd refuses values exceeding PSD_MAX_RATE, so check
that on kernel side, too.
Also, setting 0 weight for both privileged and highports will cause
psd to never match at all.
Reject 0 weight threshold, too because it makes no sense (triggers
match for every initial packet).
scanlogd remembers tcp flags and uses the *_CHANGING values in its
logger function to determine the best log format to use (e.g. TTL is
not logged if HF_TTL_CHANGING was set, as TTL values were different).
As psd does not log at all, we do not need track this.
Also get rid of bogus/misleading comments.
- new type: static binding
- new persistent flag option for prefix
- add extra information in /proc/net/xt_DNETMAP/prefix_stat that
includes the count of static bindings and persistent flag
- add proc interface write support (add/del/flush binding)
- updated manual
curr->ports[] is of size SCAN_MAX_COUNT - 1, so under certain
conditions we wrote past end of array, corrupting ->next pointer
of the adjacent host entry.
Reported-and-tested-by: Serge Leschinsky <serge.leschinsky@gmail.com>
