FTOS Update to 1.2.5

Mon, 11 Mar 2002 10:55:48 -0800 


Attached is the update for FTOS to Iptables 1.2.5 along with some minor
patches and the inclusion of the GPL module stuff.

Patch is against the iptables-1.2.5 directory and so includes the
extensions/.FTOS-test file as well as the changes to the pom/base/ftos.xxx
parts.

If this is incorrect format please point me to the correct style. Thanks!

--------------------------------------------------
Matthew G. Marsh, President
Pakuni Networks
1506 North 59th Street
Omaha  NE  68104
Phone: (402) 932-7250
Email: [EMAIL PROTECTED]
WWW:  http://www.pakuni.net
--------------------------------------------------

diff -N -r -u iptables-1.2.5/extensions/.FTOS-test 
PS.iptables.125/extensions/.FTOS-test
--- iptables-1.2.5/extensions/.FTOS-test        Wed Dec 31 18:00:00 1969
+++ PS.iptables.125/extensions/.FTOS-test       Mon Dec 18 00:22:44 2000
@@ -0,0 +1,2 @@
+#! /bin/sh
+[ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_FTOS.h ] && echo FTOS
diff -N -r -u iptables-1.2.5/patch-o-matic/base/ftos.patch 
PS.iptables.125/patch-o-matic/base/ftos.patch
--- iptables-1.2.5/patch-o-matic/base/ftos.patch        Mon Nov 12 02:19:29 2001
+++ PS.iptables.125/patch-o-matic/base/ftos.patch       Mon Mar  4 18:15:11 2002
@@ -19,10 +19,10 @@
 +
 +#endif /*_IPT_FTOS_H*/
 
-diff -N -r -u linux.24p10.clean/net/ipv4/netfilter/ipt_FTOS.c 
linux.mgm/net/ipv4/netfilter/ipt_FTOS.c
---- linux.24p10.clean/net/ipv4/netfilter/ipt_FTOS.c    Wed Dec 31 18:00:00 1969
-+++ linux.mgm/net/ipv4/netfilter/ipt_FTOS.c    Thu Nov  9 11:46:26 2000
-@@ -0,0 +1,86 @@
+diff -u --recursive --new-file linux.2418/net/ipv4/netfilter/ipt_FTOS.c 
+linux.2418.PS/net/ipv4/netfilter/ipt_FTOS.c
+--- linux.2418/net/ipv4/netfilter/ipt_FTOS.c   Wed Dec 31 18:00:00 1969
++++ linux.2418.PS/net/ipv4/netfilter/ipt_FTOS.c        Mon Mar  4 18:07:14 2002
+@@ -0,0 +1,100 @@
 +/* Set TOS field in header to any value
 + *
 + * (C) 2000 by Matthew G. Marsh <[EMAIL PROTECTED]>
@@ -30,6 +30,10 @@
 + * This software is distributed under GNU GPL v2, 1991
 + * 
 + * ipt_FTOS.c borrowed heavily from ipt_TOS.c  11/09/2000
++ * 
++ * Updated 3/4/02 - added in Rusty's skb_clone fix 
++ *                - added MODULE Political License
++ *                - redid checksum routine somewhat
 +*/
 +
 +#include <linux/module.h>
@@ -40,8 +44,6 @@
 +#include <linux/netfilter_ipv4/ip_tables.h>
 +#include <linux/netfilter_ipv4/ipt_FTOS.h>
 +
-+MODULE_LICENSE("GPL");
-+
 +static unsigned int
 +target(struct sk_buff **pskb,
 +       unsigned int hooknum,
@@ -51,14 +53,25 @@
 +       void *userinfo)
 +{
 +      struct iphdr *iph = (*pskb)->nh.iph;
-+      const struct ipt_FTOS_info *finfo = targinfo;
++      const struct ipt_FTOS_info *ftosinfo = targinfo;
 +
-+      if ((iph->tos & IPTOS_TOS_MASK) != finfo->ftos) {
-+              u_int8_t diffs[2];
++      if ((iph->tos & IPTOS_TOS_MASK) != ftosinfo->ftos) {
++              u_int16_t diffs[2];
 +
-+              diffs[0] = iph->tos;
-+              iph->tos = (iph->tos & IPTOS_PREC_MASK) | finfo->ftos;
-+              diffs[1] = iph->tos;
++              /* raw socket (tcpdump) may have clone of incoming
++                   skb: don't disturb it --RR */
++              if (skb_cloned(*pskb) && !(*pskb)->sk) {
++                      struct sk_buff *nskb = skb_copy(*pskb, GFP_ATOMIC);
++                      if (!nskb)
++                              return NF_DROP;
++                      kfree_skb(*pskb);
++                      *pskb = nskb;
++                      iph = (*pskb)->nh.iph;
++              }
++
++              diffs[0] = htons(iph->tos) ^ 0xFFFF;
++              iph->tos = ftosinfo->ftos;
++              diffs[1] = htons(iph->tos);
 +              iph->check = csum_fold(csum_partial((char *)diffs,
 +                                                  sizeof(diffs),
 +                                                  iph->check^0xFFFF));
@@ -109,3 +122,4 @@
 +
 +module_init(init);
 +module_exit(fini);
++MODULE_LICENSE("GPL");
diff -N -r -u iptables-1.2.5/patch-o-matic/base/ftos.patch.config.in 
PS.iptables.125/patch-o-matic/base/ftos.patch.config.in
--- iptables-1.2.5/patch-o-matic/base/ftos.patch.config.in      Mon Dec 18 00:22:44 
2000
+++ PS.iptables.125/patch-o-matic/base/ftos.patch.config.in     Mon Mar  4 18:16:21 
+2002
@@ -1,3 +1,2 @@
-    dep_tristate '    TOS target support' CONFIG_IP_NF_TARGET_TOS 
$CONFIG_IP_NF_MANGLE
-    dep_tristate '    Full TOS target support' CONFIG_IP_NF_TARGET_FTOS 
$CONFIG_IP_NF_MANGLE
- 
\ No newline at end of file
+     dep_tristate '    TOS target support' CONFIG_IP_NF_TARGET_TOS 
+$CONFIG_IP_NF_MANGLE
+     dep_tristate '    Full TOS target support' CONFIG_IP_NF_TARGET_FTOS 
+$CONFIG_IP_NF_MANGLE 
diff -N -r -u iptables-1.2.5/patch-o-matic/base/ftos.patch.configure.help 
PS.iptables.125/patch-o-matic/base/ftos.patch.configure.help
--- iptables-1.2.5/patch-o-matic/base/ftos.patch.configure.help Mon Dec 18 00:22:44 
2000
+++ PS.iptables.125/patch-o-matic/base/ftos.patch.configure.help        Mon Mar  4 
+18:17:30 2002
@@ -8,7 +8,7 @@
 
   The TOS field can be set to any value between 0x0 and 0xff. It does
   not take account of the DiffServ field split nor does it account for
-  the ECN bit states.
+  the ECN bit states. The whole TOS filed is overwritten.
 
   Basically you can use it to set the TOS field to whatever value you want.

Reply via email to