Initial revision

1 files changed, 263 insertions, 0 deletions

diff --git a/plain-2.4.0-to-ulog2.diff b/plain-2.4.0-to-ulog2.diff
new file mode 100644
index 0000000..ab858ea
--- /dev/null
+++ b/plain-2.4.0-to-ulog2.diff
@@ -0,0 +1,263 @@
+diff -Nru linux-2.4.0-test4-plain/Documentation/Configure.help linux-2.4.0-test4-work/Documentation/Configure.help
+--- linux-2.4.0-test4-plain/Documentation/Configure.help	Thu Jul 13 18:42:51 2000
++++ linux-2.4.0-test4-work/Documentation/Configure.help	Mon Jul 31 17:23:30 2000
+@@ -2010,6 +2010,16 @@
+   If you want to compile it as a module, say M here and read
+   Documentation/modules.txt.  If unsure, say `N'.
+ 
++ULOG target support
++CONFIG_IP_NF_TARGET_ULOG
++  This option adds a `ULOG' target, which allows you to create rules in
++  any iptables table. The packet is passed to a userspace logging
++  daemon using netlink multicast sockets; unlike the LOG target
++  which can only be viewed through syslog.
++
++  If you want to compile it as a module, say M here and read
++  Documentation/modules.txt.  If unsure, say `N'.
++
+ ipchains (2.2-style) support
+ CONFIG_IP_NF_COMPAT_IPCHAINS
+   This option places ipchains (with masquerading and redirection
+diff -Nru linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h
+--- linux-2.4.0-test4-plain/include/linux/netfilter_ipv4/ipt_ULOG.h	Thu Jan  1 01:00:00 1970
++++ linux-2.4.0-test4-work/include/linux/netfilter_ipv4/ipt_ULOG.h	Mon Jul 31 17:23:31 2000
+@@ -0,0 +1,29 @@
++#ifndef _IPT_ULOG_H
++#define _IPT_ULOG_H
++
++#define ULOG_MAC_LEN	80
++#define ULOG_PREFIX_LEN	32
++
++struct ipt_ulog_info
++{
++	unsigned int nl_group;
++	size_t copy_range;
++	char prefix[ULOG_PREFIX_LEN];
++};
++
++typedef struct ulog_packet_msg
++{
++        unsigned long mark;
++        long timestamp_sec;
++        long timestamp_usec;
++        unsigned int hook;
++        char indev_name[IFNAMSIZ];
++        char outdev_name[IFNAMSIZ];
++        size_t data_len;
++	char prefix[ULOG_PREFIX_LEN];
++	unsigned char mac_len;
++	unsigned char mac[ULOG_MAC_LEN];
++        unsigned char payload[0];
++} ulog_packet_msg_t;
++
++#endif /*_IPT_ULOG_H*/
+diff -Nru linux-2.4.0-test4-plain/include/linux/netlink.h linux-2.4.0-test4-work/include/linux/netlink.h
+--- linux-2.4.0-test4-plain/include/linux/netlink.h	Fri Aug 28 04:33:08 1998
++++ linux-2.4.0-test4-work/include/linux/netlink.h	Mon Jul 31 17:23:30 2000
+@@ -5,6 +5,7 @@
+ #define NETLINK_SKIP		1	/* Reserved for ENskip  			*/
+ #define NETLINK_USERSOCK	2	/* Reserved for user mode socket protocols 	*/
+ #define NETLINK_FIREWALL	3	/* Firewalling hook				*/
++#define NETLINK_NFLOG		4	/* Firewall logging */
+ #define NETLINK_ARPD		8
+ #define NETLINK_ROUTE6		11	/* af_inet6 route comm channel */
+ #define NETLINK_IP6_FW		13
+diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in
+--- linux-2.4.0-test4-plain/net/ipv4/netfilter/Config.in	Mon Mar 27 20:35:56 2000
++++ linux-2.4.0-test4-work/net/ipv4/netfilter/Config.in	Mon Jul 31 17:23:30 2000
+@@ -51,6 +51,7 @@
+     dep_tristate '    MARK target support' CONFIG_IP_NF_TARGET_MARK $CONFIG_IP_NF_MANGLE
+   fi
+   dep_tristate '  LOG target support' CONFIG_IP_NF_TARGET_LOG $CONFIG_IP_NF_IPTABLES
++  dep_tristate '  ULOG target support' CONFIG_IP_NF_TARGET_ULOG $CONFIG_IP_NF_IPTABLES
+ fi
+ 
+ # Backwards compatibility modules: only if you don't build in the others.
+diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile
+--- linux-2.4.0-test4-plain/net/ipv4/netfilter/Makefile	Mon Mar 27 20:35:56 2000
++++ linux-2.4.0-test4-work/net/ipv4/netfilter/Makefile	Mon Jul 31 17:23:30 2000
+@@ -197,6 +197,14 @@
+   endif
+ endif
+ 
++ifeq ($(CONFIG_IP_NF_TARGET_ULOG),y)
++O_OBJS += ipt_ULOG.o
++else
++  ifeq ($(CONFIG_IP_NF_TARGET_ULOG),m)
++  M_OBJS += ipt_ULOG.o
++  endif
++endif
++
+ ifeq ($(CONFIG_IP_NF_COMPAT_IPCHAINS),y)
+ O_OBJS += ipchains_core.o $(IP_NF_COMPAT_LAYER)
+ else
+diff -Nru linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c
+--- linux-2.4.0-test4-plain/net/ipv4/netfilter/ipt_ULOG.c	Thu Jan  1 01:00:00 1970
++++ linux-2.4.0-test4-work/net/ipv4/netfilter/ipt_ULOG.c	Mon Jul 31 17:23:31 2000
+@@ -0,0 +1,166 @@
++/*
++ * netfilter module for userspace packet logging daemons
++ *
++ * (C) 2000 by Harald Welte <laforge@sunbeam.franken.de>
++ *
++ * Released under the terms of the GPL
++ *
++ * ipt_ULOG.c,v 1.4 2000/07/31 11:41:06 laforge Exp
++ */
++
++#include <linux/module.h>
++#include <linux/version.h>
++#include <linux/config.h>
++#include <linux/socket.h>
++#include <linux/skbuff.h>
++#include <linux/kernel.h>
++#include <linux/netlink.h>
++#include <linux/netdevice.h>
++#include <linux/mm.h>
++#include <linux/socket.h>
++#include <linux/netfilter_ipv4/ip_tables.h>
++#include <linux/netfilter_ipv4/ipt_ULOG.h>
++#include <net/sock.h>
++
++#define ULOG_NL_EVENT	111	/* Harald's favorite number */
++
++#if 0
++#define DEBUGP	printk
++#else
++#define DEBUGP(format, args...)
++#endif
++
++static struct sock *nflognl;
++
++static void nflog_rcv(struct sock *sk, int len)
++{
++	printk("nflog_rcv: did receive netlink message ?!?\n");
++}
++
++static unsigned int ipt_ulog_target(struct sk_buff **pskb,
++				    unsigned int hooknum,
++				    const struct net_device *in,
++				    const struct net_device *out,
++				    const void *targinfo, void *userinfo)
++{
++	ulog_packet_msg_t *pm;
++	size_t size, copy_len;
++	struct sk_buff *nlskb;
++	unsigned char *old_tail;
++	struct nlmsghdr *nlh;
++	struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
++
++	/* calculate the size of the skb needed */
++	if ((loginfo->copy_range == 0) ||
++	    (loginfo->copy_range > (*pskb)->len)) {
++		copy_len = (*pskb)->len;
++	} else {
++		copy_len = loginfo->copy_range;
++	}
++	size = NLMSG_SPACE(sizeof(*pm) + copy_len);
++	nlskb = alloc_skb(size, GFP_ATOMIC);
++	if (!nlskb)
++		goto nlmsg_failure;
++
++	old_tail = nlskb->tail;
++	nlh = NLMSG_PUT(nlskb, 0, 0, ULOG_NL_EVENT, size - sizeof(*nlh));
++	pm = NLMSG_DATA(nlh);
++
++	/* copy hook, prefix, timestamp, payload, etc. */
++
++	pm->data_len = copy_len;
++	pm->timestamp_sec = (*pskb)->stamp.tv_sec;
++	pm->timestamp_usec = (*pskb)->stamp.tv_usec;
++	pm->mark = (*pskb)->nfmark;
++	pm->hook = hooknum;
++	if (loginfo->prefix)
++		strcpy(pm->prefix, loginfo->prefix);
++
++	if (in && in->hard_header_len > 0
++	    && (*pskb)->mac.raw != (void *) (*pskb)->nh.iph
++	    && in->hard_header_len <= ULOG_MAC_LEN) {
++		memcpy(pm->mac, (*pskb)->mac.raw, in->hard_header_len);
++		pm->mac_len = in->hard_header_len;
++	}
++
++	if (in)
++		strcpy(pm->indev_name, in->name);
++	else
++		pm->indev_name[0] = '\0';
++
++	if (out)
++		strcpy(pm->outdev_name, out->name);
++	else
++		pm->outdev_name[0] = '\0';
++
++	if (copy_len)
++		memcpy(pm->payload, (*pskb)->data, copy_len);
++	nlh->nlmsg_len = nlskb->tail - old_tail;
++	NETLINK_CB(nlskb).dst_groups = loginfo->nl_group;
++	DEBUGP
++	    ("ipt_ULOG: going to throw a packet to netlink groupmask %u\n",
++	     loginfo->nl_group);
++	netlink_broadcast(nflognl, nlskb, 0, loginfo->nl_group,
++			  GFP_ATOMIC);
++
++	return IPT_CONTINUE;
++
++      nlmsg_failure:
++	if (nlskb)
++		kfree(nlskb);
++	printk("ipt_ULOG: Error building netlink message\n");
++	return IPT_CONTINUE;
++}
++
++static int ipt_ulog_checkentry(const char *tablename,
++			       const struct ipt_entry *e,
++			       void *targinfo,
++			       unsigned int targinfosize,
++			       unsigned int hookmask)
++{
++	struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
++
++	if (targinfosize != IPT_ALIGN(sizeof(struct ipt_ulog_info))) {
++		DEBUGP("ULOG: targinfosize %u != 0\n", targinfosize);
++		return 0;
++	}
++
++	if (loginfo->prefix[sizeof(loginfo->prefix) - 1] != '\0') {
++		DEBUGP("ULOG: prefix term %i\n",
++		       loginfo->prefix[sizeof(loginfo->prefix) - 1]);
++		return 0;
++	}
++
++	return 1;
++}
++
++static struct ipt_target ipt_ulog_reg =
++    { {NULL, NULL}, "ULOG", ipt_ulog_target, ipt_ulog_checkentry, NULL,
++THIS_MODULE
++};
++
++static int __init init(void)
++{
++	DEBUGP("ipt_ULOG: init module\n");
++	nflognl = netlink_kernel_create(NETLINK_NFLOG, nflog_rcv);
++	if (!nflognl)
++		return -ENOMEM;
++
++	if (ipt_register_target(&ipt_ulog_reg) != 0) {
++		sock_release(nflognl->socket);
++		return -EINVAL;
++	}
++
++	return 0;
++}
++
++static void __exit fini(void)
++{
++	DEBUGP("ipt_ULOG: cleanup_module\n");
++
++	ipt_unregister_target(&ipt_ulog_reg);
++	sock_release(nflognl->socket);
++}
++
++module_init(init);
++module_exit(fini);