Sophie: iptables-1.3.7-2mdv2008.0 src

iptables-1.3.7-2mdv2008.0.src.rpm

diff -Naur iptables-1.3.2.orig/extensions/libipt_stealth.c iptables-1.3.2/extensions/libipt_stealth.c
--- iptables-1.3.2.orig/extensions/libipt_stealth.c	1969-12-31 21:00:00.000000000 -0300
+++ iptables-1.3.2/extensions/libipt_stealth.c	2005-07-13 18:26:01.000000000 -0300
@@ -0,0 +1,64 @@
+/* Shared library add-on to iptables to add stealth support.
+ * Copyright (C) 2002 Brad Spengler  <spender@grsecurity.net>
+ * This netfilter module is licensed under the GNU GPL.
+ */
+
+#include <stdio.h>
+#include <netdb.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <iptables.h>
+
+/* Function which prints out usage message. */
+static void
+help(void)
+{
+	printf("stealth v%s takes no options\n\n", IPTABLES_VERSION);
+}
+
+static struct option opts[] = {
+	{0}
+};
+
+/* Initialize the match. */
+static void
+init(struct ipt_entry_match *m, unsigned int *nfcache)
+{
+	*nfcache |= NFC_UNKNOWN;
+}
+
+static int
+parse(int c, char **argv, int invert, unsigned int *flags,
+	const struct ipt_entry *entry,
+	unsigned int *nfcache,
+	struct ipt_entry_match **match)
+{
+	return 0;
+}
+
+static void
+final_check(unsigned int flags)
+{
+	return;
+}
+
+static
+struct iptables_match stealth = {
+	.next           = NULL,
+	.name           = "stealth",
+	.version        = IPTABLES_VERSION,
+	.size           = IPT_ALIGN(0),
+	.userspacesize  = IPT_ALIGN(0),
+	.help           = &help,
+	.init           = &init,
+	.parse          = &parse,
+	.final_check    = &final_check,
+	.print          = NULL,
+	.save           = NULL,
+	.extra_opts     = opts
+};
+
+void _init(void)
+{
+	register_match(&stealth);
+}
--- iptables-1.3.7/extensions/Makefile.stealth	2006-12-04 12:15:19.000000000 +0100
+++ iptables-1.3.7/extensions/Makefile	2007-06-06 11:48:51.000000000 +0200
@@ -5,7 +5,7 @@
 # header files are present in the include/linux directory of this iptables
 # package (HW)
 #
-PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm rpc sctp standard state tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
+PF_EXT_SLIB:=ah addrtype comment connlimit connmark conntrack dscp ecn esp hashlimit helper icmp iprange length limit mac mark multiport owner physdev pkttype policy realm rpc sctp standard state stealth tcp tcpmss tos ttl udp unclean CLASSIFY CONNMARK DNAT DSCP ECN LOG MARK MASQUERADE MIRROR NETMAP NFQUEUE NOTRACK REDIRECT REJECT SAME SNAT TARPIT TCPMSS TOS TRACE TTL ULOG
 PF6_EXT_SLIB:=connmark eui64 hl icmp6 length limit mac mark multiport owner physdev policy standard state tcp udp CONNMARK HL LOG NFQUEUE MARK TRACE
 
 ifeq ($(DO_SELINUX), 1)