Hello i was wondering if there will be a new patch (libipt_stealth.c) for iptables 1.4.1.1 ? I have been trying to get it to work, but im kinda lost with setting the nfcache parameter in the .init function.
Thanks in advance, Regards...
iptables 1.4.1.1
2 posts
• Page 1 of 1
iptables 1.4.1.1
by member » Fri Aug 29, 2008 4:17 pm
- member
- Posts: 5
- Joined: Fri Aug 29, 2008 4:11 pm
Re: iptables 1.4.1.1
by member » Wed Sep 03, 2008 7:43 am
Sofar this quick and dirty hack seems to work, there is however the definition of the xtables_match struct:
struct xtables_match
{
...
/* Initialize the match. */
void (*init)(struct xt_entry_match *m);
...
};
There were a lot of sematics changes in the 1.4.1.1 version. So i kinda took over those new semantics in libipt_stealth.c.
However in libiptstealth.c i see the declaration:
static void stealth_init(struct xt_entry_match *m, unsigned *nfcache)
** NOTE: the names and data types are from the adapted version. Originally the nfcache parameter wasnt there. So thats why i thought there might be an error somehow. (Incompatible function pointer types is what gcc complains about). It seems it wont work though without this way of doing things. Can some1 please explain me what i am missing here ? for me it looks like writingn in empty stack space ?
Anyway here is a working version that will compile and work with iptables 1.4.1.1, i thought it might be helpfull...
Regards...
<<< SNIP >>>
/* Shared library add-on to iptables to add stealth support.
* Copyright (C) 2006 Brad Spengler <spender@grsecurity.net>
* This netfilter module is licensed under the GNU GPL.
*/
#include <stdio.h>
#include <netdb.h>
#include <stdlib.h>
#include <getopt.h>
#include <iptables.h>
static struct ipt_entry *e = NULL;
/* Function which prints out usage message. */
static void
stealth_help(void)
{
printf("stealth v%s takes no options\n\n", XTABLES_VERSION);
}
static struct option stealth_opts[] = {
{0}
};
/* Initialize the match. */
static void
stealth_init(struct xt_entry_match *m, unsigned *nfcache)
{
if (e) e->nfcache |= NFC_UNKNOWN;
*nfcache |= NFC_UNKNOWN;
}
static int
stealth_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
if ((e = (struct ipt_entry *) entry) != NULL)
e->nfcache |= NFC_UNKNOWN;
return 0;
}
static void
stealth_final_check(unsigned int flags)
{
return;
}
static
struct xtables_match stealth = {
.name = "stealth",
.version = XTABLES_VERSION,
.size = XT_ALIGN(0),
.family = PF_INET,
.userspacesize = XT_ALIGN(0),
.help = stealth_help,
.init = stealth_init,
.parse = stealth_parse,
.final_check = stealth_final_check,
.print = NULL,
.save = NULL,
.extra_opts = stealth_opts
};
void _init(void)
{
xtables_register_match(&stealth);
}
struct xtables_match
{
...
/* Initialize the match. */
void (*init)(struct xt_entry_match *m);
...
};
There were a lot of sematics changes in the 1.4.1.1 version. So i kinda took over those new semantics in libipt_stealth.c.
However in libiptstealth.c i see the declaration:
static void stealth_init(struct xt_entry_match *m, unsigned *nfcache)
** NOTE: the names and data types are from the adapted version. Originally the nfcache parameter wasnt there. So thats why i thought there might be an error somehow. (Incompatible function pointer types is what gcc complains about). It seems it wont work though without this way of doing things. Can some1 please explain me what i am missing here ? for me it looks like writingn in empty stack space ?
Anyway here is a working version that will compile and work with iptables 1.4.1.1, i thought it might be helpfull...
Regards...
<<< SNIP >>>
/* Shared library add-on to iptables to add stealth support.
* Copyright (C) 2006 Brad Spengler <spender@grsecurity.net>
* This netfilter module is licensed under the GNU GPL.
*/
#include <stdio.h>
#include <netdb.h>
#include <stdlib.h>
#include <getopt.h>
#include <iptables.h>
static struct ipt_entry *e = NULL;
/* Function which prints out usage message. */
static void
stealth_help(void)
{
printf("stealth v%s takes no options\n\n", XTABLES_VERSION);
}
static struct option stealth_opts[] = {
{0}
};
/* Initialize the match. */
static void
stealth_init(struct xt_entry_match *m, unsigned *nfcache)
{
if (e) e->nfcache |= NFC_UNKNOWN;
*nfcache |= NFC_UNKNOWN;
}
static int
stealth_parse(int c, char **argv, int invert, unsigned int *flags,
const void *entry, struct xt_entry_match **match)
{
if ((e = (struct ipt_entry *) entry) != NULL)
e->nfcache |= NFC_UNKNOWN;
return 0;
}
static void
stealth_final_check(unsigned int flags)
{
return;
}
static
struct xtables_match stealth = {
.name = "stealth",
.version = XTABLES_VERSION,
.size = XT_ALIGN(0),
.family = PF_INET,
.userspacesize = XT_ALIGN(0),
.help = stealth_help,
.init = stealth_init,
.parse = stealth_parse,
.final_check = stealth_final_check,
.print = NULL,
.save = NULL,
.extra_opts = stealth_opts
};
void _init(void)
{
xtables_register_match(&stealth);
}
- member
- Posts: 5
- Joined: Fri Aug 29, 2008 4:11 pm
2 posts
• Page 1 of 1