1diff -uNr original/linux/include/linux/netfilter_ipv4/ipt_random.h linux/include/linux/netfilter_ipv4/ipt_random.h 2--- original/linux/include/linux/netfilter_ipv4/ipt_random.h Thu Jan 1 07:30:00 1970 3+++ linux/include/linux/netfilter_ipv4/ipt_random.h Sun Oct 14 16:03:48 2001 4@@ -0,0 +1,11 @@ 5+#ifndef _IPT_RAND_H 6+#define _IPT_RAND_H 7+ 8+#include <linux/param.h> 9+#include <linux/types.h> 10+ 11+struct ipt_rand_info { 12+ u_int8_t average; 13+}; 14+ 15+#endif /*_IPT_RAND_H*/ 16diff -uNr original/linux/net/ipv4/netfilter/ipt_random.c linux/net/ipv4/netfilter/ipt_random.c 17--- original/linux/net/ipv4/netfilter/ipt_random.c Thu Jan 1 07:30:00 1970 18+++ linux/net/ipv4/netfilter/ipt_random.c Sun Oct 14 16:03:48 2001 19@@ -0,0 +1,96 @@ 20+/* 21+ This is a module which is used for a "random" match support. 22+ This file is distributed under the terms of the GNU General Public 23+ License (GPL). Copies of the GPL can be obtained from: 24+ ftp://prep.ai.mit.edu/pub/gnu/GPL 25+ 26+ 2001-10-14 Fabrice MARIE <fabrice@netfilter.org> : initial implementation. 27+*/ 28+ 29+#include <linux/module.h> 30+#include <linux/skbuff.h> 31+#include <linux/ip.h> 32+#include <linux/random.h> 33+#include <net/tcp.h> 34+#include <linux/spinlock.h> 35+#include <linux/netfilter_ipv4/ip_tables.h> 36+#include <linux/netfilter_ipv4/ipt_random.h> 37+ 38+MODULE_LICENSE("GPL"); 39+ 40+static int 41+ipt_rand_match(const struct sk_buff *pskb, 42+ const struct net_device *in, 43+ const struct net_device *out, 44+ const void *matchinfo, 45+ int offset, 46+ const void *hdr, 47+ u_int16_t datalen, 48+ int *hotdrop) 49+{ 50+ /* Parameters from userspace */ 51+ const struct ipt_rand_info *info = matchinfo; 52+ u_int8_t random_number; 53+ 54+ /* get 1 random number from the kernel random number generation routine */ 55+ get_random_bytes((void *)(&random_number), 1); 56+ 57+ /* Do we match ? */ 58+ if (random_number <= info->average) 59+ return 1; 60+ else 61+ return 0; 62+} 63+ 64+static int 65+ipt_rand_checkentry(const char *tablename, 66+ const struct ipt_ip *e, 67+ void *matchinfo, 68+ unsigned int matchsize, 69+ unsigned int hook_mask) 70+{ 71+ /* Parameters from userspace */ 72+ const struct ipt_rand_info *info = matchinfo; 73+ 74+ if (matchsize != IPT_ALIGN(sizeof(struct ipt_rand_info))) { 75+ printk("ipt_random: matchsize %u != %u\n", matchsize, 76+ IPT_ALIGN(sizeof(struct ipt_rand_info))); 77+ return 0; 78+ } 79+ 80+ /* must be 1 <= average % <= 99 */ 81+ /* 1 x 2.55 = 2 */ 82+ /* 99 x 2.55 = 252 */ 83+ if ((info->average < 2) || (info->average > 252)) { 84+ printk("ipt_random: invalid average %u\n", info->average); 85+ return 0; 86+ } 87+ 88+ return 1; 89+} 90+ 91+static struct ipt_match ipt_rand_reg = { 92+ {NULL, NULL}, 93+ "random", 94+ ipt_rand_match, 95+ ipt_rand_checkentry, 96+ NULL, 97+ THIS_MODULE }; 98+ 99+static int __init init(void) 100+{ 101+ if (ipt_register_match(&ipt_rand_reg)) 102+ return -EINVAL; 103+ 104+ printk("ipt_random match loaded\n"); 105+ return 0; 106+} 107+ 108+static void __exit fini(void) 109+{ 110+ ipt_unregister_match(&ipt_rand_reg); 111+ printk("ipt_random match unloaded\n"); 112+} 113+ 114+module_init(init); 115+module_exit(fini); 116