Loading...
# This is a patch for linux-2.2.15pre16 to update it to linux-2.2.15pre16.masq # # To apply this patch: # STEP 1: Chdir to the source directory. # STEP 2: Run the 'applypatch' program with this patch file as input. # # If you do not have 'applypatch', it is part of the 'makepatch' package # that you can fetch from the Comprehensive Perl Archive Network: # http://www.perl.com/CPAN/authors/Johan_Vromans/makepatch-x.y.tar.gz # In the above URL, 'x' should be 2 or higher. # # To apply this patch without the use of 'applypatch': # STEP 1: Chdir to the source directory. # STEP 2: Run the 'patch' program with this file as input. # #### End of Preamble #### #### Patch data follows #### diff -u 'linux-2.2.15pre16/Documentation/Configure.help' 'linux-2.2.15pre16.masq/Documentation/Configure.help' Index: ./Documentation/Configure.help --- ./Documentation/Configure.help Fri Mar 31 09:34:45 2000 +++ ./Documentation/Configure.help Fri Mar 31 09:50:34 2000 @@ -2550,6 +2550,20 @@ kernel whenever you want; read Documentation/modules.txt for details. +IP: UDP masquerading loose checking +CONFIG_IP_MASQUERADE_UDP_LOOSE + Whether UDP masquerading does address checking in a loose fashion. + + If you say Y here, then UDP masqueraded connections will allow + any external system to be connect back through the firewall to the + port on the internal machine. However it will allow the more + efficient use of masqueraded ports, and may be required for some + gaming uses. + + You should only say Y here if you understand the consequences since + it will open your internal network to external probing and potential + attacks. In all other cases choose N + IP: ICMP masquerading CONFIG_IP_MASQUERADE_ICMP The basic masquerade code described for "IP: masquerading" above diff -u 'linux-2.2.15pre16/net/ipv4/Config.in' 'linux-2.2.15pre16.masq/net/ipv4/Config.in' Index: ./net/ipv4/Config.in --- ./net/ipv4/Config.in Fri Mar 31 09:34:03 2000 +++ ./net/ipv4/Config.in Fri Mar 31 09:52:26 2000 @@ -41,6 +41,7 @@ bool 'IP: masquerading' CONFIG_IP_MASQUERADE if [ "$CONFIG_IP_MASQUERADE" != "n" ]; then comment 'Protocol-specific masquerading support will be built as modules.' + bool 'IP: UDP masquerading loose checking' CONFIG_IP_MASQUERADE_UDP_LOOSE bool 'IP: ICMP masquerading' CONFIG_IP_MASQUERADE_ICMP comment 'Protocol-specific masquerading support will be built as modules.' if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then diff -u 'linux-2.2.15pre16/net/ipv4/ip_masq.c' 'linux-2.2.15pre16.masq/net/ipv4/ip_masq.c' Index: ./net/ipv4/ip_masq.c Prereq: 1.34.2.2 --- ./net/ipv4/ip_masq.c Fri Mar 31 09:34:19 2000 +++ ./net/ipv4/ip_masq.c Fri Mar 31 14:38:17 2000 @@ -412,12 +412,6 @@ #define MASQ_DPORT_PASS (IP_MASQ_F_NO_DPORT|IP_MASQ_F_DLOOSE) /* - * By default enable dest loose semantics - */ -#define CONFIG_IP_MASQ_LOOSE_DEFAULT 1 - - -/* * Set masq expiration (deletion) and adds timer, * if timeout==0 cancel expiration. * Warning: it does not check/delete previous timer! @@ -937,7 +931,7 @@ atomic_set(&ms->refcnt,0); if (proto == IPPROTO_UDP && !mport) -#ifdef CONFIG_IP_MASQ_LOOSE_DEFAULT +#ifdef CONFIG_IP_MASQUERADE_UDP_LOOSE /* * Flag this tunnel as "dest loose" * #### End of Patch data #### #### ApplyPatch data follows #### # Data version : 1.0 # Date generated : Fri Mar 31 14:38:26 2000 # Generated by : makepatch 2.00 # Recurse directories : Yes # p 'Documentation/Configure.help' 565235 954492634 0100644 # p 'net/ipv4/Config.in' 3618 954492746 0100644 # p 'net/ipv4/ip_masq.c' 65999 954509897 0100644 #### End of ApplyPatch data #### #### End of Patch kit [created: Fri Mar 31 14:38:26 2000] #### #### Checksum: 95 3735 33457 #### |