This commit is contained in:
Niels Werensteijn
parent
4c59e4a31e
commit
bf438d0f34
@ -11,6 +11,7 @@
|
||||
* under the terms of the GNU General Public License; either version 2
|
||||
* or 3 of the License, as published by the Free Software Foundation.
|
||||
*/
|
||||
#include <linux/init.h>
|
||||
#include <linux/version.h>
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/time.h>
|
||||
@ -39,6 +40,8 @@
|
||||
struct shash_desc *shash = (struct shash_desc *)__##shash##_desc
|
||||
#endif
|
||||
|
||||
static struct crypto_shash *sha512_tfm;
|
||||
|
||||
|
||||
static void check_update_seed_cache(time_t time, __u8 index,
|
||||
struct xt_ts3init_cookie_cache* cache,
|
||||
@ -46,30 +49,21 @@ static void check_update_seed_cache(time_t time, __u8 index,
|
||||
{
|
||||
int ret;
|
||||
__le32 seed_hash_time;
|
||||
struct crypto_shash *tfm;
|
||||
|
||||
if (time == cache->time[index]) return;
|
||||
|
||||
/* We need to update the cache. */
|
||||
/* seed = sha512(random_seed[RANDOM_SEED_LEN] + __le32 time) */
|
||||
seed_hash_time = cpu_to_le32( (__u32)time);
|
||||
|
||||
tfm = crypto_alloc_shash(TS3_SHA_512_NAME, 0, 0);
|
||||
if (IS_ERR(tfm))
|
||||
{
|
||||
printk(KERN_ERR KBUILD_MODNAME ": could not alloc sha512\n");
|
||||
}
|
||||
else
|
||||
{
|
||||
SHASH_DESC_ON_STACK(shash, tfm);
|
||||
shash->tfm = tfm;
|
||||
SHASH_DESC_ON_STACK(shash, sha512_tfm);
|
||||
shash->tfm = sha512_tfm;
|
||||
shash->flags = 0;
|
||||
|
||||
ret = crypto_shash_init(shash);
|
||||
if (ret != 0)
|
||||
{
|
||||
printk(KERN_ERR KBUILD_MODNAME ": could not initalize sha512\n");
|
||||
crypto_free_shash(tfm);
|
||||
return;
|
||||
}
|
||||
|
||||
@ -77,7 +71,6 @@ static void check_update_seed_cache(time_t time, __u8 index,
|
||||
if (ret != 0)
|
||||
{
|
||||
printk(KERN_ERR KBUILD_MODNAME ": could not update sha512\n");
|
||||
crypto_free_shash(tfm);
|
||||
return;
|
||||
}
|
||||
|
||||
@ -86,11 +79,9 @@ static void check_update_seed_cache(time_t time, __u8 index,
|
||||
if (ret != 0)
|
||||
{
|
||||
printk(KERN_ERR KBUILD_MODNAME ": could not finup sha512\n");
|
||||
crypto_free_shash(tfm);
|
||||
return;
|
||||
}
|
||||
|
||||
crypto_free_shash(tfm);
|
||||
cache->time[index] = time;
|
||||
}
|
||||
}
|
||||
@ -106,7 +97,7 @@ __u64* ts3init_get_cookie_seed(time_t current_time, __u8 packet_index,
|
||||
time_t packet_cache_time;
|
||||
|
||||
if (packet_index >= 8) return NULL;
|
||||
|
||||
|
||||
current_cache_index = (current_time % 8) / 4;
|
||||
packet_cache_index = packet_index / 4;
|
||||
|
||||
@ -149,3 +140,19 @@ int ts3init_calculate_cookie_ipv4(const struct iphdr *ip, const struct udphdr *u
|
||||
return 0;
|
||||
}
|
||||
|
||||
int __init ts3init_cookie_init(void)
|
||||
{
|
||||
sha512_tfm = crypto_alloc_shash(TS3_SHA_512_NAME, 0, 0);
|
||||
if (IS_ERR(sha512_tfm))
|
||||
{
|
||||
printk(KERN_ERR KBUILD_MODNAME ": could not alloc sha512\n");
|
||||
return (int) PTR_ERR(sha512_tfm);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
void ts3init_cookie_exit(void)
|
||||
{
|
||||
crypto_free_shash(sha512_tfm);
|
||||
}
|
||||
|
||||
|
||||
@ -14,6 +14,7 @@
|
||||
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/init.h>
|
||||
#include <linux/netfilter/x_tables.h>
|
||||
#include <linux/skbuff.h>
|
||||
#include <linux/ip.h>
|
||||
@ -440,7 +441,7 @@ static struct xt_match ts3init_mt_reg[] __read_mostly =
|
||||
},
|
||||
};
|
||||
|
||||
int ts3init_match_init(void)
|
||||
int __init ts3init_match_init(void)
|
||||
{
|
||||
return xt_register_matches(ts3init_mt_reg, ARRAY_SIZE(ts3init_mt_reg));
|
||||
}
|
||||
|
||||
@ -19,12 +19,15 @@
|
||||
|
||||
/* defined in ts3init_match.c */
|
||||
int ts3init_match_init(void) __init;
|
||||
void ts3init_match_exit(void) __exit;
|
||||
void ts3init_match_exit(void);
|
||||
|
||||
/* defined in ts3init_target.c */
|
||||
int ts3init_target_init(void) __init;
|
||||
void ts3init_target_exit(void) __exit;
|
||||
void ts3init_target_exit(void);
|
||||
|
||||
/* defined in ts3init_cookie.c */
|
||||
int ts3init_cookie_init(void) __init;
|
||||
void ts3init_cookie_exit(void);
|
||||
|
||||
MODULE_AUTHOR("Niels Werensteijn <niels.werensteijn@teamspeak.com>");
|
||||
MODULE_DESCRIPTION("A module to aid in ts3 spoof protection");
|
||||
@ -35,21 +38,34 @@ MODULE_ALIAS("ip6t_ts3init");
|
||||
static int __init ts3init_init(void)
|
||||
{
|
||||
int error;
|
||||
|
||||
error = ts3init_cookie_init();
|
||||
if (error)
|
||||
goto out1;
|
||||
|
||||
error = ts3init_match_init();
|
||||
if (error)
|
||||
return error;
|
||||
goto out2;
|
||||
|
||||
error = ts3init_target_init();
|
||||
if (error)
|
||||
ts3init_match_exit();
|
||||
goto out3;
|
||||
|
||||
return error;
|
||||
|
||||
out3:
|
||||
ts3init_match_exit();
|
||||
out2:
|
||||
ts3init_cookie_exit();
|
||||
out1:
|
||||
return error;
|
||||
}
|
||||
|
||||
static void __exit ts3init_exit(void)
|
||||
{
|
||||
ts3init_match_exit();
|
||||
ts3init_target_exit();
|
||||
ts3init_match_exit();
|
||||
ts3init_cookie_exit();
|
||||
}
|
||||
|
||||
module_init(ts3init_init);
|
||||
|
||||
@ -14,6 +14,7 @@
|
||||
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/init.h>
|
||||
#include <linux/skbuff.h>
|
||||
#include <linux/udp.h>
|
||||
#include <linux/netfilter/x_tables.h>
|
||||
@ -525,7 +526,7 @@ static struct xt_target ts3init_tg_reg[] __read_mostly = {
|
||||
},
|
||||
};
|
||||
|
||||
int ts3init_target_init(void)
|
||||
int __init ts3init_target_init(void)
|
||||
{
|
||||
return xt_register_targets(ts3init_tg_reg, ARRAY_SIZE(ts3init_tg_reg));
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user