[netfilter-cvslog] r3840 - in
trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11:
include/linux/netfilter_ipv4 net/ipv4/netfilter
laforge at netfilter.org
laforge at netfilter.org
Sun Apr 10 16:04:04 CEST 2005
Author: laforge at netfilter.org
Date: 2005-04-10 16:04:04 +0200 (Sun, 10 Apr 2005)
New Revision: 3840
Removed:
trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack.h.ladd_3
Modified:
trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_mms.h
trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/Makefile.ladd
trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/Makefile.ladd_2
trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_mms.c
trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_mms.c
Log:
first compiling (but untested) version for 2.6.11
Deleted: trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack.h.ladd_3
===================================================================
--- trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack.h.ladd_3 2005-04-10 12:53:16 UTC (rev 3839)
+++ trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack.h.ladd_3 2005-04-10 14:04:04 UTC (rev 3840)
@@ -1,2 +0,0 @@
- /* insert conntrack helper private data (expect) here */
- struct ip_ct_mms_expect exp_mms_info;
Modified: trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_mms.h
===================================================================
--- trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_mms.h 2005-04-10 12:53:16 UTC (rev 3839)
+++ trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_mms.h 2005-04-10 14:04:04 UTC (rev 3840)
@@ -19,6 +19,7 @@
/* This structure is per expected connection */
struct ip_ct_mms_expect {
+ u_int32_t offset;
u_int32_t len;
u_int32_t padding;
u_int16_t port;
@@ -28,4 +29,10 @@
struct ip_ct_mms_master {
};
+struct ip_conntrack_expect;
+extern unsigned int (*ip_nat_mms_hook)(struct sk_buff **pskb,
+ enum ip_conntrack_info ctinfo,
+ const struct ip_ct_mms_expect *exp_mms_info,
+ struct ip_conntrack_expect *exp);
+
#endif /* _IP_CONNTRACK_MMS_H */
Modified: trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/Makefile.ladd
===================================================================
--- trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/Makefile.ladd 2005-04-10 12:53:16 UTC (rev 3839)
+++ trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/Makefile.ladd 2005-04-10 14:04:04 UTC (rev 3840)
@@ -1,2 +1,2 @@
-obj-$(CONFIG_IP_NF_NAT_IRC) += ip_nat_irc.o
+# NAT helpers
obj-$(CONFIG_IP_NF_NAT_MMS) += ip_nat_mms.o
Modified: trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/Makefile.ladd_2
===================================================================
--- trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/Makefile.ladd_2 2005-04-10 12:53:16 UTC (rev 3839)
+++ trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/Makefile.ladd_2 2005-04-10 14:04:04 UTC (rev 3840)
@@ -1,5 +1,2 @@
# connection tracking helpers
obj-$(CONFIG_IP_NF_MMS) += ip_conntrack_mms.o
-ifdef CONFIG_IP_NF_MMS
- export-objs += ip_conntrack_mms.o
-endif
Modified: trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_mms.c
===================================================================
--- trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_mms.c 2005-04-10 12:53:16 UTC (rev 3839)
+++ trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_mms.c 2005-04-10 14:04:04 UTC (rev 3840)
@@ -49,6 +49,12 @@
static char mms_buffer[65536];
static DECLARE_LOCK(mms_buffer_lock);
+static unsigned int (*ip_nat_mms_hook)(struct sk_buff **pskb,
+ enum ip_conntrack_info ctinfo,
+ const struct ip_ct_mms_expect *exp_mms_info,
+ struct ip_conntrack_expect *exp);
+EXPORT_SYMBOL(ip_nat_mms_hook);
+
#if 0
#define DEBUGP printk
#else
@@ -146,19 +152,18 @@
struct ip_conntrack *ct,
enum ip_conntrack_info ctinfo)
{
- int ret;
+ int ret = NF_DROP;
struct tcphdr _tcph, *th;
- char *data;
- unsigned int datalen;
+ char *data, *mb_ptr;
+ unsigned int datalen, dataoff;
//struct tcphdr *tcph = (void *)iph + iph->ihl * 4;
- const char *data = (const char *)tcph + tcph->doff * 4;
//unsigned int tcplen = len - iph->ihl * 4;
//unsigned int datalen = tcplen - tcph->doff * 4;
int dir = CTINFO2DIR(ctinfo);
struct ip_conntrack_expect *exp;
- struct ip_ct_mms_expect *exp_mms_info = &exp->help.exp_mms_info;
+ struct ip_ct_mms_expect _emmi, *exp_mms_info = &_emmi;
u_int32_t mms_ip;
u_int16_t mms_proto;
@@ -257,7 +262,7 @@
goto out;
}
- //exp->seq = ntohl(tcph->seq) + (mms_string_b - data);
+ exp_mms_info->offset = (mms_string_b - data);
exp_mms_info->len = (mms_string_e - mms_string_b);
exp_mms_info->padding = (mms_padding_e - mms_string_e);
exp_mms_info->port = mms_port;
@@ -279,7 +284,7 @@
exp->master = ct;
if (ip_nat_mms_hook)
- ret = ip_nat_mms_hook(pskb, ctinfo, ..., exp);
+ ret = ip_nat_mms_hook(pskb, ctinfo, exp_mms_info, exp);
else if (ip_conntrack_expect_related(exp) != 0) {
ip_conntrack_expect_free(exp);
ret = NF_DROP;
@@ -318,10 +323,9 @@
mms[i].tuple.src.u.tcp.port = htons(ports[i]);
mms[i].tuple.dst.protonum = IPPROTO_TCP;
mms[i].mask.src.u.tcp.port = 0xFFFF;
- mms[i].mask.dst.protonum = 0xFFFF;
+ mms[i].mask.dst.protonum = 0xFF;
mms[i].max_expected = 1;
mms[i].timeout = 0;
- mms[i].flags = IP_CT_HELPER_F_REUSE_EXPECT;
mms[i].me = THIS_MODULE;
mms[i].help = help;
Modified: trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_mms.c
===================================================================
--- trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_mms.c 2005-04-10 12:53:16 UTC (rev 3839)
+++ trunk/patch-o-matic-ng/mms-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_mms.c 2005-04-10 14:04:04 UTC (rev 3840)
@@ -66,14 +66,13 @@
MODULE_DESCRIPTION("Microsoft Windows Media Services (MMS) NAT module");
MODULE_LICENSE("GPL");
-static int mms_data_fixup(const struct ip_ct_mms_expect *ct_mms_info,
- struct ip_conntrack *ct,
- struct sk_buff **pskb,
+static unsigned int mms_data_fixup(struct sk_buff **pskb,
enum ip_conntrack_info ctinfo,
+ const struct ip_ct_mms_expect *ct_mms_info,
struct ip_conntrack_expect *expect)
{
u_int32_t newip;
- struct ip_conntrack_tuple t;
+ struct ip_conntrack *ct = expect->master;
struct iphdr *iph = (*pskb)->nh.iph;
struct tcphdr *tcph = (void *) iph + iph->ihl * 4;
char *data = (char *)tcph + tcph->doff * 4;
@@ -104,21 +103,23 @@
: mms_proto == IPPROTO_TCP ? "TCP":proto_string);
newip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
+ expect->saved_proto.tcp.port = expect->tuple.dst.u.tcp.port;
+ expect->expectfn = ip_nat_follow_master;
/* Alter conntrack's expectations. */
- t = expect->tuple;
- t.dst.ip = newip;
for (port = ct_mms_info->port; port != 0; port++) {
- t.dst.u.tcp.port = htons(port);
- if (ip_conntrack_change_expect(expect, &t) == 0) {
+ expect->tuple.dst.u.tcp.port = htons(port);
+ if (ip_conntrack_expect_related(expect) == 0) {
DEBUGP("ip_nat_mms: mms_data_fixup: using port %d\n",
port);
break;
}
}
- if(port == 0)
- return 0;
+ if (port == 0) {
+ ip_conntrack_expect_free(expect);
+ return NF_DROP;
+ }
sprintf(buffer, "\\\\%u.%u.%u.%u\\%s\\%u",
NIPQUAD(newip),
@@ -169,128 +170,12 @@
*mms_messageLength);
ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
- expect->seq - ntohl(tcph->seq),
+ ct_mms_info->offset,
ct_mms_info->len + ct_mms_info->padding,
unicode_buffer, strlen(buffer)*2 +
ct_mms_info->padding + zero_padding);
DUMP_BYTES(unicode_buffer, 60);
- return 1;
-}
-
-static unsigned int
-mms_nat_expected(struct sk_buff **pskb,
- unsigned int hooknum,
- struct ip_conntrack *ct,
- struct ip_nat_info *info)
-{
- struct ip_nat_multi_range mr;
- u_int32_t newdstip, newsrcip, newip;
-
- struct ip_conntrack *master = master_ct(ct);
-
- IP_NF_ASSERT(info);
- IP_NF_ASSERT(master);
-
- IP_NF_ASSERT(!(info->initialized & (1 << HOOK2MANIP(hooknum))));
-
- DEBUGP("ip_nat_mms: mms_nat_expected: We have a connection!\n");
-
- newdstip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
- newsrcip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
- DEBUGP("ip_nat_mms: mms_nat_expected: hook %s: "
- "newsrc->newdst %u.%u.%u.%u->%u.%u.%u.%u\n",
- hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
- : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
- : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???",
- NIPQUAD(newsrcip), NIPQUAD(newdstip));
-
- if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC)
- newip = newsrcip;
- else
- newip = newdstip;
-
- DEBUGP("ip_nat_mms: mms_nat_expected: IP to %u.%u.%u.%u\n",
- NIPQUAD(newip));
-
- mr.rangesize = 1;
- /* We don't want to manip the per-protocol, just the IPs. */
- mr.range[0].flags = IP_NAT_RANGE_MAP_IPS;
- mr.range[0].min_ip = mr.range[0].max_ip = newip;
-
- return ip_nat_setup_info(ct, &mr, hooknum);
-}
-
-
-static unsigned int mms_nat_help(struct ip_conntrack *ct,
- struct ip_conntrack_expect *exp,
- struct ip_nat_info *info,
- enum ip_conntrack_info ctinfo,
- unsigned int hooknum,
- struct sk_buff **pskb)
-{
- struct iphdr *iph = (*pskb)->nh.iph;
- struct tcphdr *tcph = (void *) iph + iph->ihl * 4;
- unsigned int datalen;
- int dir;
- struct ip_ct_mms_expect *ct_mms_info;
-
- if (!exp)
- DEBUGP("ip_nat_mms: no exp!!");
-
- ct_mms_info = &exp->help.exp_mms_info;
-
- /* Only mangle things once: original direction in POST_ROUTING
- and reply direction on PRE_ROUTING. */
- dir = CTINFO2DIR(ctinfo);
- if (!((hooknum == NF_IP_POST_ROUTING && dir == IP_CT_DIR_ORIGINAL)
- ||(hooknum == NF_IP_PRE_ROUTING && dir == IP_CT_DIR_REPLY))) {
- DEBUGP("ip_nat_mms: mms_nat_help: not touching dir %s"
- "at hook %s\n",
- dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY",
- hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
- : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
- : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???");
- return NF_ACCEPT;
- }
- DEBUGP("ip_nat_mms: mms_nat_help: beyond not touching "
- "(dir %s at hook %s)\n",
- dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY",
- hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
- : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
- : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???");
-
- datalen = (*pskb)->len - iph->ihl * 4 - tcph->doff * 4;
-
- DEBUGP("ip_nat_mms: mms_nat_help: %u+%u=%u %u %u\n", exp->seq,
- ct_mms_info->len, exp->seq + ct_mms_info->len,
- ntohl(tcph->seq),
- ntohl(tcph->seq) + datalen);
-
- LOCK_BH(&ip_mms_lock);
- /* Check wether the whole IP/proto/port pattern is carried in the
- * payload */
- if (between(exp->seq + ct_mms_info->len,
- ntohl(tcph->seq),
- ntohl(tcph->seq) + datalen)) {
- if (!mms_data_fixup(ct_mms_info, ct, pskb, ctinfo, exp)) {
- UNLOCK_BH(&ip_mms_lock);
- return NF_DROP;
- }
- } else {
- /* Half a match? This means a partial retransmisison.
- It's a cracker being funky. */
- if (net_ratelimit()) {
- printk("ip_nat_mms: partial packet %u/%u in %u/%u\n",
- exp->seq, ct_mms_info->len,
- ntohl(tcph->seq),
- ntohl(tcph->seq) + datalen);
- }
- UNLOCK_BH(&ip_mms_lock);
- return NF_DROP;
- }
- UNLOCK_BH(&ip_mms_lock);
-
return NF_ACCEPT;
}
@@ -303,7 +188,9 @@
static int __init init(void)
{
BUG_ON(ip_nat_mms_hook);
- ip_nat_mms_hook = &mms_nat_help;
+ ip_nat_mms_hook = &mms_data_fixup;
+
+ return 0;
}
module_init(init);
More information about the netfilter-cvslog
mailing list