[netfilter-cvslog] r3843 - in trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11: include/linux/netfilter_ipv4 net/ipv4/netfilter

laforge at netfilter.org laforge at netfilter.org
Sun Apr 10 22:03:03 CEST 2005 

Author: laforge at netfilter.org
Date: 2005-04-10 22:03:02 +0200 (Sun, 10 Apr 2005)
New Revision: 3843

Modified:
   trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_quake3.h
   trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_quake3.c
   trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_quake3.c
Log:
compiles, but no idea whether it would work


Modified: trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_quake3.h
===================================================================
--- trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_quake3.h	2005-04-10 18:49:18 UTC (rev 3842)
+++ trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_quake3.h	2005-04-10 20:03:02 UTC (rev 3843)
@@ -18,4 +18,5 @@
 struct ip_ct_quake3_master {
 };
 
+extern unsigned int (*ip_nat_quake3_hook)(struct ip_conntrack_expect *exp);
 #endif /* _IP_CT_QUAKE3 */

Modified: trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_quake3.c
===================================================================
--- trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_quake3.c	2005-04-10 18:49:18 UTC (rev 3842)
+++ trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_quake3.c	2005-04-10 20:03:02 UTC (rev 3843)
@@ -1,5 +1,6 @@
 /* Quake3 extension for IP connection tracking
  * (C) 2002 by Filip Sneppe <filip.sneppe at cronos.be>
+ * (C) 2005 by Harald Welte <laforge at netfilter.org>
  * based on ip_conntrack_ftp.c and ip_conntrack_tftp.c
  *
  * ip_conntrack_quake3.c v0.04 2002-08-31
@@ -38,6 +39,11 @@
 module_param_array(ports, int, &ports_c, 0400);
 MODULE_PARM_DESC(ports, "port numbers of Quake III master servers");
 
+static char quake3_buffer[65536];
+static DECLARE_LOCK(quake3_buffer_lock);
+
+static unsigned int (*ip_nat_quake3_hook)(struct ip_conntrack_expect *exp);
+
 /* Quake3 master server reply will add > 100 expectations per reply packet; when
    doing lots of printk's, klogd may not be able to read /proc/kmsg fast enough */
 #if 0 
@@ -53,10 +59,12 @@
 	enum ip_conntrack_info ctinfo)
 {
 	struct udphdr _udph, *uh;
+	struct ip_conntrack_expect *exp;
+	char *data, *qb_ptr;
 	int dir = CTINFO2DIR(ctinfo);
-	struct ip_conntrack_expect *exp;
-	int i;
+	int i, dataoff;
 	int ret = NF_ACCEPT;
+
 	
 	/* Until there's been traffic both ways, don't look in packets. note:
 	 * it's UDP ! */
@@ -84,7 +92,7 @@
 	LOCK_BH(&quake3_buffer_lock);
 	qb_ptr = skb_header_pointer(*pskb, dataoff,
 				    (*pskb)->len - dataoff, quake3_buffer);
-	BUG_ON(dp_ptr == NULL);
+	BUG_ON(qb_ptr == NULL);
 	data = qb_ptr;
 
 	
@@ -118,12 +126,11 @@
 
 			exp->mask.src.ip = 0xffffffff;
 			exp->mask.dst.ip = 0xffffffff;
-			exp->mask.dst.u.port = 0xffff;
+			exp->mask.dst.u.udp.port = 0xffff;
 			exp->mask.dst.protonum = 0xff;
 
 			if (ip_nat_quake3_hook) 
-				ret = ip_nat_quake3_hook(pskb, ctinfo, 
-							 ..., exp);
+				ret = ip_nat_quake3_hook(exp);
 			else if (ip_conntrack_expect_related(exp) != 0) {
 				ip_conntrack_expect_free(exp);
 				ret = NF_DROP;
@@ -164,7 +171,7 @@
 
 		quake3[i].tuple.dst.protonum = IPPROTO_UDP;
 		quake3[i].tuple.src.u.udp.port = htons(ports[i]);
-		quake3[i].mask.dst.protonum = 0xFFFF;
+		quake3[i].mask.dst.protonum = 0xFF;
 		quake3[i].mask.src.u.udp.port = 0xFFFF;
 		quake3[i].help = quake3_help;
 		quake3[i].me = THIS_MODULE;

Modified: trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_quake3.c
===================================================================
--- trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_quake3.c	2005-04-10 18:49:18 UTC (rev 3842)
+++ trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_quake3.c	2005-04-10 20:03:02 UTC (rev 3843)
@@ -1,5 +1,6 @@
 /* Quake3 extension for UDP NAT alteration.
  * (C) 2002 by Filip Sneppe <filip.sneppe at cronos.be>
+ * (C) 2005 by Harald Welte <laforge at netfilter.org>
  * based on ip_nat_ftp.c and ip_nat_tftp.c
  *
  * ip_nat_quake3.c v0.0.3 2002-08-31
@@ -47,7 +48,6 @@
 #include <linux/netfilter_ipv4/ip_conntrack_helper.h>
 #include <linux/netfilter_ipv4/ip_conntrack_quake3.h>
 #include <linux/netfilter_ipv4/ip_nat_helper.h>
-#include <linux/netfilter_ipv4/ip_nat_rule.h>
 
 MODULE_AUTHOR("Filip Sneppe <filip.sneppe at cronos.be>");
 MODULE_DESCRIPTION("Netfilter NAT helper for Quake III Arena");
@@ -61,127 +61,25 @@
 #define DEBUGP(format, args...)
 #endif
 
-static struct quake3_search quake3s_nat = { "****", "getserversResponse", sizeof("getserversResponse") - 1 };
-
 static unsigned int 
-quake3_nat_help(struct sk_buff **pskb,
-                enum ip_conntrack_info ctinfo,
-
-                struct ip_conntrack_expect *exp,
-                //struct ip_nat_info *info,
-                //unsigned int hooknum,
-	       )
+quake3_nat_help(struct ip_conntrack_expect *exp)
 {
-	struct iphdr *iph = (*pskb)->nh.iph;
-	struct udphdr *udph = (void *)iph + iph->ihl * 4;
-	struct ip_conntrack_tuple repl;
-	int dir = CTINFO2DIR(ctinfo);
-	int i;
-	
-	DEBUGP("ip_nat_quake3: quake3_nat_help, direction: %s hook: %s\n",
-	       dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY",
-	       hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
-	       : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
-	       : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???"
-	      );
-	DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
-	DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
-	
-	/* Only mangle things once: original direction in POST_ROUTING
-	   and reply direction on PRE_ROUTING. */
-	if (!((hooknum == NF_IP_POST_ROUTING && dir == IP_CT_DIR_ORIGINAL)
-	    || (hooknum == NF_IP_PRE_ROUTING && dir == IP_CT_DIR_REPLY))) {
-		DEBUGP("ip_nat_quake3: Not touching dir %s at hook %s\n",
-		       dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY",
-		       hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
-		       : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
-		       : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "????");
-		return NF_ACCEPT;
-	}
+	struct ip_conntrack *ct = exp->master;
 
-	if (!exp) {
-		DEBUGP("no conntrack expectation to modify\n");
-		return NF_ACCEPT;
-	}
+	/* What is this?  Why don't we try to alter the port? -HW */
+	exp->tuple.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
+	exp->saved_proto.udp.port = exp->tuple.dst.u.udp.port;
+	exp->expectfn = ip_nat_follow_master;
+	//exp->dir = !dir;
 
-	if (strnicmp((const char *)udph + 12, quake3s_nat.pattern, quake3s_nat.plen) == 0) {
-		for(i=31; /* 8 bytes UDP hdr, 4 bytes filler, 18 bytes "getserversResponse", 1 byte "\" */
-		    i+6 < ntohs(udph->len);
-		    i+=7) {
-			DEBUGP("ip_nat_quake3: adding server at offset %u/%u %u.%u.%u.%u:%u\n", 
-			       i, ntohs(udph->len),
-			       NIPQUAD( (u_int32_t) *( (u_int32_t *)( (int)udph + i ) ) ),
-			       ntohs((__u16) *( (__u16 *)( (int)udph + i + 4 ) ) ) );
-			
-			memset(&repl, 0, sizeof(repl));
-
-			repl.dst.protonum = IPPROTO_UDP;
-			repl.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
-			repl.dst.ip = *( (u_int32_t *)( (int)udph + i ) );
-			repl.dst.u.udp.port = (__u16) *( (__u16 *)( (int)udph + i + 4 )  );
-			
-			ip_conntrack_change_expect(exp, &repl);
-		}
+	if (ip_conntrack_expect_related(exp) != 0) {
+		ip_conntrack_expect_free(exp);
+		return NF_DROP;
 	}
+
 	return NF_ACCEPT;
 }
 
-static unsigned int 
-quake3_nat_expected(struct sk_buff **pskb,
-                    unsigned int hooknum,
-                    struct ip_conntrack *ct, 
-                    struct ip_nat_info *info) 
-{
-	const struct ip_conntrack *master = ct->master->expectant;
-	struct ip_nat_multi_range mr;
-	u_int32_t newsrcip, newdstip, newip;
-#if 0 
-	const struct ip_conntrack_tuple *repl =
-		&master->tuplehash[IP_CT_DIR_REPLY].tuple;
-	struct iphdr *iph = (*pskb)->nh.iph;
-	struct udphdr *udph = (void *)iph + iph->ihl*4;
-#endif
-
-	DEBUGP("ip_nat_quake3: quake3_nat_expected: here we are\n");
-	DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
-
-	IP_NF_ASSERT(info);
-	IP_NF_ASSERT(master);
-	IP_NF_ASSERT(!(info->initialized & (1 << HOOK2MANIP(hooknum))));
-	
-	newdstip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
-	newsrcip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
-	
-	if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC) {
-		newip = newsrcip;
-		DEBUGP("hook: %s orig: %u.%u.%u.%u:%u <-> %u.%u.%u.%u:%u "
-		       "newsrc: %u.%u.%u.%u\n",
-		       hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
-		       : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
-		       : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "????",
-		       NIPQUAD((*pskb)->nh.iph->saddr), ntohs(udph->source),
-		       NIPQUAD((*pskb)->nh.iph->daddr), ntohs(udph->dest),
-		       NIPQUAD(newip));
-		
-	} else {
-		newip = newdstip;
-		DEBUGP("hook: %s orig: %u.%u.%u.%u:%u <-> %u.%u.%u.%u:%u "
-		       "newdst: %u.%u.%u.%u\n",
-		       hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
-		       : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
-		       : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "????",
-		       NIPQUAD((*pskb)->nh.iph->saddr), ntohs(udph->source),
-		       NIPQUAD((*pskb)->nh.iph->daddr), ntohs(udph->dest),
-		       NIPQUAD(newip));
-	}
-	
-	mr.rangesize = 1;
-	mr.range[0].flags = IP_NAT_RANGE_MAP_IPS;
-	mr.range[0].min_ip = mr.range[0].max_ip = newip; 
-
-	return ip_nat_setup_info(ct,&mr,hooknum);
-}
-
 static void fini(void)
 {
 	ip_nat_quake3_hook = NULL;
@@ -191,7 +89,7 @@
 static int __init init(void)
 {
 	BUG_ON(ip_nat_quake3_hook);
-	ip_nat_quake3_hook = help;
+	ip_nat_quake3_hook = quake3_nat_help;
 	return 0;
 }

More information about the netfilter-cvslog mailing list