[netfilter-cvslog] r3850 - in
trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11:
include/linux/netfilter_ipv4 net/ipv4/netfilter
laforge at netfilter.org
laforge at netfilter.org
Sun Apr 10 23:22:29 CEST 2005
Author: laforge at netfilter.org
Date: 2005-04-10 23:22:29 +0200 (Sun, 10 Apr 2005)
New Revision: 3850
Modified:
trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_talk.h
trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_talk.c
trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_talk.c
Log:
get expectfn calling right
Modified: trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_talk.h
===================================================================
--- trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2005-04-10 21:05:37 UTC (rev 3849)
+++ trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2005-04-10 21:22:29 UTC (rev 3850)
@@ -157,4 +157,7 @@
struct talk_addr *addr,
struct talk_addr *ctl_addr);
+
+void ip_ct_talk_expect(struct ip_conntrack *ct, struct ip_conntrack_expect *exp);
+void ip_ct_ntalk_expect(struct ip_conntrack *ct, struct ip_conntrack_expect *exp);
#endif /* _IP_CONNTRACK_TALK_H */
Modified: trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_talk.c
===================================================================
--- trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_talk.c 2005-04-10 21:05:37 UTC (rev 3849)
+++ trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_talk.c 2005-04-10 21:22:29 UTC (rev 3850)
@@ -99,14 +99,15 @@
#define DEBUGP(format, args...)
#endif
-static void talk_expect(struct ip_conntrack *ct,
+void ip_ct_talk_expect(struct ip_conntrack *ct,
+ struct ip_conntrack_expect *exp);
+void ip_ct_ntalk_expect(struct ip_conntrack *ct,
struct ip_conntrack_expect *exp);
-static void ntalk_expect(struct ip_conntrack *ct,
- struct ip_conntrack_expect *exp);
static void (*talk_expectfn[2])(struct ip_conntrack *ct,
- struct ip_conntrack_expect *exp) =
- {talk_expect, ntalk_expect};
+ struct ip_conntrack_expect *exp) = {
+ ip_ct_talk_expect,
+ ip_ct_ntalk_expect };
static int talk_help_response(struct sk_buff **pskb,
struct ip_conntrack *ct,
@@ -363,8 +364,8 @@
},
};
-static void talk_expect(struct ip_conntrack *ct,
- struct ip_conntrack_expect *exp)
+void ip_ct_talk_expect(struct ip_conntrack *ct,
+ struct ip_conntrack_expect *exp)
{
DEBUGP("ip_conntrack_talk: calling talk_expectfn for ct %p\n", ct);
WRITE_LOCK(&ip_conntrack_lock);
@@ -372,8 +373,8 @@
WRITE_UNLOCK(&ip_conntrack_lock);
}
-static void ntalk_expect(struct ip_conntrack *ct,
- struct ip_conntrack_expect *exp)
+void ip_ct_ntalk_expect(struct ip_conntrack *ct,
+ struct ip_conntrack_expect *exp)
{
DEBUGP("ip_conntrack_talk: calling ntalk_expectfn for ct %p\n", ct);
WRITE_LOCK(&ip_conntrack_lock);
Modified: trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_talk.c
===================================================================
--- trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_talk.c 2005-04-10 21:05:37 UTC (rev 3849)
+++ trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_talk.c 2005-04-10 21:22:29 UTC (rev 3850)
@@ -39,8 +39,22 @@
#define DEBUGP(format, args...)
#endif
-/* FIXME: Time out? --RR */
+static void
+nat_talk_expect(struct ip_conntrack *ct,
+ struct ip_conntrack_expect *exp)
+{
+ ip_nat_follow_master(ct, exp);
+ ip_ct_talk_expect(ct, exp);
+}
+static void
+nat_ntalk_expect(struct ip_conntrack *ct,
+ struct ip_conntrack_expect *exp)
+{
+ ip_nat_follow_master(ct, exp);
+ ip_ct_ntalk_expect(ct, exp);
+}
+
static int
mangle_packet(struct sk_buff **pskb,
struct ip_conntrack *ct,
@@ -161,6 +175,14 @@
*pport = *tport;
exp->tuple.dst.ip = newip;
+
+ if (exp->expectfn == ip_ct_talk_expect)
+ exp->expectfn = nat_talk_expect;
+ else if (exp->expectfn == ip_ct_ntalk_expect)
+ exp->expectfn = nat_ntalk_expect;
+ else
+ BUG();
+
/* Try to get same port: if not, try to change it. */
for (port = ntohs(*pport); port != 0; port++) {
*tport = htons(port);
@@ -183,97 +205,6 @@
return NF_ACCEPT;
}
-#if 0
-static unsigned int
-talk_nat_expected(struct sk_buff **pskb,
- unsigned int hooknum,
- struct ip_conntrack *ct,
- struct ip_nat_info *info)
-{
- struct ip_nat_range range;
- u_int32_t newdstip, newsrcip, newip;
- u_int16_t port;
- unsigned int ret;
-
- struct ip_conntrack *master = master_ct(ct);
-
- IP_NF_ASSERT(info);
- IP_NF_ASSERT(master);
-
- IP_NF_ASSERT(!(info->initialized & (1<<HOOK2MANIP(hooknum))));
-
- DEBUGP("ip_nat_talk_expected: We have a connection!\n");
-
- LOCK_BH(&ip_talk_lock);
- port = ct->master->help.exp_talk_info.port;
- UNLOCK_BH(&ip_talk_lock);
-
- DEBUGP("ip_nat_talk_expected: dir %s at hook %s, ct %p, master %p\n",
- CTINFO2DIR((*pskb)->nfct - ct->infos) == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY",
- hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
- : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
- : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???",
- ct, master);
-
- if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum == IPPROTO_UDP) {
- /* Callee client -> caller server */
-#ifdef IP_NAT_TALK_DEBUG
- struct iphdr *iph = (*pskb)->nh.iph;
- struct udphdr *udph = (void *)iph + iph->ihl * 4;
-
- DEBUGP("ip_nat_talk_expected: UDP %u.%u.%u.%u:%u->%u.%u.%u.%u:%u\n",
- NIPQUAD(iph->saddr), ntohs(udph->source),
- NIPQUAD(iph->daddr), ntohs(udph->dest));
-#endif
- newdstip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
- newsrcip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
- DEBUGP("ip_nat_talk_expected: callee client -> caller server, newsrc: %u.%u.%u.%u, newdst: %u.%u.%u.%u\n",
- NIPQUAD(newsrcip), NIPQUAD(newdstip));
- } else {
- /* Callee client -> caller client */
-#ifdef IP_NAT_TALK_DEBUG
- struct iphdr *iph = (*pskb)->nh.iph;
- struct tcphdr *tcph = (void *)iph + iph->ihl * 4;
-
- DEBUGP("ip_nat_talk_expected: TCP %u.%u.%u.%u:%u->%u.%u.%u.%u:%u\n",
- NIPQUAD(iph->saddr), ntohs(tcph->source),
- NIPQUAD(iph->daddr), ntohs(tcph->dest));
-#endif
- newdstip = master->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip;
- newsrcip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
- DEBUGP("ip_nat_talk_expected: callee client -> caller client, newsrc: %u.%u.%u.%u, newdst: %u.%u.%u.%u\n",
- NIPQUAD(newsrcip), NIPQUAD(newdstip));
- }
- if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC)
- newip = newsrcip;
- else
- newip = newdstip;
-
- DEBUGP("ip_nat_talk_expected: IP to %u.%u.%u.%u, port %u\n", NIPQUAD(newip), ntohs(port));
-
- /* We don't want to manip the per-protocol, just the IPs... */
- range.flags = IP_NAT_RANGE_MAP_IPS;
- range.min_ip = range.max_ip = newip;
-
- /* ... unless we're doing a MANIP_DST, in which case, make
- sure we map to the correct port */
- if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_DST) {
- range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
- range.min = range.max
- = ((union ip_conntrack_manip_proto)
- { .udp = { port } });
- }
- ret = ip_nat_setup_info(ct, &range, hooknum);
-
- if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum == IPPROTO_UDP) {
- DEBUGP("talk_expected: setting NAT helper for %p\n", ct);
- /* NAT expectfn called with ip_nat_lock write-locked */
- info->helper = &talk_helpers[htons(port) - TALK_PORT];
- }
- return ret;
-}
-#endif
-
static int __init init(void)
{
BUG_ON(ip_nat_talk_msg_hook);
More information about the netfilter-cvslog
mailing list