[netfilter-cvslog] r3850 - in trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11: include/linux/netfilter_ipv4 net/ipv4/netfilter

Sun Apr 10 23:22:29 CEST 2005

Author: laforge at netfilter.org
Date: 2005-04-10 23:22:29 +0200 (Sun, 10 Apr 2005)
New Revision: 3850

Modified:
   trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_talk.h
   trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_talk.c
   trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_talk.c
Log:
get expectfn calling right


Modified: trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_talk.h
===================================================================

--- trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_talk.h	2005-04-10 21:05:37 UTC (rev 3849)
+++ trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/include/linux/netfilter_ipv4/ip_conntrack_talk.h	2005-04-10 21:22:29 UTC (rev 3850)
@@ -157,4 +157,7 @@
 				     struct talk_addr *addr,
 				     struct talk_addr *ctl_addr);
 
+
+void ip_ct_talk_expect(struct ip_conntrack *ct, struct ip_conntrack_expect *exp);
+void ip_ct_ntalk_expect(struct ip_conntrack *ct, struct ip_conntrack_expect *exp);
 #endif /* _IP_CONNTRACK_TALK_H */

Modified: trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_talk.c
===================================================================
--- trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_talk.c	2005-04-10 21:05:37 UTC (rev 3849)
+++ trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_talk.c	2005-04-10 21:22:29 UTC (rev 3850)
@@ -99,14 +99,15 @@
 #define DEBUGP(format, args...)
 #endif
 
-static void talk_expect(struct ip_conntrack *ct,
+void ip_ct_talk_expect(struct ip_conntrack *ct,
+		       struct ip_conntrack_expect *exp);
+void ip_ct_ntalk_expect(struct ip_conntrack *ct,
 			struct ip_conntrack_expect *exp);
-static void ntalk_expect(struct ip_conntrack *ct,
-			 struct ip_conntrack_expect *exp);
 
 static void (*talk_expectfn[2])(struct ip_conntrack *ct,
-				struct ip_conntrack_expect *exp) = 
-						{talk_expect, ntalk_expect};
+				struct ip_conntrack_expect *exp) = {
+					ip_ct_talk_expect,
+					ip_ct_ntalk_expect };
 
 static int talk_help_response(struct sk_buff **pskb,
 		              struct ip_conntrack *ct,
@@ -363,8 +364,8 @@
 	},
 };
 
-static void talk_expect(struct ip_conntrack *ct,
-			struct ip_conntrack_expect *exp)
+void ip_ct_talk_expect(struct ip_conntrack *ct,
+		       struct ip_conntrack_expect *exp)
 {
 	DEBUGP("ip_conntrack_talk: calling talk_expectfn for ct %p\n", ct);
 	WRITE_LOCK(&ip_conntrack_lock);
@@ -372,8 +373,8 @@
 	WRITE_UNLOCK(&ip_conntrack_lock);
 }
 
-static void ntalk_expect(struct ip_conntrack *ct,
-			 struct ip_conntrack_expect *exp)
+void ip_ct_ntalk_expect(struct ip_conntrack *ct,
+		        struct ip_conntrack_expect *exp)
 {
 	DEBUGP("ip_conntrack_talk: calling ntalk_expectfn for ct %p\n", ct);
 	WRITE_LOCK(&ip_conntrack_lock);

Modified: trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_talk.c
===================================================================
--- trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_talk.c	2005-04-10 21:05:37 UTC (rev 3849)
+++ trunk/patch-o-matic-ng/talk-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_talk.c	2005-04-10 21:22:29 UTC (rev 3850)
@@ -39,8 +39,22 @@
 #define DEBUGP(format, args...)
 #endif
 
-/* FIXME: Time out? --RR */
+static void
+nat_talk_expect(struct ip_conntrack *ct,
+		struct ip_conntrack_expect *exp)
+{
+	ip_nat_follow_master(ct, exp);
+	ip_ct_talk_expect(ct, exp);
+}
 
+static void
+nat_ntalk_expect(struct ip_conntrack *ct,
+		 struct ip_conntrack_expect *exp)
+{
+	ip_nat_follow_master(ct, exp);
+	ip_ct_ntalk_expect(ct, exp);
+}
+
 static int
 mangle_packet(struct sk_buff **pskb,
 	      struct ip_conntrack *ct,
@@ -161,6 +175,14 @@
 	*pport = *tport;
 
 	exp->tuple.dst.ip = newip;
+
+	if (exp->expectfn == ip_ct_talk_expect)
+		exp->expectfn = nat_talk_expect;
+	else if (exp->expectfn == ip_ct_ntalk_expect)
+		exp->expectfn = nat_ntalk_expect;
+	else
+		BUG();
+
 	/* Try to get same port: if not, try to change it. */
 	for (port = ntohs(*pport); port != 0; port++) {
 		*tport = htons(port);
@@ -183,97 +205,6 @@
 	return NF_ACCEPT;
 }
 
-#if 0 
-static unsigned int
-talk_nat_expected(struct sk_buff **pskb,
-		  unsigned int hooknum,
-		  struct ip_conntrack *ct,
-		  struct ip_nat_info *info)
-{
-	struct ip_nat_range range;
-	u_int32_t newdstip, newsrcip, newip;
-	u_int16_t port;
-	unsigned int ret;
-	
-	struct ip_conntrack *master = master_ct(ct);
-
-	IP_NF_ASSERT(info);
-	IP_NF_ASSERT(master);
-
-	IP_NF_ASSERT(!(info->initialized & (1<<HOOK2MANIP(hooknum))));
-
-	DEBUGP("ip_nat_talk_expected: We have a connection!\n");
-
-	LOCK_BH(&ip_talk_lock);
-	port = ct->master->help.exp_talk_info.port;
-	UNLOCK_BH(&ip_talk_lock);
-
-	DEBUGP("ip_nat_talk_expected: dir %s at hook %s, ct %p, master %p\n",
-	       CTINFO2DIR((*pskb)->nfct - ct->infos) == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY",
-	       hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
-	       : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
-	       : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???",
-	       ct, master);
-
-	if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum == IPPROTO_UDP) {
-		/* Callee client -> caller server */
-#ifdef IP_NAT_TALK_DEBUG
-		struct iphdr *iph = (*pskb)->nh.iph;
-		struct udphdr *udph = (void *)iph + iph->ihl * 4;
-
-		DEBUGP("ip_nat_talk_expected: UDP %u.%u.%u.%u:%u->%u.%u.%u.%u:%u\n",
-		       NIPQUAD(iph->saddr), ntohs(udph->source),
-		       NIPQUAD(iph->daddr), ntohs(udph->dest));
-#endif
-		newdstip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
-		newsrcip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
-		DEBUGP("ip_nat_talk_expected: callee client -> caller server, newsrc: %u.%u.%u.%u, newdst: %u.%u.%u.%u\n",
-		       NIPQUAD(newsrcip), NIPQUAD(newdstip));
-	} else {
-		/* Callee client -> caller client */
-#ifdef IP_NAT_TALK_DEBUG
-		struct iphdr *iph = (*pskb)->nh.iph;
-		struct tcphdr *tcph = (void *)iph + iph->ihl * 4;
-
-		DEBUGP("ip_nat_talk_expected: TCP %u.%u.%u.%u:%u->%u.%u.%u.%u:%u\n",
-		       NIPQUAD(iph->saddr), ntohs(tcph->source),
-		       NIPQUAD(iph->daddr), ntohs(tcph->dest));
-#endif
-		newdstip = master->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip;
-		newsrcip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
-		DEBUGP("ip_nat_talk_expected: callee client -> caller client, newsrc: %u.%u.%u.%u, newdst: %u.%u.%u.%u\n",
-		       NIPQUAD(newsrcip), NIPQUAD(newdstip));
-	}
-	if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC)
-		newip = newsrcip;
-	else
-		newip = newdstip;
-
-	DEBUGP("ip_nat_talk_expected: IP to %u.%u.%u.%u, port %u\n", NIPQUAD(newip), ntohs(port));
-
-	/* We don't want to manip the per-protocol, just the IPs... */
-	range.flags = IP_NAT_RANGE_MAP_IPS;
-	range.min_ip = range.max_ip = newip;
-	
-	/* ... unless we're doing a MANIP_DST, in which case, make
-	   sure we map to the correct port */
-	if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_DST) {
-		range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
-		range.min = range.max
-			= ((union ip_conntrack_manip_proto)
-				{ .udp = { port } });
-	}
-	ret = ip_nat_setup_info(ct, &range, hooknum);
-
-	if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum == IPPROTO_UDP) {
-		DEBUGP("talk_expected: setting NAT helper for %p\n", ct);
-		/* NAT expectfn called with ip_nat_lock write-locked */
-		info->helper = &talk_helpers[htons(port) - TALK_PORT];
-	}
-	return ret;
-}
-#endif
-
 static int __init init(void)
 {
 	BUG_ON(ip_nat_talk_msg_hook);


