[netfilter-cvslog] r3752 - in trunk/patch-o-matic-ng/rsh: .
linux-2.6.11 linux-2.6.11/net/ipv4/netfilter
laforge at netfilter.org
laforge at netfilter.org
Wed Mar 2 12:58:49 CET 2005
Author: laforge at netfilter.org
Date: 2005-03-02 12:58:49 +0100 (Wed, 02 Mar 2005)
New Revision: 3752
Added:
trunk/patch-o-matic-ng/rsh/linux-2.6.11/
Removed:
trunk/patch-o-matic-ng/rsh/linux-2.6.11/Documentation/
trunk/patch-o-matic-ng/rsh/linux-2.6.11/net/ipv4/netfilter/Config.in.ladd
Modified:
trunk/patch-o-matic-ng/rsh/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_rsh.c
Log:
add incomplete 2.6.11 branch
Copied: trunk/patch-o-matic-ng/rsh/linux-2.6.11 (from rev 3749, trunk/patch-o-matic-ng/rsh/linux)
Deleted: trunk/patch-o-matic-ng/rsh/linux-2.6.11/net/ipv4/netfilter/Config.in.ladd
===================================================================
--- trunk/patch-o-matic-ng/rsh/linux/net/ipv4/netfilter/Config.in.ladd 2005-03-01 20:30:53 UTC (rev 3749)
+++ trunk/patch-o-matic-ng/rsh/linux-2.6.11/net/ipv4/netfilter/Config.in.ladd 2005-03-02 11:58:49 UTC (rev 3752)
@@ -1,2 +0,0 @@
- dep_tristate ' FTP protocol support' CONFIG_IP_NF_FTP $CONFIG_IP_NF_CONNTRACK
- dep_tristate ' RSH protocol support' CONFIG_IP_NF_RSH $CONFIG_IP_NF_CONNTRACK
Modified: trunk/patch-o-matic-ng/rsh/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_rsh.c
===================================================================
--- trunk/patch-o-matic-ng/rsh/linux/net/ipv4/netfilter/ip_conntrack_rsh.c 2005-03-01 20:30:53 UTC (rev 3749)
+++ trunk/patch-o-matic-ng/rsh/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_rsh.c 2005-03-02 11:58:49 UTC (rev 3752)
@@ -116,13 +116,18 @@
MODULE_DESCRIPTION("RSH connection tracking module");
MODULE_LICENSE("GPL");
#ifdef MODULE_PARM
-MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i");
+module_param_array(ports, int, &ports_c, 0400);
MODULE_PARM_DESC(ports, "port numbers of RSH servers");
#endif
-DECLARE_LOCK(ip_rsh_lock);
-struct module *ip_conntrack_rsh = THIS_MODULE;
+static DECLARE_LOCK(ip_rsh_lock);
+static char rsh_buffer char[65535];
+unsigned int (*ip_nat_rsh_hook)(struct sk_buff **pskb,
+ enum ip_conntrack_info ctinfo,
+ unsigned int matchoff,
+ struct ip_conntrack_expect *exp);
+
#if 0
#define DEBUGP(format, args...) printk(KERN_DEBUG "ip_conntrack_rsh: " \
format, ## args)
@@ -131,17 +136,20 @@
#endif
-
/* FIXME: This should be in userspace. Later. */
-static int help(const struct iphdr *iph, size_t len,
+static int help(struct sk_buff **pskb,
struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
{
+ struct tcphdr _tcph, *th;
+ char *data, *rb_ptr;
+ int ret = NF_ACCEPT;
+
/* tcplen not negative guarenteed by ip_conntrack_tcp.c */
- struct tcphdr *tcph = (void *) iph + iph->ihl * 4;
- const char *data = (const char *) tcph + tcph->doff * 4;
+ //struct tcphdr *tcph = (void *) iph + iph->ihl * 4;
+ //const char *data = (const char *) tcph + tcph->doff * 4;
u_int32_t tcplen = len - iph->ihl * 4;
int dir = CTINFO2DIR(ctinfo);
- struct ip_conntrack_expect expect, *exp = &expect;
+ struct ip_conntrack_expect *exp;
struct ip_ct_rsh_expect *exp_rsh_info = &exp->help.exp_rsh_info;
u_int16_t port;
int maxoctet;
@@ -151,7 +159,6 @@
* vulnerability in rshd.c in the looped port *= 10?
*/
-
DEBUGP("entered\n");
/* bail if packet is not from RSH client */
@@ -166,11 +173,12 @@
}
/* Not whole TCP header? */
- if (tcplen < sizeof(struct tcphdr) || tcplen < tcph->doff * 4) {
- DEBUGP("tcplen = %u\n", (unsigned) tcplen);
+ th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4,
+ sizeof(_tcph), &_tcph);
+ if (!th)
return NF_ACCEPT;
- }
+#if 0
/* Checksum invalid? Ignore. */
/* FIXME: Source route IP option packets --RR */
if (tcp_v4_check(tcph, tcplen, iph->saddr, iph->daddr,
@@ -180,13 +188,28 @@
NIPQUAD(iph->daddr));
return NF_ACCEPT;
}
+#endif
+ /* No data? */
+ dataoff = (*pskb)->nh.iph->ihl*4 + th->doff*4;
+ if (dataoff >= (*pskb)->len)
+ return NF_ACCEPT:
+
+ LOCK_BH(&rsh_buffer_lock);
+ rb_ptr = skb_header_pointer(*pskb, dataoff,
+ (*pskb)->len - dataoff, rsh_buffer);
+ BUG_ON(rb_ptr == NULL);
+
+ data = rb_ptr;
+
/* find the rsh stderr port */
maxoctet = 4;
port = 0;
for ( ; *data != 0 && maxoctet != 0; data++, maxoctet--) {
- if (*data < 0)
- return(1);
+ if (*data < 0) {
+ ret = NF_DROP;
+ goto out;
+ }
if (*data == 0)
break;
if (*data < 48 || *data > 57) {
@@ -203,27 +226,21 @@
return NF_ACCEPT;
}
+ exp = ip_conntrack_expect_alloc();
+ if (!exp) {
+ ret = NF_DROP;
+ goto out;
+ }
- LOCK_BH(&ip_rsh_lock);
-
/* new(,related) connection is;
* reply + dst (uint)port + src port (0:1023)
*/
- memset(&expect, 0, sizeof(expect));
- /* save some discovered data, in case someone ever wants to write
- * a NAT module for this bastard ..
- */
- exp_rsh_info->port = port;
-
- DEBUGP("wrote info port=%u\n", exp_rsh_info->port);
-
-
/* Watch out, Radioactive-Man! */
exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
exp->tuple.src.u.tcp.port = 0;
- exp->tuple.dst.u.tcp.port = htons(exp_rsh_info->port);
+ exp->tuple.dst.u.tcp.port = htons(port);
exp->tuple.dst.protonum = IPPROTO_TCP;
exp->mask.src.ip = 0xffffffff;
@@ -231,11 +248,16 @@
exp->mask.src.u.tcp.port = htons(0xfc00);
exp->mask.dst.u.tcp.port = htons(0xfc00);
- exp->mask.dst.protonum = 0xffff;
+ exp->mask.dst.protonum = 0xff;
exp->expectfn = NULL;
- ip_conntrack_expect_related(ct, &expect);
+ if (ip_nat_rsh_hook)
+ ret = ip_nat_rsh_hook(pskb, ctinfo, rb_ptr - data, exp);
+ else if (ip_conntrack_expect_related(exp) != 0) {
+ ip_conntrack_expect_free(exp);
+ ret = NF_DROP;
+ }
DEBUGP("expect related ip %u.%u.%u.%u:%u-%u.%u.%u.%u:%u\n",
NIPQUAD(exp->tuple.src.ip),
@@ -248,9 +270,11 @@
ntohs(exp->mask.src.u.tcp.port),
NIPQUAD(exp->mask.dst.ip),
ntohs(exp->mask.dst.u.tcp.port));
+
+out:
UNLOCK_BH(&ip_rsh_lock);
- return NF_ACCEPT;
+ return ret;
}
static struct ip_conntrack_helper rsh_helpers[MAX_PORTS];
@@ -283,7 +307,7 @@
rsh_helpers[port].timeout = 0;
rsh_helpers[port].tuple.dst.protonum = IPPROTO_TCP;
- rsh_helpers[port].mask.dst.protonum = 0xffff;
+ rsh_helpers[port].mask.dst.protonum = 0xff;
/* RSH must come from ports 0:1023 to ports[port] (514) */
rsh_helpers[port].tuple.src.u.tcp.port = htons(ports[port]);
More information about the netfilter-cvslog
mailing list