[netfilter-cvslog] r3752 - in trunk/patch-o-matic-ng/rsh: . linux-2.6.11 linux-2.6.11/net/ipv4/netfilter

laforge at netfilter.org laforge at netfilter.org
Wed Mar 2 12:58:49 CET 2005 

Author: laforge at netfilter.org
Date: 2005-03-02 12:58:49 +0100 (Wed, 02 Mar 2005)
New Revision: 3752

Added:
   trunk/patch-o-matic-ng/rsh/linux-2.6.11/
Removed:
   trunk/patch-o-matic-ng/rsh/linux-2.6.11/Documentation/
   trunk/patch-o-matic-ng/rsh/linux-2.6.11/net/ipv4/netfilter/Config.in.ladd
Modified:
   trunk/patch-o-matic-ng/rsh/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_rsh.c
Log:
add incomplete 2.6.11 branch


Copied: trunk/patch-o-matic-ng/rsh/linux-2.6.11 (from rev 3749, trunk/patch-o-matic-ng/rsh/linux)

Deleted: trunk/patch-o-matic-ng/rsh/linux-2.6.11/net/ipv4/netfilter/Config.in.ladd
===================================================================
--- trunk/patch-o-matic-ng/rsh/linux/net/ipv4/netfilter/Config.in.ladd	2005-03-01 20:30:53 UTC (rev 3749)
+++ trunk/patch-o-matic-ng/rsh/linux-2.6.11/net/ipv4/netfilter/Config.in.ladd	2005-03-02 11:58:49 UTC (rev 3752)
@@ -1,2 +0,0 @@
-  dep_tristate '  FTP protocol support' CONFIG_IP_NF_FTP $CONFIG_IP_NF_CONNTRACK
-  dep_tristate '  RSH protocol support' CONFIG_IP_NF_RSH $CONFIG_IP_NF_CONNTRACK

Modified: trunk/patch-o-matic-ng/rsh/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_rsh.c
===================================================================
--- trunk/patch-o-matic-ng/rsh/linux/net/ipv4/netfilter/ip_conntrack_rsh.c	2005-03-01 20:30:53 UTC (rev 3749)
+++ trunk/patch-o-matic-ng/rsh/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_rsh.c	2005-03-02 11:58:49 UTC (rev 3752)
@@ -116,13 +116,18 @@
 MODULE_DESCRIPTION("RSH connection tracking module");
 MODULE_LICENSE("GPL");
 #ifdef MODULE_PARM
-MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i");
+module_param_array(ports, int, &ports_c, 0400);
 MODULE_PARM_DESC(ports, "port numbers of RSH servers");
 #endif
 
-DECLARE_LOCK(ip_rsh_lock);
-struct module *ip_conntrack_rsh = THIS_MODULE;
+static DECLARE_LOCK(ip_rsh_lock);
+static char rsh_buffer char[65535];
 
+unsigned int (*ip_nat_rsh_hook)(struct sk_buff **pskb,
+				enum ip_conntrack_info ctinfo,
+				unsigned int matchoff,
+				struct ip_conntrack_expect *exp);
+
 #if 0
 #define DEBUGP(format, args...) printk(KERN_DEBUG "ip_conntrack_rsh: " \
 					format, ## args)
@@ -131,17 +136,20 @@
 #endif
 
 
-
 /* FIXME: This should be in userspace.  Later. */
-static int help(const struct iphdr *iph, size_t len,
+static int help(struct sk_buff **pskb,
 		struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
 {
+	struct tcphdr _tcph, *th;
+	char *data, *rb_ptr;
+	int ret = NF_ACCEPT;
+
 	/* tcplen not negative guarenteed by ip_conntrack_tcp.c */
-	struct tcphdr *tcph = (void *) iph + iph->ihl * 4;
-	const char *data = (const char *) tcph + tcph->doff * 4;
+	//struct tcphdr *tcph = (void *) iph + iph->ihl * 4;
+	//const char *data = (const char *) tcph + tcph->doff * 4;
 	u_int32_t tcplen = len - iph->ihl * 4;
 	int dir = CTINFO2DIR(ctinfo);
-        struct ip_conntrack_expect expect, *exp = &expect;
+        struct ip_conntrack_expect *exp;
         struct ip_ct_rsh_expect *exp_rsh_info = &exp->help.exp_rsh_info;
 	u_int16_t port;
 	int maxoctet;
@@ -151,7 +159,6 @@
 	 *  vulnerability in rshd.c in the looped port *= 10?
  	 */
 
-
 	DEBUGP("entered\n");
 
 	/* bail if packet is not from RSH client */
@@ -166,11 +173,12 @@
 	}
 
 	/* Not whole TCP header? */
-	if (tcplen < sizeof(struct tcphdr) || tcplen < tcph->doff * 4) {
-		DEBUGP("tcplen = %u\n", (unsigned) tcplen);
+	th = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4,
+				sizeof(_tcph), &_tcph);
+	if (!th)
 		return NF_ACCEPT;
-	}
 
+#if 0
 	/* Checksum invalid?  Ignore. */
 	/* FIXME: Source route IP option packets --RR */
 	if (tcp_v4_check(tcph, tcplen, iph->saddr, iph->daddr,
@@ -180,13 +188,28 @@
 		     NIPQUAD(iph->daddr));
 		return NF_ACCEPT;
 	}
+#endif
 
+	/* No data? */
+	dataoff = (*pskb)->nh.iph->ihl*4 + th->doff*4;
+	if (dataoff >= (*pskb)->len)
+		return NF_ACCEPT:
+
+	LOCK_BH(&rsh_buffer_lock);
+	rb_ptr = skb_header_pointer(*pskb, dataoff,
+				    (*pskb)->len - dataoff, rsh_buffer);
+	BUG_ON(rb_ptr == NULL);
+
+	data = rb_ptr;
+
 	/* find the rsh stderr port */
 	maxoctet = 4;
 	port = 0;
 	for ( ; *data != 0 && maxoctet != 0; data++, maxoctet--) {
-		if (*data < 0)
-			return(1);
+		if (*data < 0) {
+			ret = NF_DROP;
+			goto out;
+		}
 		if (*data == 0)
 			break;
 		if (*data < 48 || *data > 57) {
@@ -203,27 +226,21 @@
 		return NF_ACCEPT;
 	}
 
+	exp = ip_conntrack_expect_alloc();
+	if (!exp) {
+		ret = NF_DROP;
+		goto out;
+	}
 
-	LOCK_BH(&ip_rsh_lock);
-
 	/*  new(,related) connection is;
 	 *          reply + dst (uint)port + src port (0:1023)
 	 */
-	memset(&expect, 0, sizeof(expect));
 
-	/*  save some discovered data, in case someone ever wants to write
-	 *  a NAT module for this bastard ..
-	 */
-	exp_rsh_info->port = port;
-
-	DEBUGP("wrote info port=%u\n", exp_rsh_info->port);
-
-
 	/* Watch out, Radioactive-Man! */
 	exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
 	exp->tuple.dst.ip = ct->tuplehash[!dir].tuple.dst.ip;
 	exp->tuple.src.u.tcp.port = 0;
-	exp->tuple.dst.u.tcp.port = htons(exp_rsh_info->port);
+	exp->tuple.dst.u.tcp.port = htons(port);
 	exp->tuple.dst.protonum = IPPROTO_TCP;
 
 	exp->mask.src.ip = 0xffffffff;
@@ -231,11 +248,16 @@
 
 	exp->mask.src.u.tcp.port = htons(0xfc00);
 	exp->mask.dst.u.tcp.port = htons(0xfc00);
-	exp->mask.dst.protonum = 0xffff;
+	exp->mask.dst.protonum = 0xff;
 
 	exp->expectfn = NULL;
 
-	ip_conntrack_expect_related(ct, &expect);
+	if (ip_nat_rsh_hook)
+		ret = ip_nat_rsh_hook(pskb, ctinfo, rb_ptr - data, exp);
+	else if (ip_conntrack_expect_related(exp) != 0) {
+		ip_conntrack_expect_free(exp);
+		ret = NF_DROP;
+	}
 
 	DEBUGP("expect related ip   %u.%u.%u.%u:%u-%u.%u.%u.%u:%u\n",
 		NIPQUAD(exp->tuple.src.ip),
@@ -248,9 +270,11 @@
 		ntohs(exp->mask.src.u.tcp.port),
 		NIPQUAD(exp->mask.dst.ip),
 		ntohs(exp->mask.dst.u.tcp.port));
+
+out:
 	UNLOCK_BH(&ip_rsh_lock);
 
-	return NF_ACCEPT;
+	return ret;
 }
 
 static struct ip_conntrack_helper rsh_helpers[MAX_PORTS];
@@ -283,7 +307,7 @@
 		rsh_helpers[port].timeout = 0;
 
 		rsh_helpers[port].tuple.dst.protonum = IPPROTO_TCP;
-		rsh_helpers[port].mask.dst.protonum = 0xffff;
+		rsh_helpers[port].mask.dst.protonum = 0xff;
 
 		/* RSH must come from ports 0:1023 to ports[port] (514) */
 		rsh_helpers[port].tuple.src.u.tcp.port = htons(ports[port]);

More information about the netfilter-cvslog mailing list