[netfilter-cvslog] r3754 - in
trunk/patch-o-matic-ng/quake3-conntrack-nat: . linux-2.6.11
linux-2.6.11/net/ipv4/netfilter
laforge at netfilter.org
laforge at netfilter.org
Wed Mar 2 13:01:33 CET 2005
Author: laforge at netfilter.org
Date: 2005-03-02 13:01:32 +0100 (Wed, 02 Mar 2005)
New Revision: 3754
Added:
trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/
Removed:
trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/Documentation/
trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/Config.in.ladd
trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/Config.in.ladd_2
Modified:
trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_quake3.c
trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_quake3.c
Log:
add incomplete 2.6.11 branch
Copied: trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11 (from rev 3749, trunk/patch-o-matic-ng/quake3-conntrack-nat/linux)
Deleted: trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/Config.in.ladd
===================================================================
--- trunk/patch-o-matic-ng/quake3-conntrack-nat/linux/net/ipv4/netfilter/Config.in.ladd 2005-03-01 20:30:53 UTC (rev 3749)
+++ trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/Config.in.ladd 2005-03-02 12:01:32 UTC (rev 3754)
@@ -1,2 +0,0 @@
- dep_tristate ' IRC protocol support' CONFIG_IP_NF_IRC $CONFIG_IP_NF_CONNTRACK
- dep_tristate ' Quake III protocol support' CONFIG_IP_NF_QUAKE3 $CONFIG_IP_NF_CONNTRACK
Deleted: trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/Config.in.ladd_2
===================================================================
--- trunk/patch-o-matic-ng/quake3-conntrack-nat/linux/net/ipv4/netfilter/Config.in.ladd_2 2005-03-01 20:30:53 UTC (rev 3749)
+++ trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/Config.in.ladd_2 2005-03-02 12:01:32 UTC (rev 3754)
@@ -1,8 +0,0 @@
- define_tristate CONFIG_IP_NF_NAT_IRC $CONFIG_IP_NF_NAT
- fi
- fi
- if [ "$CONFIG_IP_NF_QUAKE3" = "m" ]; then
- define_tristate CONFIG_IP_NF_NAT_QUAKE3 m
- else
- if [ "$CONFIG_IP_NF_QUAKE3" = "y" ]; then
- define_tristate CONFIG_IP_NF_NAT_QUAKE3 $CONFIG_IP_NF_NAT
Modified: trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_quake3.c
===================================================================
--- trunk/patch-o-matic-ng/quake3-conntrack-nat/linux/net/ipv4/netfilter/ip_conntrack_quake3.c 2005-03-01 20:30:53 UTC (rev 3749)
+++ trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_conntrack_quake3.c 2005-03-02 12:01:32 UTC (rev 3754)
@@ -28,8 +28,6 @@
#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
#include <linux/netfilter_ipv4/ip_conntrack_quake3.h>
-struct module *ip_conntrack_quake3 = THIS_MODULE;
-
MODULE_AUTHOR("Filip Sneppe <filip.sneppe at cronos.be>");
MODULE_DESCRIPTION("Netfilter connection tracking module for Quake III Arena");
MODULE_LICENSE("GPL");
@@ -37,10 +35,8 @@
#define MAX_PORTS 8
static int ports[MAX_PORTS];
static int ports_c = 0;
-#ifdef MODULE_PARM
-MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i");
+module_param_array(ports, int, &ports_c, 0400);
MODULE_PARM_DESC(ports, "port numbers of Quake III master servers");
-#endif
/* Quake3 master server reply will add > 100 expectations per reply packet; when
doing lots of printk's, klogd may not be able to read /proc/kmsg fast enough */
@@ -52,50 +48,92 @@
struct quake3_search quake3s_conntrack = { "****", "getserversResponse", sizeof("getserversResponse") - 1 };
-static int quake3_help(const struct iphdr *iph, size_t len,
+static int quake3_help(struct sk_buff **pskb,
struct ip_conntrack *ct,
enum ip_conntrack_info ctinfo)
{
- struct udphdr *udph = (void *)iph + iph->ihl * 4;
+ struct udphdr _udph, *uh;
int dir = CTINFO2DIR(ctinfo);
- struct ip_conntrack_expect exp;
+ struct ip_conntrack_expect *exp;
int i;
+ int ret = NF_ACCEPT;
- /* Until there's been traffic both ways, don't look in packets. note: it's UDP ! */
+ /* Until there's been traffic both ways, don't look in packets. note:
+ * it's UDP ! */
if (ctinfo != IP_CT_ESTABLISHED
&& ctinfo != IP_CT_IS_REPLY) {
- DEBUGP("ip_conntrack_quake3: not ok ! Conntrackinfo = %u\n", ctinfo);
+ DEBUGP("ip_conntrack_quake3: not ok ! Conntrackinfo = %u\n",
+ ctinfo);
return NF_ACCEPT;
- } else { DEBUGP("ip_conntrack_quake3: it's ok ! Conntrackinfo = %u\n", ctinfo); }
+ } else {
+ DEBUGP("ip_conntrack_quake3: it's ok ! Conntrackinfo = %u\n",
+ ctinfo);
+ }
+
+ /* Valid UDP header? */
+ uh = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4,
+ sizeof(_udph), &_udph);
+ if (!uh)
+ return NF_ACCEPT;
+
+ /* Any data? */
+ dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
+ if (dataoff >= (*pskb)->len)
+ return NF_ACCEPT;
+
+ LOCK_BH(&quake3_buffer_lock);
+ qb_ptr = skb_header_pointer(*pskb, dataoff,
+ (*pskb)->len - dataoff, quake3_buffer);
+ BUG_ON(dp_ptr == NULL);
+ data = qb_ptr;
+
- if (strnicmp((const char *)udph + 12, quake3s_conntrack.pattern, quake3s_conntrack.plen) == 0) {
- for(i=31; /* 8 bytes UDP hdr, 4 bytes filler, 18 bytes "getserversResponse", 1 byte "\" */
- i+6 < ntohs(udph->len);
+ if (strnicmp(data + 4, quake3s_conntrack.pattern,
+ quake3s_conntrack.plen) == 0) {
+ for(i=23; /* 4 bytes filler, 18 bytes "getserversResponse",
+ 1 byte "\" */
+ i+6 < ntohs(uh->len);
i+=7) {
- DEBUGP("ip_conntrack_quake3: adding server at offset %u/%u %u.%u.%u.%u:%u\n",
- i, ntohs(udph->len),
+#if 0
+ DEBUGP("ip_conntrack_quake3: adding server at offset "
+ "%u/%u %u.%u.%u.%u:%u\n", i, ntohs(uh->len),
NIPQUAD( (u_int32_t) *( (u_int32_t *)( (int)udph + i ) ) ),
ntohs((__u16) *( (__u16 *)( (int)udph + i + 4 ) ) ) );
+#endif
- memset(&exp, 0, sizeof(exp));
+ exp = ip_conntrack_expect_alloc();
+ if (!exp) {
+ ret = NF_DROP;
+ goto out;
+ }
- exp.tuple = ((struct ip_conntrack_tuple)
- { { ct->tuplehash[!dir].tuple.src.ip, { 0 } },
- { (u_int32_t) *((u_int32_t *)((int)udph + i)),
- { .udp = { (__u16) *((__u16 *)((int)udph+i+4)) } },
- IPPROTO_UDP } }
- );
- exp.mask = ((struct ip_conntrack_tuple)
- { { 0xFFFFFFFF, { 0 } },
- { 0xFFFFFFFF, { .udp = { 0xFFFF } }, 0xFFFF }});
- exp.expectfn = NULL;
+ memset(exp, 0, sizeof(*exp));
- ip_conntrack_expect_related(ct, &exp);
+ exp->tuple.src.ip = ct->tuplehash[!dir].tuple.src.ip;
+ exp->tuple.dst.ip =
+ (u_int32_t) *((u_int32_t *)((int)data+i));
+ exp->tuple.dst.u.udp.port =
+ (__u16) *((__u16 *)((int)data+i+4));
+ exp->tuple.dst.protonum = IPPROTO_UDP;
+
+ exp->mask.src.ip = 0xffffffff;
+ exp->mask.dst.ip = 0xffffffff;
+ exp->mask.dst.u.port = 0xffff;
+ exp->mask.dst.protonum = 0xff;
+
+ if (ip_nat_quake3_hook)
+ ret = ip_nat_quake3_hook(pskb, ctinfo,
+ ..., exp);
+ else if (ip_conntrack_expect_related(exp) != 0) {
+ ip_conntrack_expect_free(exp);
+ ret = NF_DROP;
+ }
+ goto out;
}
-
}
- return(NF_ACCEPT);
+out:
+ return ret;
}
static struct ip_conntrack_helper quake3[MAX_PORTS];
Modified: trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_quake3.c
===================================================================
--- trunk/patch-o-matic-ng/quake3-conntrack-nat/linux/net/ipv4/netfilter/ip_nat_quake3.c 2005-03-01 20:30:53 UTC (rev 3749)
+++ trunk/patch-o-matic-ng/quake3-conntrack-nat/linux-2.6.11/net/ipv4/netfilter/ip_nat_quake3.c 2005-03-02 12:01:32 UTC (rev 3754)
@@ -53,15 +53,6 @@
MODULE_DESCRIPTION("Netfilter NAT helper for Quake III Arena");
MODULE_LICENSE("GPL");
-#define MAX_PORTS 8
-
-static int ports[MAX_PORTS];
-static int ports_c = 0;
-#ifdef MODULE_PARM
-MODULE_PARM(ports,"1-" __MODULE_STRING(MAX_PORTS) "i");
-MODULE_PARM_DESC(ports, "port numbers of Quake III master servers");
-#endif
-
/* Quake3 master server reply will add > 100 expectations per reply packet; when
doing lots of printk's, klogd may not be able to read /proc/kmsg fast enough */
#if 0
@@ -73,12 +64,13 @@
static struct quake3_search quake3s_nat = { "****", "getserversResponse", sizeof("getserversResponse") - 1 };
static unsigned int
-quake3_nat_help(struct ip_conntrack *ct,
- struct ip_conntrack_expect *exp,
- struct ip_nat_info *info,
+quake3_nat_help(struct sk_buff **pskb,
enum ip_conntrack_info ctinfo,
- unsigned int hooknum,
- struct sk_buff **pskb)
+
+ struct ip_conntrack_expect *exp,
+ //struct ip_nat_info *info,
+ //unsigned int hooknum,
+ )
{
struct iphdr *iph = (*pskb)->nh.iph;
struct udphdr *udph = (void *)iph + iph->ihl * 4;
@@ -190,60 +182,18 @@
return ip_nat_setup_info(ct,&mr,hooknum);
}
-static struct ip_nat_helper quake3[MAX_PORTS];
-static char quake3_names[MAX_PORTS][13]; /* quake3-65535 */
-
static void fini(void)
{
- int i;
-
- for (i = 0 ; i < ports_c; i++) {
- DEBUGP("ip_nat_quake3: unregistering helper for port %d\n", ports[i]);
- ip_nat_helper_unregister(&quake3[i]);
- }
+ ip_nat_quake3_hook = NULL;
+ synchronize_net();
}
static int __init init(void)
- {
- int i, ret = 0;
- char *tmpname;
-
- if (!ports[0])
- ports[0] = QUAKE3_MASTER_PORT;
-
- for (i = 0 ; (i < MAX_PORTS) && ports[i] ; i++) {
- memset(&quake3[i], 0, sizeof(struct ip_nat_helper));
-
- quake3[i].tuple.dst.protonum = IPPROTO_UDP;
- quake3[i].tuple.src.u.udp.port = htons(ports[i]);
- quake3[i].mask.dst.protonum = 0xFFFF;
- quake3[i].mask.src.u.udp.port = 0xFFFF;
- quake3[i].help = quake3_nat_help;
- quake3[i].flags = 0;
- quake3[i].me = THIS_MODULE;
- quake3[i].expect = quake3_nat_expected;
-
- tmpname = &quake3_names[i][0];
- if (ports[i] == QUAKE3_MASTER_PORT)
- sprintf(tmpname, "quake3");
- else
- sprintf(tmpname, "quake3-%d", i);
- quake3[i].name = tmpname;
-
- DEBUGP("ip_nat_quake3: registering helper for port %d: name %s\n",
- ports[i], quake3[i].name);
- ret = ip_nat_helper_register(&quake3[i]);
-
- if (ret) {
- printk("ip_nat_quake3: unable to register helper for port %d\n",
- ports[i]);
- fini();
- return ret;
- }
- ports_c++;
- }
- return ret;
- }
+{
+ BUG_ON(ip_nat_quake3_hook);
+ ip_nat_quake3_hook = help;
+ return 0;
+}
module_init(init);
module_exit(fini);
More information about the netfilter-cvslog
mailing list