[netfilter-cvslog] r4273 - in trunk/patch-o-matic-ng/patchlets/rsh/linux: Documentation net/ipv4/netfilter

laforge at netfilter.org laforge at netfilter.org
Thu Sep 22 12:18:13 CEST 2005


Author: laforge at netfilter.org
Date: 2005-09-22 12:18:12 +0200 (Thu, 22 Sep 2005)
New Revision: 4273

Modified:
   trunk/patch-o-matic-ng/patchlets/rsh/linux/Documentation/Configure.help.ladd
   trunk/patch-o-matic-ng/patchlets/rsh/linux/net/ipv4/netfilter/ip_conntrack_rsh.c
Log:
add legato networker support (David Stes)


Modified: trunk/patch-o-matic-ng/patchlets/rsh/linux/Documentation/Configure.help.ladd
===================================================================
--- trunk/patch-o-matic-ng/patchlets/rsh/linux/Documentation/Configure.help.ladd	2005-09-22 10:13:54 UTC (rev 4272)
+++ trunk/patch-o-matic-ng/patchlets/rsh/linux/Documentation/Configure.help.ladd	2005-09-22 10:18:12 UTC (rev 4273)
@@ -16,6 +16,8 @@
            practice" to use RSH, use SSH in all instances.
            (see rfc1244, rfc1948, rfc2179, etc ad-nauseum)
 
+  The RSH connection module supports Legato NetWorker's nsrexec.
+  For support of Legato NetWorker, you will need the RPC and the RSH modules.
 
   If you want to compile it as a module, say M here and read
   <file:Documentation/modules.txt>.  If unsure, say `N'.

Modified: trunk/patch-o-matic-ng/patchlets/rsh/linux/net/ipv4/netfilter/ip_conntrack_rsh.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/rsh/linux/net/ipv4/netfilter/ip_conntrack_rsh.c	2005-09-22 10:13:54 UTC (rev 4272)
+++ trunk/patch-o-matic-ng/patchlets/rsh/linux/net/ipv4/netfilter/ip_conntrack_rsh.c	2005-09-22 10:18:12 UTC (rev 4273)
@@ -2,6 +2,9 @@
  * (C) 2002 by Ian (Larry) Latter <Ian.Latter at mq.edu.au>
  * based on HW's ip_conntrack_irc.c	
  *
+ * (C) 2004,2005 by David Stes <stes at pandora.be>
+ * Modification for Legato NetWorker range [7937-9936] instead of [0:1023]
+ *
  * ip_conntrack_rsh.c,v 1.0 2002/07/17 14:49:26
  *
  *      This program is free software; you can redistribute it and/or
@@ -10,10 +13,11 @@
  *      2 of the License, or (at your option) any later version.
  **
  *	Module load syntax:
- * 	insmod ip_conntrack_rsh.o ports=port1,port2,...port<MAX_PORTS>
+ * 	insmod ip_conntrack_rsh.o range=1023,ports=port1,port2,...port<MAX_PORTS>
  *	
  * 	please give the ports of all RSH servers You wish to connect to.
  *	If You don't specify ports, the default will be port 514
+ *      If you don't specify any range, the default will be 1023
  **
  *      Note to all:
  *        RSH blows ... you should use SSH (openssh.org) to replace it,
@@ -109,6 +113,8 @@
 #include <linux/netfilter_ipv4/ip_conntrack_rsh.h>
 
 #define MAX_PORTS 8
+static int range; /* defaults to = 1023 */
+static unsigned short rangemask; /* defaults to = 0xfc00 */
 static int ports[MAX_PORTS];
 static int ports_n_c = 0;
 
@@ -116,6 +122,8 @@
 MODULE_DESCRIPTION("RSH connection tracking module");
 MODULE_LICENSE("GPL");
 #ifdef MODULE_PARM
+MODULE_PARM(range, "i");
+MODULE_PARM_DESC(range, "max port of reserved range (default is 1023)");
 MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i");
 MODULE_PARM_DESC(ports, "port numbers of RSH servers");
 #endif
@@ -198,8 +206,8 @@
 
 	/* dont relate sessions that try to expose the client */
 	DEBUGP("found port %u\n", port);
-	if (port > 1023) {
-		DEBUGP("skipping, expected port size is greater than 1023!\n");
+	if (port > range) {
+		DEBUGP("skipping, expected port size is greater than range!\n");
 		return NF_ACCEPT;
 	}
 
@@ -229,7 +237,7 @@
 	exp->mask.src.ip = 0xffffffff;
 	exp->mask.dst.ip = 0xffffffff;
 
-	exp->mask.src.u.tcp.port = htons(0xfc00);
+	exp->mask.src.u.tcp.port = htons(rangemask);
 	exp->mask.dst.u.tcp.port = htons(0xffff);
 	exp->mask.dst.protonum = 0xffff;
 
@@ -267,6 +275,16 @@
 	if (ports[0] == 0)
 		ports[0] = RSH_PORT;
 
+	/* the check on reserved port <1023 doesn't work with Legato */
+	/* for Legato NetWorker, the check should be that port <= 9936 */ 
+
+	if (range == 0) 
+		range = 1023;
+
+	/* Legato uses range [ 7937 : 9936 ] -> 7937 by default */
+
+	rangemask = 0xffff ^ range; /* defaults to = 0xfc00 */
+
 	for (port = 0; (port < MAX_PORTS) && ports[port]; port++) {
 		memset(&rsh_helpers[port], 0, sizeof(struct ip_conntrack_helper));
 
@@ -287,8 +305,8 @@
 
 		/* RSH must come from ports 0:1023 to ports[port] (514) */
 		rsh_helpers[port].tuple.src.u.tcp.port = htons(ports[port]);
-		rsh_helpers[port].mask.src.u.tcp.port = htons(0xfc00);
-		rsh_helpers[port].mask.dst.u.tcp.port = htons(0xfc00);
+		rsh_helpers[port].mask.src.u.tcp.port = htons(rangemask);
+		rsh_helpers[port].mask.dst.u.tcp.port = htons(rangemask);
 
 		rsh_helpers[port].help = help;
 




More information about the netfilter-cvslog mailing list