[netfilter-cvslog] r6594 -
trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter
kaber at netfilter.org
kaber at netfilter.org
Wed May 10 08:08:10 CEST 2006
Author: kaber at netfilter.org
Date: 2006-05-10 08:08:09 +0200 (Wed, 10 May 2006)
New Revision: 6594
Modified:
trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_conntrack_mms.c
trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_nat_mms.c
Log:
[NETFILTER] Follow expectation API changes
Signed-off-by: Holger Eitzenberger <heitzenberger at astaro.com>
Modified: trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_conntrack_mms.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_conntrack_mms.c 2006-05-10 06:07:36 UTC (rev 6593)
+++ trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_conntrack_mms.c 2006-05-10 06:08:09 UTC (rev 6594)
@@ -224,72 +224,71 @@
* it as a member of struct ip_ct_mms_expect and checking for it in
* ip_nat_mms...
*/
- if ((MMS_SRV_MSG_OFFSET < datalen) &&
- ((*(u32 *)(data+MMS_SRV_MSG_OFFSET)) == MMS_SRV_MSG_ID)) {
- DEBUGP("ip_conntrack_mms: offset 37: %u %u %u %u, datalen:%u\n",
- (u8)*(data+36), (u8)*(data+37),
- (u8)*(data+38), (u8)*(data+39),
- datalen);
- if (parse_mms(data, datalen, &mms_ip, &mms_proto, &mms_port,
- &mms_string_b, &mms_string_e, &mms_padding_e))
- if (net_ratelimit())
- /* FIXME: more verbose debugging ? */
- printk(KERN_WARNING
- "ip_conntrack_mms: Unable to parse "
- "data payload\n");
+ if ((MMS_SRV_MSG_OFFSET >= datalen) ||
+ ((*(u32 *)(data+MMS_SRV_MSG_OFFSET)) != MMS_SRV_MSG_ID))
+ goto out;
- sprintf(mms_proto_string, "(%u)", mms_proto);
- DEBUGP("ip_conntrack_mms: adding %s expectation "
- "%u.%u.%u.%u -> %u.%u.%u.%u:%u\n",
- mms_proto == IPPROTO_TCP ? "TCP"
- : mms_proto == IPPROTO_UDP ? "UDP":mms_proto_string,
- NIPQUAD(ct->tuplehash[!dir].tuple.src.ip),
- NIPQUAD(mms_ip),
- mms_port);
+ DEBUGP("ip_conntrack_mms: offset 37: %u %u %u %u, datalen:%u\n",
+ (u8)*(data+36), (u8)*(data+37), (u8)*(data+38), (u8)*(data+39),
+ datalen);
+ if (parse_mms(data, datalen, &mms_ip, &mms_proto, &mms_port,
+ &mms_string_b, &mms_string_e, &mms_padding_e))
+ if (net_ratelimit())
+ /* FIXME: more verbose debugging ? */
+ printk(KERN_WARNING
+ "ip_conntrack_mms: Unable to parse "
+ "data payload\n");
- /* it's possible that the client will just ask the server to
- * tunnel the stream over the same TCP session (from port
- * 1755): there's shouldn't be a need to add an expectation in
- * that case, but it makes NAT packet mangling so much easier
- * */
+ sprintf(mms_proto_string, "(%u)", mms_proto);
+ DEBUGP("ip_conntrack_mms: adding %s expectation "
+ "%u.%u.%u.%u -> %u.%u.%u.%u:%u\n",
+ mms_proto == IPPROTO_TCP ? "TCP"
+ : mms_proto == IPPROTO_UDP ? "UDP":mms_proto_string,
+ NIPQUAD(ct->tuplehash[!dir].tuple.src.ip),
+ NIPQUAD(mms_ip),
+ mms_port);
- DEBUGP("ip_conntrack_mms: tcph->seq = %u\n", tcph->seq);
+ /* it's possible that the client will just ask the server to
+ * tunnel the stream over the same TCP session (from port
+ * 1755): there's shouldn't be a need to add an expectation in
+ * that case, but it makes NAT packet mangling so much easier
+ * */
- exp = ip_conntrack_expect_alloc();
- if (!exp) {
- ret = NF_DROP;
- goto out;
- }
+ DEBUGP("ip_conntrack_mms: tcph->seq = %u\n", tcph->seq);
- exp_mms_info->offset = (mms_string_b - data);
- exp_mms_info->len = (mms_string_e - mms_string_b);
- exp_mms_info->padding = (mms_padding_e - mms_string_e);
- exp_mms_info->port = mms_port;
+ if ((exp = ip_conntrack_expect_alloc(ct)) == NULL) {
+ ret = NF_DROP;
+ goto out;
+ }
- DEBUGP("ip_conntrack_mms: wrote info seq=%u (ofs=%u), "
- "len=%d, padding=%u\n", exp->seq, (mms_string_e - data),
- exp_mms_info->len, exp_mms_info->padding);
+ exp_mms_info->offset = (mms_string_b - data);
+ exp_mms_info->len = (mms_string_e - mms_string_b);
+ exp_mms_info->padding = (mms_padding_e - mms_string_e);
+ exp_mms_info->port = mms_port;
- exp->tuple = ((struct ip_conntrack_tuple)
- { { ct->tuplehash[!dir].tuple.src.ip, { 0 } },
- { mms_ip,
- { .tcp = { (__u16) ntohs(mms_port) } },
- mms_proto } }
- );
- exp->mask = ((struct ip_conntrack_tuple)
- { { 0xFFFFFFFF, { 0 } },
- { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }});
- exp->expectfn = NULL;
- exp->master = ct;
+ DEBUGP("ip_conntrack_mms: wrote info seq=%u (ofs=%u), "
+ "len=%d, padding=%u\n", exp->seq, (mms_string_e - data),
+ exp_mms_info->len, exp_mms_info->padding);
- if (ip_nat_mms_hook)
- ret = ip_nat_mms_hook(pskb, ctinfo, exp_mms_info, exp);
- else if (ip_conntrack_expect_related(exp) != 0) {
- ip_conntrack_expect_free(exp);
- ret = NF_DROP;
- }
- goto out;
- }
+ exp->tuple = ((struct ip_conntrack_tuple)
+ { { ct->tuplehash[!dir].tuple.src.ip, { 0 } },
+ { mms_ip,
+ { .tcp = { (__u16) ntohs(mms_port) } },
+ mms_proto } }
+ );
+ exp->mask = ((struct ip_conntrack_tuple)
+ { { 0xFFFFFFFF, { 0 } },
+ { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }});
+ exp->expectfn = NULL;
+ exp->master = ct;
+
+ if (ip_nat_mms_hook)
+ ret = ip_nat_mms_hook(pskb, ctinfo, exp_mms_info, exp);
+ else if (ip_conntrack_expect_related(exp) != 0)
+ ret = NF_DROP;
+
+ ip_conntrack_expect_put(exp);
+
out:
spin_unlock_bh(&mms_buffer_lock);
return ret;
Modified: trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_nat_mms.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_nat_mms.c 2006-05-10 06:07:36 UTC (rev 6593)
+++ trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_nat_mms.c 2006-05-10 06:08:09 UTC (rev 6594)
@@ -114,10 +114,8 @@
}
}
- if (port == 0) {
- ip_conntrack_expect_free(expect);
+ if (port == 0)
return NF_DROP;
- }
sprintf(buffer, "\\\\%u.%u.%u.%u\\%s\\%u",
NIPQUAD(newip),
More information about the netfilter-cvslog
mailing list