[netfilter-cvslog] r6594 - trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter

kaber at netfilter.org kaber at netfilter.org
Wed May 10 08:08:10 CEST 2006


Author: kaber at netfilter.org
Date: 2006-05-10 08:08:09 +0200 (Wed, 10 May 2006)
New Revision: 6594

Modified:
   trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_conntrack_mms.c
   trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_nat_mms.c
Log:
[NETFILTER] Follow expectation API changes

Signed-off-by: Holger Eitzenberger <heitzenberger at astaro.com>


Modified: trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_conntrack_mms.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_conntrack_mms.c	2006-05-10 06:07:36 UTC (rev 6593)
+++ trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_conntrack_mms.c	2006-05-10 06:08:09 UTC (rev 6594)
@@ -224,72 +224,71 @@
 	 * it as a member of struct ip_ct_mms_expect and checking for it in
 	 * ip_nat_mms...
 	 */
-	if ((MMS_SRV_MSG_OFFSET < datalen) &&
-	    ((*(u32 *)(data+MMS_SRV_MSG_OFFSET)) == MMS_SRV_MSG_ID)) {
-		DEBUGP("ip_conntrack_mms: offset 37: %u %u %u %u, datalen:%u\n",
-		       (u8)*(data+36), (u8)*(data+37),
-		       (u8)*(data+38), (u8)*(data+39),
-		       datalen);
-		if (parse_mms(data, datalen, &mms_ip, &mms_proto, &mms_port,
-		             &mms_string_b, &mms_string_e, &mms_padding_e))
-			if (net_ratelimit())
-				/* FIXME: more verbose debugging ? */
-				printk(KERN_WARNING
-				       "ip_conntrack_mms: Unable to parse "
-				       "data payload\n");
+	if ((MMS_SRV_MSG_OFFSET >= datalen) ||
+		((*(u32 *)(data+MMS_SRV_MSG_OFFSET)) != MMS_SRV_MSG_ID))
+		goto out;
 
-		sprintf(mms_proto_string, "(%u)", mms_proto);
-		DEBUGP("ip_conntrack_mms: adding %s expectation "
-		       "%u.%u.%u.%u -> %u.%u.%u.%u:%u\n",
-		       mms_proto == IPPROTO_TCP ? "TCP"
-		       : mms_proto == IPPROTO_UDP ? "UDP":mms_proto_string,
-		       NIPQUAD(ct->tuplehash[!dir].tuple.src.ip),
-		       NIPQUAD(mms_ip),
-		       mms_port);
+	DEBUGP("ip_conntrack_mms: offset 37: %u %u %u %u, datalen:%u\n",
+		   (u8)*(data+36), (u8)*(data+37), (u8)*(data+38), (u8)*(data+39),
+		   datalen);
+	if (parse_mms(data, datalen, &mms_ip, &mms_proto, &mms_port,
+				  &mms_string_b, &mms_string_e, &mms_padding_e))
+		if (net_ratelimit())
+			/* FIXME: more verbose debugging ? */
+			printk(KERN_WARNING
+				   "ip_conntrack_mms: Unable to parse "
+				   "data payload\n");
 
-		/* it's possible that the client will just ask the server to
-		 * tunnel the stream over the same TCP session (from port
-		 * 1755): there's shouldn't be a need to add an expectation in
-		 * that case, but it makes NAT packet mangling so much easier
-		 * */
+	sprintf(mms_proto_string, "(%u)", mms_proto);
+	DEBUGP("ip_conntrack_mms: adding %s expectation "
+		   "%u.%u.%u.%u -> %u.%u.%u.%u:%u\n",
+		   mms_proto == IPPROTO_TCP ? "TCP"
+		   : mms_proto == IPPROTO_UDP ? "UDP":mms_proto_string,
+		   NIPQUAD(ct->tuplehash[!dir].tuple.src.ip),
+		   NIPQUAD(mms_ip),
+		   mms_port);
 
-		DEBUGP("ip_conntrack_mms: tcph->seq = %u\n", tcph->seq);
+	/* it's possible that the client will just ask the server to
+	 * tunnel the stream over the same TCP session (from port
+	 * 1755): there's shouldn't be a need to add an expectation in
+	 * that case, but it makes NAT packet mangling so much easier
+	 * */
 
-		exp = ip_conntrack_expect_alloc();
-		if (!exp) {
-			ret = NF_DROP;
-			goto out;
-		}
+	DEBUGP("ip_conntrack_mms: tcph->seq = %u\n", tcph->seq);
 
-		exp_mms_info->offset  = (mms_string_b - data);
-		exp_mms_info->len     = (mms_string_e  - mms_string_b);
-		exp_mms_info->padding = (mms_padding_e - mms_string_e);
-		exp_mms_info->port    = mms_port;
+	if ((exp = ip_conntrack_expect_alloc(ct)) == NULL) {
+		ret = NF_DROP;
+		goto out;
+	}
 
-		DEBUGP("ip_conntrack_mms: wrote info seq=%u (ofs=%u), "
-		       "len=%d, padding=%u\n", exp->seq, (mms_string_e - data),
-		       exp_mms_info->len, exp_mms_info->padding);
+	exp_mms_info->offset  = (mms_string_b - data);
+	exp_mms_info->len     = (mms_string_e  - mms_string_b);
+	exp_mms_info->padding = (mms_padding_e - mms_string_e);
+	exp_mms_info->port    = mms_port;
 
-		exp->tuple = ((struct ip_conntrack_tuple)
-		              { { ct->tuplehash[!dir].tuple.src.ip, { 0 } },
-		              { mms_ip,
-		                { .tcp = { (__u16) ntohs(mms_port) } },
-		                mms_proto } }
-		             );
-		exp->mask  = ((struct ip_conntrack_tuple)
-		             { { 0xFFFFFFFF, { 0 } },
-		               { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }});
-		exp->expectfn = NULL;
-		exp->master = ct;
+	DEBUGP("ip_conntrack_mms: wrote info seq=%u (ofs=%u), "
+		   "len=%d, padding=%u\n", exp->seq, (mms_string_e - data),
+		   exp_mms_info->len, exp_mms_info->padding);
 
-		if (ip_nat_mms_hook)
-			ret = ip_nat_mms_hook(pskb, ctinfo, exp_mms_info, exp);
-		else if (ip_conntrack_expect_related(exp) != 0) {
-			ip_conntrack_expect_free(exp);
-			ret = NF_DROP;
-		}
-		goto out;
-	}
+	exp->tuple = ((struct ip_conntrack_tuple)
+		{ { ct->tuplehash[!dir].tuple.src.ip, { 0 } },
+		  { mms_ip,
+			{ .tcp = { (__u16) ntohs(mms_port) } },
+			mms_proto } }
+		);
+	exp->mask  = ((struct ip_conntrack_tuple)
+		{ { 0xFFFFFFFF, { 0 } },
+		  { 0xFFFFFFFF, { .tcp = { 0xFFFF } }, 0xFF }});
+	exp->expectfn = NULL;
+	exp->master = ct;
+
+	if (ip_nat_mms_hook)
+		ret = ip_nat_mms_hook(pskb, ctinfo, exp_mms_info, exp);
+	else if (ip_conntrack_expect_related(exp) != 0)
+		ret = NF_DROP;
+
+	ip_conntrack_expect_put(exp);
+
 out:
 	spin_unlock_bh(&mms_buffer_lock);
 	return ret;

Modified: trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_nat_mms.c
===================================================================
--- trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_nat_mms.c	2006-05-10 06:07:36 UTC (rev 6593)
+++ trunk/patch-o-matic-ng/patchlets/mms-conntrack-nat/linux-2.6.12/net/ipv4/netfilter/ip_nat_mms.c	2006-05-10 06:08:09 UTC (rev 6594)
@@ -114,10 +114,8 @@
 		}
 	}
 
-	if (port == 0) {
-		ip_conntrack_expect_free(expect);
+	if (port == 0)
 		return NF_DROP;
-	}
 
 	sprintf(buffer, "\\\\%u.%u.%u.%u\\%s\\%u",
 	        NIPQUAD(newip),




More information about the netfilter-cvslog mailing list