2.6.0-pptp-conntrack-nat-20031219.patch

   1 diff -Nur linux-2.6.0.org/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.6.0/include/linux/netfilter_ipv4/ip_conntrack.h
   2 --- linux-2.6.0.org/include/linux/netfilter_ipv4/ip_conntrack.h 2003-12-18 03:59:40.000000000 +0100
   3 +++ linux-2.6.0/include/linux/netfilter_ipv4/ip_conntrack.h     2003-12-19 10:38:24.000000000 +0100
   4 @@ -51,19 +51,23 @@
   5
   6  #include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
   7  #include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
   8 +#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h>
   9
  10  /* per conntrack: protocol private data */
  11  union ip_conntrack_proto {
  12         /* insert conntrack proto private data here */
  13 +       struct ip_ct_gre gre;
  14         struct ip_ct_tcp tcp;
  15         struct ip_ct_icmp icmp;
  16  };
  17
  18  union ip_conntrack_expect_proto {
  19         /* insert expect proto private data here */
  20 +       struct ip_ct_gre_expect gre;
  21  };
  22
  23  /* Add protocol helper include file here */
  24 +#include <linux/netfilter_ipv4/ip_conntrack_pptp.h>
  25  #include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
  26  #include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
  27  #include <linux/netfilter_ipv4/ip_conntrack_irc.h>
  28 @@ -71,6 +75,7 @@
  29  /* per expectation: application helper private data */
  30  union ip_conntrack_expect_help {
  31         /* insert conntrack helper private data (expect) here */
  32 +       struct ip_ct_pptp_expect exp_pptp_info;
  33         struct ip_ct_amanda_expect exp_amanda_info;
  34         struct ip_ct_ftp_expect exp_ftp_info;
  35         struct ip_ct_irc_expect exp_irc_info;
  36 @@ -85,16 +90,19 @@
  37  /* per conntrack: application helper private data */
  38  union ip_conntrack_help {
  39         /* insert conntrack helper private data (master) here */
  40 +       struct ip_ct_pptp_master ct_pptp_info;
  41         struct ip_ct_ftp_master ct_ftp_info;
  42         struct ip_ct_irc_master ct_irc_info;
  43  };
  44
  45  #ifdef CONFIG_IP_NF_NAT_NEEDED
  46  #include <linux/netfilter_ipv4/ip_nat.h>
  47 +#include <linux/netfilter_ipv4/ip_nat_pptp.h>
  48
  49  /* per conntrack: nat application helper private data */
  50  union ip_conntrack_nat_help {
  51         /* insert nat helper private data here */
  52 +       struct ip_nat_pptp nat_pptp_info;
  53  };
  54  #endif
  55
  56 diff -Nur linux-2.6.0.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-2.6.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
  57 --- linux-2.6.0.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h   2003-12-18 03:59:16.000000000 +0100
  58 +++ linux-2.6.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h       2003-12-19 10:38:24.000000000 +0100
  59 @@ -14,7 +14,7 @@
  60  union ip_conntrack_manip_proto
  61  {
  62         /* Add other protocols here. */
  63 -       u_int16_t all;
  64 +       u_int32_t all;
  65
  66         struct {
  67                 u_int16_t port;
  68 @@ -25,6 +25,9 @@
  69         struct {
  70                 u_int16_t id;
  71         } icmp;
  72 +       struct {
  73 +               u_int32_t key;
  74 +       } gre;
  75  };
  76
  77  /* The manipulable part of the tuple. */
  78 @@ -44,7 +47,7 @@
  79                 u_int32_t ip;
  80                 union {
  81                         /* Add other protocols here. */
  82 -                       u_int16_t all;
  83 +                       u_int64_t all;
  84
  85                         struct {
  86                                 u_int16_t port;
  87 @@ -55,6 +58,11 @@
  88                         struct {
  89                                 u_int8_t type, code;
  90                         } icmp;
  91 +                       struct {
  92 +                               u_int16_t protocol;
  93 +                               u_int8_t version;
  94 +                               u_int32_t key;
  95 +                       } gre;
  96                 } u;
  97
  98                 /* The protocol. */
  99 @@ -80,10 +88,16 @@
 100  #ifdef __KERNEL__
 101
 102  #define DUMP_TUPLE(tp)                                         \
 103 -DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n",    \
 104 +DEBUGP("tuple %p: %u %u.%u.%u.%u:%u -> %u.%u.%u.%u:%u\n",      \
 105         (tp), (tp)->dst.protonum,                               \
 106 -       NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all),          \
 107 -       NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all))
 108 +       NIPQUAD((tp)->src.ip), ntohl((tp)->src.u.all),          \
 109 +       NIPQUAD((tp)->dst.ip), ntohl((tp)->dst.u.all))
 110 +
 111 +#define DUMP_TUPLE_RAW(x)                                              \
 112 +       DEBUGP("tuple %p: %u %u.%u.%u.%u:0x%08x -> %u.%u.%u.%u:0x%08x\n",\
 113 +       (x), (x)->dst.protonum,                                         \
 114 +       NIPQUAD((x)->src.ip), ntohl((x)->src.u.all),                    \
 115 +       NIPQUAD((x)->dst.ip), ntohl((x)->dst.u.all))
 116
 117  #define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
 118
 119 diff -Nur linux-2.6.0.org/net/ipv4/netfilter/Makefile linux-2.6.0/net/ipv4/netfilter/Makefile
 120 --- linux-2.6.0.org/net/ipv4/netfilter/Makefile 2003-12-18 03:58:28.000000000 +0100
 121 +++ linux-2.6.0/net/ipv4/netfilter/Makefile     2003-12-19 10:38:24.000000000 +0100
 122 @@ -19,13 +19,21 @@
 123  # connection tracking
 124  obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o
 125
 126 +# connection tracking protocol helpers
 127 +obj-$(CONFIG_IP_NF_CT_PROTO_GRE) += ip_conntrack_proto_gre.o
 128 +
 129 +# NAT protocol helpers
 130 +obj-$(CONFIG_IP_NF_NAT_PROTO_GRE) += ip_nat_proto_gre.o
 131 +
 132  # connection tracking helpers
 133 +obj-$(CONFIG_IP_NF_PPTP) += ip_conntrack_pptp.o
 134  obj-$(CONFIG_IP_NF_AMANDA) += ip_conntrack_amanda.o
 135  obj-$(CONFIG_IP_NF_TFTP) += ip_conntrack_tftp.o
 136  obj-$(CONFIG_IP_NF_FTP) += ip_conntrack_ftp.o
 137  obj-$(CONFIG_IP_NF_IRC) += ip_conntrack_irc.o
 138
 139  # NAT helpers
 140 +obj-$(CONFIG_IP_NF_NAT_PPTP) += ip_nat_pptp.o
 141  obj-$(CONFIG_IP_NF_NAT_AMANDA) += ip_nat_amanda.o
 142  obj-$(CONFIG_IP_NF_NAT_TFTP) += ip_nat_tftp.o
 143  obj-$(CONFIG_IP_NF_NAT_FTP) += ip_nat_ftp.o
 144 diff -Nur linux-2.6.0.org/net/ipv4/netfilter/ip_conntrack_core.c linux-2.6.0/net/ipv4/netfilter/ip_conntrack_core.c
 145 --- linux-2.6.0.org/net/ipv4/netfilter/ip_conntrack_core.c      2003-12-18 03:57:57.000000000 +0100
 146 +++ linux-2.6.0/net/ipv4/netfilter/ip_conntrack_core.c  2003-12-19 10:38:24.000000000 +0100
 147 @@ -150,6 +150,8 @@
 148         inverse->dst.ip = orig->src.ip;
 149         inverse->dst.protonum = orig->dst.protonum;
 150
 151 +       inverse->src.u.all = inverse->dst.u.all = 0;
 152 +
 153         return protocol->invert_tuple(inverse, orig);
 154  }
 155
 156 @@ -925,8 +927,8 @@
 157          * so there is no need to use the tuple lock too */
 158
 159         DEBUGP("ip_conntrack_expect_related %p\n", related_to);
 160 -       DEBUGP("tuple: "); DUMP_TUPLE(&expect->tuple);
 161 -       DEBUGP("mask:  "); DUMP_TUPLE(&expect->mask);
 162 +       DEBUGP("tuple: "); DUMP_TUPLE_RAW(&expect->tuple);
 163 +       DEBUGP("mask:  "); DUMP_TUPLE_RAW(&expect->mask);
 164
 165         old = LIST_FIND(&ip_conntrack_expect_list, resent_expect,
 166                         struct ip_conntrack_expect *, &expect->tuple,
 167 @@ -1051,15 +1053,14 @@
 168
 169         MUST_BE_READ_LOCKED(&ip_conntrack_lock);
 170         WRITE_LOCK(&ip_conntrack_expect_tuple_lock);
 171 -
 172         DEBUGP("change_expect:\n");
 173 -       DEBUGP("exp tuple: "); DUMP_TUPLE(&expect->tuple);
 174 -       DEBUGP("exp mask:  "); DUMP_TUPLE(&expect->mask);
 175 -       DEBUGP("newtuple:  "); DUMP_TUPLE(newtuple);
 176 +       DEBUGP("exp tuple: "); DUMP_TUPLE_RAW(&expect->tuple);
 177 +       DEBUGP("exp mask:  "); DUMP_TUPLE_RAW(&expect->mask);
 178 +       DEBUGP("newtuple:  "); DUMP_TUPLE_RAW(newtuple);
 179         if (expect->ct_tuple.dst.protonum == 0) {
 180                 /* Never seen before */
 181                 DEBUGP("change expect: never seen before\n");
 182 -               if (!ip_ct_tuple_equal(&expect->tuple, newtuple)
 183 +               if (!ip_ct_tuple_mask_cmp(&expect->tuple, newtuple, &expect->mask)
 184                     && LIST_FIND(&ip_conntrack_expect_list, expect_clash,
 185                                  struct ip_conntrack_expect *, newtuple, &expect->mask)) {
 186                         /* Force NAT to find an unused tuple */
 187 diff -Nur linux-2.6.0.org/net/ipv4/netfilter/ip_nat_core.c linux-2.6.0/net/ipv4/netfilter/ip_nat_core.c
 188 --- linux-2.6.0.org/net/ipv4/netfilter/ip_nat_core.c    2003-12-18 03:58:16.000000000 +0100
 189 +++ linux-2.6.0/net/ipv4/netfilter/ip_nat_core.c        2003-12-19 10:38:24.000000000 +0100
 190 @@ -432,7 +432,7 @@
 191         *tuple = *orig_tuple;
 192         while ((rptr = find_best_ips_proto_fast(tuple, mr, conntrack, hooknum))
 193                != NULL) {
 194 -               DEBUGP("Found best for "); DUMP_TUPLE(tuple);
 195 +               DEBUGP("Found best for "); DUMP_TUPLE_RAW(tuple);
 196                 /* 3) The per-protocol part of the manip is made to
 197                    map into the range to make a unique tuple. */
 198
 199 @@ -573,9 +573,9 @@
 200                        HOOK2MANIP(hooknum)==IP_NAT_MANIP_SRC ? "SRC" : "DST",
 201                        conntrack);
 202                 DEBUGP("Original: ");
 203 -               DUMP_TUPLE(&orig_tp);
 204 +               DUMP_TUPLE_RAW(&orig_tp);
 205                 DEBUGP("New: ");
 206 -               DUMP_TUPLE(&new_tuple);
 207 +               DUMP_TUPLE_RAW(&new_tuple);
 208  #endif
 209
 210                 /* We now have two tuples (SRCIP/SRCPT/DSTIP/DSTPT):