[packages/kernel.git] / 2.6.0-pptp-conntrack-nat-20031219.patch

diff -Nur linux-2.6.0.org/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.6.0/include/linux/netfilter_ipv4/ip_conntrack.h
--- linux-2.6.0.org/include/linux/netfilter_ipv4/ip_conntrack.h	2003-12-18 03:59:40.000000000 +0100
+++ linux-2.6.0/include/linux/netfilter_ipv4/ip_conntrack.h	2003-12-19 10:38:24.000000000 +0100
@@ -51,19 +51,23 @@
 
 #include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
+#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h>
 
 /* per conntrack: protocol private data */
 union ip_conntrack_proto {
 	/* insert conntrack proto private data here */
+	struct ip_ct_gre gre;
 	struct ip_ct_tcp tcp;
 	struct ip_ct_icmp icmp;
 };
 
 union ip_conntrack_expect_proto {
 	/* insert expect proto private data here */
+	struct ip_ct_gre_expect gre;
 };
 
 /* Add protocol helper include file here */
+#include <linux/netfilter_ipv4/ip_conntrack_pptp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
 #include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_irc.h>
@@ -71,6 +75,7 @@
 /* per expectation: application helper private data */
 union ip_conntrack_expect_help {
 	/* insert conntrack helper private data (expect) here */
+	struct ip_ct_pptp_expect exp_pptp_info;
 	struct ip_ct_amanda_expect exp_amanda_info;
 	struct ip_ct_ftp_expect exp_ftp_info;
 	struct ip_ct_irc_expect exp_irc_info;
@@ -85,16 +90,19 @@
 /* per conntrack: application helper private data */
 union ip_conntrack_help {
 	/* insert conntrack helper private data (master) here */
+	struct ip_ct_pptp_master ct_pptp_info;
 	struct ip_ct_ftp_master ct_ftp_info;
 	struct ip_ct_irc_master ct_irc_info;
 };
 
 #ifdef CONFIG_IP_NF_NAT_NEEDED
 #include <linux/netfilter_ipv4/ip_nat.h>
+#include <linux/netfilter_ipv4/ip_nat_pptp.h>
 
 /* per conntrack: nat application helper private data */
 union ip_conntrack_nat_help {
 	/* insert nat helper private data here */
+	struct ip_nat_pptp nat_pptp_info;
 };
 #endif
 
diff -Nur linux-2.6.0.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-2.6.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
--- linux-2.6.0.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h	2003-12-18 03:59:16.000000000 +0100
+++ linux-2.6.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h	2003-12-19 10:38:24.000000000 +0100
@@ -14,7 +14,7 @@
 union ip_conntrack_manip_proto
 {
 	/* Add other protocols here. */
-	u_int16_t all;
+	u_int32_t all;
 
 	struct {
 		u_int16_t port;
@@ -25,6 +25,9 @@
 	struct {
 		u_int16_t id;
 	} icmp;
+	struct {
+		u_int32_t key;
+	} gre;
 };
 
 /* The manipulable part of the tuple. */
@@ -44,7 +47,7 @@
 		u_int32_t ip;
 		union {
 			/* Add other protocols here. */
-			u_int16_t all;
+			u_int64_t all;
 
 			struct {
 				u_int16_t port;
@@ -55,6 +58,11 @@
 			struct {
 				u_int8_t type, code;
 			} icmp;
+			struct {
+				u_int16_t protocol;
+				u_int8_t version;
+				u_int32_t key;
+			} gre;
 		} u;
 
 		/* The protocol. */
@@ -80,10 +88,16 @@
 #ifdef __KERNEL__
 
 #define DUMP_TUPLE(tp)						\
-DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n",	\
+DEBUGP("tuple %p: %u %u.%u.%u.%u:%u -> %u.%u.%u.%u:%u\n",	\
        (tp), (tp)->dst.protonum,				\
-       NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all),		\
-       NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all))
+       NIPQUAD((tp)->src.ip), ntohl((tp)->src.u.all),		\
+       NIPQUAD((tp)->dst.ip), ntohl((tp)->dst.u.all))
+
+#define DUMP_TUPLE_RAW(x) 						\
+	DEBUGP("tuple %p: %u %u.%u.%u.%u:0x%08x -> %u.%u.%u.%u:0x%08x\n",\
+	(x), (x)->dst.protonum,						\
+	NIPQUAD((x)->src.ip), ntohl((x)->src.u.all), 			\
+	NIPQUAD((x)->dst.ip), ntohl((x)->dst.u.all))
 
 #define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
 
diff -Nur linux-2.6.0.org/net/ipv4/netfilter/Makefile linux-2.6.0/net/ipv4/netfilter/Makefile
--- linux-2.6.0.org/net/ipv4/netfilter/Makefile	2003-12-18 03:58:28.000000000 +0100
+++ linux-2.6.0/net/ipv4/netfilter/Makefile	2003-12-19 10:38:24.000000000 +0100
@@ -19,13 +19,21 @@
 # connection tracking
 obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o
 
+# connection tracking protocol helpers
+obj-$(CONFIG_IP_NF_CT_PROTO_GRE) += ip_conntrack_proto_gre.o
+
+# NAT protocol helpers
+obj-$(CONFIG_IP_NF_NAT_PROTO_GRE) += ip_nat_proto_gre.o
+
 # connection tracking helpers
+obj-$(CONFIG_IP_NF_PPTP) += ip_conntrack_pptp.o
 obj-$(CONFIG_IP_NF_AMANDA) += ip_conntrack_amanda.o
 obj-$(CONFIG_IP_NF_TFTP) += ip_conntrack_tftp.o
 obj-$(CONFIG_IP_NF_FTP) += ip_conntrack_ftp.o
 obj-$(CONFIG_IP_NF_IRC) += ip_conntrack_irc.o
 
 # NAT helpers 
+obj-$(CONFIG_IP_NF_NAT_PPTP) += ip_nat_pptp.o
 obj-$(CONFIG_IP_NF_NAT_AMANDA) += ip_nat_amanda.o
 obj-$(CONFIG_IP_NF_NAT_TFTP) += ip_nat_tftp.o
 obj-$(CONFIG_IP_NF_NAT_FTP) += ip_nat_ftp.o
diff -Nur linux-2.6.0.org/net/ipv4/netfilter/ip_conntrack_core.c linux-2.6.0/net/ipv4/netfilter/ip_conntrack_core.c
--- linux-2.6.0.org/net/ipv4/netfilter/ip_conntrack_core.c	2003-12-18 03:57:57.000000000 +0100
+++ linux-2.6.0/net/ipv4/netfilter/ip_conntrack_core.c	2003-12-19 10:38:24.000000000 +0100
@@ -150,6 +150,8 @@
 	inverse->dst.ip = orig->src.ip;
 	inverse->dst.protonum = orig->dst.protonum;
 
+	inverse->src.u.all = inverse->dst.u.all = 0;
+
 	return protocol->invert_tuple(inverse, orig);
 }
 
@@ -925,8 +927,8 @@
 	 * so there is no need to use the tuple lock too */
 
 	DEBUGP("ip_conntrack_expect_related %p\n", related_to);
-	DEBUGP("tuple: "); DUMP_TUPLE(&expect->tuple);
-	DEBUGP("mask:  "); DUMP_TUPLE(&expect->mask);
+	DEBUGP("tuple: "); DUMP_TUPLE_RAW(&expect->tuple);
+	DEBUGP("mask:  "); DUMP_TUPLE_RAW(&expect->mask);
 
 	old = LIST_FIND(&ip_conntrack_expect_list, resent_expect,
 		        struct ip_conntrack_expect *, &expect->tuple, 
@@ -1051,15 +1053,14 @@
 
 	MUST_BE_READ_LOCKED(&ip_conntrack_lock);
 	WRITE_LOCK(&ip_conntrack_expect_tuple_lock);
-
 	DEBUGP("change_expect:\n");
-	DEBUGP("exp tuple: "); DUMP_TUPLE(&expect->tuple);
-	DEBUGP("exp mask:  "); DUMP_TUPLE(&expect->mask);
-	DEBUGP("newtuple:  "); DUMP_TUPLE(newtuple);
+	DEBUGP("exp tuple: "); DUMP_TUPLE_RAW(&expect->tuple);
+	DEBUGP("exp mask:  "); DUMP_TUPLE_RAW(&expect->mask);
+	DEBUGP("newtuple:  "); DUMP_TUPLE_RAW(newtuple);
 	if (expect->ct_tuple.dst.protonum == 0) {
 		/* Never seen before */
 		DEBUGP("change expect: never seen before\n");
-		if (!ip_ct_tuple_equal(&expect->tuple, newtuple) 
+		if (!ip_ct_tuple_mask_cmp(&expect->tuple, newtuple, &expect->mask)
 		    && LIST_FIND(&ip_conntrack_expect_list, expect_clash,
 			         struct ip_conntrack_expect *, newtuple, &expect->mask)) {
 			/* Force NAT to find an unused tuple */
diff -Nur linux-2.6.0.org/net/ipv4/netfilter/ip_nat_core.c linux-2.6.0/net/ipv4/netfilter/ip_nat_core.c
--- linux-2.6.0.org/net/ipv4/netfilter/ip_nat_core.c	2003-12-18 03:58:16.000000000 +0100
+++ linux-2.6.0/net/ipv4/netfilter/ip_nat_core.c	2003-12-19 10:38:24.000000000 +0100
@@ -432,7 +432,7 @@
 	*tuple = *orig_tuple;
 	while ((rptr = find_best_ips_proto_fast(tuple, mr, conntrack, hooknum))
 	       != NULL) {
-		DEBUGP("Found best for "); DUMP_TUPLE(tuple);
+		DEBUGP("Found best for "); DUMP_TUPLE_RAW(tuple);
 		/* 3) The per-protocol part of the manip is made to
 		   map into the range to make a unique tuple. */
 
@@ -573,9 +573,9 @@
 		       HOOK2MANIP(hooknum)==IP_NAT_MANIP_SRC ? "SRC" : "DST",
 		       conntrack);
 		DEBUGP("Original: ");
-		DUMP_TUPLE(&orig_tp);
+		DUMP_TUPLE_RAW(&orig_tp);
 		DEBUGP("New: ");
-		DUMP_TUPLE(&new_tuple);
+		DUMP_TUPLE_RAW(&new_tuple);
 #endif
 
 		/* We now have two tuples (SRCIP/SRCPT/DSTIP/DSTPT):
Commit	Line	Data
f5868924	1	diff -Nur linux-2.6.0.org/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.6.0/include/linux/netfilter_ipv4/ip_conntrack.h
	2	--- linux-2.6.0.org/include/linux/netfilter_ipv4/ip_conntrack.h 2003-12-18 03:59:40.000000000 +0100
	3	+++ linux-2.6.0/include/linux/netfilter_ipv4/ip_conntrack.h 2003-12-19 10:38:24.000000000 +0100
	4	@@ -51,19 +51,23 @@
	5
	6	#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
	7	#include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
	8	+#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h>
	9
	10	/* per conntrack: protocol private data */
	11	union ip_conntrack_proto {
	12	/* insert conntrack proto private data here */
	13	+ struct ip_ct_gre gre;
	14	struct ip_ct_tcp tcp;
	15	struct ip_ct_icmp icmp;
	16	};
	17
	18	union ip_conntrack_expect_proto {
	19	/* insert expect proto private data here */
	20	+ struct ip_ct_gre_expect gre;
	21	};
	22
	23	/* Add protocol helper include file here */
	24	+#include <linux/netfilter_ipv4/ip_conntrack_pptp.h>
	25	#include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
	26	#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
	27	#include <linux/netfilter_ipv4/ip_conntrack_irc.h>
	28	@@ -71,6 +75,7 @@
	29	/* per expectation: application helper private data */
	30	union ip_conntrack_expect_help {
	31	/* insert conntrack helper private data (expect) here */
	32	+ struct ip_ct_pptp_expect exp_pptp_info;
	33	struct ip_ct_amanda_expect exp_amanda_info;
	34	struct ip_ct_ftp_expect exp_ftp_info;
	35	struct ip_ct_irc_expect exp_irc_info;
	36	@@ -85,16 +90,19 @@
	37	/* per conntrack: application helper private data */
	38	union ip_conntrack_help {
	39	/* insert conntrack helper private data (master) here */
	40	+ struct ip_ct_pptp_master ct_pptp_info;
	41	struct ip_ct_ftp_master ct_ftp_info;
	42	struct ip_ct_irc_master ct_irc_info;
	43	};
	44
	45	#ifdef CONFIG_IP_NF_NAT_NEEDED
	46	#include <linux/netfilter_ipv4/ip_nat.h>
	47	+#include <linux/netfilter_ipv4/ip_nat_pptp.h>
	48
	49	/* per conntrack: nat application helper private data */
	50	union ip_conntrack_nat_help {
	51	/* insert nat helper private data here */
	52	+ struct ip_nat_pptp nat_pptp_info;
	53	};
	54	#endif
	55
	56	diff -Nur linux-2.6.0.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux-2.6.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
	57	--- linux-2.6.0.org/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2003-12-18 03:59:16.000000000 +0100
	58	+++ linux-2.6.0/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2003-12-19 10:38:24.000000000 +0100
	59	@@ -14,7 +14,7 @@
	60	union ip_conntrack_manip_proto
	61	{
	62	/* Add other protocols here. */
	63	- u_int16_t all;
	64	+ u_int32_t all;
65
66	struct {
67	u_int16_t port;
68	@@ -25,6 +25,9 @@
69	struct {
70	u_int16_t id;
71	} icmp;
72	+ struct {
73	+ u_int32_t key;
74	+ } gre;
75	};
76
77	/* The manipulable part of the tuple. */
78	@@ -44,7 +47,7 @@
79	u_int32_t ip;
80	union {
81	/* Add other protocols here. */
82	- u_int16_t all;
83	+ u_int64_t all;
84
85	struct {
86	u_int16_t port;
87	@@ -55,6 +58,11 @@
88	struct {
89	u_int8_t type, code;
90	} icmp;
91	+ struct {
92	+ u_int16_t protocol;
93	+ u_int8_t version;
94	+ u_int32_t key;
95	+ } gre;
96	} u;
97
98	/* The protocol. */
99	@@ -80,10 +88,16 @@
100	#ifdef __KERNEL__
101
102	#define DUMP_TUPLE(tp) \
103	-DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n", \
104	+DEBUGP("tuple %p: %u %u.%u.%u.%u:%u -> %u.%u.%u.%u:%u\n", \
105	(tp), (tp)->dst.protonum, \
106	- NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all), \
107	- NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all))
108	+ NIPQUAD((tp)->src.ip), ntohl((tp)->src.u.all), \
109	+ NIPQUAD((tp)->dst.ip), ntohl((tp)->dst.u.all))
110	+
111	+#define DUMP_TUPLE_RAW(x) \
112	+ DEBUGP("tuple %p: %u %u.%u.%u.%u:0x%08x -> %u.%u.%u.%u:0x%08x\n",\
113	+ (x), (x)->dst.protonum, \
114	+ NIPQUAD((x)->src.ip), ntohl((x)->src.u.all), \
115	+ NIPQUAD((x)->dst.ip), ntohl((x)->dst.u.all))
116
117	#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
118
119	diff -Nur linux-2.6.0.org/net/ipv4/netfilter/Makefile linux-2.6.0/net/ipv4/netfilter/Makefile
120	--- linux-2.6.0.org/net/ipv4/netfilter/Makefile 2003-12-18 03:58:28.000000000 +0100
121	+++ linux-2.6.0/net/ipv4/netfilter/Makefile 2003-12-19 10:38:24.000000000 +0100
122	@@ -19,13 +19,21 @@
123	# connection tracking
124	obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o
125
126	+# connection tracking protocol helpers
127	+obj-$(CONFIG_IP_NF_CT_PROTO_GRE) += ip_conntrack_proto_gre.o
128	+
129	+# NAT protocol helpers
130	+obj-$(CONFIG_IP_NF_NAT_PROTO_GRE) += ip_nat_proto_gre.o
131	+
132	# connection tracking helpers
133	+obj-$(CONFIG_IP_NF_PPTP) += ip_conntrack_pptp.o
134	obj-$(CONFIG_IP_NF_AMANDA) += ip_conntrack_amanda.o
135	obj-$(CONFIG_IP_NF_TFTP) += ip_conntrack_tftp.o
136	obj-$(CONFIG_IP_NF_FTP) += ip_conntrack_ftp.o
137	obj-$(CONFIG_IP_NF_IRC) += ip_conntrack_irc.o
138
139	# NAT helpers
140	+obj-$(CONFIG_IP_NF_NAT_PPTP) += ip_nat_pptp.o
141	obj-$(CONFIG_IP_NF_NAT_AMANDA) += ip_nat_amanda.o
142	obj-$(CONFIG_IP_NF_NAT_TFTP) += ip_nat_tftp.o
143	obj-$(CONFIG_IP_NF_NAT_FTP) += ip_nat_ftp.o
144	diff -Nur linux-2.6.0.org/net/ipv4/netfilter/ip_conntrack_core.c linux-2.6.0/net/ipv4/netfilter/ip_conntrack_core.c
145	--- linux-2.6.0.org/net/ipv4/netfilter/ip_conntrack_core.c 2003-12-18 03:57:57.000000000 +0100
146	+++ linux-2.6.0/net/ipv4/netfilter/ip_conntrack_core.c 2003-12-19 10:38:24.000000000 +0100
147	@@ -150,6 +150,8 @@
148	inverse->dst.ip = orig->src.ip;
149	inverse->dst.protonum = orig->dst.protonum;
150
151	+ inverse->src.u.all = inverse->dst.u.all = 0;
152	+
153	return protocol->invert_tuple(inverse, orig);
154	}
155
156	@@ -925,8 +927,8 @@
157	* so there is no need to use the tuple lock too */
158
159	DEBUGP("ip_conntrack_expect_related %p\n", related_to);
160	- DEBUGP("tuple: "); DUMP_TUPLE(&expect->tuple);
161	- DEBUGP("mask: "); DUMP_TUPLE(&expect->mask);
162	+ DEBUGP("tuple: "); DUMP_TUPLE_RAW(&expect->tuple);
163	+ DEBUGP("mask: "); DUMP_TUPLE_RAW(&expect->mask);
164
165	old = LIST_FIND(&ip_conntrack_expect_list, resent_expect,
166	struct ip_conntrack_expect *, &expect->tuple,
167	@@ -1051,15 +1053,14 @@
168
169	MUST_BE_READ_LOCKED(&ip_conntrack_lock);
170	WRITE_LOCK(&ip_conntrack_expect_tuple_lock);
171	-
172	DEBUGP("change_expect:\n");
173	- DEBUGP("exp tuple: "); DUMP_TUPLE(&expect->tuple);
174	- DEBUGP("exp mask: "); DUMP_TUPLE(&expect->mask);
175	- DEBUGP("newtuple: "); DUMP_TUPLE(newtuple);
176	+ DEBUGP("exp tuple: "); DUMP_TUPLE_RAW(&expect->tuple);
177	+ DEBUGP("exp mask: "); DUMP_TUPLE_RAW(&expect->mask);
178	+ DEBUGP("newtuple: "); DUMP_TUPLE_RAW(newtuple);
179	if (expect->ct_tuple.dst.protonum == 0) {
180	/* Never seen before */
181	DEBUGP("change expect: never seen before\n");
182	- if (!ip_ct_tuple_equal(&expect->tuple, newtuple)
183	+ if (!ip_ct_tuple_mask_cmp(&expect->tuple, newtuple, &expect->mask)
184	&& LIST_FIND(&ip_conntrack_expect_list, expect_clash,
185	struct ip_conntrack_expect *, newtuple, &expect->mask)) {
186	/* Force NAT to find an unused tuple */
187	diff -Nur linux-2.6.0.org/net/ipv4/netfilter/ip_nat_core.c linux-2.6.0/net/ipv4/netfilter/ip_nat_core.c
188	--- linux-2.6.0.org/net/ipv4/netfilter/ip_nat_core.c 2003-12-18 03:58:16.000000000 +0100
189	+++ linux-2.6.0/net/ipv4/netfilter/ip_nat_core.c 2003-12-19 10:38:24.000000000 +0100
190	@@ -432,7 +432,7 @@
191	tuple = orig_tuple;
192	while ((rptr = find_best_ips_proto_fast(tuple, mr, conntrack, hooknum))
193	!= NULL) {
194	- DEBUGP("Found best for "); DUMP_TUPLE(tuple);
195	+ DEBUGP("Found best for "); DUMP_TUPLE_RAW(tuple);
196	/* 3) The per-protocol part of the manip is made to
197	map into the range to make a unique tuple. */
198
199	@@ -573,9 +573,9 @@
200	HOOK2MANIP(hooknum)==IP_NAT_MANIP_SRC ? "SRC" : "DST",
201	conntrack);
202	DEBUGP("Original: ");
203	- DUMP_TUPLE(&orig_tp);
204	+ DUMP_TUPLE_RAW(&orig_tp);
205	DEBUGP("New: ");
206	- DUMP_TUPLE(&new_tuple);
207	+ DUMP_TUPLE_RAW(&new_tuple);
208	#endif
209
210	/* We now have two tuples (SRCIP/SRCPT/DSTIP/DSTPT):