Commit 051966c0 authored by Patrick McHardy's avatar Patrick McHardy Committed by Pablo Neira Ayuso

netfilter: nf_nat: add protoff argument to packet mangling functions

For mangling IPv6 packets the protocol header offset needs to be known
by the NAT packet mangling functions. Add a so far unused protoff argument
and convert the conntrack and NAT helpers to use it in preparation of
IPv6 NAT.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 811927cc
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
extern unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb, extern unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned int matchoff, unsigned int matchoff,
unsigned int matchlen, unsigned int matchlen,
struct nf_conntrack_expect *exp); struct nf_conntrack_expect *exp);
......
...@@ -34,6 +34,7 @@ struct nf_conntrack_expect; ...@@ -34,6 +34,7 @@ struct nf_conntrack_expect;
extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb, extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
enum nf_ct_ftp_type type, enum nf_ct_ftp_type type,
unsigned int protoff,
unsigned int matchoff, unsigned int matchoff,
unsigned int matchlen, unsigned int matchlen,
struct nf_conntrack_expect *exp); struct nf_conntrack_expect *exp);
......
...@@ -36,12 +36,12 @@ extern void nf_conntrack_h245_expect(struct nf_conn *new, ...@@ -36,12 +36,12 @@ extern void nf_conntrack_h245_expect(struct nf_conn *new,
struct nf_conntrack_expect *this); struct nf_conntrack_expect *this);
extern void nf_conntrack_q931_expect(struct nf_conn *new, extern void nf_conntrack_q931_expect(struct nf_conn *new,
struct nf_conntrack_expect *this); struct nf_conntrack_expect *this);
extern int (*set_h245_addr_hook) (struct sk_buff *skb, extern int (*set_h245_addr_hook) (struct sk_buff *skb, unsigned int protoff,
unsigned char **data, int dataoff, unsigned char **data, int dataoff,
H245_TransportAddress *taddr, H245_TransportAddress *taddr,
union nf_inet_addr *addr, union nf_inet_addr *addr,
__be16 port); __be16 port);
extern int (*set_h225_addr_hook) (struct sk_buff *skb, extern int (*set_h225_addr_hook) (struct sk_buff *skb, unsigned int protoff,
unsigned char **data, int dataoff, unsigned char **data, int dataoff,
TransportAddress *taddr, TransportAddress *taddr,
union nf_inet_addr *addr, union nf_inet_addr *addr,
...@@ -49,40 +49,45 @@ extern int (*set_h225_addr_hook) (struct sk_buff *skb, ...@@ -49,40 +49,45 @@ extern int (*set_h225_addr_hook) (struct sk_buff *skb,
extern int (*set_sig_addr_hook) (struct sk_buff *skb, extern int (*set_sig_addr_hook) (struct sk_buff *skb,
struct nf_conn *ct, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned char **data, unsigned int protoff, unsigned char **data,
TransportAddress *taddr, int count); TransportAddress *taddr, int count);
extern int (*set_ras_addr_hook) (struct sk_buff *skb, extern int (*set_ras_addr_hook) (struct sk_buff *skb,
struct nf_conn *ct, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned char **data, unsigned int protoff, unsigned char **data,
TransportAddress *taddr, int count); TransportAddress *taddr, int count);
extern int (*nat_rtp_rtcp_hook) (struct sk_buff *skb, extern int (*nat_rtp_rtcp_hook) (struct sk_buff *skb,
struct nf_conn *ct, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned char **data, int dataoff, unsigned int protoff, unsigned char **data,
int dataoff,
H245_TransportAddress *taddr, H245_TransportAddress *taddr,
__be16 port, __be16 rtp_port, __be16 port, __be16 rtp_port,
struct nf_conntrack_expect *rtp_exp, struct nf_conntrack_expect *rtp_exp,
struct nf_conntrack_expect *rtcp_exp); struct nf_conntrack_expect *rtcp_exp);
extern int (*nat_t120_hook) (struct sk_buff *skb, struct nf_conn *ct, extern int (*nat_t120_hook) (struct sk_buff *skb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned char **data, int dataoff, unsigned char **data, int dataoff,
H245_TransportAddress *taddr, __be16 port, H245_TransportAddress *taddr, __be16 port,
struct nf_conntrack_expect *exp); struct nf_conntrack_expect *exp);
extern int (*nat_h245_hook) (struct sk_buff *skb, struct nf_conn *ct, extern int (*nat_h245_hook) (struct sk_buff *skb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned char **data, int dataoff, unsigned char **data, int dataoff,
TransportAddress *taddr, __be16 port, TransportAddress *taddr, __be16 port,
struct nf_conntrack_expect *exp); struct nf_conntrack_expect *exp);
extern int (*nat_callforwarding_hook) (struct sk_buff *skb, extern int (*nat_callforwarding_hook) (struct sk_buff *skb,
struct nf_conn *ct, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned char **data, int dataoff, unsigned char **data, int dataoff,
TransportAddress *taddr, TransportAddress *taddr,
__be16 port, __be16 port,
struct nf_conntrack_expect *exp); struct nf_conntrack_expect *exp);
extern int (*nat_q931_hook) (struct sk_buff *skb, struct nf_conn *ct, extern int (*nat_q931_hook) (struct sk_buff *skb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned char **data, TransportAddress *taddr, unsigned char **data, TransportAddress *taddr,
int idx, __be16 port, int idx, __be16 port,
struct nf_conntrack_expect *exp); struct nf_conntrack_expect *exp);
......
...@@ -7,6 +7,7 @@ ...@@ -7,6 +7,7 @@
extern unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb, extern unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned int matchoff, unsigned int matchoff,
unsigned int matchlen, unsigned int matchlen,
struct nf_conntrack_expect *exp); struct nf_conntrack_expect *exp);
......
...@@ -303,12 +303,14 @@ struct nf_conntrack_expect; ...@@ -303,12 +303,14 @@ struct nf_conntrack_expect;
extern int extern int
(*nf_nat_pptp_hook_outbound)(struct sk_buff *skb, (*nf_nat_pptp_hook_outbound)(struct sk_buff *skb,
struct nf_conn *ct, enum ip_conntrack_info ctinfo, struct nf_conn *ct, enum ip_conntrack_info ctinfo,
unsigned int protoff,
struct PptpControlHeader *ctlh, struct PptpControlHeader *ctlh,
union pptp_ctrl_union *pptpReq); union pptp_ctrl_union *pptpReq);
extern int extern int
(*nf_nat_pptp_hook_inbound)(struct sk_buff *skb, (*nf_nat_pptp_hook_inbound)(struct sk_buff *skb,
struct nf_conn *ct, enum ip_conntrack_info ctinfo, struct nf_conn *ct, enum ip_conntrack_info ctinfo,
unsigned int protoff,
struct PptpControlHeader *ctlh, struct PptpControlHeader *ctlh,
union pptp_ctrl_union *pptpReq); union pptp_ctrl_union *pptpReq);
......
...@@ -37,10 +37,12 @@ struct sdp_media_type { ...@@ -37,10 +37,12 @@ struct sdp_media_type {
struct sip_handler { struct sip_handler {
const char *method; const char *method;
unsigned int len; unsigned int len;
int (*request)(struct sk_buff *skb, unsigned int dataoff, int (*request)(struct sk_buff *skb, unsigned int protoff,
unsigned int dataoff,
const char **dptr, unsigned int *datalen, const char **dptr, unsigned int *datalen,
unsigned int cseq); unsigned int cseq);
int (*response)(struct sk_buff *skb, unsigned int dataoff, int (*response)(struct sk_buff *skb, unsigned int protoff,
unsigned int dataoff,
const char **dptr, unsigned int *datalen, const char **dptr, unsigned int *datalen,
unsigned int cseq, unsigned int code); unsigned int cseq, unsigned int code);
}; };
...@@ -105,11 +107,13 @@ enum sdp_header_types { ...@@ -105,11 +107,13 @@ enum sdp_header_types {
}; };
extern unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb, extern unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb,
unsigned int protoff,
unsigned int dataoff, unsigned int dataoff,
const char **dptr, const char **dptr,
unsigned int *datalen); unsigned int *datalen);
extern void (*nf_nat_sip_seq_adjust_hook)(struct sk_buff *skb, s16 off); extern void (*nf_nat_sip_seq_adjust_hook)(struct sk_buff *skb, s16 off);
extern unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb, extern unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
unsigned int protoff,
unsigned int dataoff, unsigned int dataoff,
const char **dptr, const char **dptr,
unsigned int *datalen, unsigned int *datalen,
...@@ -117,6 +121,7 @@ extern unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb, ...@@ -117,6 +121,7 @@ extern unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,
unsigned int matchoff, unsigned int matchoff,
unsigned int matchlen); unsigned int matchlen);
extern unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb, extern unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb,
unsigned int protoff,
unsigned int dataoff, unsigned int dataoff,
const char **dptr, const char **dptr,
unsigned int *datalen, unsigned int *datalen,
...@@ -125,6 +130,7 @@ extern unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb, ...@@ -125,6 +130,7 @@ extern unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb,
enum sdp_header_types term, enum sdp_header_types term,
const union nf_inet_addr *addr); const union nf_inet_addr *addr);
extern unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb, extern unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb,
unsigned int protoff,
unsigned int dataoff, unsigned int dataoff,
const char **dptr, const char **dptr,
unsigned int *datalen, unsigned int *datalen,
...@@ -132,12 +138,14 @@ extern unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb, ...@@ -132,12 +138,14 @@ extern unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb,
unsigned int matchlen, unsigned int matchlen,
u_int16_t port); u_int16_t port);
extern unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb, extern unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb,
unsigned int protoff,
unsigned int dataoff, unsigned int dataoff,
const char **dptr, const char **dptr,
unsigned int *datalen, unsigned int *datalen,
unsigned int sdpoff, unsigned int sdpoff,
const union nf_inet_addr *addr); const union nf_inet_addr *addr);
extern unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb, extern unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb,
unsigned int protoff,
unsigned int dataoff, unsigned int dataoff,
const char **dptr, const char **dptr,
unsigned int *datalen, unsigned int *datalen,
......
...@@ -10,6 +10,7 @@ struct sk_buff; ...@@ -10,6 +10,7 @@ struct sk_buff;
extern int __nf_nat_mangle_tcp_packet(struct sk_buff *skb, extern int __nf_nat_mangle_tcp_packet(struct sk_buff *skb,
struct nf_conn *ct, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned int match_offset, unsigned int match_offset,
unsigned int match_len, unsigned int match_len,
const char *rep_buffer, const char *rep_buffer,
...@@ -18,12 +19,13 @@ extern int __nf_nat_mangle_tcp_packet(struct sk_buff *skb, ...@@ -18,12 +19,13 @@ extern int __nf_nat_mangle_tcp_packet(struct sk_buff *skb,
static inline int nf_nat_mangle_tcp_packet(struct sk_buff *skb, static inline int nf_nat_mangle_tcp_packet(struct sk_buff *skb,
struct nf_conn *ct, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned int match_offset, unsigned int match_offset,
unsigned int match_len, unsigned int match_len,
const char *rep_buffer, const char *rep_buffer,
unsigned int rep_len) unsigned int rep_len)
{ {
return __nf_nat_mangle_tcp_packet(skb, ct, ctinfo, return __nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff,
match_offset, match_len, match_offset, match_len,
rep_buffer, rep_len, true); rep_buffer, rep_len, true);
} }
...@@ -31,6 +33,7 @@ static inline int nf_nat_mangle_tcp_packet(struct sk_buff *skb, ...@@ -31,6 +33,7 @@ static inline int nf_nat_mangle_tcp_packet(struct sk_buff *skb,
extern int nf_nat_mangle_udp_packet(struct sk_buff *skb, extern int nf_nat_mangle_udp_packet(struct sk_buff *skb,
struct nf_conn *ct, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned int match_offset, unsigned int match_offset,
unsigned int match_len, unsigned int match_len,
const char *rep_buffer, const char *rep_buffer,
...@@ -41,10 +44,12 @@ extern void nf_nat_set_seq_adjust(struct nf_conn *ct, ...@@ -41,10 +44,12 @@ extern void nf_nat_set_seq_adjust(struct nf_conn *ct,
__be32 seq, s16 off); __be32 seq, s16 off);
extern int nf_nat_seq_adjust(struct sk_buff *skb, extern int nf_nat_seq_adjust(struct sk_buff *skb,
struct nf_conn *ct, struct nf_conn *ct,
enum ip_conntrack_info ctinfo); enum ip_conntrack_info ctinfo,
unsigned int protoff);
extern int (*nf_nat_seq_adjust_hook)(struct sk_buff *skb, extern int (*nf_nat_seq_adjust_hook)(struct sk_buff *skb,
struct nf_conn *ct, struct nf_conn *ct,
enum ip_conntrack_info ctinfo); enum ip_conntrack_info ctinfo,
unsigned int protoff);
/* Setup NAT on this expected conntrack so it follows master, but goes /* Setup NAT on this expected conntrack so it follows master, but goes
* to port ct->master->saved_proto. */ * to port ct->master->saved_proto. */
......
...@@ -31,7 +31,8 @@ ...@@ -31,7 +31,8 @@
int (*nf_nat_seq_adjust_hook)(struct sk_buff *skb, int (*nf_nat_seq_adjust_hook)(struct sk_buff *skb,
struct nf_conn *ct, struct nf_conn *ct,
enum ip_conntrack_info ctinfo); enum ip_conntrack_info ctinfo,
unsigned int protoff);
EXPORT_SYMBOL_GPL(nf_nat_seq_adjust_hook); EXPORT_SYMBOL_GPL(nf_nat_seq_adjust_hook);
static bool ipv4_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff, static bool ipv4_pkt_to_tuple(const struct sk_buff *skb, unsigned int nhoff,
...@@ -149,7 +150,8 @@ static unsigned int ipv4_confirm(unsigned int hooknum, ...@@ -149,7 +150,8 @@ static unsigned int ipv4_confirm(unsigned int hooknum,
typeof(nf_nat_seq_adjust_hook) seq_adjust; typeof(nf_nat_seq_adjust_hook) seq_adjust;
seq_adjust = rcu_dereference(nf_nat_seq_adjust_hook); seq_adjust = rcu_dereference(nf_nat_seq_adjust_hook);
if (!seq_adjust || !seq_adjust(skb, ct, ctinfo)) { if (!seq_adjust ||
!seq_adjust(skb, ct, ctinfo, ip_hdrlen(skb))) {
NF_CT_STAT_INC_ATOMIC(nf_ct_net(ct), drop); NF_CT_STAT_INC_ATOMIC(nf_ct_net(ct), drop);
return NF_DROP; return NF_DROP;
} }
......
...@@ -26,6 +26,7 @@ MODULE_ALIAS("ip_nat_amanda"); ...@@ -26,6 +26,7 @@ MODULE_ALIAS("ip_nat_amanda");
static unsigned int help(struct sk_buff *skb, static unsigned int help(struct sk_buff *skb,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned int matchoff, unsigned int matchoff,
unsigned int matchlen, unsigned int matchlen,
struct nf_conntrack_expect *exp) struct nf_conntrack_expect *exp)
...@@ -61,7 +62,7 @@ static unsigned int help(struct sk_buff *skb, ...@@ -61,7 +62,7 @@ static unsigned int help(struct sk_buff *skb,
sprintf(buffer, "%u", port); sprintf(buffer, "%u", port);
ret = nf_nat_mangle_udp_packet(skb, exp->master, ctinfo, ret = nf_nat_mangle_udp_packet(skb, exp->master, ctinfo,
matchoff, matchlen, protoff, matchoff, matchlen,
buffer, strlen(buffer)); buffer, strlen(buffer));
if (ret != NF_ACCEPT) if (ret != NF_ACCEPT)
nf_ct_unexpect_related(exp); nf_ct_unexpect_related(exp);
......
...@@ -55,6 +55,7 @@ static int nf_nat_ftp_fmt_cmd(enum nf_ct_ftp_type type, ...@@ -55,6 +55,7 @@ static int nf_nat_ftp_fmt_cmd(enum nf_ct_ftp_type type,
static unsigned int nf_nat_ftp(struct sk_buff *skb, static unsigned int nf_nat_ftp(struct sk_buff *skb,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
enum nf_ct_ftp_type type, enum nf_ct_ftp_type type,
unsigned int protoff,
unsigned int matchoff, unsigned int matchoff,
unsigned int matchlen, unsigned int matchlen,
struct nf_conntrack_expect *exp) struct nf_conntrack_expect *exp)
...@@ -100,7 +101,7 @@ static unsigned int nf_nat_ftp(struct sk_buff *skb, ...@@ -100,7 +101,7 @@ static unsigned int nf_nat_ftp(struct sk_buff *skb,
pr_debug("calling nf_nat_mangle_tcp_packet\n"); pr_debug("calling nf_nat_mangle_tcp_packet\n");
if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, matchoff, if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff, matchoff,
matchlen, buffer, buflen)) matchlen, buffer, buflen))
goto out; goto out;
......
...@@ -21,7 +21,7 @@ ...@@ -21,7 +21,7 @@
#include <linux/netfilter/nf_conntrack_h323.h> #include <linux/netfilter/nf_conntrack_h323.h>
/****************************************************************************/ /****************************************************************************/
static int set_addr(struct sk_buff *skb, static int set_addr(struct sk_buff *skb, unsigned int protoff,
unsigned char **data, int dataoff, unsigned char **data, int dataoff,
unsigned int addroff, __be32 ip, __be16 port) unsigned int addroff, __be32 ip, __be16 port)
{ {
...@@ -40,7 +40,7 @@ static int set_addr(struct sk_buff *skb, ...@@ -40,7 +40,7 @@ static int set_addr(struct sk_buff *skb,
if (ip_hdr(skb)->protocol == IPPROTO_TCP) { if (ip_hdr(skb)->protocol == IPPROTO_TCP) {
if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
addroff, sizeof(buf), protoff, addroff, sizeof(buf),
(char *) &buf, sizeof(buf))) { (char *) &buf, sizeof(buf))) {
net_notice_ratelimited("nf_nat_h323: nf_nat_mangle_tcp_packet error\n"); net_notice_ratelimited("nf_nat_h323: nf_nat_mangle_tcp_packet error\n");
return -1; return -1;
...@@ -54,7 +54,7 @@ static int set_addr(struct sk_buff *skb, ...@@ -54,7 +54,7 @@ static int set_addr(struct sk_buff *skb,
*data = skb->data + ip_hdrlen(skb) + th->doff * 4 + dataoff; *data = skb->data + ip_hdrlen(skb) + th->doff * 4 + dataoff;
} else { } else {
if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo, if (!nf_nat_mangle_udp_packet(skb, ct, ctinfo,
addroff, sizeof(buf), protoff, addroff, sizeof(buf),
(char *) &buf, sizeof(buf))) { (char *) &buf, sizeof(buf))) {
net_notice_ratelimited("nf_nat_h323: nf_nat_mangle_udp_packet error\n"); net_notice_ratelimited("nf_nat_h323: nf_nat_mangle_udp_packet error\n");
return -1; return -1;
...@@ -69,22 +69,22 @@ static int set_addr(struct sk_buff *skb, ...@@ -69,22 +69,22 @@ static int set_addr(struct sk_buff *skb,
} }
/****************************************************************************/ /****************************************************************************/
static int set_h225_addr(struct sk_buff *skb, static int set_h225_addr(struct sk_buff *skb, unsigned int protoff,
unsigned char **data, int dataoff, unsigned char **data, int dataoff,
TransportAddress *taddr, TransportAddress *taddr,
union nf_inet_addr *addr, __be16 port) union nf_inet_addr *addr, __be16 port)
{ {
return set_addr(skb, data, dataoff, taddr->ipAddress.ip, return set_addr(skb, protoff, data, dataoff, taddr->ipAddress.ip,
addr->ip, port); addr->ip, port);
} }
/****************************************************************************/ /****************************************************************************/
static int set_h245_addr(struct sk_buff *skb, static int set_h245_addr(struct sk_buff *skb, unsigned protoff,
unsigned char **data, int dataoff, unsigned char **data, int dataoff,
H245_TransportAddress *taddr, H245_TransportAddress *taddr,
union nf_inet_addr *addr, __be16 port) union nf_inet_addr *addr, __be16 port)
{ {
return set_addr(skb, data, dataoff, return set_addr(skb, protoff, data, dataoff,
taddr->unicastAddress.iPAddress.network, taddr->unicastAddress.iPAddress.network,
addr->ip, port); addr->ip, port);
} }
...@@ -92,7 +92,7 @@ static int set_h245_addr(struct sk_buff *skb, ...@@ -92,7 +92,7 @@ static int set_h245_addr(struct sk_buff *skb,
/****************************************************************************/ /****************************************************************************/
static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct, static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned char **data, unsigned int protoff, unsigned char **data,
TransportAddress *taddr, int count) TransportAddress *taddr, int count)
{ {
const struct nf_ct_h323_master *info = nfct_help_data(ct); const struct nf_ct_h323_master *info = nfct_help_data(ct);
...@@ -118,7 +118,8 @@ static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct, ...@@ -118,7 +118,8 @@ static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
&addr.ip, port, &addr.ip, port,
&ct->tuplehash[!dir].tuple.dst.u3.ip, &ct->tuplehash[!dir].tuple.dst.u3.ip,
info->sig_port[!dir]); info->sig_port[!dir]);
return set_h225_addr(skb, data, 0, &taddr[i], return set_h225_addr(skb, protoff, data, 0,
&taddr[i],
&ct->tuplehash[!dir]. &ct->tuplehash[!dir].
tuple.dst.u3, tuple.dst.u3,
info->sig_port[!dir]); info->sig_port[!dir]);
...@@ -129,7 +130,8 @@ static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct, ...@@ -129,7 +130,8 @@ static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
&addr.ip, port, &addr.ip, port,
&ct->tuplehash[!dir].tuple.src.u3.ip, &ct->tuplehash[!dir].tuple.src.u3.ip,
info->sig_port[!dir]); info->sig_port[!dir]);
return set_h225_addr(skb, data, 0, &taddr[i], return set_h225_addr(skb, protoff, data, 0,
&taddr[i],
&ct->tuplehash[!dir]. &ct->tuplehash[!dir].
tuple.src.u3, tuple.src.u3,
info->sig_port[!dir]); info->sig_port[!dir]);
...@@ -143,7 +145,7 @@ static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct, ...@@ -143,7 +145,7 @@ static int set_sig_addr(struct sk_buff *skb, struct nf_conn *ct,
/****************************************************************************/ /****************************************************************************/
static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct, static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned char **data, unsigned int protoff, unsigned char **data,
TransportAddress *taddr, int count) TransportAddress *taddr, int count)
{ {
int dir = CTINFO2DIR(ctinfo); int dir = CTINFO2DIR(ctinfo);
...@@ -159,7 +161,7 @@ static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct, ...@@ -159,7 +161,7 @@ static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct,
&addr.ip, ntohs(port), &addr.ip, ntohs(port),
&ct->tuplehash[!dir].tuple.dst.u3.ip, &ct->tuplehash[!dir].tuple.dst.u3.ip,
ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port)); ntohs(ct->tuplehash[!dir].tuple.dst.u.udp.port));
return set_h225_addr(skb, data, 0, &taddr[i], return set_h225_addr(skb, protoff, data, 0, &taddr[i],
&ct->tuplehash[!dir].tuple.dst.u3, &ct->tuplehash[!dir].tuple.dst.u3,
ct->tuplehash[!dir].tuple. ct->tuplehash[!dir].tuple.
dst.u.udp.port); dst.u.udp.port);
...@@ -172,7 +174,7 @@ static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct, ...@@ -172,7 +174,7 @@ static int set_ras_addr(struct sk_buff *skb, struct nf_conn *ct,
/****************************************************************************/ /****************************************************************************/
static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned char **data, int dataoff, unsigned int protoff, unsigned char **data, int dataoff,
H245_TransportAddress *taddr, H245_TransportAddress *taddr,
__be16 port, __be16 rtp_port, __be16 port, __be16 rtp_port,
struct nf_conntrack_expect *rtp_exp, struct nf_conntrack_expect *rtp_exp,
...@@ -244,7 +246,7 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, ...@@ -244,7 +246,7 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
} }
/* Modify signal */ /* Modify signal */
if (set_h245_addr(skb, data, dataoff, taddr, if (set_h245_addr(skb, protoff, data, dataoff, taddr,
&ct->tuplehash[!dir].tuple.dst.u3, &ct->tuplehash[!dir].tuple.dst.u3,
htons((port & htons(1)) ? nated_port + 1 : htons((port & htons(1)) ? nated_port + 1 :
nated_port)) == 0) { nated_port)) == 0) {
...@@ -275,7 +277,7 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct, ...@@ -275,7 +277,7 @@ static int nat_rtp_rtcp(struct sk_buff *skb, struct nf_conn *ct,
/****************************************************************************/ /****************************************************************************/
static int nat_t120(struct sk_buff *skb, struct nf_conn *ct, static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned char **data, int dataoff, unsigned int protoff, unsigned char **data, int dataoff,
H245_TransportAddress *taddr, __be16 port, H245_TransportAddress *taddr, __be16 port,
struct nf_conntrack_expect *exp) struct nf_conntrack_expect *exp)
{ {
...@@ -307,7 +309,7 @@ static int nat_t120(struct sk_buff *skb, struct nf_conn *ct, ...@@ -307,7 +309,7 @@ static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
} }
/* Modify signal */ /* Modify signal */
if (set_h245_addr(skb, data, dataoff, taddr, if (set_h245_addr(skb, protoff, data, dataoff, taddr,
&ct->tuplehash[!dir].tuple.dst.u3, &ct->tuplehash[!dir].tuple.dst.u3,
htons(nated_port)) < 0) { htons(nated_port)) < 0) {
nf_ct_unexpect_related(exp); nf_ct_unexpect_related(exp);
...@@ -326,7 +328,7 @@ static int nat_t120(struct sk_buff *skb, struct nf_conn *ct, ...@@ -326,7 +328,7 @@ static int nat_t120(struct sk_buff *skb, struct nf_conn *ct,
/****************************************************************************/ /****************************************************************************/
static int nat_h245(struct sk_buff *skb, struct nf_conn *ct, static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned char **data, int dataoff, unsigned int protoff, unsigned char **data, int dataoff,
TransportAddress *taddr, __be16 port, TransportAddress *taddr, __be16 port,
struct nf_conntrack_expect *exp) struct nf_conntrack_expect *exp)
{ {
...@@ -363,7 +365,7 @@ static int nat_h245(struct sk_buff *skb, struct nf_conn *ct, ...@@ -363,7 +365,7 @@ static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
} }
/* Modify signal */ /* Modify signal */
if (set_h225_addr(skb, data, dataoff, taddr, if (set_h225_addr(skb, protoff, data, dataoff, taddr,
&ct->tuplehash[!dir].tuple.dst.u3, &ct->tuplehash[!dir].tuple.dst.u3,
htons(nated_port)) == 0) { htons(nated_port)) == 0) {
/* Save ports */ /* Save ports */
...@@ -416,7 +418,8 @@ static void ip_nat_q931_expect(struct nf_conn *new, ...@@ -416,7 +418,8 @@ static void ip_nat_q931_expect(struct nf_conn *new,
/****************************************************************************/ /****************************************************************************/
static int nat_q931(struct sk_buff *skb, struct nf_conn *ct, static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned char **data, TransportAddress *taddr, int idx, unsigned int protoff, unsigned char **data,
TransportAddress *taddr, int idx,
__be16 port, struct nf_conntrack_expect *exp) __be16 port, struct nf_conntrack_expect *exp)
{ {
struct nf_ct_h323_master *info = nfct_help_data(ct); struct nf_ct_h323_master *info = nfct_help_data(ct);
...@@ -453,7 +456,7 @@ static int nat_q931(struct sk_buff *skb, struct nf_conn *ct, ...@@ -453,7 +456,7 @@ static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
} }
/* Modify signal */ /* Modify signal */
if (set_h225_addr(skb, data, 0, &taddr[idx], if (set_h225_addr(skb, protoff, data, 0, &taddr[idx],
&ct->tuplehash[!dir].tuple.dst.u3, &ct->tuplehash[!dir].tuple.dst.u3,
htons(nated_port)) == 0) { htons(nated_port)) == 0) {
/* Save ports */ /* Save ports */
...@@ -464,7 +467,7 @@ static int nat_q931(struct sk_buff *skb, struct nf_conn *ct, ...@@ -464,7 +467,7 @@ static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
if (idx > 0 && if (idx > 0 &&
get_h225_addr(ct, *data, &taddr[0], &addr, &port) && get_h225_addr(ct, *data, &taddr[0], &addr, &port) &&
(ntohl(addr.ip) & 0xff000000) == 0x7f000000) { (ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
set_h225_addr(skb, data, 0, &taddr[0], set_h225_addr(skb, protoff, data, 0, &taddr[0],
&ct->tuplehash[!dir].tuple.dst.u3, &ct->tuplehash[!dir].tuple.dst.u3,
info->sig_port[!dir]); info->sig_port[!dir]);
} }
...@@ -507,6 +510,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new, ...@@ -507,6 +510,7 @@ static void ip_nat_callforwarding_expect(struct nf_conn *new,
/****************************************************************************/ /****************************************************************************/
static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct, static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned char **data, int dataoff, unsigned char **data, int dataoff,
TransportAddress *taddr, __be16 port, TransportAddress *taddr, __be16 port,
struct nf_conntrack_expect *exp) struct nf_conntrack_expect *exp)
...@@ -541,7 +545,7 @@ static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct, ...@@ -541,7 +545,7 @@ static int nat_callforwarding(struct sk_buff *skb, struct nf_conn *ct,
} }
/* Modify signal */ /* Modify signal */
if (!set_h225_addr(skb, data, dataoff, taddr, if (!set_h225_addr(skb, protoff, data, dataoff, taddr,
&ct->tuplehash[!dir].tuple.dst.u3, &ct->tuplehash[!dir].tuple.dst.u3,
htons(nated_port)) == 0) { htons(nated_port)) == 0) {
nf_ct_unexpect_related(exp); nf_ct_unexpect_related(exp);
......
...@@ -206,6 +206,7 @@ static void nf_nat_csum(struct sk_buff *skb, const struct iphdr *iph, void *data ...@@ -206,6 +206,7 @@ static void nf_nat_csum(struct sk_buff *skb, const struct iphdr *iph, void *data
int __nf_nat_mangle_tcp_packet(struct sk_buff *skb, int __nf_nat_mangle_tcp_packet(struct sk_buff *skb,
struct nf_conn *ct, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned int match_offset, unsigned int match_offset,
unsigned int match_len, unsigned int match_len,
const char *rep_buffer, const char *rep_buffer,
...@@ -257,6 +258,7 @@ int ...@@ -257,6 +258,7 @@ int
nf_nat_mangle_udp_packet(struct sk_buff *skb, nf_nat_mangle_udp_packet(struct sk_buff *skb,
struct nf_conn *ct, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned int match_offset, unsigned int match_offset,
unsigned int match_len, unsigned int match_len,
const char *rep_buffer, const char *rep_buffer,
...@@ -387,7 +389,8 @@ nf_nat_sack_adjust(struct sk_buff *skb, ...@@ -387,7 +389,8 @@ nf_nat_sack_adjust(struct sk_buff *skb,
int int
nf_nat_seq_adjust(struct sk_buff *skb, nf_nat_seq_adjust(struct sk_buff *skb,
struct nf_conn *ct, struct nf_conn *ct,
enum ip_conntrack_info ctinfo) enum ip_conntrack_info ctinfo,
unsigned int protoff)
{ {
struct tcphdr *tcph; struct tcphdr *tcph;
int dir; int dir;
...@@ -401,10 +404,10 @@ nf_nat_seq_adjust(struct sk_buff *skb, ...@@ -401,10 +404,10 @@ nf_nat_seq_adjust(struct sk_buff *skb,
this_way = &nat->seq[dir]; this_way = &nat->seq[dir];
other_way = &nat->seq[!dir]; other_way = &nat->seq[!dir];
if (!skb_make_writable(skb, ip_hdrlen(skb) + sizeof(*tcph))) if (!skb_make_writable(skb, protoff + sizeof(*tcph)))
return 0; return 0;
tcph = (void *)skb->data + ip_hdrlen(skb); tcph = (void *)skb->data + protoff;
if (after(ntohl(tcph->seq), this_way->correction_pos)) if (after(ntohl(tcph->seq), this_way->correction_pos))
seqoff = this_way->offset_after; seqoff = this_way->offset_after;
else else
......
...@@ -29,6 +29,7 @@ MODULE_ALIAS("ip_nat_irc"); ...@@ -29,6 +29,7 @@ MODULE_ALIAS("ip_nat_irc");
static unsigned int help(struct sk_buff *skb, static unsigned int help(struct sk_buff *skb,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned int matchoff, unsigned int matchoff,
unsigned int matchlen, unsigned int matchlen,
struct nf_conntrack_expect *exp) struct nf_conntrack_expect *exp)
...@@ -66,7 +67,7 @@ static unsigned int help(struct sk_buff *skb, ...@@ -66,7 +67,7 @@ static unsigned int help(struct sk_buff *skb,
buffer, &ip, port); buffer, &ip, port);
ret = nf_nat_mangle_tcp_packet(skb, exp->master, ctinfo, ret = nf_nat_mangle_tcp_packet(skb, exp->master, ctinfo,
matchoff, matchlen, buffer, protoff, matchoff, matchlen, buffer,
strlen(buffer)); strlen(buffer));
if (ret != NF_ACCEPT) if (ret != NF_ACCEPT)
nf_ct_unexpect_related(exp); nf_ct_unexpect_related(exp);
......
...@@ -113,6 +113,7 @@ static int ...@@ -113,6 +113,7 @@ static int
pptp_outbound_pkt(struct sk_buff *skb, pptp_outbound_pkt(struct sk_buff *skb,
struct nf_conn *ct, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
struct PptpControlHeader *ctlh, struct PptpControlHeader *ctlh,
union pptp_ctrl_union *pptpReq) union pptp_ctrl_union *pptpReq)
...@@ -175,7 +176,7 @@ pptp_outbound_pkt(struct sk_buff *skb, ...@@ -175,7 +176,7 @@ pptp_outbound_pkt(struct sk_buff *skb,
ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid)); ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid));
/* mangle packet */ /* mangle packet */
if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff,
cid_off + sizeof(struct pptp_pkt_hdr) + cid_off + sizeof(struct pptp_pkt_hdr) +
sizeof(struct PptpControlHeader), sizeof(struct PptpControlHeader),
sizeof(new_callid), (char *)&new_callid, sizeof(new_callid), (char *)&new_callid,
...@@ -216,6 +217,7 @@ static int ...@@ -216,6 +217,7 @@ static int
pptp_inbound_pkt(struct sk_buff *skb, pptp_inbound_pkt(struct sk_buff *skb,
struct nf_conn *ct, struct nf_conn *ct,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
struct PptpControlHeader *ctlh, struct PptpControlHeader *ctlh,
union pptp_ctrl_union *pptpReq) union pptp_ctrl_union *pptpReq)
{ {
...@@ -268,7 +270,7 @@ pptp_inbound_pkt(struct sk_buff *skb, ...@@ -268,7 +270,7 @@ pptp_inbound_pkt(struct sk_buff *skb,
pr_debug("altering peer call id from 0x%04x to 0x%04x\n", pr_debug("altering peer call id from 0x%04x to 0x%04x\n",
ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid)); ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid));
if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff,
pcid_off + sizeof(struct pptp_pkt_hdr) + pcid_off + sizeof(struct pptp_pkt_hdr) +
sizeof(struct PptpControlHeader), sizeof(struct PptpControlHeader),
sizeof(new_pcid), (char *)&new_pcid, sizeof(new_pcid), (char *)&new_pcid,
......
This diff is collapsed.
...@@ -268,6 +268,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp, ...@@ -268,6 +268,7 @@ static int ip_vs_ftp_out(struct ip_vs_app *app, struct ip_vs_conn *cp,
* packet. * packet.
*/ */
ret = nf_nat_mangle_tcp_packet(skb, ct, ctinfo, ret = nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
iph->ihl * 4,
start-data, end-start, start-data, end-start,
buf, buf_len); buf, buf_len);
if (ret) { if (ret) {
......
...@@ -40,6 +40,7 @@ MODULE_PARM_DESC(ts_algo, "textsearch algorithm to use (default kmp)"); ...@@ -40,6 +40,7 @@ MODULE_PARM_DESC(ts_algo, "textsearch algorithm to use (default kmp)");
unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb, unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned int matchoff, unsigned int matchoff,
unsigned int matchlen, unsigned int matchlen,
struct nf_conntrack_expect *exp) struct nf_conntrack_expect *exp)
...@@ -156,8 +157,8 @@ static int amanda_help(struct sk_buff *skb, ...@@ -156,8 +157,8 @@ static int amanda_help(struct sk_buff *skb,
nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook); nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook);
if (nf_nat_amanda && nf_ct_l3num(ct) == NFPROTO_IPV4 && if (nf_nat_amanda && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
ct->status & IPS_NAT_MASK) ct->status & IPS_NAT_MASK)
ret = nf_nat_amanda(skb, ctinfo, off - dataoff, ret = nf_nat_amanda(skb, ctinfo, protoff,
len, exp); off - dataoff, len, exp);
else if (nf_ct_expect_related(exp) != 0) else if (nf_ct_expect_related(exp) != 0)
ret = NF_DROP; ret = NF_DROP;
nf_ct_expect_put(exp); nf_ct_expect_put(exp);
......
...@@ -48,6 +48,7 @@ module_param(loose, bool, 0600); ...@@ -48,6 +48,7 @@ module_param(loose, bool, 0600);
unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb, unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
enum nf_ct_ftp_type type, enum nf_ct_ftp_type type,
unsigned int protoff,
unsigned int matchoff, unsigned int matchoff,
unsigned int matchlen, unsigned int matchlen,
struct nf_conntrack_expect *exp); struct nf_conntrack_expect *exp);
...@@ -490,7 +491,7 @@ static int help(struct sk_buff *skb, ...@@ -490,7 +491,7 @@ static int help(struct sk_buff *skb,
if (nf_nat_ftp && nf_ct_l3num(ct) == NFPROTO_IPV4 && if (nf_nat_ftp && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
ct->status & IPS_NAT_MASK) ct->status & IPS_NAT_MASK)
ret = nf_nat_ftp(skb, ctinfo, search[dir][i].ftptype, ret = nf_nat_ftp(skb, ctinfo, search[dir][i].ftptype,
matchoff, matchlen, exp); protoff, matchoff, matchlen, exp);
else { else {
/* Can't expect this? Best to drop packet now. */ /* Can't expect this? Best to drop packet now. */
if (nf_ct_expect_related(exp) != 0) if (nf_ct_expect_related(exp) != 0)
......
This diff is collapsed.
...@@ -33,6 +33,7 @@ static DEFINE_SPINLOCK(irc_buffer_lock); ...@@ -33,6 +33,7 @@ static DEFINE_SPINLOCK(irc_buffer_lock);
unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb, unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb,
enum ip_conntrack_info ctinfo, enum ip_conntrack_info ctinfo,
unsigned int protoff,
unsigned int matchoff, unsigned int matchoff,
unsigned int matchlen, unsigned int matchlen,
struct nf_conntrack_expect *exp) __read_mostly; struct nf_conntrack_expect *exp) __read_mostly;
...@@ -206,7 +207,7 @@ static int help(struct sk_buff *skb, unsigned int protoff, ...@@ -206,7 +207,7 @@ static int help(struct sk_buff *skb, unsigned int protoff,
nf_nat_irc = rcu_dereference(nf_nat_irc_hook); nf_nat_irc = rcu_dereference(nf_nat_irc_hook);
if (nf_nat_irc && nf_ct_l3num(ct) == NFPROTO_IPV4 && if (nf_nat_irc && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
ct->status & IPS_NAT_MASK) ct->status & IPS_NAT_MASK)
ret = nf_nat_irc(skb, ctinfo, ret = nf_nat_irc(skb, ctinfo, protoff,
addr_beg_p - ib_ptr, addr_beg_p - ib_ptr,
addr_end_p - addr_beg_p, addr_end_p - addr_beg_p,
exp); exp);
......
...@@ -45,14 +45,14 @@ static DEFINE_SPINLOCK(nf_pptp_lock); ...@@ -45,14 +45,14 @@ static DEFINE_SPINLOCK(nf_pptp_lock);
int int
(*nf_nat_pptp_hook_outbound)(struct sk_buff *skb, (*nf_nat_pptp_hook_outbound)(struct sk_buff *skb,
struct nf_conn *ct, enum ip_conntrack_info ctinfo, struct nf_conn *ct, enum ip_conntrack_info ctinfo,
struct PptpControlHeader *ctlh, unsigned int protoff, struct PptpControlHeader *ctlh,
union pptp_ctrl_union *pptpReq) __read_mostly; union pptp_ctrl_union *pptpReq) __read_mostly;
EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound); EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound);
int int
(*nf_nat_pptp_hook_inbound)(struct sk_buff *skb, (*nf_nat_pptp_hook_inbound)(struct sk_buff *skb,
struct nf_conn *ct, enum ip_conntrack_info ctinfo, struct nf_conn *ct, enum ip_conntrack_info ctinfo,
struct PptpControlHeader *ctlh, unsigned int protoff, struct PptpControlHeader *ctlh,
union pptp_ctrl_union *pptpReq) __read_mostly; union pptp_ctrl_union *pptpReq) __read_mostly;
EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_inbound); EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_inbound);
...@@ -262,7 +262,7 @@ static int exp_gre(struct nf_conn *ct, __be16 callid, __be16 peer_callid) ...@@ -262,7 +262,7 @@ static int exp_gre(struct nf_conn *ct, __be16 callid, __be16 peer_callid)
} }
static inline int static inline int
pptp_inbound_pkt(struct sk_buff *skb, pptp_inbound_pkt(struct sk_buff *skb, unsigned int protoff,
struct PptpControlHeader *ctlh, struct PptpControlHeader *ctlh,
union pptp_ctrl_union *pptpReq, union pptp_ctrl_union *pptpReq,
unsigned int reqlen, unsigned int reqlen,
...@@ -376,7 +376,8 @@ pptp_inbound_pkt(struct sk_buff *skb, ...@@ -376,7 +376,8 @@ pptp_inbound_pkt(struct sk_buff *skb,
nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound); nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound);
if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK) if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK)
return nf_nat_pptp_inbound(skb, ct, ctinfo, ctlh, pptpReq); return nf_nat_pptp_inbound(skb, ct, ctinfo,
protoff, ctlh, pptpReq);
return NF_ACCEPT; return NF_ACCEPT;
invalid: invalid:
...@@ -389,7 +390,7 @@ pptp_inbound_pkt(struct sk_buff *skb, ...@@ -389,7 +390,7 @@ pptp_inbound_pkt(struct sk_buff *skb,
} }
static inline int static inline int
pptp_outbound_pkt(struct sk_buff *skb, pptp_outbound_pkt(struct sk_buff *skb, unsigned int protoff,
struct PptpControlHeader *ctlh, struct PptpControlHeader *ctlh,
union pptp_ctrl_union *pptpReq, union pptp_ctrl_union *pptpReq,
unsigned int reqlen, unsigned int reqlen,
...@@ -471,7 +472,8 @@ pptp_outbound_pkt(struct sk_buff *skb, ...@@ -471,7 +472,8 @@ pptp_outbound_pkt(struct sk_buff *skb,
nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound); nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound);
if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK) if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK)
return nf_nat_pptp_outbound(skb, ct, ctinfo, ctlh, pptpReq); return nf_nat_pptp_outbound(skb, ct, ctinfo,
protoff, ctlh, pptpReq);
return NF_ACCEPT; return NF_ACCEPT;
invalid: invalid:
...@@ -570,11 +572,11 @@ conntrack_pptp_help(struct sk_buff *skb, unsigned int protoff, ...@@ -570,11 +572,11 @@ conntrack_pptp_help(struct sk_buff *skb, unsigned int protoff,
* established from PNS->PAC. However, RFC makes no guarantee */ * established from PNS->PAC. However, RFC makes no guarantee */
if (dir == IP_CT_DIR_ORIGINAL) if (dir == IP_CT_DIR_ORIGINAL)
/* client -> server (PNS -> PAC) */ /* client -> server (PNS -> PAC) */
ret = pptp_outbound_pkt(skb, ctlh, pptpReq, reqlen, ct, ret = pptp_outbound_pkt(skb, protoff, ctlh, pptpReq, reqlen, ct,
ctinfo); ctinfo);
else else
/* server -> client (PAC -> PNS) */ /* server -> client (PAC -> PNS) */
ret = pptp_inbound_pkt(skb, ctlh, pptpReq, reqlen, ct, ret = pptp_inbound_pkt(skb, protoff, ctlh, pptpReq, reqlen, ct,
ctinfo); ctinfo);
pr_debug("sstate: %d->%d, cstate: %d->%d\n", pr_debug("sstate: %d->%d, cstate: %d->%d\n",
oldsstate, info->sstate, oldcstate, info->cstate); oldsstate, info->sstate, oldcstate, info->cstate);
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment