SOURCES (LINUX_2_6): linux-2.6-nf-h323-conntrack-nat.patch (NEW) -...
cieciwa
cieciwa at pld-linux.org
Sun Oct 30 01:46:03 CEST 2005
Author: cieciwa Date: Sat Oct 29 23:46:03 2005 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- snap 20051028 for 2.6.14.
---- Files affected:
SOURCES:
linux-2.6-nf-h323-conntrack-nat.patch (NONE -> 1.1.2.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/linux-2.6-nf-h323-conntrack-nat.patch
diff -u /dev/null SOURCES/linux-2.6-nf-h323-conntrack-nat.patch:1.1.2.1
--- /dev/null Sun Oct 30 01:46:03 2005
+++ SOURCES/linux-2.6-nf-h323-conntrack-nat.patch Sun Oct 30 01:45:58 2005
@@ -0,0 +1,2145 @@
+ include/linux/netfilter_ipv4/ip_conntrack_h323.h | 38
+ net/ipv4/netfilter/Kconfig | 18
+ net/ipv4/netfilter/Makefile | 4
+ net/ipv4/netfilter/asn1_per.c | 353 ++++++++
+ net/ipv4/netfilter/asn1_per.h | 83 +
+ net/ipv4/netfilter/ip_conntrack_h323_core.c | 37
+ net/ipv4/netfilter/ip_conntrack_h323_h225.c | 405 +++++++++
+ net/ipv4/netfilter/ip_conntrack_h323_h245.c | 959 +++++++++++++++++++++++
+ net/ipv4/netfilter/ip_nat_h323.c | 196 ++++
+ 9 files changed, 2093 insertions(+)
+
+diff -Nur --exclude '*.orig' linux-2.6.14.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h linux-2.6.14/include/linux/netfilter_ipv4/ip_conntrack_h323.h
+--- linux-2.6.14.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/include/linux/netfilter_ipv4/ip_conntrack_h323.h 2005-10-30 01:29:17.000000000 +0200
+@@ -0,0 +1,38 @@
++#ifndef _IP_CONNTRACK_H323_H
++#define _IP_CONNTRACK_H323_H
++/* H.323 connection tracking. */
++
++#ifdef __KERNEL__
++
++/* Default H.225 port */
++#define H225_PORT 1720
++
++struct ip_conntrack_expect;
++struct ip_conntrack;
++struct ip_conntrack_helper;
++
++extern int (*ip_nat_h245_hook)(struct sk_buff **pskb,
++ enum ip_conntrack_info ctinfo,
++ unsigned int offset,
++ struct ip_conntrack_expect *exp);
++
++extern int (*ip_nat_h225_hook)(struct sk_buff **pskb,
++ enum ip_conntrack_info ctinfo,
++ unsigned int offset,
++ struct ip_conntrack_expect *exp);
++
++extern void (*ip_nat_h225_signal_hook)(struct sk_buff **pskb,
++ struct ip_conntrack *ct,
++ enum ip_conntrack_info ctinfo,
++ unsigned int offset,
++ int dir,
++ int orig_dir);
++
++extern struct ip_conntrack_helper ip_conntrack_helper_h225;
++
++void ip_conntrack_h245_expect(struct ip_conntrack *new,
++ struct ip_conntrack_expect *this);
++
++#endif /* __KERNEL__ */
++
++#endif /* _IP_CONNTRACK_H323_H */
+diff -Nur --exclude '*.orig' linux-2.6.14.org/net/ipv4/netfilter/Kconfig linux-2.6.14/net/ipv4/netfilter/Kconfig
+--- linux-2.6.14.org/net/ipv4/netfilter/Kconfig 2005-10-28 02:02:08.000000000 +0200
++++ linux-2.6.14/net/ipv4/netfilter/Kconfig 2005-10-30 01:29:17.000000000 +0200
+@@ -821,5 +821,23 @@
+ Allows altering the ARP packet payload: source and destination
+ hardware and network addresses.
+
++config IP_NF_NAT_H323
++ tristate
++ depends on IP_NF_CONNTRACK!=n && IP_NF_NAT!=n
++ default IP_NF_NAT if IP_NF_H323=y
++ default m if IP_NF_H323=m
++
++config IP_NF_H323
++ tristate 'H.323 (netmeeting) support'
++ depends on IP_NF_CONNTRACK
++ help
++ H.323 is a standard signalling protocol used by teleconferencing
++ softwares like netmeeting. With the ip_conntrack_h323 and
++ the ip_nat_h323 modules you can support the protocol on a connection
++ tracking/NATing firewall.
++
++ If you want to compile it as a module, say 'M' here and read
++ Documentation/modules.txt. If unsure, say 'N'.
++
+ endmenu
+
+diff -Nur --exclude '*.orig' linux-2.6.14.org/net/ipv4/netfilter/Makefile linux-2.6.14/net/ipv4/netfilter/Makefile
+--- linux-2.6.14.org/net/ipv4/netfilter/Makefile 2005-10-28 02:02:08.000000000 +0200
++++ linux-2.6.14/net/ipv4/netfilter/Makefile 2005-10-30 01:29:17.000000000 +0200
+@@ -0,0 +0,4 @@
++# H.323 support
++obj-$(CONFIG_IP_NF_H323) += ip_conntrack_h323.o
++ip_conntrack_h323-objs := ip_conntrack_h323_core.o ip_conntrack_h323_h225.o ip_conntrack_h323_h245.o asn1_per.o
++obj-$(CONFIG_IP_NF_NAT_H323) += ip_nat_h323.o
+diff -Nur --exclude '*.orig' linux-2.6.14.org/net/ipv4/netfilter/asn1_per.c linux-2.6.14/net/ipv4/netfilter/asn1_per.c
+--- linux-2.6.14.org/net/ipv4/netfilter/asn1_per.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/net/ipv4/netfilter/asn1_per.c 2005-10-30 01:29:17.000000000 +0200
+@@ -0,0 +1,353 @@
++/*
++ * Tiny ASN.1 packet encoding rules (PER) library.
++ *
++ * This is a tiny library which helps parsing ASN.1/PER packets
++ * (i.e. read only). It is meant to be secure and small.
++ *
++ * Warning, this library may still be incomplete and buggy.
++ *
++ * (c) 2005 Max Kellermann <max at duempel.org>
++ */
++
++#include <linux/kernel.h>
++#include <linux/string.h>
++
++#include "asn1_per.h"
++
++void asn1_per_initialize(struct asn1_per_buffer *bb,
++ const unsigned char *data,
++ unsigned length, unsigned position) {
++ *bb = (struct asn1_per_buffer){
++ .data = data,
++ .length = length,
++ .i = position,
++ .bit = 8,
++ .error = 0,
++ };
++}
++
++int asn1_per_read_bit(struct asn1_per_buffer *bb) {
++ int value;
++
++ if (bb->error)
++ return 0;
++
++ if (bb->i >= bb->length) {
++ bb->error = 1;
++ return 0;
++ }
++
++ bb->bit--;
++
++ value = (bb->data[bb->i] & (1 << bb->bit)) != 0;
++
++ if (bb->bit == 0) {
++ bb->bit = 8;
++ bb->i++;
++ }
++
++ return value;
++}
++
++unsigned asn1_per_read_bits(struct asn1_per_buffer *bb, unsigned count) {
++ unsigned value;
++
++ if (bb->error)
++ return 0;
++ if (bb->i >= bb->length) {
++ bb->error = 1;
++ return 0;
++ }
++
++ if (count > 32) {
++ /* XXX support more than 32 bits in the future here? */
++ bb->error = 1;
++ return 0;
++ }
++
++ if (count <= bb->bit) {
++ value = (bb->data[bb->i] >> (bb->bit - count)) & (0xff >> (8 - count));
++
++ bb->bit -= count;
++ if (bb->bit == 0) {
++ bb->bit = 8;
++ bb->i++;
++ }
++
++ return value;
++ }
++
++ count -= bb->bit;
++
++ value = bb->data[bb->i] & (0xff >> (8 - bb->bit));
++ bb->i++;
++
++ while (count >= 8) {
++ if (bb->i >= bb->length) {
++ bb->error = 1;
++ return 0;
++ }
++
++ value = (value << 8) | bb->data[bb->i];
++
++ bb->i++;
++ count -= 8;
++ }
++
++ if (count > 0) {
++ if (bb->i >= bb->length) {
++ bb->error = 1;
++ return 0;
++ }
++
++ value = (value << count) | (bb->data[bb->i] >> (8 - count));
++ }
++
++ bb->bit = 8 - count;
++
++ return value;
++}
++
++void asn1_per_read_bitmap(struct asn1_per_buffer *bb, unsigned count,
++ struct asn1_per_bitmap *bitmap) {
++ unsigned char *p;
++
++ memset(bitmap, 0, sizeof(*bitmap));
++
++ if (bb->error)
++ return;
++
++ if (count > sizeof(bitmap->data) * 8) {
++ /* XXX limited bit map support */
++ bb->error = 1;
++ return;
++ }
++
++ for (p = bitmap->data; count > 8; count -= 8)
++ *p++ = (unsigned char)asn1_per_read_bits(bb, 8);
++
++ if (count > 0)
++ *p = asn1_per_read_bits(bb, count) << (8 - count);
++
++ return;
++}
++
++void asn1_per_read_bytes(struct asn1_per_buffer *bb,
++ void *buffer, unsigned count) {
++ if (bb->error)
++ return;
++
++ if (bb->bit != 8) {
++ bb->error = 1;
++ return;
++ }
++
++ if (bb->i + count > bb->length) {
++ bb->error = 1;
++ return;
++ }
++
++ memcpy(buffer, bb->data + bb->i, count);
++
++ bb->i += count;
++}
++
++void asn1_per_byte_align(struct asn1_per_buffer *bb) {
++ if (bb->bit < 8) {
++ bb->bit = 8;
++ bb->i++;
++ }
++}
++
++static unsigned count_bits(unsigned range) {
++ unsigned bits = 0;
++
++ if (range == 0)
++ return 32;
++
++ if (range == 1)
++ return 1;
++
++ while (bits < 32 && range > (unsigned)(1 << bits))
++ bits++;
++
++ return bits;
++}
++
++unsigned asn1_per_read_unsigned(struct asn1_per_buffer *bb,
++ unsigned lower, unsigned upper) {
++ unsigned range = (upper - lower) + 1;
++ unsigned bits = count_bits(range);
++
++ if (lower == upper)
++ return lower;
++
++ if (range == 0 || range > 255) {
++ if (bits > 16)
++ bits = asn1_per_read_length(bb, 1, (bits+7)/8) * 8;
++ else if (bits > 8)
++ bits = 16;
++ asn1_per_byte_align(bb);
++ }
++
++ return lower + asn1_per_read_bits(bb, bits);
++}
++
++unsigned asn1_per_read_length(struct asn1_per_buffer *bb,
++ unsigned lower, unsigned upper) {
++ if (upper < 65536)
++ return asn1_per_read_unsigned(bb, lower, upper);
++
++ asn1_per_byte_align(bb);
++
++ if (!asn1_per_read_bit(bb))
++ return asn1_per_read_bits(bb, 7);
++
++ if (!asn1_per_read_bit(bb))
++ return asn1_per_read_bits(bb, 14);
++
++ bb->error = 1;
++ return 0;
++}
++
++unsigned asn1_per_read_small(struct asn1_per_buffer *bb) {
++ unsigned length;
++
++ if (!asn1_per_read_bit(bb))
++ return asn1_per_read_bits(bb, 6);
++
++ length = asn1_per_read_length(bb, 0, INT_MAX);
++
++ asn1_per_byte_align(bb);
++
++ return asn1_per_read_bits(bb, length * 8);
++}
++
++unsigned asn1_per_read_choice_header(struct asn1_per_buffer *bb,
++ int extendable,
++ unsigned options, unsigned *after) {
++ int extended;
++ unsigned choice;
++
++ extended = extendable && asn1_per_read_bit(bb);
++ if (extended) {
++ unsigned length;
++
++ choice = asn1_per_read_small(bb) + options;
++ length = asn1_per_read_length(bb, 0, INT_MAX);
++ *after = bb->i + length;
++ } else if (options < 2) {
++ choice = 0;
++ *after = 0;
++ } else {
++ choice = asn1_per_read_bits(bb, count_bits(options));
++ *after = 0;
++ }
++
++ return choice;
++}
++
++void asn1_per_read_sequence_header(struct asn1_per_buffer *bb, int extendable,
++ unsigned optional_count,
++ struct asn1_per_sequence_header *hdr) {
++ hdr->extended = extendable && asn1_per_read_bit(bb);
++ asn1_per_read_bitmap(bb, optional_count, &hdr->present);
++}
++
++void asn1_per_read_sequence_extension_header(struct asn1_per_buffer *bb,
++ const struct asn1_per_sequence_header *hdr,
++ struct asn1_per_sequence_extension_header *ext) {
++ if (!hdr->extended) {
++ memset(ext, 0, sizeof(*ext));
++ return;
++ }
++
++ ext->count = asn1_per_read_small(bb) + 1;
++ if (bb->error)
++ return;
++
++ asn1_per_read_bitmap(bb, ext->count, &ext->present);
++}
++
++void asn1_per_skip_sequence_extension(struct asn1_per_buffer *bb,
++ const struct asn1_per_sequence_header *hdr) {
++ struct asn1_per_sequence_extension_header ext;
++ unsigned i;
++
++ asn1_per_read_sequence_extension_header(bb, hdr, &ext);
++ if (bb->error)
++ return;
++
++ for (i = 0; i < ext.count && !bb->error; i++) {
++ if (asn1_per_bitmap_get(&ext.present, i))
++ asn1_per_skip_octet_string(bb);
++ }
++}
++
++void asn1_per_skip_object_id(struct asn1_per_buffer *bb) {
++ unsigned length;
++
++ length = asn1_per_read_length(bb, 0, 255);
++ switch (length) {
++ case 0:
++ break;
++
++ case 1:
++ asn1_per_read_bits(bb, 8);
++ break;
++
++ case 2:
++ asn1_per_read_bits(bb, 16);
++ break;
++
++ default:
++ asn1_per_byte_align(bb);
++
++ bb->i += length;
++ if (bb->i > bb->length)
++ bb->error = 1;
++ }
++}
++
++unsigned asn1_per_read_octet_string_header(struct asn1_per_buffer *bb) {
++ unsigned length;
++
++ length = asn1_per_read_length(bb, 0, INT_MAX);
++ if (length > 2)
++ asn1_per_byte_align(bb);
++
++ return length;
++}
++
++void asn1_per_skip_octet_string(struct asn1_per_buffer *bb) {
++ unsigned length;
++
++ length = asn1_per_read_length(bb, 0, INT_MAX);
++ switch (length) {
++ case 0:
++ break;
++
++ case 1:
++ asn1_per_read_bits(bb, 8);
++ break;
++
++ case 2:
++ asn1_per_read_bits(bb, 16);
++ break;
++
++ default:
++ asn1_per_byte_align(bb);
++
++ bb->i += length;
++ if (bb->i > bb->length)
++ bb->error = 1;
++ }
++}
++
++
++int asn1_per_bitmap_get(const struct asn1_per_bitmap *bitmap, unsigned i) {
++ if (i >= sizeof(bitmap->data) * 8)
++ return 0;
++
++ return (bitmap->data[i / 8] & (1 << (7 - (i % 8)))) != 0;
++}
+diff -Nur --exclude '*.orig' linux-2.6.14.org/net/ipv4/netfilter/asn1_per.h linux-2.6.14/net/ipv4/netfilter/asn1_per.h
+--- linux-2.6.14.org/net/ipv4/netfilter/asn1_per.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/net/ipv4/netfilter/asn1_per.h 2005-10-30 01:29:17.000000000 +0200
+@@ -0,0 +1,83 @@
++/*
++ * Tiny ASN.1 packet encoding rules (PER) library.
++ *
++ * This is a tiny library which helps parsing ASN.1/PER packets
++ * (i.e. read only). It is meant to be secure and small.
++ *
++ * Warning, this library may still be incomplete and buggy.
++ *
++ * (c) 2005 Max Kellermann <max at duempel.org>
++ */
++
++#ifndef __ASN1_PER_H
++#define __ASN1_PER_H
++
++struct asn1_per_buffer {
++ const unsigned char *data;
++ unsigned length, i, bit;
++ int error;
++};
++
++struct asn1_per_bitmap {
++ unsigned char data[16];
++};
++
++struct asn1_per_sequence_header {
++ int extended;
++ struct asn1_per_bitmap present;
++};
++
++struct asn1_per_sequence_extension_header {
++ unsigned count;
++ struct asn1_per_bitmap present;
++};
++
++void asn1_per_initialize(struct asn1_per_buffer *bb,
++ const unsigned char *data,
++ unsigned length, unsigned position);
++
++int asn1_per_read_bit(struct asn1_per_buffer *bb);
++
++unsigned asn1_per_read_bits(struct asn1_per_buffer *bb, unsigned count);
++
++void asn1_per_read_bitmap(struct asn1_per_buffer *bb, unsigned count,
++ struct asn1_per_bitmap *bitmap);
++
++void asn1_per_read_bytes(struct asn1_per_buffer *bb,
++ void *buffer, unsigned count);
++
++void asn1_per_byte_align(struct asn1_per_buffer *bb);
++
++unsigned asn1_per_read_unsigned(struct asn1_per_buffer *bb,
++ unsigned lower, unsigned upper);
++
++unsigned asn1_per_read_length(struct asn1_per_buffer *bb,
++ unsigned lower, unsigned upper);
++
++unsigned asn1_per_read_small(struct asn1_per_buffer *bb);
++
++unsigned asn1_per_read_choice_header(struct asn1_per_buffer *bb,
++ int extendable,
++ unsigned options, unsigned *after);
++
++void asn1_per_read_sequence_header(struct asn1_per_buffer *bb, int extendable,
++ unsigned optional_count,
++ struct asn1_per_sequence_header *hdr);
++
++void asn1_per_read_sequence_extension_header(struct asn1_per_buffer *bb,
++ const struct asn1_per_sequence_header *hdr,
++ struct asn1_per_sequence_extension_header *ext);
++
++void asn1_per_skip_sequence_extension(struct asn1_per_buffer *bb,
++ const struct asn1_per_sequence_header *hdr);
++
++void asn1_per_skip_object_id(struct asn1_per_buffer *bb);
++
++unsigned asn1_per_read_octet_string_header(struct asn1_per_buffer *bb);
++
++void asn1_per_skip_octet_string(struct asn1_per_buffer *bb);
++
++
++int asn1_per_bitmap_get(const struct asn1_per_bitmap *bitmap, unsigned i);
++
++#endif
+diff -Nur --exclude '*.orig' linux-2.6.14.org/net/ipv4/netfilter/ip_conntrack_h323_core.c linux-2.6.14/net/ipv4/netfilter/ip_conntrack_h323_core.c
+--- linux-2.6.14.org/net/ipv4/netfilter/ip_conntrack_h323_core.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/net/ipv4/netfilter/ip_conntrack_h323_core.c 2005-10-30 01:29:17.000000000 +0200
+@@ -0,0 +1,37 @@
++/*
++ * H.323 connection tracking helper
++ * (c) 2005 Max Kellermann <max at duempel.org>
++ *
++ * Based on the 'brute force' H.323 connection tracking module by
++ * Jozsef Kadlecsik <kadlec at blackhole.kfki.hu>
++ */
++
++
++#include <linux/module.h>
++#include <linux/netfilter.h>
++#include <linux/ip.h>
++#include <net/checksum.h>
++#include <net/tcp.h>
++
++#include <linux/netfilter_ipv4/ip_conntrack.h>
++#include <linux/netfilter_ipv4/ip_conntrack_core.h>
++#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
++#include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
++#include <linux/netfilter_ipv4/ip_conntrack_h323.h>
++
++MODULE_AUTHOR("Max Kellermann <max at duempel.org>");
++MODULE_DESCRIPTION("H.323 connection tracking helper");
++MODULE_LICENSE("GPL");
++
++static int __init init(void)
++{
++ return ip_conntrack_helper_register(&ip_conntrack_helper_h225);
++}
++
++static void __exit fini(void)
++{
++ ip_conntrack_helper_unregister(&ip_conntrack_helper_h225);
++}
++
++module_init(init);
++module_exit(fini);
+diff -Nur --exclude '*.orig' linux-2.6.14.org/net/ipv4/netfilter/ip_conntrack_h323_h225.c linux-2.6.14/net/ipv4/netfilter/ip_conntrack_h323_h225.c
+--- linux-2.6.14.org/net/ipv4/netfilter/ip_conntrack_h323_h225.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.14/net/ipv4/netfilter/ip_conntrack_h323_h225.c 2005-10-30 01:29:17.000000000 +0200
+@@ -0,0 +1,405 @@
++/*
++ * H.323/H.225 connection tracking helper
++ * (c) 2005 Max Kellermann <max at duempel.org>
++ *
++ * Uses Sampsa Ranta's excellent idea on using expectfn to 'bind'
++ * the unregistered helpers to the conntrack entries.
++ */
++
++
++#include <linux/module.h>
++#include <linux/netfilter.h>
++#include <linux/ip.h>
++#include <net/checksum.h>
++#include <net/tcp.h>
<<Diff was trimmed, longer than 597 lines>>
More information about the pld-cvs-commit
mailing list