SOURCES (LINUX_2_6): kernel-pom-ng-mms-conntrack-nat.patch, kernel...
zbyniu
zbyniu at pld-linux.org
Tue Jan 22 02:37:17 CET 2008
Author: zbyniu Date: Tue Jan 22 01:37:17 2008 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- updated for 2.6.24rc8, not tested, builds
---- Files affected:
SOURCES:
kernel-pom-ng-mms-conntrack-nat.patch (1.1.2.3 -> 1.1.2.4) , kernel-pom-ng-rsh.patch (1.1.2.2 -> 1.1.2.3) , kernel-pom-ng-rpc.patch (1.1.2.3 -> 1.1.2.4) , kernel-pom-ng-connlimit.patch (1.1.2.3 -> 1.1.2.4)
---- Diffs:
================================================================
Index: SOURCES/kernel-pom-ng-mms-conntrack-nat.patch
diff -u SOURCES/kernel-pom-ng-mms-conntrack-nat.patch:1.1.2.3 SOURCES/kernel-pom-ng-mms-conntrack-nat.patch:1.1.2.4
--- SOURCES/kernel-pom-ng-mms-conntrack-nat.patch:1.1.2.3 Thu Aug 9 21:28:39 2007
+++ SOURCES/kernel-pom-ng-mms-conntrack-nat.patch Tue Jan 22 02:37:12 2008
@@ -135,14 +135,8 @@
diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/Makefile linux-2.6.21.b/net/ipv4/netfilter/Makefile
--- linux-2.6.21.a/net/ipv4/netfilter/Makefile 2007-05-30 11:44:12.000000000 +0200
+++ linux-2.6.21.b/net/ipv4/netfilter/Makefile 2007-05-30 11:50:55.000000000 +0200
-@@ -62,6 +64,7 @@ obj-$(CONFIG_IP_NF_NAT_SIP) += ip_nat_si
- # NAT helpers (nf_conntrack)
- obj-$(CONFIG_NF_NAT_AMANDA) += nf_nat_amanda.o
- obj-$(CONFIG_NF_NAT_FTP) += nf_nat_ftp.o
+@@ -0,0 +0,1 @@
+obj-$(CONFIG_NF_NAT_MMS) += nf_nat_mms.o
- obj-$(CONFIG_NF_NAT_H323) += nf_nat_h323.o
- obj-$(CONFIG_NF_NAT_IRC) += nf_nat_irc.o
- obj-$(CONFIG_NF_NAT_PPTP) += nf_nat_pptp.o
diff -NurpP --minimal linux-2.6.21.a/net/ipv4/netfilter/nf_nat_mms.c linux-2.6.21.b/net/ipv4/netfilter/nf_nat_mms.c
--- linux-2.6.21.a/net/ipv4/netfilter/nf_nat_mms.c 1970-01-01 01:00:00.000000000 +0100
+++ linux-2.6.21.b/net/ipv4/netfilter/nf_nat_mms.c 2007-05-30 11:50:55.000000000 +0200
@@ -259,7 +253,7 @@
+ /* Alter conntrack's expectations. */
+ for (port = ct_mms_info->port; port != 0; port++) {
+ expect->tuple.dst.u.tcp.port = htons(port);
-+ if (nf_conntrack_expect_related(expect) == 0) {
++ if (nf_ct_expect_related(expect) == 0) {
+ DEBUGP("nf_nat_mms: mms_data_fixup: using port %d\n",
+ port);
+ break;
@@ -317,7 +311,7 @@
+ " messageLength=%u\n", *mms_chunkLenLV, *mms_chunkLenLM,
+ *mms_messageLength);
+
-+ nf_nat_mangle_tcp_packet(pskb, ct, ctinfo,
++ nf_nat_mangle_tcp_packet(*pskb, ct, ctinfo,
+ ct_mms_info->offset,
+ ct_mms_info->len + ct_mms_info->padding,
+ unicode_buffer, strlen(buffer)*2 +
@@ -647,7 +641,7 @@
+
+ DEBUGP("nf_conntrack_mms: tcph->seq = %u\n", tcph->seq);
+
-+ exp = nf_conntrack_expect_alloc(ct);
++ exp = nf_ct_expect_alloc(ct);
+ if (exp == NULL) {
+ ret = NF_DROP;
+ goto out;
@@ -664,16 +658,16 @@
+
+ tuple = &ct->tuplehash[!dir].tuple;
+ port = htons(mms_port);
-+ nf_conntrack_expect_init(exp, tuple->src.l3num,
++ nf_ct_expect_init(exp, tuple->src.l3num,
+ NULL, &tuple->dst.u3,
+ IPPROTO_TCP, NULL, &port);
+
+ nf_nat_mms = rcu_dereference(nf_nat_mms_hook);
+ if (nf_nat_mms && ct->status & IPS_NAT_MASK)
+ ret = nf_nat_mms(pskb, ctinfo, exp_mms_info, exp);
-+ else if (nf_conntrack_expect_related(exp) != 0)
++ else if (nf_ct_expect_related(exp) != 0)
+ ret = NF_DROP;
-+ nf_conntrack_expect_put(exp);
++ nf_ct_expect_put(exp);
+/*
+ exp->tuple = ((struct nf_conntrack_tuple)
+ { { ct->tuplehash[!dir].tuple.src.u3.ip, { 0 } },
@@ -725,8 +719,6 @@
+ memset(&mms[i], 0, sizeof(struct nf_conntrack_helper));
+ mms[i].tuple.src.u.tcp.port = htons(ports[i]);
+ mms[i].tuple.dst.protonum = IPPROTO_TCP;
-+ mms[i].mask.src.u.tcp.port = 0xFFFF;
-+ mms[i].mask.dst.protonum = 0xFF;
+ mms[i].max_expected = 1;
+ mms[i].timeout = 120;
+ mms[i].me = THIS_MODULE;
================================================================
Index: SOURCES/kernel-pom-ng-rsh.patch
diff -u SOURCES/kernel-pom-ng-rsh.patch:1.1.2.2 SOURCES/kernel-pom-ng-rsh.patch:1.1.2.3
--- SOURCES/kernel-pom-ng-rsh.patch:1.1.2.2 Mon Aug 13 20:28:03 2007
+++ SOURCES/kernel-pom-ng-rsh.patch Tue Jan 22 02:37:12 2008
@@ -84,18 +84,12 @@
diff -NurpP --minimal linux/net/netfilter/Makefile linux/net/netfilter/Makefile
--- linux/net/netfilter/Makefile 2007-05-30 11:57:07.000000000 +0200
+++ linux/net/netfilter/Makefile 2007-05-30 11:58:41.000000000 +0200
-@@ -23,6 +23,7 @@
- # connection tracking helpers
- nf_conntrack_h323-objs := nf_conntrack_h323_main.o nf_conntrack_h323_asn1.o
-
+@@ -0,0 +0,1 @@
+obj-$(CONFIG_NF_CONNTRACK_RSH) += nf_conntrack_rsh.o
- obj-$(CONFIG_NF_CONNTRACK_AMANDA) += nf_conntrack_amanda.o
- obj-$(CONFIG_NF_CONNTRACK_FTP) += nf_conntrack_ftp.o
- obj-$(CONFIG_NF_CONNTRACK_H323) += nf_conntrack_h323.o
diff -NurpP --minimal linux/net/netfilter/nf_conntrack_rsh.c linux/net/netfilter/nf_conntrack_rsh.c
--- linux/net/netfilter/nf_conntrack_rsh.c 1970-01-01 01:00:00.000000000 +0100
+++ linux/net/netfilter/nf_conntrack_rsh.c 2007-05-30 11:58:41.000000000 +0200
-@@ -0,0 +1,370 @@
+@@ -0,0 +1,353 @@
+/* RSH extension for IP connection tracking, Version 1.0
+ * (C) 2002 by Ian (Larry) Latter <Ian.Latter at mq.edu.au>
+ * based on HW's ip_conntrack_irc.c
@@ -328,7 +322,7 @@
+ return NF_ACCEPT;
+ }
+
-+ exp = nf_conntrack_expect_alloc(ct);
++ exp = nf_ct_expect_alloc(ct);
+ if (!exp) {
+ ret = NF_DROP;
+ goto out;
@@ -346,11 +340,8 @@
+ exp->tuple.dst.protonum = IPPROTO_TCP;
+
+ exp->mask.src.u3.ip = 0xffffffff;
-+ exp->mask.dst.u3.ip = 0xffffffff;
+
+ exp->mask.src.u.tcp.port = htons(rangemask);
-+ exp->mask.dst.u.tcp.port = htons(0xffff);
-+ exp->mask.dst.protonum = 0xff;
+
+ exp->expectfn = NULL;
+ exp->master = ct;
@@ -361,19 +352,13 @@
+ NIPQUAD(exp->tuple.dst.ip),
+ ntohs(exp->tuple.dst.u.tcp.port));
+
-+ DEBUGP("expect related mask %u.%u.%u.%u:%u-%u.%u.%u.%u:%u\n",
-+ NIPQUAD(exp->mask.src.ip),
-+ ntohs(exp->mask.src.u.tcp.port),
-+ NIPQUAD(exp->mask.dst.ip),
-+ ntohs(exp->mask.dst.u.tcp.port));
-+
+ if (ip_nat_rsh_hook)
+ ret = ip_nat_rsh_hook(pskb, ctinfo, rb_ptr - data, exp);
-+ else if (nf_conntrack_expect_related(exp) != 0) {
++ else if (nf_ct_expect_related(exp) != 0) {
+ ret = NF_DROP;
+ }
+
-+ nf_conntrack_expect_put(exp);
++ nf_ct_expect_put(exp);
+
+out:
+ spin_unlock_bh(&rsh_buffer_lock);
@@ -419,12 +404,9 @@
+ rsh_helpers[port].timeout = 5; /* stes bug timeout=0 */
+
+ rsh_helpers[port].tuple.dst.protonum = IPPROTO_TCP;
-+ rsh_helpers[port].mask.dst.protonum = 0xff;
+
+ /* RSH must come from ports 0:1023 to ports[port] (514) */
+ rsh_helpers[port].tuple.src.u.tcp.port = htons(ports[port]);
-+ rsh_helpers[port].mask.src.u.tcp.port = htons(rangemask);
-+ rsh_helpers[port].mask.dst.u.tcp.port = htons(rangemask);
+
+ rsh_helpers[port].help = help;
+
@@ -434,11 +416,6 @@
+ ntohs(rsh_helpers[port].tuple.src.u.tcp.port),
+ NIPQUAD(rsh_helpers[port].tuple.dst.u3.ip),
+ ntohs(rsh_helpers[port].tuple.dst.u.tcp.port));
-+ PRINTK("helper match mask %u.%u.%u.%u:%u-%u.%u.%u.%u:%u\n",
-+ NIPQUAD(rsh_helpers[port].mask.src.u3.ip),
-+ ntohs(rsh_helpers[port].mask.src.u.tcp.port),
-+ NIPQUAD(rsh_helpers[port].mask.dst.u3.ip),
-+ ntohs(rsh_helpers[port].mask.dst.u.tcp.port));
+
+ ret = nf_conntrack_helper_register(&rsh_helpers[port]);
+
================================================================
Index: SOURCES/kernel-pom-ng-rpc.patch
diff -u SOURCES/kernel-pom-ng-rpc.patch:1.1.2.3 SOURCES/kernel-pom-ng-rpc.patch:1.1.2.4
--- SOURCES/kernel-pom-ng-rpc.patch:1.1.2.3 Wed Aug 15 15:42:39 2007
+++ SOURCES/kernel-pom-ng-rpc.patch Tue Jan 22 02:37:12 2008
@@ -161,7 +161,7 @@
diff -Nur --exclude '*.orig' linux/net/ipv4/netfilter/ip_conntrack_rpc_tcp.c linux/net/ipv4/netfilter/ip_conntrack_rpc_tcp.c
--- linux/net/ipv4/netfilter/ip_conntrack_rpc_tcp.c 1970-01-01 01:00:00.000000000 +0100
+++ linux/net/ipv4/netfilter/ip_conntrack_rpc_tcp.c 2007-08-15 03:04:53.000000000 +0200
-@@ -0,0 +1,567 @@
+@@ -0,0 +1,554 @@
+/* RPC extension for IP (TCP) connection tracking, Version 2.2
+ * (C) 2000 by Marcelo Barbosa Lima <marcelo.lima at dcc.unicamp.br>
+ * - original rpc tracking module
@@ -489,7 +489,7 @@
+ if (port_buf && port_buf != nsrexec) {
+ DEBUGP("port found: %u\n", port_buf);
+
-+ exp = nf_conntrack_expect_alloc(ct);
++ exp = nf_ct_expect_alloc(ct);
+ if (!exp) {
+ ret = NF_DROP;
+ goto out;
@@ -499,7 +499,6 @@
+ exp->tuple.src.u3.ip = ct->tuplehash[!dir].tuple.src.u3.ip;
+ exp->tuple.dst.u3.ip = ct->tuplehash[!dir].tuple.dst.u3.ip;
+ exp->mask.src.u3.ip = 0xffffffff;
-+ exp->mask.dst.u3.ip = 0xffffffff;
+
+ switch (req_p->proto) {
+ case IPPROTO_UDP:
@@ -507,8 +506,6 @@
+ exp->tuple.dst.u.udp.port = htons(port_buf);
+ exp->tuple.dst.protonum = IPPROTO_UDP;
+ exp->mask.src.u.udp.port = 0;
-+ exp->mask.dst.u.udp.port = htons(0xffff);
-+ exp->mask.dst.protonum = 0xff;
+ break;
+
+ case IPPROTO_TCP:
@@ -516,8 +513,6 @@
+ exp->tuple.dst.u.tcp.port = htons(port_buf);
+ exp->tuple.dst.protonum = IPPROTO_TCP;
+ exp->mask.src.u.tcp.port = 0;
-+ exp->mask.dst.u.tcp.port = htons(0xffff);
-+ exp->mask.dst.protonum = 0xff;
+ break;
+ }
+ exp->expectfn = NULL;
@@ -539,7 +534,7 @@
+ NIPQUAD(exp->mask.dst.u3.ip),
+ exp->mask.dst.protonum);
+
-+ if (nf_conntrack_expect_related(exp) != 0) {
++ if (nf_ct_expect_related(exp) != 0) {
+ ret = NF_DROP;
+ }
+
@@ -667,12 +662,9 @@
+ rpc_helpers[port].timeout = 5 * 60; /* stes */
+
+ rpc_helpers[port].tuple.dst.protonum = IPPROTO_TCP;
-+ rpc_helpers[port].mask.dst.protonum = 0xff;
+
+ /* RPC can come from ports 0:65535 to ports[port] (111) */
+ rpc_helpers[port].tuple.src.u.tcp.port = htons(ports[port]);
-+ rpc_helpers[port].mask.src.u.tcp.port = htons(0xffff);
-+ rpc_helpers[port].mask.dst.u.tcp.port = htons(0x0);
+
+ rpc_helpers[port].help = help;
+
@@ -682,11 +674,6 @@
+ ntohs(rpc_helpers[port].tuple.dst.u.tcp.port),
+ NIPQUAD(rpc_helpers[port].tuple.src.u3.ip),
+ ntohs(rpc_helpers[port].tuple.src.u.tcp.port));
-+ PRINTK("helper match mask %u.%u.%u.%u:%u->%u.%u.%u.%u:%u\n",
-+ NIPQUAD(rpc_helpers[port].mask.dst.u3.ip),
-+ ntohs(rpc_helpers[port].mask.dst.u.tcp.port),
-+ NIPQUAD(rpc_helpers[port].mask.src.u3.ip),
-+ ntohs(rpc_helpers[port].mask.src.u.tcp.port));
+
+ ret = nf_conntrack_helper_register(&rpc_helpers[port]);
+
@@ -732,7 +719,7 @@
diff -Nur --exclude '*.orig' linux/net/ipv4/netfilter/ip_conntrack_rpc_udp.c linux/net/ipv4/netfilter/ip_conntrack_rpc_udp.c
--- linux/net/ipv4/netfilter/ip_conntrack_rpc_udp.c 1970-01-01 01:00:00.000000000 +0100
+++ linux/net/ipv4/netfilter/ip_conntrack_rpc_udp.c 2007-08-15 01:44:02.000000000 +0200
-@@ -0,0 +1,540 @@
+@@ -0,0 +1,527 @@
+/* RPC extension for IP (UDP) connection tracking, Version 2.2
+ * (C) 2000 by Marcelo Barbosa Lima <marcelo.lima at dcc.unicamp.br>
+ * - original rpc tracking module
@@ -1046,7 +1033,7 @@
+ if (port_buf) {
+ DEBUGP("port found: %u\n", port_buf);
+
-+ exp = nf_conntrack_expect_alloc(ct);
++ exp = nf_ct_expect_alloc(ct);
+ if (!exp) {
+ ret = NF_DROP;
+ goto out;
@@ -1056,7 +1043,6 @@
+ exp->tuple.src.u3.ip = ct->tuplehash[!dir].tuple.src.u3.ip;
+ exp->tuple.dst.u3.ip = ct->tuplehash[!dir].tuple.dst.u3.ip;
+ exp->mask.src.u3.ip = 0xffffffff;
-+ exp->mask.dst.u3.ip = 0xffffffff;
+
+ switch (req_p->proto) {
+ case IPPROTO_UDP:
@@ -1064,8 +1050,6 @@
+ exp->tuple.dst.u.udp.port = htons(port_buf);
+ exp->tuple.dst.protonum = IPPROTO_UDP;
+ exp->mask.src.u.udp.port = 0;
-+ exp->mask.dst.u.udp.port = htons(0xffff);
-+ exp->mask.dst.protonum = 0xff;
+ break;
+
+ case IPPROTO_TCP:
@@ -1073,8 +1057,6 @@
+ exp->tuple.dst.u.tcp.port = htons(port_buf);
+ exp->tuple.dst.protonum = IPPROTO_TCP;
+ exp->mask.src.u.tcp.port = 0;
-+ exp->mask.dst.u.tcp.port = htons(0xffff);
-+ exp->mask.dst.protonum = 0xff;
+ break;
+ }
+ exp->expectfn = NULL;
@@ -1090,7 +1072,7 @@
+ NIPQUAD(exp->mask.dst.u3.ip),
+ exp->mask.dst.protonum);
+
-+ if (nf_conntrack_expect_related(exp) != 0) {
++ if (nf_ct_expect_related(exp) != 0) {
+ ret = NF_DROP;
+ }
+ }
@@ -1214,12 +1196,9 @@
+ rpc_helpers[port].timeout = 5 * 60; /* stes */
+
+ rpc_helpers[port].tuple.dst.protonum = IPPROTO_UDP;
-+ rpc_helpers[port].mask.dst.protonum = 0xff;
+
+ /* RPC can come from ports 0:65535 to ports[port] (111) */
+ rpc_helpers[port].tuple.src.u.udp.port = htons(ports[port]);
-+ rpc_helpers[port].mask.src.u.udp.port = htons(0xffff);
-+ rpc_helpers[port].mask.dst.u.udp.port = htons(0x0);
+
+ rpc_helpers[port].help = help;
+
@@ -1229,11 +1208,6 @@
+ ntohs(rpc_helpers[port].tuple.dst.u.udp.port),
+ NIPQUAD(rpc_helpers[port].tuple.src.u3.ip),
+ ntohs(rpc_helpers[port].tuple.src.u.udp.port));
-+ PRINTK("helper match mask %u.%u.%u.%u:%u->%u.%u.%u.%u:%u\n",
-+ NIPQUAD(rpc_helpers[port].mask.dst.u3.ip),
-+ ntohs(rpc_helpers[port].mask.dst.u.udp.port),
-+ NIPQUAD(rpc_helpers[port].mask.src.u3.ip),
-+ ntohs(rpc_helpers[port].mask.src.u.udp.port));
+
+ ret = nf_conntrack_helper_register(&rpc_helpers[port]);
+
================================================================
Index: SOURCES/kernel-pom-ng-connlimit.patch
diff -u SOURCES/kernel-pom-ng-connlimit.patch:1.1.2.3 SOURCES/kernel-pom-ng-connlimit.patch:1.1.2.4
--- SOURCES/kernel-pom-ng-connlimit.patch:1.1.2.3 Tue Aug 7 19:08:06 2007
+++ SOURCES/kernel-pom-ng-connlimit.patch Tue Jan 22 02:37:12 2008
@@ -115,7 +115,7 @@
+#else
+ struct nf_conn *found_ct = NULL;
+ conn = list_entry(lh, struct ipt_connlimit_conn, list);
-+ found = nf_conntrack_find_get(&conn->tuple, ct);
++ found = nf_conntrack_find_get(&conn->tuple);
+#endif
+
+ if (found != NULL
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/kernel-pom-ng-mms-conntrack-nat.patch?r1=1.1.2.3&r2=1.1.2.4&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/kernel-pom-ng-rsh.patch?r1=1.1.2.2&r2=1.1.2.3&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/kernel-pom-ng-rpc.patch?r1=1.1.2.3&r2=1.1.2.4&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/kernel-pom-ng-connlimit.patch?r1=1.1.2.3&r2=1.1.2.4&f=u
More information about the pld-cvs-commit
mailing list