SOURCES (LINUX_2_6): linux-2.6-nf-h323-conntrack-nat.patch - porte...

pluto pluto at pld-linux.org
Sun Oct 30 15:24:41 CET 2005 

Author: pluto                        Date: Sun Oct 30 14:24:41 2005 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- ported to 2.6.13+ by Max Kellermann.
  http://patchwork.netfilter.org/netfilter-devel/patch.pl?id=2908

---- Files affected:
SOURCES:
   linux-2.6-nf-h323-conntrack-nat.patch (1.1.2.1 -> 1.1.2.2) 

---- Diffs:

================================================================
Index: SOURCES/linux-2.6-nf-h323-conntrack-nat.patch
diff -u SOURCES/linux-2.6-nf-h323-conntrack-nat.patch:1.1.2.1 SOURCES/linux-2.6-nf-h323-conntrack-nat.patch:1.1.2.2
--- SOURCES/linux-2.6-nf-h323-conntrack-nat.patch:1.1.2.1	Sun Oct 30 01:45:58 2005
+++ SOURCES/linux-2.6-nf-h323-conntrack-nat.patch	Sun Oct 30 15:24:36 2005
@@ -4,10 +4,10 @@
  net/ipv4/netfilter/asn1_per.c                    |  353 ++++++++
  net/ipv4/netfilter/asn1_per.h                    |   83 +
  net/ipv4/netfilter/ip_conntrack_h323_core.c      |   37 
- net/ipv4/netfilter/ip_conntrack_h323_h225.c      |  405 +++++++++
- net/ipv4/netfilter/ip_conntrack_h323_h245.c      |  959 +++++++++++++++++++++++
+ net/ipv4/netfilter/ip_conntrack_h323_h225.c      |  408 +++++++++
+ net/ipv4/netfilter/ip_conntrack_h323_h245.c      |  969 +++++++++++++++++++++++
  net/ipv4/netfilter/ip_nat_h323.c                 |  196 ++++
- 9 files changed, 2093 insertions(+)
+ 9 files changed, 2106 insertions(+)
 
 diff -Nur --exclude '*.orig' linux-2.6.14.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h linux-2.6.14/include/linux/netfilter_ipv4/ip_conntrack_h323.h
 --- linux-2.6.14.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h	1970-01-01 01:00:00.000000000 +0100
@@ -574,7 +574,7 @@
 diff -Nur --exclude '*.orig' linux-2.6.14.org/net/ipv4/netfilter/ip_conntrack_h323_h225.c linux-2.6.14/net/ipv4/netfilter/ip_conntrack_h323_h225.c
 --- linux-2.6.14.org/net/ipv4/netfilter/ip_conntrack_h323_h225.c	1970-01-01 01:00:00.000000000 +0100
 +++ linux-2.6.14/net/ipv4/netfilter/ip_conntrack_h323_h225.c	2005-10-30 01:29:17.000000000 +0200
-@@ -0,0 +1,405 @@
+@@ -0,0 +1,408 @@
 +/*
 + * H.323/H.225 connection tracking helper
 + * (c) 2005 Max Kellermann <max at duempel.org>
@@ -685,7 +685,7 @@
 +		}
 +		if (ret && ip == ct->tuplehash[dir].tuple.src.ip) {
 +			/* match found: create an expectation */
-+			exp = ip_conntrack_expect_alloc();
++			exp = ip_conntrack_expect_alloc(ct);
 +			if (exp == NULL)
 +				return NF_ACCEPT;
 +
@@ -704,17 +704,20 @@
 +
 +			/* call NAT hook and register expectation */
 +			if (ip_nat_h225_hook != NULL) {
-+				return ip_nat_h225_hook(pskb, ctinfo, i,
-+							exp);
++				ret = ip_nat_h225_hook(pskb, ctinfo, i,
++						       exp);
 +			} else {
 +				/* Can't expect this?  Best to drop packet now. */
 +				if (ip_conntrack_expect_related(exp) != 0) {
-+					ip_conntrack_expect_free(exp);
-+					return NF_DROP;
++					ret = NF_DROP;
 +				} else {
-+					return NF_ACCEPT;
++					ret = NF_ACCEPT;
 +				}
 +			}
++
++			ip_conntrack_expect_put(exp);
++
++			return ret;
 +		}
 +	}
 +
@@ -983,7 +986,7 @@
 diff -Nur --exclude '*.orig' linux-2.6.14.org/net/ipv4/netfilter/ip_conntrack_h323_h245.c linux-2.6.14/net/ipv4/netfilter/ip_conntrack_h323_h245.c
 --- linux-2.6.14.org/net/ipv4/netfilter/ip_conntrack_h323_h245.c	1970-01-01 01:00:00.000000000 +0100
 +++ linux-2.6.14/net/ipv4/netfilter/ip_conntrack_h323_h245.c	2005-10-30 01:29:17.000000000 +0200
-@@ -0,0 +1,959 @@
+@@ -0,0 +1,969 @@
 +/*
 + * H.323/H.245 connection tracking helper
 + * (c) 2005 Max Kellermann <max at duempel.org>
@@ -1282,7 +1285,7 @@
 +			       NIPQUAD(ip), ntohs(port));
 +		if (ret && ip == ct->tuplehash[dir].tuple.src.ip) {
 +			/* match found: create an expectation */
-+			exp = ip_conntrack_expect_alloc();
++			exp = ip_conntrack_expect_alloc(ct);
 +			if (exp == NULL)
 +				return NF_ACCEPT;
 +
@@ -1300,17 +1303,20 @@
 +
 +			/* call NAT hook and register expectation */
 +			if (ip_nat_h245_hook != NULL) {
-+				return ip_nat_h245_hook(pskb, ctinfo, i,
-+							exp);
++				ret = ip_nat_h245_hook(pskb, ctinfo, i, exp);
 +			} else {
 +				/* Can't expect this?  Best to drop packet now. */
 +				if (ip_conntrack_expect_related(exp) != 0) {
-+					ip_conntrack_expect_free(exp);
-+					return NF_DROP;
++					ret = NF_DROP;
 +				} else {
-+					return NF_ACCEPT;
++					ret = NF_ACCEPT;
 +				}
 +			}
++
++			ip_conntrack_expect_put(exp);
++
++			if (ret != NF_ACCEPT)
++				return ret;
 +		}
 +	}
 +
@@ -1334,7 +1340,7 @@
 +			       NIPQUAD(ip), ntohs(port));
 +		if (ret && ip == ct->tuplehash[dir].tuple.src.ip) {
 +			/* match found: create an expectation */
-+			exp = ip_conntrack_expect_alloc();
++			exp = ip_conntrack_expect_alloc(ct);
 +			if (exp == NULL)
 +				return NF_ACCEPT;
 +
@@ -1352,17 +1358,20 @@
 +
 +			/* call NAT hook and register expectation */
 +			if (ip_nat_h245_hook != NULL) {
-+				return ip_nat_h245_hook(pskb, ctinfo, i,
-+							exp);
++				ret = ip_nat_h245_hook(pskb, ctinfo, i, exp);
 +			} else {
 +				/* Can't expect this?  Best to drop packet now. */
 +				if (ip_conntrack_expect_related(exp) != 0) {
-+					ip_conntrack_expect_free(exp);
-+					return NF_DROP;
++					ret = NF_DROP;
 +				} else {
-+					return NF_ACCEPT;
++					ret = NF_ACCEPT;
 +				}
 +			}
++
++			ip_conntrack_expect_put(exp);
++
++			if (ret != NF_ACCEPT)
++				return ret;
 +		}
 +	}
 +
@@ -1602,7 +1611,7 @@
 +		       ret, i, ip, port);
 +		if (ret && ip == ct->tuplehash[dir].tuple.src.ip) {
 +			/* match found: create an expectation */
-+			exp = ip_conntrack_expect_alloc();
++			exp = ip_conntrack_expect_alloc(ct);
 +			if (exp == NULL)
 +				return NF_ACCEPT;
 +
@@ -1621,17 +1630,19 @@
 +			/* call NAT hook and register expectation */
 +			if (ip_nat_h245_hook != NULL) {
 +				ret = ip_nat_h245_hook(pskb, ctinfo, i, exp);
-+				if (ret != NF_ACCEPT)
-+					return ret;
 +			} else {
 +				/* Can't expect this?  Best to drop packet now. */
 +				if (ip_conntrack_expect_related(exp) != 0) {
-+					ip_conntrack_expect_free(exp);
-+					return NF_DROP;
++					ret = NF_DROP;
 +				} else {
-+					return NF_ACCEPT;
++					ret = NF_ACCEPT;
 +				}
 +			}
++
++			ip_conntrack_expect_put(exp);
++
++			if (ret != NF_ACCEPT)
++				return ret;
 +		}
 +	}
 +
@@ -1649,7 +1660,7 @@
 +		       ret, i, ip, port);
 +		if (ret && ip == ct->tuplehash[dir].tuple.src.ip) {
 +			/* match found: create an expectation */
-+			exp = ip_conntrack_expect_alloc();
++			exp = ip_conntrack_expect_alloc(ct);
 +			if (exp == NULL)
 +				return NF_ACCEPT;
 +
@@ -1668,17 +1679,19 @@
 +			/* call NAT hook and register expectation */
 +			if (ip_nat_h245_hook != NULL) {
 +				ret = ip_nat_h245_hook(pskb, ctinfo, i, exp);
-+				if (ret != NF_ACCEPT)
-+					return ret;
 +			} else {
 +				/* Can't expect this?  Best to drop packet now. */
 +				if (ip_conntrack_expect_related(exp) != 0) {
-+					ip_conntrack_expect_free(exp);
-+					return NF_DROP;
++					ret = NF_DROP;
 +				} else {
-+					return NF_ACCEPT;
++					ret = NF_ACCEPT;
 +				}
 +			}
++
++			ip_conntrack_expect_put(exp);
++
++			if (ret != NF_ACCEPT)
++				return ret;
 +		}
 +	}
 +
@@ -2057,7 +2070,7 @@
 +	}
 +
 +	if (port == 0) {
-+		ip_conntrack_expect_free(exp);
++		ip_conntrack_expect_put(exp);
 +		return NF_DROP;
 +	}
 +
@@ -2105,7 +2118,7 @@
 +	}
 +
 +	if (port == 0) {
-+		ip_conntrack_expect_free(exp);
++		ip_conntrack_expect_put(exp);
 +		return NF_DROP;
 +	}
 +
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/linux-2.6-nf-h323-conntrack-nat.patch?r1=1.1.2.1&r2=1.1.2.2&f=u

More information about the pld-cvs-commit mailing list