SOURCES (LINUX_2_6): pom-ng-20060328.patch (NEW) - netfilter patch...
cieciwa
cieciwa at pld-linux.org
Tue Mar 28 11:05:12 CEST 2006
Author: cieciwa Date: Tue Mar 28 09:05:11 2006 GMT
Module: SOURCES Tag: LINUX_2_6
---- Log message:
- netfilter patch-o-matic-ng snap 2006-03-28.
---- Files affected:
SOURCES:
pom-ng-20060328.patch (NONE -> 1.1.2.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/pom-ng-20060328.patch
diff -u /dev/null SOURCES/pom-ng-20060328.patch:1.1.2.1
--- /dev/null Tue Mar 28 11:05:11 2006
+++ SOURCES/pom-ng-20060328.patch Tue Mar 28 11:05:06 2006
@@ -0,0 +1,24200 @@
+diff -Nur linux-2.6.16.org/include/linux/netfilter_helpers.h linux-2.6.16/include/linux/netfilter_helpers.h
+--- linux-2.6.16.org/include/linux/netfilter_helpers.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16/include/linux/netfilter_helpers.h 2006-03-28 10:24:46.000000000 +0200
+@@ -0,0 +1,133 @@
++/*
++ * Helpers for netfiler modules. This file provides implementations for basic
++ * functions such as strncasecmp(), etc.
++ *
++ * gcc will warn for defined but unused functions, so we only include the
++ * functions requested. The following macros are used:
++ * NF_NEED_STRNCASECMP nf_strncasecmp()
++ * NF_NEED_STRTOU16 nf_strtou16()
++ * NF_NEED_STRTOU32 nf_strtou32()
++ */
++#ifndef _NETFILTER_HELPERS_H
++#define _NETFILTER_HELPERS_H
++
++/* Only include these functions for kernel code. */
++#ifdef __KERNEL__
++
++#include <linux/ctype.h>
++#define iseol(c) ( (c) == '\r' || (c) == '\n' )
++
++/*
++ * The standard strncasecmp()
++ */
++#ifdef NF_NEED_STRNCASECMP
++static int
++nf_strncasecmp(const char* s1, const char* s2, u_int32_t len)
++{
++ if (s1 == NULL || s2 == NULL)
++ {
++ if (s1 == NULL && s2 == NULL)
++ {
++ return 0;
++ }
++ return (s1 == NULL) ? -1 : 1;
++ }
++ while (len > 0 && tolower(*s1) == tolower(*s2))
++ {
++ len--;
++ s1++;
++ s2++;
++ }
++ return ( (len == 0) ? 0 : (tolower(*s1) - tolower(*s2)) );
++}
++#endif /* NF_NEED_STRNCASECMP */
++
++/*
++ * Parse a string containing a 16-bit unsigned integer.
++ * Returns the number of chars used, or zero if no number is found.
++ */
++#ifdef NF_NEED_STRTOU16
++static int
++nf_strtou16(const char* pbuf, u_int16_t* pval)
++{
++ int n = 0;
++
++ *pval = 0;
++ while (isdigit(pbuf[n]))
++ {
++ *pval = (*pval * 10) + (pbuf[n] - '0');
++ n++;
++ }
++
++ return n;
++}
++#endif /* NF_NEED_STRTOU16 */
++
++/*
++ * Parse a string containing a 32-bit unsigned integer.
++ * Returns the number of chars used, or zero if no number is found.
++ */
++#ifdef NF_NEED_STRTOU32
++static int
++nf_strtou32(const char* pbuf, u_int32_t* pval)
++{
++ int n = 0;
++
++ *pval = 0;
++ while (pbuf[n] >= '0' && pbuf[n] <= '9')
++ {
++ *pval = (*pval * 10) + (pbuf[n] - '0');
++ n++;
++ }
++
++ return n;
++}
++#endif /* NF_NEED_STRTOU32 */
++
++/*
++ * Given a buffer and length, advance to the next line and mark the current
++ * line.
++ */
++#ifdef NF_NEED_NEXTLINE
++static int
++nf_nextline(char* p, uint len, uint* poff, uint* plineoff, uint* plinelen)
++{
++ uint off = *poff;
++ uint physlen = 0;
++
++ if (off >= len)
++ {
++ return 0;
++ }
++
++ while (p[off] != '\n')
++ {
++ if (len-off <= 1)
++ {
++ return 0;
++ }
++
++ physlen++;
++ off++;
++ }
++
++ /* if we saw a crlf, physlen needs adjusted */
++ if (physlen > 0 && p[off] == '\n' && p[off-1] == '\r')
++ {
++ physlen--;
++ }
++
++ /* advance past the newline */
++ off++;
++
++ *plineoff = *poff;
++ *plinelen = physlen;
++ *poff = off;
++
++ return 1;
++}
++#endif /* NF_NEED_NEXTLINE */
++
++#endif /* __KERNEL__ */
++
++#endif /* _NETFILTER_HELPERS_H */
+diff -Nur linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack.h linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack.h
+--- linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack.h 2006-03-20 06:53:29.000000000 +0100
++++ linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack.h 2006-03-28 10:24:50.000000000 +0200
+@@ -29,6 +29,8 @@
+ };
+
+ /* Add protocol helper include file here */
++#include <linux/netfilter_ipv4/ip_conntrack_talk.h>
++#include <linux/netfilter_ipv4/ip_conntrack_mms.h>
+ #include <linux/netfilter_ipv4/ip_conntrack_pptp.h>
+ #include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
+ #include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
+@@ -37,6 +39,8 @@
+ /* per conntrack: application helper private data */
+ union ip_conntrack_help {
+ /* insert conntrack helper private data (master) here */
++ struct ip_ct_talk_master ct_talk_info;
++ struct ip_ct_mms_master ct_mms_info;
+ struct ip_ct_pptp_master ct_pptp_info;
+ struct ip_ct_ftp_master ct_ftp_info;
+ struct ip_ct_irc_master ct_irc_info;
+diff -Nur linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack_h323.h
+--- linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack_h323.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack_h323.h 2006-03-28 10:23:03.000000000 +0200
+@@ -0,0 +1,38 @@
++#ifndef _IP_CONNTRACK_H323_H
++#define _IP_CONNTRACK_H323_H
++/* H.323 connection tracking. */
++
++#ifdef __KERNEL__
++
++/* Default H.225 port */
++#define H225_PORT 1720
++
++struct ip_conntrack_expect;
++struct ip_conntrack;
++struct ip_conntrack_helper;
++
++extern int (*ip_nat_h245_hook)(struct sk_buff **pskb,
++ enum ip_conntrack_info ctinfo,
++ unsigned int offset,
++ struct ip_conntrack_expect *exp);
++
++extern int (*ip_nat_h225_hook)(struct sk_buff **pskb,
++ enum ip_conntrack_info ctinfo,
++ unsigned int offset,
++ struct ip_conntrack_expect *exp);
++
++extern void (*ip_nat_h225_signal_hook)(struct sk_buff **pskb,
++ struct ip_conntrack *ct,
++ enum ip_conntrack_info ctinfo,
++ unsigned int offset,
++ int dir,
++ int orig_dir);
++
++extern struct ip_conntrack_helper ip_conntrack_helper_h225;
++
++void ip_conntrack_h245_expect(struct ip_conntrack *new,
++ struct ip_conntrack_expect *this);
++
++#endif /* __KERNEL__ */
++
++#endif /* _IP_CONNTRACK_H323_H */
+diff -Nur linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack_mms.h linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack_mms.h
+--- linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack_mms.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack_mms.h 2006-03-28 10:23:49.000000000 +0200
+@@ -0,0 +1,36 @@
++#ifndef _IP_CONNTRACK_MMS_H
++#define _IP_CONNTRACK_MMS_H
++/* MMS tracking. */
++
++#ifdef __KERNEL__
++
++extern spinlock_t ip_mms_lock;
++
++#define MMS_PORT 1755
++#define MMS_SRV_MSG_ID 196610
++
++#define MMS_SRV_MSG_OFFSET 36
++#define MMS_SRV_UNICODE_STRING_OFFSET 60
++#define MMS_SRV_CHUNKLENLV_OFFSET 16
++#define MMS_SRV_CHUNKLENLM_OFFSET 32
++#define MMS_SRV_MESSAGELENGTH_OFFSET 8
++
++/* This structure is per expected connection */
++struct ip_ct_mms_expect {
++ u_int32_t offset;
++ u_int32_t len;
++ u_int32_t padding;
++ u_int16_t port;
++};
++
++/* This structure exists only once per master */
++struct ip_ct_mms_master {
++};
++
++struct ip_conntrack_expect;
++extern unsigned int (*ip_nat_mms_hook)(struct sk_buff **pskb,
++ enum ip_conntrack_info ctinfo,
++ const struct ip_ct_mms_expect *exp_mms_info,
++ struct ip_conntrack_expect *exp);
++#endif
++#endif /* _IP_CONNTRACK_MMS_H */
+diff -Nur linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack_quake3.h linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack_quake3.h
+--- linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 2006-03-28 10:24:34.000000000 +0200
+@@ -0,0 +1,22 @@
++#ifndef _IP_CT_QUAKE3
++#define _IP_CT_QUAKE3
++
++/* Don't confuse with 27960, often used as the Server Port */
++#define QUAKE3_MASTER_PORT 27950
++
++struct quake3_search {
++ const char marker[4]; /* always 0xff 0xff 0xff 0xff ? */
++ const char *pattern;
++ size_t plen;
++};
++
++/* This structure is per expected connection */
++struct ip_ct_quake3_expect {
++};
++
++/* This structure exists only once per master */
++struct ip_ct_quake3_master {
++};
++
++extern unsigned int (*ip_nat_quake3_hook)(struct ip_conntrack_expect *exp);
++#endif /* _IP_CT_QUAKE3 */
+diff -Nur linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack_rpc.h linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack_rpc.h
+--- linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack_rpc.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack_rpc.h 2006-03-28 10:24:39.000000000 +0200
+@@ -0,0 +1,71 @@
++/* RPC extension for IP connection tracking, Version 2.2
++ * (C) 2000 by Marcelo Barbosa Lima <marcelo.lima at dcc.unicamp.br>
++ * - original rpc tracking module
++ * - "recent" connection handling for kernel 2.3+ netfilter
++ *
++ * (C) 2001 by Rusty Russell <rusty at rustcorp.com.au>
++ * - upgraded conntrack modules to oldnat api - kernel 2.4.0+
++ *
++ * (C) 2002 by Ian (Larry) Latter <Ian.Latter at mq.edu.au>
++ * - upgraded conntrack modules to newnat api - kernel 2.4.20+
++ * - extended matching to support filtering on procedures
++ *
++ * (C) 2005 by David Stes <stes at pandora.be>
++ * - upgraded to 2.6.13 API
++ *
++ * ip_conntrack_rpc.h,v 2.2 2003/01/12 18:30:00
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version
++ * 2 of the License, or (at your option) any later version.
++ **
++ */
++
++#include <asm/param.h>
++#include <linux/sched.h>
++#include <linux/timer.h>
++#include <linux/stddef.h>
++#include <linux/list.h>
++
++#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
++
++#ifndef _IP_CONNTRACK_RPC_H
++#define _IP_CONNTRACK_RPC_H
++
++#define RPC_PORT 111
++
++
++/* Datum in RPC packets are encoded in XDR */
++#define IXDR_GET_INT32(buf) ((u_int32_t) ntohl((uint32_t)*buf))
++
++/* Fast timeout, to deny DoS atacks */
++#define EXP (60 * HZ)
++
++/* Normal timeouts */
++#define EXPIRES (180 * HZ)
++
++/* For future conections RPC, using client's cache bindings
++ * I'll use ip_conntrack_lock to lock these lists */
++
++/* This identifies each request and stores protocol */
++struct request_p {
++ struct list_head list;
++
++ u_int32_t xid;
++ u_int32_t ip;
++ u_int16_t port;
++
++ /* Protocol */
++ u_int16_t proto;
++
++ struct timer_list timeout;
++};
++
++static inline int request_p_cmp(const struct request_p *p, u_int32_t xid,
++ u_int32_t ip, u_int32_t port) {
++ return (p->xid == xid && p->ip == ip && p->port);
++
++}
++
++#endif /* _IP_CONNTRACK_RPC_H */
+diff -Nur linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h
+--- linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack_rtsp.h 2006-03-28 10:24:46.000000000 +0200
+@@ -0,0 +1,56 @@
++/*
++ * RTSP extension for IP connection tracking.
++ * (C) 2003 by Tom Marshall <tmarshall at real.com>
++ * based on ip_conntrack_irc.h
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version
++ * 2 of the License, or (at your option) any later version.
++ */
++#ifndef _IP_CONNTRACK_RTSP_H
++#define _IP_CONNTRACK_RTSP_H
++
++/* #define IP_NF_RTSP_DEBUG */
++#define IP_NF_RTSP_VERSION "0.6.21"
++
++/* port block types */
++typedef enum {
++ pb_single, /* client_port=x */
++ pb_range, /* client_port=x-y */
++ pb_discon /* client_port=x/y (rtspbis) */
++} portblock_t;
++
++/* We record seq number and length of rtsp headers here, all in host order. */
++
++/*
++ * This structure is per expected connection. It is a member of struct
++ * ip_conntrack_expect. The TCP SEQ for the conntrack expect is stored
++ * there and we are expected to only store the length of the data which
++ * needs replaced. If a packet contains multiple RTSP messages, we create
++ * one expected connection per message.
++ *
++ * We use these variables to mark the entire header block. This may seem
++ * like overkill, but the nature of RTSP requires it. A header may appear
++ * multiple times in a message. We must treat two Transport headers the
++ * same as one Transport header with two entries.
++ */
++struct ip_ct_rtsp_expect
++{
++ u_int32_t len; /* length of header block */
++ portblock_t pbtype; /* Type of port block that was requested */
++ u_int16_t loport; /* Port that was requested, low or first */
++ u_int16_t hiport; /* Port that was requested, high or second */
++#if 0
++ uint method; /* RTSP method */
++ uint cseq; /* CSeq from request */
++#endif
++};
++
++#ifdef __KERNEL__
++
++#define RTSP_PORT 554
++
++#endif /* __KERNEL__ */
++
++#endif /* _IP_CONNTRACK_RTSP_H */
+diff -Nur linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack_sip.h linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack_sip.h
+--- linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack_sip.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack_sip.h 2006-03-28 10:24:48.000000000 +0200
+@@ -0,0 +1,78 @@
++#ifndef __IP_CONNTRACK_SIP_H__
++#define __IP_CONNTRACK_SIP_H__
++/* SIP tracking. */
++
++#ifdef __KERNEL__
++
++#define SIP_PORT 5060
++#define SIP_TIMEOUT 3600
++
++#define POS_VIA 0
++#define POS_CONTACT 1
++#define POS_CONTENT 2
++#define POS_MEDIA 3
++#define POS_OWNER 4
++#define POS_CONECTION 5
++#define POS_REQ_HEADER 6
++#define POS_SDP_HEADER 7
++
++struct sip_header_nfo {
++ const char *lname;
++ size_t lnlen;
++ const char *sname;
++ size_t snlen;
++ const char *ln_str;
++ size_t ln_strlen;
++ int (*match_len)(const char *, const char *, int *);
++
++};
++
++extern unsigned int (*ip_nat_sip_hook)(struct sk_buff **pskb,
++ enum ip_conntrack_info ctinfo,
++ struct ip_conntrack *ct,
++ const char **dptr);
++
++/* For NAT to hook in when on expect. */
++extern unsigned int (*ip_nat_sdp_hook)(struct sk_buff **pskb,
++ enum ip_conntrack_info ctinfo,
++ struct ip_conntrack_expect *exp,
++ const char *dptr);
++
++extern int ct_sip_get_info(const char *dptr, size_t dlen,
++ unsigned int *matchoff,
++ unsigned int *matchlen,
++ struct sip_header_nfo *hnfo);
++
++/* get line lenght until first CR or LF seen. */
++static __inline__ int ct_sip_lnlen(const char *line, const char *limit)
++{
++ const char *k = line;
++
++ while ((line <= limit) && (*line == '\r' || *line == '\n'))
++ line++;
++
++ while (line <= limit) {
++ if (*line == '\r' || *line == '\n')
++ break;
++ line++;
++ }
++ return line - k;
++}
++
++/* Linear string search, case sensitive. */
++static __inline__
++const char *ct_sip_search(const char *needle, const char *haystack,
++ size_t needle_len, size_t haystack_len)
++{
++ const char *limit = haystack + (haystack_len - needle_len);
++
++ while (haystack <= limit) {
++ if (memcmp(haystack, needle, needle_len) == 0)
++ return haystack;
++ haystack++;
++ }
++ return NULL;
++}
++#endif /* __KERNEL__ */
++
++#endif /* __IP_CONNTRACK_SIP_H__ */
+diff -Nur linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack_talk.h linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack_talk.h
+--- linux-2.6.16.org/include/linux/netfilter_ipv4/ip_conntrack_talk.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.6.16/include/linux/netfilter_ipv4/ip_conntrack_talk.h 2006-03-28 10:24:50.000000000 +0200
+@@ -0,0 +1,163 @@
++#ifndef _IP_CONNTRACK_TALK_H
++#define _IP_CONNTRACK_TALK_H
++/* TALK tracking. */
++
++#ifdef __KERNEL__
++#include <linux/in.h>
++#include <linux/netfilter_ipv4/lockhelp.h>
++
++/* Protects talk part of conntracks */
++DECLARE_LOCK_EXTERN(ip_talk_lock);
++#endif
++
++
++#define TALK_PORT 517
++#define NTALK_PORT 518
++
++/* talk structures and constants from <protocols/talkd.h> */
++
++/*
++ * 4.3BSD struct sockaddr
++ */
++struct talk_addr {
++ u_int16_t ta_family;
++ u_int16_t ta_port;
++ u_int32_t ta_addr;
++ u_int32_t ta_junk1;
++ u_int32_t ta_junk2;
++};
++
++#define TALK_OLD_NSIZE 9
++#define TALK_NSIZE 12
++#define TALK_TTY_NSIZE 16
++
++/*
++ * Client->server request message formats.
++ */
++struct talk_msg {
++ u_char type; /* request type, see below */
++ char l_name[TALK_OLD_NSIZE];/* caller's name */
++ char r_name[TALK_OLD_NSIZE];/* callee's name */
++ u_char pad;
++ u_int32_t id_num; /* message id */
++ int32_t pid; /* caller's process id */
++ char r_tty[TALK_TTY_NSIZE];/* callee's tty name */
++ struct talk_addr addr; /* old (4.3) style */
++ struct talk_addr ctl_addr; /* old (4.3) style */
++};
++
++struct ntalk_msg {
++ u_char vers; /* protocol version */
++ u_char type; /* request type, see below */
++ u_char answer; /* not used */
++ u_char pad;
++ u_int32_t id_num; /* message id */
++ struct talk_addr addr; /* old (4.3) style */
++ struct talk_addr ctl_addr; /* old (4.3) style */
++ int32_t pid; /* caller's process id */
++ char l_name[TALK_NSIZE];/* caller's name */
++ char r_name[TALK_NSIZE];/* callee's name */
++ char r_tty[TALK_TTY_NSIZE];/* callee's tty name */
++};
++
++struct ntalk2_msg {
++ u_char vers; /* talk protocol version */
++ u_char type; /* request type */
++ u_char answer; /* */
++ u_char extended; /* !0 if additional parts */
++ u_int32_t id_num; /* message id number (dels) */
++ struct talk_addr addr; /* target address */
++ struct talk_addr ctl_addr; /* reply to address */
++ int32_t pid; /* caller's process id */
++ char l_name[TALK_NSIZE]; /* caller's name */
++ char r_name[TALK_NSIZE]; /* callee's name */
++ char r_tty[TALK_TTY_NSIZE]; /* callee's tty */
++};
++
++/*
++ * Server->client response message formats.
++ */
++struct talk_response {
++ u_char type; /* type of request message, see below */
++ u_char answer; /* response to request message, see below */
++ u_char pad[2];
++ u_int32_t id_num; /* message id */
++ struct talk_addr addr; /* address for establishing conversation */
++};
++
++struct ntalk_response {
++ u_char vers; /* protocol version */
++ u_char type; /* type of request message, see below */
++ u_char answer; /* response to request message, see below */
++ u_char pad;
++ u_int32_t id_num; /* message id */
++ struct talk_addr addr; /* address for establishing conversation */
++};
++
++struct ntalk2_response {
++ u_char vers; /* protocol version */
++ u_char type; /* type of request message */
++ u_char answer; /* response to request */
++ u_char rvers; /* Version of answering vers*/
++ u_int32_t id_num; /* message id number */
++ struct talk_addr addr; /* address for connection */
++ /* This is at the end to compatiblize this with NTALK version. */
<<Diff was trimmed, longer than 597 lines>>
More information about the pld-cvs-commit
mailing list