netfilter: fix RTSP on 2.6.24

SVN-Revision: 10319
This commit is contained in:
Gabor Juhos 2008-01-30 07:35:01 +00:00
parent 131dfed3d7
commit 3dae29dc4a

View file

@ -53,7 +53,7 @@ Index: linux-2.6.23-rc9/include/linux/netfilter/nf_conntrack_rtsp.h
+#endif +#endif
+}; +};
+ +
+extern unsigned int (*nf_nat_rtsp_hook)(struct sk_buff **pskb, +extern unsigned int (*nf_nat_rtsp_hook)(struct sk_buff *skb,
+ enum ip_conntrack_info ctinfo, + enum ip_conntrack_info ctinfo,
+ unsigned int matchoff, unsigned int matchlen, + unsigned int matchoff, unsigned int matchlen,
+ struct ip_ct_rtsp_expect *prtspexp, + struct ip_ct_rtsp_expect *prtspexp,
@ -441,7 +441,7 @@ Index: linux-2.6.23-rc9/net/netfilter/nf_conntrack_rtsp.c
+static char *rtsp_buffer; +static char *rtsp_buffer;
+static DEFINE_SPINLOCK(rtsp_buffer_lock); +static DEFINE_SPINLOCK(rtsp_buffer_lock);
+ +
+unsigned int (*nf_nat_rtsp_hook)(struct sk_buff **pskb, +unsigned int (*nf_nat_rtsp_hook)(struct sk_buff *skb,
+ enum ip_conntrack_info ctinfo, + enum ip_conntrack_info ctinfo,
+ unsigned int matchoff, unsigned int matchlen,struct ip_ct_rtsp_expect* prtspexp, + unsigned int matchoff, unsigned int matchlen,struct ip_ct_rtsp_expect* prtspexp,
+ struct nf_conntrack_expect *exp); + struct nf_conntrack_expect *exp);
@ -635,7 +635,7 @@ Index: linux-2.6.23-rc9/net/netfilter/nf_conntrack_rtsp.c
+/* outbound packet: client->server */ +/* outbound packet: client->server */
+ +
+static inline int +static inline int
+help_out(struct sk_buff **pskb, unsigned char *rb_ptr, unsigned int datalen, +help_out(struct sk_buff *skb, unsigned char *rb_ptr, unsigned int datalen,
+ struct nf_conn *ct, enum ip_conntrack_info ctinfo) + struct nf_conn *ct, enum ip_conntrack_info ctinfo)
+{ +{
+ struct ip_ct_rtsp_expect expinfo; + struct ip_ct_rtsp_expect expinfo;
@ -717,7 +717,7 @@ Index: linux-2.6.23-rc9/net/netfilter/nf_conntrack_rtsp.c
+ +
+ if (nf_nat_rtsp_hook) + if (nf_nat_rtsp_hook)
+ /* pass the request off to the nat helper */ + /* pass the request off to the nat helper */
+ ret = nf_nat_rtsp_hook(pskb, ctinfo, hdrsoff, hdrslen, &expinfo, exp); + ret = nf_nat_rtsp_hook(skb, ctinfo, hdrsoff, hdrslen, &expinfo, exp);
+ else if (nf_ct_expect_related(exp) != 0) { + else if (nf_ct_expect_related(exp) != 0) {
+ INFOP("nf_ct_expect_related failed\n"); + INFOP("nf_ct_expect_related failed\n");
+ ret = NF_DROP; + ret = NF_DROP;
@ -732,13 +732,13 @@ Index: linux-2.6.23-rc9/net/netfilter/nf_conntrack_rtsp.c
+ +
+ +
+static inline int +static inline int
+help_in(struct sk_buff **pskb, size_t pktlen, +help_in(struct sk_buff *skb, size_t pktlen,
+ struct nf_conn* ct, enum ip_conntrack_info ctinfo) + struct nf_conn* ct, enum ip_conntrack_info ctinfo)
+{ +{
+ return NF_ACCEPT; + return NF_ACCEPT;
+} +}
+ +
+static int help(struct sk_buff **pskb, unsigned int protoff, +static int help(struct sk_buff *skb, unsigned int protoff,
+ struct nf_conn *ct, enum ip_conntrack_info ctinfo) + struct nf_conn *ct, enum ip_conntrack_info ctinfo)
+{ +{
+ struct tcphdr _tcph, *th; + struct tcphdr _tcph, *th;
@ -754,20 +754,20 @@ Index: linux-2.6.23-rc9/net/netfilter/nf_conntrack_rtsp.c
+ } + }
+ +
+ /* Not whole TCP header? */ + /* Not whole TCP header? */
+ th = skb_header_pointer(*pskb,protoff, sizeof(_tcph), &_tcph); + th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
+ +
+ if (!th) + if (!th)
+ return NF_ACCEPT; + return NF_ACCEPT;
+ +
+ /* No data ? */ + /* No data ? */
+ dataoff = protoff + th->doff*4; + dataoff = protoff + th->doff*4;
+ datalen = (*pskb)->len - dataoff; + datalen = skb->len - dataoff;
+ if (dataoff >= (*pskb)->len) + if (dataoff >= skb->len)
+ return NF_ACCEPT; + return NF_ACCEPT;
+ +
+ spin_lock_bh(&rtsp_buffer_lock); + spin_lock_bh(&rtsp_buffer_lock);
+ rb_ptr = skb_header_pointer(*pskb, dataoff, + rb_ptr = skb_header_pointer(skb, dataoff,
+ (*pskb)->len - dataoff, rtsp_buffer); + skb->len - dataoff, rtsp_buffer);
+ BUG_ON(rb_ptr == NULL); + BUG_ON(rb_ptr == NULL);
+ +
+#if 0 +#if 0
@ -784,7 +784,7 @@ Index: linux-2.6.23-rc9/net/netfilter/nf_conntrack_rtsp.c
+ +
+ switch (CTINFO2DIR(ctinfo)) { + switch (CTINFO2DIR(ctinfo)) {
+ case IP_CT_DIR_ORIGINAL: + case IP_CT_DIR_ORIGINAL:
+ ret = help_out(pskb, rb_ptr, datalen, ct, ctinfo); + ret = help_out(skb, rb_ptr, datalen, ct, ctinfo);
+ break; + break;
+ case IP_CT_DIR_REPLY: + case IP_CT_DIR_REPLY:
+ DEBUGP("IP_CT_DIR_REPLY\n"); + DEBUGP("IP_CT_DIR_REPLY\n");
@ -978,7 +978,7 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+ * + *
+ * In: + * In:
+ * ct, ctinfo = conntrack context + * ct, ctinfo = conntrack context
+ * pskb = packet + * skb = packet
+ * tranoff = Transport header offset from TCP data + * tranoff = Transport header offset from TCP data
+ * tranlen = Transport header length (incl. CRLF) + * tranlen = Transport header length (incl. CRLF)
+ * rport_lo = replacement low port (host endian) + * rport_lo = replacement low port (host endian)
@ -992,7 +992,7 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+rtsp_mangle_tran(enum ip_conntrack_info ctinfo, +rtsp_mangle_tran(enum ip_conntrack_info ctinfo,
+ struct nf_conntrack_expect* exp, + struct nf_conntrack_expect* exp,
+ struct ip_ct_rtsp_expect* prtspexp, + struct ip_ct_rtsp_expect* prtspexp,
+ struct sk_buff** pskb, uint tranoff, uint tranlen) + struct sk_buff* skb, uint tranoff, uint tranlen)
+{ +{
+ char* ptcp; + char* ptcp;
+ uint tcplen; + uint tcplen;
@ -1013,7 +1013,7 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+ uint extaddrlen; + uint extaddrlen;
+ int is_stun; + int is_stun;
+ +
+ get_skb_tcpdata(*pskb, &ptcp, &tcplen); + get_skb_tcpdata(skb, &ptcp, &tcplen);
+ ptran = ptcp+tranoff; + ptran = ptcp+tranoff;
+ +
+ if (tranoff+tranlen > tcplen || tcplen-tranoff < tranlen || + if (tranoff+tranlen > tcplen || tcplen-tranoff < tranlen ||
@ -1145,14 +1145,14 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+ if (dstact == DSTACT_STRIP || (dstact == DSTACT_AUTO && !is_stun)) + if (dstact == DSTACT_STRIP || (dstact == DSTACT_AUTO && !is_stun))
+ { + {
+ diff = nextfieldoff-off; + diff = nextfieldoff-off;
+ if (!nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, + if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
+ off, diff, NULL, 0)) + off, diff, NULL, 0))
+ { + {
+ /* mangle failed, all we can do is bail */ + /* mangle failed, all we can do is bail */
+ nf_ct_unexpect_related(exp); + nf_ct_unexpect_related(exp);
+ return 0; + return 0;
+ } + }
+ get_skb_tcpdata(*pskb, &ptcp, &tcplen); + get_skb_tcpdata(skb, &ptcp, &tcplen);
+ ptran = ptcp+tranoff; + ptran = ptcp+tranoff;
+ tranlen -= diff; + tranlen -= diff;
+ nextparamoff -= diff; + nextparamoff -= diff;
@ -1215,14 +1215,14 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+ * parameter 4 below is offset from start of tcp data. + * parameter 4 below is offset from start of tcp data.
+ */ + */
+ diff = origlen-rbuflen; + diff = origlen-rbuflen;
+ if (!nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, + if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
+ origoff, origlen, rbuf, rbuflen)) + origoff, origlen, rbuf, rbuflen))
+ { + {
+ /* mangle failed, all we can do is bail */ + /* mangle failed, all we can do is bail */
+ nf_ct_unexpect_related(exp); + nf_ct_unexpect_related(exp);
+ return 0; + return 0;
+ } + }
+ get_skb_tcpdata(*pskb, &ptcp, &tcplen); + get_skb_tcpdata(skb, &ptcp, &tcplen);
+ ptran = ptcp+tranoff; + ptran = ptcp+tranoff;
+ tranlen -= diff; + tranlen -= diff;
+ nextparamoff -= diff; + nextparamoff -= diff;
@ -1240,7 +1240,7 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+} +}
+ +
+static uint +static uint
+help_out(struct sk_buff **pskb, enum ip_conntrack_info ctinfo, +help_out(struct sk_buff *skb, enum ip_conntrack_info ctinfo,
+ unsigned int matchoff, unsigned int matchlen, struct ip_ct_rtsp_expect* prtspexp, + unsigned int matchoff, unsigned int matchlen, struct ip_ct_rtsp_expect* prtspexp,
+ struct nf_conntrack_expect* exp) + struct nf_conntrack_expect* exp)
+{ +{
@ -1252,10 +1252,10 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+ uint linelen; + uint linelen;
+ uint off; + uint off;
+ +
+ //struct iphdr* iph = (struct iphdr*)(*pskb)->nh.iph; + //struct iphdr* iph = (struct iphdr*)skb->nh.iph;
+ //struct tcphdr* tcph = (struct tcphdr*)((void*)iph + iph->ihl*4); + //struct tcphdr* tcph = (struct tcphdr*)((void*)iph + iph->ihl*4);
+ +
+ get_skb_tcpdata(*pskb, &ptcp, &tcplen); + get_skb_tcpdata(skb, &ptcp, &tcplen);
+ hdrsoff = matchoff;//exp->seq - ntohl(tcph->seq); + hdrsoff = matchoff;//exp->seq - ntohl(tcph->seq);
+ hdrslen = matchlen; + hdrslen = matchlen;
+ off = hdrsoff; + off = hdrsoff;
@ -1278,12 +1278,12 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+ { + {
+ uint oldtcplen = tcplen; + uint oldtcplen = tcplen;
+ DEBUGP("hdr: Transport\n"); + DEBUGP("hdr: Transport\n");
+ if (!rtsp_mangle_tran(ctinfo, exp, prtspexp, pskb, lineoff, linelen)) + if (!rtsp_mangle_tran(ctinfo, exp, prtspexp, skb, lineoff, linelen))
+ { + {
+ DEBUGP("hdr: Transport mangle failed"); + DEBUGP("hdr: Transport mangle failed");
+ break; + break;
+ } + }
+ get_skb_tcpdata(*pskb, &ptcp, &tcplen); + get_skb_tcpdata(skb, &ptcp, &tcplen);
+ hdrslen -= (oldtcplen-tcplen); + hdrslen -= (oldtcplen-tcplen);
+ off -= (oldtcplen-tcplen); + off -= (oldtcplen-tcplen);
+ lineoff -= (oldtcplen-tcplen); + lineoff -= (oldtcplen-tcplen);
@ -1296,7 +1296,7 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+} +}
+ +
+static unsigned int +static unsigned int
+help(struct sk_buff **pskb, enum ip_conntrack_info ctinfo, +help(struct sk_buff *skb, enum ip_conntrack_info ctinfo,
+ unsigned int matchoff, unsigned int matchlen, struct ip_ct_rtsp_expect* prtspexp, + unsigned int matchoff, unsigned int matchlen, struct ip_ct_rtsp_expect* prtspexp,
+ struct nf_conntrack_expect* exp) + struct nf_conntrack_expect* exp)
+{ +{
@ -1306,7 +1306,7 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+ switch (dir) + switch (dir)
+ { + {
+ case IP_CT_DIR_ORIGINAL: + case IP_CT_DIR_ORIGINAL:
+ rc = help_out(pskb, ctinfo, matchoff, matchlen, prtspexp, exp); + rc = help_out(skb, ctinfo, matchoff, matchlen, prtspexp, exp);
+ break; + break;
+ case IP_CT_DIR_REPLY: + case IP_CT_DIR_REPLY:
+ DEBUGP("unmangle ! %u\n", ctinfo); + DEBUGP("unmangle ! %u\n", ctinfo);