netfilter: fix RTSP on 2.6.24

SVN-Revision: 10319
This commit is contained in:
Gabor Juhos 2008-01-30 07:35:01 +00:00
parent 131dfed3d7
commit 3dae29dc4a

View file

@ -53,7 +53,7 @@ Index: linux-2.6.23-rc9/include/linux/netfilter/nf_conntrack_rtsp.h
+#endif
+};
+
+extern unsigned int (*nf_nat_rtsp_hook)(struct sk_buff **pskb,
+extern unsigned int (*nf_nat_rtsp_hook)(struct sk_buff *skb,
+ enum ip_conntrack_info ctinfo,
+ unsigned int matchoff, unsigned int matchlen,
+ struct ip_ct_rtsp_expect *prtspexp,
@ -441,7 +441,7 @@ Index: linux-2.6.23-rc9/net/netfilter/nf_conntrack_rtsp.c
+static char *rtsp_buffer;
+static DEFINE_SPINLOCK(rtsp_buffer_lock);
+
+unsigned int (*nf_nat_rtsp_hook)(struct sk_buff **pskb,
+unsigned int (*nf_nat_rtsp_hook)(struct sk_buff *skb,
+ enum ip_conntrack_info ctinfo,
+ unsigned int matchoff, unsigned int matchlen,struct ip_ct_rtsp_expect* prtspexp,
+ struct nf_conntrack_expect *exp);
@ -635,7 +635,7 @@ Index: linux-2.6.23-rc9/net/netfilter/nf_conntrack_rtsp.c
+/* outbound packet: client->server */
+
+static inline int
+help_out(struct sk_buff **pskb, unsigned char *rb_ptr, unsigned int datalen,
+help_out(struct sk_buff *skb, unsigned char *rb_ptr, unsigned int datalen,
+ struct nf_conn *ct, enum ip_conntrack_info ctinfo)
+{
+ struct ip_ct_rtsp_expect expinfo;
@ -717,7 +717,7 @@ Index: linux-2.6.23-rc9/net/netfilter/nf_conntrack_rtsp.c
+
+ if (nf_nat_rtsp_hook)
+ /* pass the request off to the nat helper */
+ ret = nf_nat_rtsp_hook(pskb, ctinfo, hdrsoff, hdrslen, &expinfo, exp);
+ ret = nf_nat_rtsp_hook(skb, ctinfo, hdrsoff, hdrslen, &expinfo, exp);
+ else if (nf_ct_expect_related(exp) != 0) {
+ INFOP("nf_ct_expect_related failed\n");
+ ret = NF_DROP;
@ -732,13 +732,13 @@ Index: linux-2.6.23-rc9/net/netfilter/nf_conntrack_rtsp.c
+
+
+static inline int
+help_in(struct sk_buff **pskb, size_t pktlen,
+help_in(struct sk_buff *skb, size_t pktlen,
+ struct nf_conn* ct, enum ip_conntrack_info ctinfo)
+{
+ return NF_ACCEPT;
+}
+
+static int help(struct sk_buff **pskb, unsigned int protoff,
+static int help(struct sk_buff *skb, unsigned int protoff,
+ struct nf_conn *ct, enum ip_conntrack_info ctinfo)
+{
+ struct tcphdr _tcph, *th;
@ -754,20 +754,20 @@ Index: linux-2.6.23-rc9/net/netfilter/nf_conntrack_rtsp.c
+ }
+
+ /* Not whole TCP header? */
+ th = skb_header_pointer(*pskb,protoff, sizeof(_tcph), &_tcph);
+ th = skb_header_pointer(skb, protoff, sizeof(_tcph), &_tcph);
+
+ if (!th)
+ return NF_ACCEPT;
+
+ /* No data ? */
+ dataoff = protoff + th->doff*4;
+ datalen = (*pskb)->len - dataoff;
+ if (dataoff >= (*pskb)->len)
+ datalen = skb->len - dataoff;
+ if (dataoff >= skb->len)
+ return NF_ACCEPT;
+
+ spin_lock_bh(&rtsp_buffer_lock);
+ rb_ptr = skb_header_pointer(*pskb, dataoff,
+ (*pskb)->len - dataoff, rtsp_buffer);
+ rb_ptr = skb_header_pointer(skb, dataoff,
+ skb->len - dataoff, rtsp_buffer);
+ BUG_ON(rb_ptr == NULL);
+
+#if 0
@ -784,7 +784,7 @@ Index: linux-2.6.23-rc9/net/netfilter/nf_conntrack_rtsp.c
+
+ switch (CTINFO2DIR(ctinfo)) {
+ case IP_CT_DIR_ORIGINAL:
+ ret = help_out(pskb, rb_ptr, datalen, ct, ctinfo);
+ ret = help_out(skb, rb_ptr, datalen, ct, ctinfo);
+ break;
+ case IP_CT_DIR_REPLY:
+ DEBUGP("IP_CT_DIR_REPLY\n");
@ -978,7 +978,7 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+ *
+ * In:
+ * ct, ctinfo = conntrack context
+ * pskb = packet
+ * skb = packet
+ * tranoff = Transport header offset from TCP data
+ * tranlen = Transport header length (incl. CRLF)
+ * rport_lo = replacement low port (host endian)
@ -992,7 +992,7 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+rtsp_mangle_tran(enum ip_conntrack_info ctinfo,
+ struct nf_conntrack_expect* exp,
+ struct ip_ct_rtsp_expect* prtspexp,
+ struct sk_buff** pskb, uint tranoff, uint tranlen)
+ struct sk_buff* skb, uint tranoff, uint tranlen)
+{
+ char* ptcp;
+ uint tcplen;
@ -1013,7 +1013,7 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+ uint extaddrlen;
+ int is_stun;
+
+ get_skb_tcpdata(*pskb, &ptcp, &tcplen);
+ get_skb_tcpdata(skb, &ptcp, &tcplen);
+ ptran = ptcp+tranoff;
+
+ if (tranoff+tranlen > tcplen || tcplen-tranoff < tranlen ||
@ -1145,14 +1145,14 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+ if (dstact == DSTACT_STRIP || (dstact == DSTACT_AUTO && !is_stun))
+ {
+ diff = nextfieldoff-off;
+ if (!nf_nat_mangle_tcp_packet(pskb, ct, ctinfo,
+ if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
+ off, diff, NULL, 0))
+ {
+ /* mangle failed, all we can do is bail */
+ nf_ct_unexpect_related(exp);
+ return 0;
+ }
+ get_skb_tcpdata(*pskb, &ptcp, &tcplen);
+ get_skb_tcpdata(skb, &ptcp, &tcplen);
+ ptran = ptcp+tranoff;
+ tranlen -= diff;
+ nextparamoff -= diff;
@ -1215,14 +1215,14 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+ * parameter 4 below is offset from start of tcp data.
+ */
+ diff = origlen-rbuflen;
+ if (!nf_nat_mangle_tcp_packet(pskb, ct, ctinfo,
+ if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
+ origoff, origlen, rbuf, rbuflen))
+ {
+ /* mangle failed, all we can do is bail */
+ nf_ct_unexpect_related(exp);
+ return 0;
+ }
+ get_skb_tcpdata(*pskb, &ptcp, &tcplen);
+ get_skb_tcpdata(skb, &ptcp, &tcplen);
+ ptran = ptcp+tranoff;
+ tranlen -= diff;
+ nextparamoff -= diff;
@ -1240,7 +1240,7 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+}
+
+static uint
+help_out(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
+help_out(struct sk_buff *skb, enum ip_conntrack_info ctinfo,
+ unsigned int matchoff, unsigned int matchlen, struct ip_ct_rtsp_expect* prtspexp,
+ struct nf_conntrack_expect* exp)
+{
@ -1252,10 +1252,10 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+ uint linelen;
+ uint off;
+
+ //struct iphdr* iph = (struct iphdr*)(*pskb)->nh.iph;
+ //struct iphdr* iph = (struct iphdr*)skb->nh.iph;
+ //struct tcphdr* tcph = (struct tcphdr*)((void*)iph + iph->ihl*4);
+
+ get_skb_tcpdata(*pskb, &ptcp, &tcplen);
+ get_skb_tcpdata(skb, &ptcp, &tcplen);
+ hdrsoff = matchoff;//exp->seq - ntohl(tcph->seq);
+ hdrslen = matchlen;
+ off = hdrsoff;
@ -1278,12 +1278,12 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+ {
+ uint oldtcplen = tcplen;
+ DEBUGP("hdr: Transport\n");
+ if (!rtsp_mangle_tran(ctinfo, exp, prtspexp, pskb, lineoff, linelen))
+ if (!rtsp_mangle_tran(ctinfo, exp, prtspexp, skb, lineoff, linelen))
+ {
+ DEBUGP("hdr: Transport mangle failed");
+ break;
+ }
+ get_skb_tcpdata(*pskb, &ptcp, &tcplen);
+ get_skb_tcpdata(skb, &ptcp, &tcplen);
+ hdrslen -= (oldtcplen-tcplen);
+ off -= (oldtcplen-tcplen);
+ lineoff -= (oldtcplen-tcplen);
@ -1296,7 +1296,7 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+}
+
+static unsigned int
+help(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
+help(struct sk_buff *skb, enum ip_conntrack_info ctinfo,
+ unsigned int matchoff, unsigned int matchlen, struct ip_ct_rtsp_expect* prtspexp,
+ struct nf_conntrack_expect* exp)
+{
@ -1306,7 +1306,7 @@ Index: linux-2.6.23-rc9/net/ipv4/netfilter/nf_nat_rtsp.c
+ switch (dir)
+ {
+ case IP_CT_DIR_ORIGINAL:
+ rc = help_out(pskb, ctinfo, matchoff, matchlen, prtspexp, exp);
+ rc = help_out(skb, ctinfo, matchoff, matchlen, prtspexp, exp);
+ break;
+ case IP_CT_DIR_REPLY:
+ DEBUGP("unmangle ! %u\n", ctinfo);