c2a1910b06
While porting some changes of the 2.6.21-rc7 pptp/proto_gre conntrack and nat modules to a 2.4.32 kernel I noticed that the gre_key function returns a wrong pointer to the GRE key of a version 0 packet thus corrupting the packet payload. The intended behaviour for GREv0 packets is to act like nf_conntrack_proto_generic/nf_nat_proto_unknown so I have ripped the offending functions (not used anymore) and modified the nf_nat_proto_gre modules to not touch version 0 (non PPTP) packets. Signed-off-by: Jorge Boncompte <jorge@dti2.net> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
95 lines
2.1 KiB
C
95 lines
2.1 KiB
C
#ifndef _CONNTRACK_PROTO_GRE_H
|
|
#define _CONNTRACK_PROTO_GRE_H
|
|
#include <asm/byteorder.h>
|
|
|
|
/* GRE PROTOCOL HEADER */
|
|
|
|
/* GRE Version field */
|
|
#define GRE_VERSION_1701 0x0
|
|
#define GRE_VERSION_PPTP 0x1
|
|
|
|
/* GRE Protocol field */
|
|
#define GRE_PROTOCOL_PPTP 0x880B
|
|
|
|
/* GRE Flags */
|
|
#define GRE_FLAG_C 0x80
|
|
#define GRE_FLAG_R 0x40
|
|
#define GRE_FLAG_K 0x20
|
|
#define GRE_FLAG_S 0x10
|
|
#define GRE_FLAG_A 0x80
|
|
|
|
#define GRE_IS_C(f) ((f)&GRE_FLAG_C)
|
|
#define GRE_IS_R(f) ((f)&GRE_FLAG_R)
|
|
#define GRE_IS_K(f) ((f)&GRE_FLAG_K)
|
|
#define GRE_IS_S(f) ((f)&GRE_FLAG_S)
|
|
#define GRE_IS_A(f) ((f)&GRE_FLAG_A)
|
|
|
|
/* GRE is a mess: Four different standards */
|
|
struct gre_hdr {
|
|
#if defined(__LITTLE_ENDIAN_BITFIELD)
|
|
__u16 rec:3,
|
|
srr:1,
|
|
seq:1,
|
|
key:1,
|
|
routing:1,
|
|
csum:1,
|
|
version:3,
|
|
reserved:4,
|
|
ack:1;
|
|
#elif defined(__BIG_ENDIAN_BITFIELD)
|
|
__u16 csum:1,
|
|
routing:1,
|
|
key:1,
|
|
seq:1,
|
|
srr:1,
|
|
rec:3,
|
|
ack:1,
|
|
reserved:4,
|
|
version:3;
|
|
#else
|
|
#error "Adjust your <asm/byteorder.h> defines"
|
|
#endif
|
|
__be16 protocol;
|
|
};
|
|
|
|
/* modified GRE header for PPTP */
|
|
struct gre_hdr_pptp {
|
|
__u8 flags; /* bitfield */
|
|
__u8 version; /* should be GRE_VERSION_PPTP */
|
|
__be16 protocol; /* should be GRE_PROTOCOL_PPTP */
|
|
__be16 payload_len; /* size of ppp payload, not inc. gre header */
|
|
__be16 call_id; /* peer's call_id for this session */
|
|
__be32 seq; /* sequence number. Present if S==1 */
|
|
__be32 ack; /* seq number of highest packet recieved by */
|
|
/* sender in this session */
|
|
};
|
|
|
|
struct nf_ct_gre {
|
|
unsigned int stream_timeout;
|
|
unsigned int timeout;
|
|
};
|
|
|
|
#ifdef __KERNEL__
|
|
#include <net/netfilter/nf_conntrack_tuple.h>
|
|
|
|
struct nf_conn;
|
|
|
|
/* structure for original <-> reply keymap */
|
|
struct nf_ct_gre_keymap {
|
|
struct list_head list;
|
|
struct nf_conntrack_tuple tuple;
|
|
};
|
|
|
|
/* add new tuple->key_reply pair to keymap */
|
|
int nf_ct_gre_keymap_add(struct nf_conn *ct, enum ip_conntrack_dir dir,
|
|
struct nf_conntrack_tuple *t);
|
|
|
|
/* delete keymap entries */
|
|
void nf_ct_gre_keymap_destroy(struct nf_conn *ct);
|
|
|
|
extern void nf_ct_gre_keymap_flush(void);
|
|
extern void nf_nat_need_gre(void);
|
|
|
|
#endif /* __KERNEL__ */
|
|
#endif /* _CONNTRACK_PROTO_GRE_H */
|