diff options
author | Patrick McHardy <kaber@trash.net> | 2006-12-03 01:09:41 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-12-03 01:09:41 -0500 |
commit | f09943fefe6b702e40893d35b4f10fd1064037fe (patch) | |
tree | b170d046ecf0642471bb3c55d8e1f316fe9e5ddc /include/linux | |
parent | 92703eee4ccde3c55ee067a89c373e8a51a8adf9 (diff) |
[NETFILTER]: nf_conntrack/nf_nat: add PPTP helper port
Add nf_conntrack port of the PPtP conntrack/NAT helper. Since there seems
to be no IPv6-capable PPtP implementation the helper only support IPv4.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/netfilter/nf_conntrack_pptp.h | 321 | ||||
-rw-r--r-- | include/linux/netfilter/nf_conntrack_proto_gre.h | 112 |
2 files changed, 433 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_conntrack_pptp.h b/include/linux/netfilter/nf_conntrack_pptp.h new file mode 100644 index 000000000000..fb049ec11ff2 --- /dev/null +++ b/include/linux/netfilter/nf_conntrack_pptp.h | |||
@@ -0,0 +1,321 @@ | |||
1 | /* PPTP constants and structs */ | ||
2 | #ifndef _NF_CONNTRACK_PPTP_H | ||
3 | #define _NF_CONNTRACK_PPTP_H | ||
4 | |||
5 | /* state of the control session */ | ||
6 | enum pptp_ctrlsess_state { | ||
7 | PPTP_SESSION_NONE, /* no session present */ | ||
8 | PPTP_SESSION_ERROR, /* some session error */ | ||
9 | PPTP_SESSION_STOPREQ, /* stop_sess request seen */ | ||
10 | PPTP_SESSION_REQUESTED, /* start_sess request seen */ | ||
11 | PPTP_SESSION_CONFIRMED, /* session established */ | ||
12 | }; | ||
13 | |||
14 | /* state of the call inside the control session */ | ||
15 | enum pptp_ctrlcall_state { | ||
16 | PPTP_CALL_NONE, | ||
17 | PPTP_CALL_ERROR, | ||
18 | PPTP_CALL_OUT_REQ, | ||
19 | PPTP_CALL_OUT_CONF, | ||
20 | PPTP_CALL_IN_REQ, | ||
21 | PPTP_CALL_IN_REP, | ||
22 | PPTP_CALL_IN_CONF, | ||
23 | PPTP_CALL_CLEAR_REQ, | ||
24 | }; | ||
25 | |||
26 | /* conntrack private data */ | ||
27 | struct nf_ct_pptp_master { | ||
28 | enum pptp_ctrlsess_state sstate; /* session state */ | ||
29 | enum pptp_ctrlcall_state cstate; /* call state */ | ||
30 | __be16 pac_call_id; /* call id of PAC */ | ||
31 | __be16 pns_call_id; /* call id of PNS */ | ||
32 | |||
33 | /* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack | ||
34 | * and therefore imposes a fixed limit on the number of maps */ | ||
35 | struct nf_ct_gre_keymap *keymap[IP_CT_DIR_MAX]; | ||
36 | }; | ||
37 | |||
38 | struct nf_nat_pptp { | ||
39 | __be16 pns_call_id; /* NAT'ed PNS call id */ | ||
40 | __be16 pac_call_id; /* NAT'ed PAC call id */ | ||
41 | }; | ||
42 | |||
43 | #ifdef __KERNEL__ | ||
44 | |||
45 | #define PPTP_CONTROL_PORT 1723 | ||
46 | |||
47 | #define PPTP_PACKET_CONTROL 1 | ||
48 | #define PPTP_PACKET_MGMT 2 | ||
49 | |||
50 | #define PPTP_MAGIC_COOKIE 0x1a2b3c4d | ||
51 | |||
52 | struct pptp_pkt_hdr { | ||
53 | __u16 packetLength; | ||
54 | __be16 packetType; | ||
55 | __be32 magicCookie; | ||
56 | }; | ||
57 | |||
58 | /* PptpControlMessageType values */ | ||
59 | #define PPTP_START_SESSION_REQUEST 1 | ||
60 | #define PPTP_START_SESSION_REPLY 2 | ||
61 | #define PPTP_STOP_SESSION_REQUEST 3 | ||
62 | #define PPTP_STOP_SESSION_REPLY 4 | ||
63 | #define PPTP_ECHO_REQUEST 5 | ||
64 | #define PPTP_ECHO_REPLY 6 | ||
65 | #define PPTP_OUT_CALL_REQUEST 7 | ||
66 | #define PPTP_OUT_CALL_REPLY 8 | ||
67 | #define PPTP_IN_CALL_REQUEST 9 | ||
68 | #define PPTP_IN_CALL_REPLY 10 | ||
69 | #define PPTP_IN_CALL_CONNECT 11 | ||
70 | #define PPTP_CALL_CLEAR_REQUEST 12 | ||
71 | #define PPTP_CALL_DISCONNECT_NOTIFY 13 | ||
72 | #define PPTP_WAN_ERROR_NOTIFY 14 | ||
73 | #define PPTP_SET_LINK_INFO 15 | ||
74 | |||
75 | #define PPTP_MSG_MAX 15 | ||
76 | |||
77 | /* PptpGeneralError values */ | ||
78 | #define PPTP_ERROR_CODE_NONE 0 | ||
79 | #define PPTP_NOT_CONNECTED 1 | ||
80 | #define PPTP_BAD_FORMAT 2 | ||
81 | #define PPTP_BAD_VALUE 3 | ||
82 | #define PPTP_NO_RESOURCE 4 | ||
83 | #define PPTP_BAD_CALLID 5 | ||
84 | #define PPTP_REMOVE_DEVICE_ERROR 6 | ||
85 | |||
86 | struct PptpControlHeader { | ||
87 | __be16 messageType; | ||
88 | __u16 reserved; | ||
89 | }; | ||
90 | |||
91 | /* FramingCapability Bitmap Values */ | ||
92 | #define PPTP_FRAME_CAP_ASYNC 0x1 | ||
93 | #define PPTP_FRAME_CAP_SYNC 0x2 | ||
94 | |||
95 | /* BearerCapability Bitmap Values */ | ||
96 | #define PPTP_BEARER_CAP_ANALOG 0x1 | ||
97 | #define PPTP_BEARER_CAP_DIGITAL 0x2 | ||
98 | |||
99 | struct PptpStartSessionRequest { | ||
100 | __be16 protocolVersion; | ||
101 | __u16 reserved1; | ||
102 | __be32 framingCapability; | ||
103 | __be32 bearerCapability; | ||
104 | __be16 maxChannels; | ||
105 | __be16 firmwareRevision; | ||
106 | __u8 hostName[64]; | ||
107 | __u8 vendorString[64]; | ||
108 | }; | ||
109 | |||
110 | /* PptpStartSessionResultCode Values */ | ||
111 | #define PPTP_START_OK 1 | ||
112 | #define PPTP_START_GENERAL_ERROR 2 | ||
113 | #define PPTP_START_ALREADY_CONNECTED 3 | ||
114 | #define PPTP_START_NOT_AUTHORIZED 4 | ||
115 | #define PPTP_START_UNKNOWN_PROTOCOL 5 | ||
116 | |||
117 | struct PptpStartSessionReply { | ||
118 | __be16 protocolVersion; | ||
119 | __u8 resultCode; | ||
120 | __u8 generalErrorCode; | ||
121 | __be32 framingCapability; | ||
122 | __be32 bearerCapability; | ||
123 | __be16 maxChannels; | ||
124 | __be16 firmwareRevision; | ||
125 | __u8 hostName[64]; | ||
126 | __u8 vendorString[64]; | ||
127 | }; | ||
128 | |||
129 | /* PptpStopReasons */ | ||
130 | #define PPTP_STOP_NONE 1 | ||
131 | #define PPTP_STOP_PROTOCOL 2 | ||
132 | #define PPTP_STOP_LOCAL_SHUTDOWN 3 | ||
133 | |||
134 | struct PptpStopSessionRequest { | ||
135 | __u8 reason; | ||
136 | __u8 reserved1; | ||
137 | __u16 reserved2; | ||
138 | }; | ||
139 | |||
140 | /* PptpStopSessionResultCode */ | ||
141 | #define PPTP_STOP_OK 1 | ||
142 | #define PPTP_STOP_GENERAL_ERROR 2 | ||
143 | |||
144 | struct PptpStopSessionReply { | ||
145 | __u8 resultCode; | ||
146 | __u8 generalErrorCode; | ||
147 | __u16 reserved1; | ||
148 | }; | ||
149 | |||
150 | struct PptpEchoRequest { | ||
151 | __be32 identNumber; | ||
152 | }; | ||
153 | |||
154 | /* PptpEchoReplyResultCode */ | ||
155 | #define PPTP_ECHO_OK 1 | ||
156 | #define PPTP_ECHO_GENERAL_ERROR 2 | ||
157 | |||
158 | struct PptpEchoReply { | ||
159 | __be32 identNumber; | ||
160 | __u8 resultCode; | ||
161 | __u8 generalErrorCode; | ||
162 | __u16 reserved; | ||
163 | }; | ||
164 | |||
165 | /* PptpFramingType */ | ||
166 | #define PPTP_ASYNC_FRAMING 1 | ||
167 | #define PPTP_SYNC_FRAMING 2 | ||
168 | #define PPTP_DONT_CARE_FRAMING 3 | ||
169 | |||
170 | /* PptpCallBearerType */ | ||
171 | #define PPTP_ANALOG_TYPE 1 | ||
172 | #define PPTP_DIGITAL_TYPE 2 | ||
173 | #define PPTP_DONT_CARE_BEARER_TYPE 3 | ||
174 | |||
175 | struct PptpOutCallRequest { | ||
176 | __be16 callID; | ||
177 | __be16 callSerialNumber; | ||
178 | __be32 minBPS; | ||
179 | __be32 maxBPS; | ||
180 | __be32 bearerType; | ||
181 | __be32 framingType; | ||
182 | __be16 packetWindow; | ||
183 | __be16 packetProcDelay; | ||
184 | __be16 phoneNumberLength; | ||
185 | __u16 reserved1; | ||
186 | __u8 phoneNumber[64]; | ||
187 | __u8 subAddress[64]; | ||
188 | }; | ||
189 | |||
190 | /* PptpCallResultCode */ | ||
191 | #define PPTP_OUTCALL_CONNECT 1 | ||
192 | #define PPTP_OUTCALL_GENERAL_ERROR 2 | ||
193 | #define PPTP_OUTCALL_NO_CARRIER 3 | ||
194 | #define PPTP_OUTCALL_BUSY 4 | ||
195 | #define PPTP_OUTCALL_NO_DIAL_TONE 5 | ||
196 | #define PPTP_OUTCALL_TIMEOUT 6 | ||
197 | #define PPTP_OUTCALL_DONT_ACCEPT 7 | ||
198 | |||
199 | struct PptpOutCallReply { | ||
200 | __be16 callID; | ||
201 | __be16 peersCallID; | ||
202 | __u8 resultCode; | ||
203 | __u8 generalErrorCode; | ||
204 | __be16 causeCode; | ||
205 | __be32 connectSpeed; | ||
206 | __be16 packetWindow; | ||
207 | __be16 packetProcDelay; | ||
208 | __be32 physChannelID; | ||
209 | }; | ||
210 | |||
211 | struct PptpInCallRequest { | ||
212 | __be16 callID; | ||
213 | __be16 callSerialNumber; | ||
214 | __be32 callBearerType; | ||
215 | __be32 physChannelID; | ||
216 | __be16 dialedNumberLength; | ||
217 | __be16 dialingNumberLength; | ||
218 | __u8 dialedNumber[64]; | ||
219 | __u8 dialingNumber[64]; | ||
220 | __u8 subAddress[64]; | ||
221 | }; | ||
222 | |||
223 | /* PptpInCallResultCode */ | ||
224 | #define PPTP_INCALL_ACCEPT 1 | ||
225 | #define PPTP_INCALL_GENERAL_ERROR 2 | ||
226 | #define PPTP_INCALL_DONT_ACCEPT 3 | ||
227 | |||
228 | struct PptpInCallReply { | ||
229 | __be16 callID; | ||
230 | __be16 peersCallID; | ||
231 | __u8 resultCode; | ||
232 | __u8 generalErrorCode; | ||
233 | __be16 packetWindow; | ||
234 | __be16 packetProcDelay; | ||
235 | __u16 reserved; | ||
236 | }; | ||
237 | |||
238 | struct PptpInCallConnected { | ||
239 | __be16 peersCallID; | ||
240 | __u16 reserved; | ||
241 | __be32 connectSpeed; | ||
242 | __be16 packetWindow; | ||
243 | __be16 packetProcDelay; | ||
244 | __be32 callFramingType; | ||
245 | }; | ||
246 | |||
247 | struct PptpClearCallRequest { | ||
248 | __be16 callID; | ||
249 | __u16 reserved; | ||
250 | }; | ||
251 | |||
252 | struct PptpCallDisconnectNotify { | ||
253 | __be16 callID; | ||
254 | __u8 resultCode; | ||
255 | __u8 generalErrorCode; | ||
256 | __be16 causeCode; | ||
257 | __u16 reserved; | ||
258 | __u8 callStatistics[128]; | ||
259 | }; | ||
260 | |||
261 | struct PptpWanErrorNotify { | ||
262 | __be16 peersCallID; | ||
263 | __u16 reserved; | ||
264 | __be32 crcErrors; | ||
265 | __be32 framingErrors; | ||
266 | __be32 hardwareOverRuns; | ||
267 | __be32 bufferOverRuns; | ||
268 | __be32 timeoutErrors; | ||
269 | __be32 alignmentErrors; | ||
270 | }; | ||
271 | |||
272 | struct PptpSetLinkInfo { | ||
273 | __be16 peersCallID; | ||
274 | __u16 reserved; | ||
275 | __be32 sendAccm; | ||
276 | __be32 recvAccm; | ||
277 | }; | ||
278 | |||
279 | union pptp_ctrl_union { | ||
280 | struct PptpStartSessionRequest sreq; | ||
281 | struct PptpStartSessionReply srep; | ||
282 | struct PptpStopSessionRequest streq; | ||
283 | struct PptpStopSessionReply strep; | ||
284 | struct PptpOutCallRequest ocreq; | ||
285 | struct PptpOutCallReply ocack; | ||
286 | struct PptpInCallRequest icreq; | ||
287 | struct PptpInCallReply icack; | ||
288 | struct PptpInCallConnected iccon; | ||
289 | struct PptpClearCallRequest clrreq; | ||
290 | struct PptpCallDisconnectNotify disc; | ||
291 | struct PptpWanErrorNotify wanerr; | ||
292 | struct PptpSetLinkInfo setlink; | ||
293 | }; | ||
294 | |||
295 | /* crap needed for nf_conntrack_compat.h */ | ||
296 | struct nf_conn; | ||
297 | struct nf_conntrack_expect; | ||
298 | enum ip_conntrack_info; | ||
299 | |||
300 | extern int | ||
301 | (*nf_nat_pptp_hook_outbound)(struct sk_buff **pskb, | ||
302 | struct nf_conn *ct, enum ip_conntrack_info ctinfo, | ||
303 | struct PptpControlHeader *ctlh, | ||
304 | union pptp_ctrl_union *pptpReq); | ||
305 | |||
306 | extern int | ||
307 | (*nf_nat_pptp_hook_inbound)(struct sk_buff **pskb, | ||
308 | struct nf_conn *ct, enum ip_conntrack_info ctinfo, | ||
309 | struct PptpControlHeader *ctlh, | ||
310 | union pptp_ctrl_union *pptpReq); | ||
311 | |||
312 | extern void | ||
313 | (*nf_nat_pptp_hook_exp_gre)(struct nf_conntrack_expect *exp_orig, | ||
314 | struct nf_conntrack_expect *exp_reply); | ||
315 | |||
316 | extern void | ||
317 | (*nf_nat_pptp_hook_expectfn)(struct nf_conn *ct, | ||
318 | struct nf_conntrack_expect *exp); | ||
319 | |||
320 | #endif /* __KERNEL__ */ | ||
321 | #endif /* _NF_CONNTRACK_PPTP_H */ | ||
diff --git a/include/linux/netfilter/nf_conntrack_proto_gre.h b/include/linux/netfilter/nf_conntrack_proto_gre.h new file mode 100644 index 000000000000..4e6bbce04ff8 --- /dev/null +++ b/include/linux/netfilter/nf_conntrack_proto_gre.h | |||
@@ -0,0 +1,112 @@ | |||
1 | #ifndef _CONNTRACK_PROTO_GRE_H | ||
2 | #define _CONNTRACK_PROTO_GRE_H | ||
3 | #include <asm/byteorder.h> | ||
4 | |||
5 | /* GRE PROTOCOL HEADER */ | ||
6 | |||
7 | /* GRE Version field */ | ||
8 | #define GRE_VERSION_1701 0x0 | ||
9 | #define GRE_VERSION_PPTP 0x1 | ||
10 | |||
11 | /* GRE Protocol field */ | ||
12 | #define GRE_PROTOCOL_PPTP 0x880B | ||
13 | |||
14 | /* GRE Flags */ | ||
15 | #define GRE_FLAG_C 0x80 | ||
16 | #define GRE_FLAG_R 0x40 | ||
17 | #define GRE_FLAG_K 0x20 | ||
18 | #define GRE_FLAG_S 0x10 | ||
19 | #define GRE_FLAG_A 0x80 | ||
20 | |||
21 | #define GRE_IS_C(f) ((f)&GRE_FLAG_C) | ||
22 | #define GRE_IS_R(f) ((f)&GRE_FLAG_R) | ||
23 | #define GRE_IS_K(f) ((f)&GRE_FLAG_K) | ||
24 | #define GRE_IS_S(f) ((f)&GRE_FLAG_S) | ||
25 | #define GRE_IS_A(f) ((f)&GRE_FLAG_A) | ||
26 | |||
27 | /* GRE is a mess: Four different standards */ | ||
28 | struct gre_hdr { | ||
29 | #if defined(__LITTLE_ENDIAN_BITFIELD) | ||
30 | __u16 rec:3, | ||
31 | srr:1, | ||
32 | seq:1, | ||
33 | key:1, | ||
34 | routing:1, | ||
35 | csum:1, | ||
36 | version:3, | ||
37 | reserved:4, | ||
38 | ack:1; | ||
39 | #elif defined(__BIG_ENDIAN_BITFIELD) | ||
40 | __u16 csum:1, | ||
41 | routing:1, | ||
42 | key:1, | ||
43 | seq:1, | ||
44 | srr:1, | ||
45 | rec:3, | ||
46 | ack:1, | ||
47 | reserved:4, | ||
48 | version:3; | ||
49 | #else | ||
50 | #error "Adjust your <asm/byteorder.h> defines" | ||
51 | #endif | ||
52 | __be16 protocol; | ||
53 | }; | ||
54 | |||
55 | /* modified GRE header for PPTP */ | ||
56 | struct gre_hdr_pptp { | ||
57 | __u8 flags; /* bitfield */ | ||
58 | __u8 version; /* should be GRE_VERSION_PPTP */ | ||
59 | __be16 protocol; /* should be GRE_PROTOCOL_PPTP */ | ||
60 | __be16 payload_len; /* size of ppp payload, not inc. gre header */ | ||
61 | __be16 call_id; /* peer's call_id for this session */ | ||
62 | __be32 seq; /* sequence number. Present if S==1 */ | ||
63 | __be32 ack; /* seq number of highest packet recieved by */ | ||
64 | /* sender in this session */ | ||
65 | }; | ||
66 | |||
67 | struct nf_ct_gre { | ||
68 | unsigned int stream_timeout; | ||
69 | unsigned int timeout; | ||
70 | }; | ||
71 | |||
72 | #ifdef __KERNEL__ | ||
73 | #include <net/netfilter/nf_conntrack_tuple.h> | ||
74 | |||
75 | struct nf_conn; | ||
76 | |||
77 | /* structure for original <-> reply keymap */ | ||
78 | struct nf_ct_gre_keymap { | ||
79 | struct list_head list; | ||
80 | struct nf_conntrack_tuple tuple; | ||
81 | }; | ||
82 | |||
83 | /* add new tuple->key_reply pair to keymap */ | ||
84 | int nf_ct_gre_keymap_add(struct nf_conn *ct, enum ip_conntrack_dir dir, | ||
85 | struct nf_conntrack_tuple *t); | ||
86 | |||
87 | /* delete keymap entries */ | ||
88 | void nf_ct_gre_keymap_destroy(struct nf_conn *ct); | ||
89 | |||
90 | /* get pointer to gre key, if present */ | ||
91 | static inline __be32 *gre_key(struct gre_hdr *greh) | ||
92 | { | ||
93 | if (!greh->key) | ||
94 | return NULL; | ||
95 | if (greh->csum || greh->routing) | ||
96 | return (__be32 *)(greh+sizeof(*greh)+4); | ||
97 | return (__be32 *)(greh+sizeof(*greh)); | ||
98 | } | ||
99 | |||
100 | /* get pointer ot gre csum, if present */ | ||
101 | static inline __sum16 *gre_csum(struct gre_hdr *greh) | ||
102 | { | ||
103 | if (!greh->csum) | ||
104 | return NULL; | ||
105 | return (__sum16 *)(greh+sizeof(*greh)); | ||
106 | } | ||
107 | |||
108 | extern void nf_ct_gre_keymap_flush(void); | ||
109 | extern void nf_nat_need_gre(void); | ||
110 | |||
111 | #endif /* __KERNEL__ */ | ||
112 | #endif /* _CONNTRACK_PROTO_GRE_H */ | ||