aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorHarald Welte <laforge@netfilter.org>2005-09-19 18:33:08 -0400
committerDavid S. Miller <davem@davemloft.net>2005-09-19 18:33:08 -0400
commit926b50f92a30090da2c1a8675de954c2d9b09732 (patch)
treec8dd1cadf83c8e5e1cdc666b5b5596c2ae5dc76a /include/linux
parent772cb712b1373d335ef2874ea357ec681edc754b (diff)
[NETFILTER]: Add new PPTP conntrack and NAT helper
This new "version 3" PPTP conntrack/nat helper is finally ready for mainline inclusion. Special thanks to lots of last-minute bugfixing by Patric McHardy. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack.h12
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_pptp.h332
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h114
-rw-r--r--include/linux/netfilter_ipv4/ip_conntrack_tuple.h7
-rw-r--r--include/linux/netfilter_ipv4/ip_nat_pptp.h11
5 files changed, 476 insertions, 0 deletions
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h
index 7e033e9271a8..2df446c952ef 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack.h
@@ -133,11 +133,13 @@ enum ip_conntrack_expect_events {
133 133
134#include <linux/netfilter_ipv4/ip_conntrack_tcp.h> 134#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
135#include <linux/netfilter_ipv4/ip_conntrack_icmp.h> 135#include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
136#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h>
136#include <linux/netfilter_ipv4/ip_conntrack_sctp.h> 137#include <linux/netfilter_ipv4/ip_conntrack_sctp.h>
137 138
138/* per conntrack: protocol private data */ 139/* per conntrack: protocol private data */
139union ip_conntrack_proto { 140union ip_conntrack_proto {
140 /* insert conntrack proto private data here */ 141 /* insert conntrack proto private data here */
142 struct ip_ct_gre gre;
141 struct ip_ct_sctp sctp; 143 struct ip_ct_sctp sctp;
142 struct ip_ct_tcp tcp; 144 struct ip_ct_tcp tcp;
143 struct ip_ct_icmp icmp; 145 struct ip_ct_icmp icmp;
@@ -148,6 +150,7 @@ union ip_conntrack_expect_proto {
148}; 150};
149 151
150/* Add protocol helper include file here */ 152/* Add protocol helper include file here */
153#include <linux/netfilter_ipv4/ip_conntrack_pptp.h>
151#include <linux/netfilter_ipv4/ip_conntrack_amanda.h> 154#include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
152#include <linux/netfilter_ipv4/ip_conntrack_ftp.h> 155#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
153#include <linux/netfilter_ipv4/ip_conntrack_irc.h> 156#include <linux/netfilter_ipv4/ip_conntrack_irc.h>
@@ -155,12 +158,20 @@ union ip_conntrack_expect_proto {
155/* per conntrack: application helper private data */ 158/* per conntrack: application helper private data */
156union ip_conntrack_help { 159union ip_conntrack_help {
157 /* insert conntrack helper private data (master) here */ 160 /* insert conntrack helper private data (master) here */
161 struct ip_ct_pptp_master ct_pptp_info;
158 struct ip_ct_ftp_master ct_ftp_info; 162 struct ip_ct_ftp_master ct_ftp_info;
159 struct ip_ct_irc_master ct_irc_info; 163 struct ip_ct_irc_master ct_irc_info;
160}; 164};
161 165
162#ifdef CONFIG_IP_NF_NAT_NEEDED 166#ifdef CONFIG_IP_NF_NAT_NEEDED
163#include <linux/netfilter_ipv4/ip_nat.h> 167#include <linux/netfilter_ipv4/ip_nat.h>
168#include <linux/netfilter_ipv4/ip_nat_pptp.h>
169
170/* per conntrack: nat application helper private data */
171union ip_conntrack_nat_help {
172 /* insert nat helper private data here */
173 struct ip_nat_pptp nat_pptp_info;
174};
164#endif 175#endif
165 176
166#include <linux/types.h> 177#include <linux/types.h>
@@ -223,6 +234,7 @@ struct ip_conntrack
223#ifdef CONFIG_IP_NF_NAT_NEEDED 234#ifdef CONFIG_IP_NF_NAT_NEEDED
224 struct { 235 struct {
225 struct ip_nat_info info; 236 struct ip_nat_info info;
237 union ip_conntrack_nat_help help;
226#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \ 238#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
227 defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE) 239 defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
228 int masq_index; 240 int masq_index;
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_pptp.h b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
new file mode 100644
index 000000000000..389e3851d52f
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
@@ -0,0 +1,332 @@
1/* PPTP constants and structs */
2#ifndef _CONNTRACK_PPTP_H
3#define _CONNTRACK_PPTP_H
4
5/* state of the control session */
6enum pptp_ctrlsess_state {
7 PPTP_SESSION_NONE, /* no session present */
8 PPTP_SESSION_ERROR, /* some session error */
9 PPTP_SESSION_STOPREQ, /* stop_sess request seen */
10 PPTP_SESSION_REQUESTED, /* start_sess request seen */
11 PPTP_SESSION_CONFIRMED, /* session established */
12};
13
14/* state of the call inside the control session */
15enum pptp_ctrlcall_state {
16 PPTP_CALL_NONE,
17 PPTP_CALL_ERROR,
18 PPTP_CALL_OUT_REQ,
19 PPTP_CALL_OUT_CONF,
20 PPTP_CALL_IN_REQ,
21 PPTP_CALL_IN_REP,
22 PPTP_CALL_IN_CONF,
23 PPTP_CALL_CLEAR_REQ,
24};
25
26
27/* conntrack private data */
28struct ip_ct_pptp_master {
29 enum pptp_ctrlsess_state sstate; /* session state */
30
31 /* everything below is going to be per-expectation in newnat,
32 * since there could be more than one call within one session */
33 enum pptp_ctrlcall_state cstate; /* call state */
34 u_int16_t pac_call_id; /* call id of PAC, host byte order */
35 u_int16_t pns_call_id; /* call id of PNS, host byte order */
36
37 /* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack
38 * and therefore imposes a fixed limit on the number of maps */
39 struct ip_ct_gre_keymap *keymap_orig, *keymap_reply;
40};
41
42/* conntrack_expect private member */
43struct ip_ct_pptp_expect {
44 enum pptp_ctrlcall_state cstate; /* call state */
45 u_int16_t pac_call_id; /* call id of PAC */
46 u_int16_t pns_call_id; /* call id of PNS */
47};
48
49
50#ifdef __KERNEL__
51
52#define IP_CONNTR_PPTP PPTP_CONTROL_PORT
53
54#define PPTP_CONTROL_PORT 1723
55
56#define PPTP_PACKET_CONTROL 1
57#define PPTP_PACKET_MGMT 2
58
59#define PPTP_MAGIC_COOKIE 0x1a2b3c4d
60
61struct pptp_pkt_hdr {
62 __u16 packetLength;
63 __u16 packetType;
64 __u32 magicCookie;
65};
66
67/* PptpControlMessageType values */
68#define PPTP_START_SESSION_REQUEST 1
69#define PPTP_START_SESSION_REPLY 2
70#define PPTP_STOP_SESSION_REQUEST 3
71#define PPTP_STOP_SESSION_REPLY 4
72#define PPTP_ECHO_REQUEST 5
73#define PPTP_ECHO_REPLY 6
74#define PPTP_OUT_CALL_REQUEST 7
75#define PPTP_OUT_CALL_REPLY 8
76#define PPTP_IN_CALL_REQUEST 9
77#define PPTP_IN_CALL_REPLY 10
78#define PPTP_IN_CALL_CONNECT 11
79#define PPTP_CALL_CLEAR_REQUEST 12
80#define PPTP_CALL_DISCONNECT_NOTIFY 13
81#define PPTP_WAN_ERROR_NOTIFY 14
82#define PPTP_SET_LINK_INFO 15
83
84#define PPTP_MSG_MAX 15
85
86/* PptpGeneralError values */
87#define PPTP_ERROR_CODE_NONE 0
88#define PPTP_NOT_CONNECTED 1
89#define PPTP_BAD_FORMAT 2
90#define PPTP_BAD_VALUE 3
91#define PPTP_NO_RESOURCE 4
92#define PPTP_BAD_CALLID 5
93#define PPTP_REMOVE_DEVICE_ERROR 6
94
95struct PptpControlHeader {
96 __u16 messageType;
97 __u16 reserved;
98};
99
100/* FramingCapability Bitmap Values */
101#define PPTP_FRAME_CAP_ASYNC 0x1
102#define PPTP_FRAME_CAP_SYNC 0x2
103
104/* BearerCapability Bitmap Values */
105#define PPTP_BEARER_CAP_ANALOG 0x1
106#define PPTP_BEARER_CAP_DIGITAL 0x2
107
108struct PptpStartSessionRequest {
109 __u16 protocolVersion;
110 __u8 reserved1;
111 __u8 reserved2;
112 __u32 framingCapability;
113 __u32 bearerCapability;
114 __u16 maxChannels;
115 __u16 firmwareRevision;
116 __u8 hostName[64];
117 __u8 vendorString[64];
118};
119
120/* PptpStartSessionResultCode Values */
121#define PPTP_START_OK 1
122#define PPTP_START_GENERAL_ERROR 2
123#define PPTP_START_ALREADY_CONNECTED 3
124#define PPTP_START_NOT_AUTHORIZED 4
125#define PPTP_START_UNKNOWN_PROTOCOL 5
126
127struct PptpStartSessionReply {
128 __u16 protocolVersion;
129 __u8 resultCode;
130 __u8 generalErrorCode;
131 __u32 framingCapability;
132 __u32 bearerCapability;
133 __u16 maxChannels;
134 __u16 firmwareRevision;
135 __u8 hostName[64];
136 __u8 vendorString[64];
137};
138
139/* PptpStopReasons */
140#define PPTP_STOP_NONE 1
141#define PPTP_STOP_PROTOCOL 2
142#define PPTP_STOP_LOCAL_SHUTDOWN 3
143
144struct PptpStopSessionRequest {
145 __u8 reason;
146};
147
148/* PptpStopSessionResultCode */
149#define PPTP_STOP_OK 1
150#define PPTP_STOP_GENERAL_ERROR 2
151
152struct PptpStopSessionReply {
153 __u8 resultCode;
154 __u8 generalErrorCode;
155};
156
157struct PptpEchoRequest {
158 __u32 identNumber;
159};
160
161/* PptpEchoReplyResultCode */
162#define PPTP_ECHO_OK 1
163#define PPTP_ECHO_GENERAL_ERROR 2
164
165struct PptpEchoReply {
166 __u32 identNumber;
167 __u8 resultCode;
168 __u8 generalErrorCode;
169 __u16 reserved;
170};
171
172/* PptpFramingType */
173#define PPTP_ASYNC_FRAMING 1
174#define PPTP_SYNC_FRAMING 2
175#define PPTP_DONT_CARE_FRAMING 3
176
177/* PptpCallBearerType */
178#define PPTP_ANALOG_TYPE 1
179#define PPTP_DIGITAL_TYPE 2
180#define PPTP_DONT_CARE_BEARER_TYPE 3
181
182struct PptpOutCallRequest {
183 __u16 callID;
184 __u16 callSerialNumber;
185 __u32 minBPS;
186 __u32 maxBPS;
187 __u32 bearerType;
188 __u32 framingType;
189 __u16 packetWindow;
190 __u16 packetProcDelay;
191 __u16 reserved1;
192 __u16 phoneNumberLength;
193 __u16 reserved2;
194 __u8 phoneNumber[64];
195 __u8 subAddress[64];
196};
197
198/* PptpCallResultCode */
199#define PPTP_OUTCALL_CONNECT 1
200#define PPTP_OUTCALL_GENERAL_ERROR 2
201#define PPTP_OUTCALL_NO_CARRIER 3
202#define PPTP_OUTCALL_BUSY 4
203#define PPTP_OUTCALL_NO_DIAL_TONE 5
204#define PPTP_OUTCALL_TIMEOUT 6
205#define PPTP_OUTCALL_DONT_ACCEPT 7
206
207struct PptpOutCallReply {
208 __u16 callID;
209 __u16 peersCallID;
210 __u8 resultCode;
211 __u8 generalErrorCode;
212 __u16 causeCode;
213 __u32 connectSpeed;
214 __u16 packetWindow;
215 __u16 packetProcDelay;
216 __u32 physChannelID;
217};
218
219struct PptpInCallRequest {
220 __u16 callID;
221 __u16 callSerialNumber;
222 __u32 callBearerType;
223 __u32 physChannelID;
224 __u16 dialedNumberLength;
225 __u16 dialingNumberLength;
226 __u8 dialedNumber[64];
227 __u8 dialingNumber[64];
228 __u8 subAddress[64];
229};
230
231/* PptpInCallResultCode */
232#define PPTP_INCALL_ACCEPT 1
233#define PPTP_INCALL_GENERAL_ERROR 2
234#define PPTP_INCALL_DONT_ACCEPT 3
235
236struct PptpInCallReply {
237 __u16 callID;
238 __u16 peersCallID;
239 __u8 resultCode;
240 __u8 generalErrorCode;
241 __u16 packetWindow;
242 __u16 packetProcDelay;
243 __u16 reserved;
244};
245
246struct PptpInCallConnected {
247 __u16 peersCallID;
248 __u16 reserved;
249 __u32 connectSpeed;
250 __u16 packetWindow;
251 __u16 packetProcDelay;
252 __u32 callFramingType;
253};
254
255struct PptpClearCallRequest {
256 __u16 callID;
257 __u16 reserved;
258};
259
260struct PptpCallDisconnectNotify {
261 __u16 callID;
262 __u8 resultCode;
263 __u8 generalErrorCode;
264 __u16 causeCode;
265 __u16 reserved;
266 __u8 callStatistics[128];
267};
268
269struct PptpWanErrorNotify {
270 __u16 peersCallID;
271 __u16 reserved;
272 __u32 crcErrors;
273 __u32 framingErrors;
274 __u32 hardwareOverRuns;
275 __u32 bufferOverRuns;
276 __u32 timeoutErrors;
277 __u32 alignmentErrors;
278};
279
280struct PptpSetLinkInfo {
281 __u16 peersCallID;
282 __u16 reserved;
283 __u32 sendAccm;
284 __u32 recvAccm;
285};
286
287
288struct pptp_priv_data {
289 __u16 call_id;
290 __u16 mcall_id;
291 __u16 pcall_id;
292};
293
294union pptp_ctrl_union {
295 struct PptpStartSessionRequest sreq;
296 struct PptpStartSessionReply srep;
297 struct PptpStopSessionRequest streq;
298 struct PptpStopSessionReply strep;
299 struct PptpOutCallRequest ocreq;
300 struct PptpOutCallReply ocack;
301 struct PptpInCallRequest icreq;
302 struct PptpInCallReply icack;
303 struct PptpInCallConnected iccon;
304 struct PptpClearCallRequest clrreq;
305 struct PptpCallDisconnectNotify disc;
306 struct PptpWanErrorNotify wanerr;
307 struct PptpSetLinkInfo setlink;
308};
309
310extern int
311(*ip_nat_pptp_hook_outbound)(struct sk_buff **pskb,
312 struct ip_conntrack *ct,
313 enum ip_conntrack_info ctinfo,
314 struct PptpControlHeader *ctlh,
315 union pptp_ctrl_union *pptpReq);
316
317extern int
318(*ip_nat_pptp_hook_inbound)(struct sk_buff **pskb,
319 struct ip_conntrack *ct,
320 enum ip_conntrack_info ctinfo,
321 struct PptpControlHeader *ctlh,
322 union pptp_ctrl_union *pptpReq);
323
324extern int
325(*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *exp_orig,
326 struct ip_conntrack_expect *exp_reply);
327
328extern void
329(*ip_nat_pptp_hook_expectfn)(struct ip_conntrack *ct,
330 struct ip_conntrack_expect *exp);
331#endif /* __KERNEL__ */
332#endif /* _CONNTRACK_PPTP_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
new file mode 100644
index 000000000000..8d090ef82f5f
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
@@ -0,0 +1,114 @@
1#ifndef _CONNTRACK_PROTO_GRE_H
2#define _CONNTRACK_PROTO_GRE_H
3#include <asm/byteorder.h>
4
5/* GRE PROTOCOL HEADER */
6
7/* GRE Version field */
8#define GRE_VERSION_1701 0x0
9#define GRE_VERSION_PPTP 0x1
10
11/* GRE Protocol field */
12#define GRE_PROTOCOL_PPTP 0x880B
13
14/* GRE Flags */
15#define GRE_FLAG_C 0x80
16#define GRE_FLAG_R 0x40
17#define GRE_FLAG_K 0x20
18#define GRE_FLAG_S 0x10
19#define GRE_FLAG_A 0x80
20
21#define GRE_IS_C(f) ((f)&GRE_FLAG_C)
22#define GRE_IS_R(f) ((f)&GRE_FLAG_R)
23#define GRE_IS_K(f) ((f)&GRE_FLAG_K)
24#define GRE_IS_S(f) ((f)&GRE_FLAG_S)
25#define GRE_IS_A(f) ((f)&GRE_FLAG_A)
26
27/* GRE is a mess: Four different standards */
28struct gre_hdr {
29#if defined(__LITTLE_ENDIAN_BITFIELD)
30 __u16 rec:3,
31 srr:1,
32 seq:1,
33 key:1,
34 routing:1,
35 csum:1,
36 version:3,
37 reserved:4,
38 ack:1;
39#elif defined(__BIG_ENDIAN_BITFIELD)
40 __u16 csum:1,
41 routing:1,
42 key:1,
43 seq:1,
44 srr:1,
45 rec:3,
46 ack:1,
47 reserved:4,
48 version:3;
49#else
50#error "Adjust your <asm/byteorder.h> defines"
51#endif
52 __u16 protocol;
53};
54
55/* modified GRE header for PPTP */
56struct gre_hdr_pptp {
57 __u8 flags; /* bitfield */
58 __u8 version; /* should be GRE_VERSION_PPTP */
59 __u16 protocol; /* should be GRE_PROTOCOL_PPTP */
60 __u16 payload_len; /* size of ppp payload, not inc. gre header */
61 __u16 call_id; /* peer's call_id for this session */
62 __u32 seq; /* sequence number. Present if S==1 */
63 __u32 ack; /* seq number of highest packet recieved by */
64 /* sender in this session */
65};
66
67
68/* this is part of ip_conntrack */
69struct ip_ct_gre {
70 unsigned int stream_timeout;
71 unsigned int timeout;
72};
73
74#ifdef __KERNEL__
75struct ip_conntrack_expect;
76struct ip_conntrack;
77
78/* structure for original <-> reply keymap */
79struct ip_ct_gre_keymap {
80 struct list_head list;
81
82 struct ip_conntrack_tuple tuple;
83};
84
85/* add new tuple->key_reply pair to keymap */
86int ip_ct_gre_keymap_add(struct ip_conntrack *ct,
87 struct ip_conntrack_tuple *t,
88 int reply);
89
90/* delete keymap entries */
91void ip_ct_gre_keymap_destroy(struct ip_conntrack *ct);
92
93
94/* get pointer to gre key, if present */
95static inline u_int32_t *gre_key(struct gre_hdr *greh)
96{
97 if (!greh->key)
98 return NULL;
99 if (greh->csum || greh->routing)
100 return (u_int32_t *) (greh+sizeof(*greh)+4);
101 return (u_int32_t *) (greh+sizeof(*greh));
102}
103
104/* get pointer ot gre csum, if present */
105static inline u_int16_t *gre_csum(struct gre_hdr *greh)
106{
107 if (!greh->csum)
108 return NULL;
109 return (u_int16_t *) (greh+sizeof(*greh));
110}
111
112#endif /* __KERNEL__ */
113
114#endif /* _CONNTRACK_PROTO_GRE_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
index c33f0b5e0d0a..14dc0f7b6556 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
@@ -28,6 +28,9 @@ union ip_conntrack_manip_proto
28 struct { 28 struct {
29 u_int16_t port; 29 u_int16_t port;
30 } sctp; 30 } sctp;
31 struct {
32 u_int16_t key; /* key is 32bit, pptp only uses 16 */
33 } gre;
31}; 34};
32 35
33/* The manipulable part of the tuple. */ 36/* The manipulable part of the tuple. */
@@ -61,6 +64,10 @@ struct ip_conntrack_tuple
61 struct { 64 struct {
62 u_int16_t port; 65 u_int16_t port;
63 } sctp; 66 } sctp;
67 struct {
68 u_int16_t key; /* key is 32bit,
69 * pptp only uses 16 */
70 } gre;
64 } u; 71 } u;
65 72
66 /* The protocol. */ 73 /* The protocol. */
diff --git a/include/linux/netfilter_ipv4/ip_nat_pptp.h b/include/linux/netfilter_ipv4/ip_nat_pptp.h
new file mode 100644
index 000000000000..eaf66c2e8f93
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ip_nat_pptp.h
@@ -0,0 +1,11 @@
1/* PPTP constants and structs */
2#ifndef _NAT_PPTP_H
3#define _NAT_PPTP_H
4
5/* conntrack private data */
6struct ip_nat_pptp {
7 u_int16_t pns_call_id; /* NAT'ed PNS call id */
8 u_int16_t pac_call_id; /* NAT'ed PAC call id */
9};
10
11#endif /* _NAT_PPTP_H */