[NETFILTER]: nf_conntrack/nf_nat: add PPTP helper port

Add nf_conntrack port of the PPtP conntrack/NAT helper. Since there seems to be no IPv6-capable PPtP implementation the helper only support IPv4. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Patrick McHardy <kaber@trash.net> 2006-12-03 01:09:41 -0500
committer: David S. Miller <davem@davemloft.net> 2006-12-03 01:09:41 -0500
commit: f09943fefe6b702e40893d35b4f10fd1064037fe (patch)
tree: b170d046ecf0642471bb3c55d8e1f316fe9e5ddc /include
parent: 92703eee4ccde3c55ee067a89c373e8a51a8adf9 (diff)
6 files changed, 447 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_conntrack_pptp.h b/include/linux/netfilter/nf_conntrack_pptp.h
new file mode 100644
index 000000000000..fb049ec11ff2
--- /dev/null
+++ b/include/linux/netfilter/nf_conntrack_pptp.h
@@ -0,0 +1,321 @@
+/* PPTP constants and structs */
+#ifndef _NF_CONNTRACK_PPTP_H
+#define _NF_CONNTRACK_PPTP_H
+/* state of the control session */
+enum pptp_ctrlsess_state {
+        PPTP_SESSION_NONE,                      /* no session present */
+        PPTP_SESSION_ERROR,                     /* some session error */
+        PPTP_SESSION_STOPREQ,                   /* stop_sess request seen */
+        PPTP_SESSION_REQUESTED,                 /* start_sess request seen */
+        PPTP_SESSION_CONFIRMED,                 /* session established */
+};
+/* state of the call inside the control session */
+enum pptp_ctrlcall_state {
+        PPTP_CALL_NONE,
+        PPTP_CALL_ERROR,
+        PPTP_CALL_OUT_REQ,
+        PPTP_CALL_OUT_CONF,
+        PPTP_CALL_IN_REQ,
+        PPTP_CALL_IN_REP,
+        PPTP_CALL_IN_CONF,
+        PPTP_CALL_CLEAR_REQ,
+};
+/* conntrack private data */
+struct nf_ct_pptp_master {
+        enum pptp_ctrlsess_state sstate;        /* session state */
+        enum pptp_ctrlcall_state cstate;        /* call state */
+        __be16 pac_call_id;                     /* call id of PAC */
+        __be16 pns_call_id;                     /* call id of PNS */
+        /* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack
+         * and therefore imposes a fixed limit on the number of maps */
+        struct nf_ct_gre_keymap *keymap[IP_CT_DIR_MAX];
+};
+struct nf_nat_pptp {
+        __be16 pns_call_id;                     /* NAT'ed PNS call id */
+        __be16 pac_call_id;                     /* NAT'ed PAC call id */
+};
+#ifdef __KERNEL__
+#define PPTP_CONTROL_PORT       1723
+#define PPTP_PACKET_CONTROL     1
+#define PPTP_PACKET_MGMT        2
+#define PPTP_MAGIC_COOKIE       0x1a2b3c4d
+struct pptp_pkt_hdr {
+        __u16   packetLength;
+        __be16  packetType;
+        __be32  magicCookie;
+};
+/* PptpControlMessageType values */
+#define PPTP_START_SESSION_REQUEST      1
+#define PPTP_START_SESSION_REPLY        2
+#define PPTP_STOP_SESSION_REQUEST       3
+#define PPTP_STOP_SESSION_REPLY         4
+#define PPTP_ECHO_REQUEST               5
+#define PPTP_ECHO_REPLY                 6
+#define PPTP_OUT_CALL_REQUEST           7
+#define PPTP_OUT_CALL_REPLY             8
+#define PPTP_IN_CALL_REQUEST            9
+#define PPTP_IN_CALL_REPLY              10
+#define PPTP_IN_CALL_CONNECT            11
+#define PPTP_CALL_CLEAR_REQUEST         12
+#define PPTP_CALL_DISCONNECT_NOTIFY     13
+#define PPTP_WAN_ERROR_NOTIFY           14
+#define PPTP_SET_LINK_INFO              15
+#define PPTP_MSG_MAX                    15
+/* PptpGeneralError values */
+#define PPTP_ERROR_CODE_NONE            0
+#define PPTP_NOT_CONNECTED              1
+#define PPTP_BAD_FORMAT                 2
+#define PPTP_BAD_VALUE                  3
+#define PPTP_NO_RESOURCE                4
+#define PPTP_BAD_CALLID                 5
+#define PPTP_REMOVE_DEVICE_ERROR        6
+struct PptpControlHeader {
+        __be16  messageType;
+        __u16   reserved;
+};
+/* FramingCapability Bitmap Values */
+#define PPTP_FRAME_CAP_ASYNC            0x1
+#define PPTP_FRAME_CAP_SYNC             0x2
+/* BearerCapability Bitmap Values */
+#define PPTP_BEARER_CAP_ANALOG          0x1
+#define PPTP_BEARER_CAP_DIGITAL         0x2
+struct PptpStartSessionRequest {
+        __be16  protocolVersion;
+        __u16   reserved1;
+        __be32  framingCapability;
+        __be32  bearerCapability;
+        __be16  maxChannels;
+        __be16  firmwareRevision;
+        __u8    hostName[64];
+        __u8    vendorString[64];
+};
+/* PptpStartSessionResultCode Values */
+#define PPTP_START_OK                   1
+#define PPTP_START_GENERAL_ERROR        2
+#define PPTP_START_ALREADY_CONNECTED    3
+#define PPTP_START_NOT_AUTHORIZED       4
+#define PPTP_START_UNKNOWN_PROTOCOL     5
+struct PptpStartSessionReply {
+        __be16  protocolVersion;
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __be32  framingCapability;
+        __be32  bearerCapability;
+        __be16  maxChannels;
+        __be16  firmwareRevision;
+        __u8    hostName[64];
+        __u8    vendorString[64];
+};
+/* PptpStopReasons */
+#define PPTP_STOP_NONE                  1
+#define PPTP_STOP_PROTOCOL              2
+#define PPTP_STOP_LOCAL_SHUTDOWN        3
+struct PptpStopSessionRequest {
+        __u8    reason;
+        __u8    reserved1;
+        __u16   reserved2;
+};
+/* PptpStopSessionResultCode */
+#define PPTP_STOP_OK                    1
+#define PPTP_STOP_GENERAL_ERROR         2
+struct PptpStopSessionReply {
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __u16   reserved1;
+};
+struct PptpEchoRequest {
+        __be32 identNumber;
+};
+/* PptpEchoReplyResultCode */
+#define PPTP_ECHO_OK                    1
+#define PPTP_ECHO_GENERAL_ERROR         2
+struct PptpEchoReply {
+        __be32  identNumber;
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __u16   reserved;
+};
+/* PptpFramingType */
+#define PPTP_ASYNC_FRAMING              1
+#define PPTP_SYNC_FRAMING               2
+#define PPTP_DONT_CARE_FRAMING          3
+/* PptpCallBearerType */
+#define PPTP_ANALOG_TYPE                1
+#define PPTP_DIGITAL_TYPE               2
+#define PPTP_DONT_CARE_BEARER_TYPE      3
+struct PptpOutCallRequest {
+        __be16  callID;
+        __be16  callSerialNumber;
+        __be32  minBPS;
+        __be32  maxBPS;
+        __be32  bearerType;
+        __be32  framingType;
+        __be16  packetWindow;
+        __be16  packetProcDelay;
+        __be16  phoneNumberLength;
+        __u16   reserved1;
+        __u8    phoneNumber[64];
+        __u8    subAddress[64];
+};
+/* PptpCallResultCode */
+#define PPTP_OUTCALL_CONNECT            1
+#define PPTP_OUTCALL_GENERAL_ERROR      2
+#define PPTP_OUTCALL_NO_CARRIER         3
+#define PPTP_OUTCALL_BUSY               4
+#define PPTP_OUTCALL_NO_DIAL_TONE       5
+#define PPTP_OUTCALL_TIMEOUT            6
+#define PPTP_OUTCALL_DONT_ACCEPT        7
+struct PptpOutCallReply {
+        __be16  callID;
+        __be16  peersCallID;
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __be16  causeCode;
+        __be32  connectSpeed;
+        __be16  packetWindow;
+        __be16  packetProcDelay;
+        __be32  physChannelID;
+};
+struct PptpInCallRequest {
+        __be16  callID;
+        __be16  callSerialNumber;
+        __be32  callBearerType;
+        __be32  physChannelID;
+        __be16  dialedNumberLength;
+        __be16  dialingNumberLength;
+        __u8    dialedNumber[64];
+        __u8    dialingNumber[64];
+        __u8    subAddress[64];
+};
+/* PptpInCallResultCode */
+#define PPTP_INCALL_ACCEPT              1
+#define PPTP_INCALL_GENERAL_ERROR       2
+#define PPTP_INCALL_DONT_ACCEPT         3
+struct PptpInCallReply {
+        __be16  callID;
+        __be16  peersCallID;
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __be16  packetWindow;
+        __be16  packetProcDelay;
+        __u16   reserved;
+};
+struct PptpInCallConnected {
+        __be16  peersCallID;
+        __u16   reserved;
+        __be32  connectSpeed;
+        __be16  packetWindow;
+        __be16  packetProcDelay;
+        __be32  callFramingType;
+};
+struct PptpClearCallRequest {
+        __be16  callID;
+        __u16   reserved;
+};
+struct PptpCallDisconnectNotify {
+        __be16  callID;
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __be16  causeCode;
+        __u16   reserved;
+        __u8    callStatistics[128];
+};
+struct PptpWanErrorNotify {
+        __be16  peersCallID;
+        __u16   reserved;
+        __be32  crcErrors;
+        __be32  framingErrors;
+        __be32  hardwareOverRuns;
+        __be32  bufferOverRuns;
+        __be32  timeoutErrors;
+        __be32  alignmentErrors;
+};
+struct PptpSetLinkInfo {
+        __be16  peersCallID;
+        __u16   reserved;
+        __be32  sendAccm;
+        __be32  recvAccm;
+};
+union pptp_ctrl_union {
+        struct PptpStartSessionRequest  sreq;
+        struct PptpStartSessionReply    srep;
+        struct PptpStopSessionRequest   streq;
+        struct PptpStopSessionReply     strep;
+        struct PptpOutCallRequest       ocreq;
+        struct PptpOutCallReply         ocack;
+        struct PptpInCallRequest        icreq;
+        struct PptpInCallReply          icack;
+        struct PptpInCallConnected      iccon;
+        struct PptpClearCallRequest     clrreq;
+        struct PptpCallDisconnectNotify disc;
+        struct PptpWanErrorNotify       wanerr;
+        struct PptpSetLinkInfo          setlink;
+};
+/* crap needed for nf_conntrack_compat.h */
+struct nf_conn;
+struct nf_conntrack_expect;
+enum ip_conntrack_info;
+extern int
+(*nf_nat_pptp_hook_outbound)(struct sk_buff **pskb,
+                             struct nf_conn *ct, enum ip_conntrack_info ctinfo,
+                             struct PptpControlHeader *ctlh,
+                             union pptp_ctrl_union *pptpReq);
+extern int
+(*nf_nat_pptp_hook_inbound)(struct sk_buff **pskb,
+                            struct nf_conn *ct, enum ip_conntrack_info ctinfo,
+                            struct PptpControlHeader *ctlh,
+                            union pptp_ctrl_union *pptpReq);
+extern void
+(*nf_nat_pptp_hook_exp_gre)(struct nf_conntrack_expect *exp_orig,
+                            struct nf_conntrack_expect *exp_reply);
+extern void
+(*nf_nat_pptp_hook_expectfn)(struct nf_conn *ct,
+                             struct nf_conntrack_expect *exp);
+#endif /* __KERNEL__ */
+#endif /* _NF_CONNTRACK_PPTP_H */
diff --git a/include/linux/netfilter/nf_conntrack_proto_gre.h b/include/linux/netfilter/nf_conntrack_proto_gre.h
new file mode 100644
index 000000000000..4e6bbce04ff8
--- /dev/null
+++ b/include/linux/netfilter/nf_conntrack_proto_gre.h
@@ -0,0 +1,112 @@
+#ifndef _CONNTRACK_PROTO_GRE_H
+#define _CONNTRACK_PROTO_GRE_H
+#include <asm/byteorder.h>
+/* GRE PROTOCOL HEADER */
+/* GRE Version field */
+#define GRE_VERSION_1701        0x0
+#define GRE_VERSION_PPTP        0x1
+/* GRE Protocol field */
+#define GRE_PROTOCOL_PPTP       0x880B
+/* GRE Flags */
+#define GRE_FLAG_C              0x80
+#define GRE_FLAG_R              0x40
+#define GRE_FLAG_K              0x20
+#define GRE_FLAG_S              0x10
+#define GRE_FLAG_A              0x80
+#define GRE_IS_C(f)     ((f)&GRE_FLAG_C)
+#define GRE_IS_R(f)     ((f)&GRE_FLAG_R)
+#define GRE_IS_K(f)     ((f)&GRE_FLAG_K)
+#define GRE_IS_S(f)     ((f)&GRE_FLAG_S)
+#define GRE_IS_A(f)     ((f)&GRE_FLAG_A)
+/* GRE is a mess: Four different standards */
+struct gre_hdr {
+#if defined(__LITTLE_ENDIAN_BITFIELD)
+        __u16   rec:3,
+                srr:1,
+                seq:1,
+                key:1,
+                routing:1,
+                csum:1,
+                version:3,
+                reserved:4,
+                ack:1;
+#elif defined(__BIG_ENDIAN_BITFIELD)
+        __u16   csum:1,
+                routing:1,
+                key:1,
+                seq:1,
+                srr:1,
+                rec:3,
+                ack:1,
+                reserved:4,
+                version:3;
+#else
+#error "Adjust your <asm/byteorder.h> defines"
+#endif
+        __be16  protocol;
+};
+/* modified GRE header for PPTP */
+struct gre_hdr_pptp {
+        __u8   flags;           /* bitfield */
+        __u8   version;         /* should be GRE_VERSION_PPTP */
+        __be16 protocol;        /* should be GRE_PROTOCOL_PPTP */
+        __be16 payload_len;     /* size of ppp payload, not inc. gre header */
+        __be16 call_id;         /* peer's call_id for this session */
+        __be32 seq;             /* sequence number.  Present if S==1 */
+        __be32 ack;             /* seq number of highest packet recieved by */
+                                /*  sender in this session */
+};
+struct nf_ct_gre {
+        unsigned int stream_timeout;
+        unsigned int timeout;
+};
+#ifdef __KERNEL__
+#include <net/netfilter/nf_conntrack_tuple.h>
+struct nf_conn;
+/* structure for original <-> reply keymap */
+struct nf_ct_gre_keymap {
+        struct list_head list;
+        struct nf_conntrack_tuple tuple;
+};
+/* add new tuple->key_reply pair to keymap */
+int nf_ct_gre_keymap_add(struct nf_conn *ct, enum ip_conntrack_dir dir,
+                         struct nf_conntrack_tuple *t);
+/* delete keymap entries */
+void nf_ct_gre_keymap_destroy(struct nf_conn *ct);
+/* get pointer to gre key, if present */
+static inline __be32 *gre_key(struct gre_hdr *greh)
+{
+        if (!greh->key)
+                return NULL;
+        if (greh->csum || greh->routing)
+                return (__be32 *)(greh+sizeof(*greh)+4);
+        return (__be32 *)(greh+sizeof(*greh));
+}
+/* get pointer ot gre csum, if present */
+static inline __sum16 *gre_csum(struct gre_hdr *greh)
+{
+        if (!greh->csum)
+                return NULL;
+        return (__sum16 *)(greh+sizeof(*greh));
+}
+extern void nf_ct_gre_keymap_flush(void);
+extern void nf_nat_need_gre(void);
+#endif /* __KERNEL__ */
+#endif /* _CONNTRACK_PROTO_GRE_H */
diff --git a/include/net/netfilter/ipv4/nf_conntrack_ipv4.h b/include/net/netfilter/ipv4/nf_conntrack_ipv4.h
index a1c57ee0a4fa..1401ccc051c4 100644
--- a/include/net/netfilter/ipv4/nf_conntrack_ipv4.h
+++ b/include/net/netfilter/ipv4/nf_conntrack_ipv4.h
@@ -11,10 +11,12 @@
 #ifdef CONFIG_NF_NAT_NEEDED
 #include <net/netfilter/nf_nat.h>
+#include <linux/netfilter/nf_conntrack_pptp.h>
 /* per conntrack: nat application helper private data */
 union nf_conntrack_nat_help {
        /* insert nat helper private data here */
+        struct nf_nat_pptp nat_pptp_info;
 };
 struct nf_conn_nat {
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 1646076933b1..032b36a0e378 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -21,6 +21,7 @@
 #include <linux/netfilter/nf_conntrack_tcp.h>
 #include <linux/netfilter/nf_conntrack_sctp.h>
+#include <linux/netfilter/nf_conntrack_proto_gre.h>
 #include <net/netfilter/ipv4/nf_conntrack_icmp.h>
 #include <net/netfilter/ipv6/nf_conntrack_icmpv6.h>
@@ -33,6 +34,7 @@ union nf_conntrack_proto {
        struct ip_ct_tcp tcp;
        struct ip_ct_icmp icmp;
        struct nf_ct_icmpv6 icmpv6;
+        struct nf_ct_gre gre;
 };
 union nf_conntrack_expect_proto {
@@ -41,12 +43,14 @@ union nf_conntrack_expect_proto {
 /* Add protocol helper include file here */
 #include <linux/netfilter/nf_conntrack_ftp.h>
+#include <linux/netfilter/nf_conntrack_pptp.h>
 #include <linux/netfilter/nf_conntrack_h323.h>
 /* per conntrack: application helper private data */
 union nf_conntrack_help {
        /* insert conntrack helper private data (master) here */
        struct nf_ct_ftp_master ct_ftp_info;
+        struct nf_ct_pptp_master ct_pptp_info;
        struct nf_ct_h323_master ct_h323_info;
 };
diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h
index fbba9e8b95fc..8c72ac9f0ab8 100644
--- a/include/net/netfilter/nf_conntrack_helper.h
+++ b/include/net/netfilter/nf_conntrack_helper.h
@@ -34,6 +34,8 @@ struct nf_conntrack_helper
                    struct nf_conn *ct,
                    enum ip_conntrack_info conntrackinfo);
+        void (*destroy)(struct nf_conn *ct);
        int (*to_nfattr)(struct sk_buff *skb, const struct nf_conn *ct);
 };
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index c96a9c576736..5d72b16e876f 100644
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -49,6 +49,9 @@ union nf_conntrack_man_proto
        struct {
                __be16 port;
        } sctp;
+        struct {
+                __be16 key;     /* GRE key is 32bit, PPtP only uses 16bit */
+        } gre;
 };
 /* The manipulable part of the tuple. */
@@ -84,6 +87,9 @@ struct nf_conntrack_tuple
                        struct {
                                __be16 port;
                        } sctp;
+                        struct {
+                                __be16 key;
+                        } gre;
                } u;
                /* The protocol. */
author	Patrick McHardy <kaber@trash.net>	2006-12-03 01:09:41 -0500
committer	David S. Miller <davem@davemloft.net>	2006-12-03 01:09:41 -0500
commit	f09943fefe6b702e40893d35b4f10fd1064037fe (patch)
tree	b170d046ecf0642471bb3c55d8e1f316fe9e5ddc /include
parent	92703eee4ccde3c55ee067a89c373e8a51a8adf9 (diff)

diff --git a/include/linux/netfilter/nf_conntrack_pptp.h b/include/linux/netfilter/nf_conntrack_pptp.h new file mode 100644 index 000000000000..fb049ec11ff2 --- /dev/null +++ b/include/linux/netfilter/nf_conntrack_pptp.h
@@ -0,0 +1,321 @@
		1	/* PPTP constants and structs */
		2	#ifndef _NF_CONNTRACK_PPTP_H
		3	#define _NF_CONNTRACK_PPTP_H
		4
		5	/* state of the control session */
		6	enum pptp_ctrlsess_state {
		7	PPTP_SESSION_NONE, /* no session present */
		8	PPTP_SESSION_ERROR, /* some session error */
		9	PPTP_SESSION_STOPREQ, /* stop_sess request seen */
		10	PPTP_SESSION_REQUESTED, /* start_sess request seen */
		11	PPTP_SESSION_CONFIRMED, /* session established */
		12	};
		13
		14	/* state of the call inside the control session */
		15	enum pptp_ctrlcall_state {
		16	PPTP_CALL_NONE,
		17	PPTP_CALL_ERROR,
		18	PPTP_CALL_OUT_REQ,
		19	PPTP_CALL_OUT_CONF,
		20	PPTP_CALL_IN_REQ,
		21	PPTP_CALL_IN_REP,
		22	PPTP_CALL_IN_CONF,
		23	PPTP_CALL_CLEAR_REQ,
		24	};
		25
		26	/* conntrack private data */
		27	struct nf_ct_pptp_master {
		28	enum pptp_ctrlsess_state sstate; /* session state */
		29	enum pptp_ctrlcall_state cstate; /* call state */
		30	__be16 pac_call_id; /* call id of PAC */
		31	__be16 pns_call_id; /* call id of PNS */
		32
		33	/* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack
		34	* and therefore imposes a fixed limit on the number of maps */
		35	struct nf_ct_gre_keymap *keymap[IP_CT_DIR_MAX];
		36	};
		37
		38	struct nf_nat_pptp {
		39	__be16 pns_call_id; /* NAT'ed PNS call id */
		40	__be16 pac_call_id; /* NAT'ed PAC call id */
		41	};
		42
		43	#ifdef __KERNEL__
		44
		45	#define PPTP_CONTROL_PORT 1723
		46
		47	#define PPTP_PACKET_CONTROL 1
		48	#define PPTP_PACKET_MGMT 2
		49
		50	#define PPTP_MAGIC_COOKIE 0x1a2b3c4d
		51
		52	struct pptp_pkt_hdr {
		53	__u16 packetLength;
		54	__be16 packetType;
		55	__be32 magicCookie;
		56	};
		57
		58	/* PptpControlMessageType values */
		59	#define PPTP_START_SESSION_REQUEST 1
		60	#define PPTP_START_SESSION_REPLY 2
		61	#define PPTP_STOP_SESSION_REQUEST 3
		62	#define PPTP_STOP_SESSION_REPLY 4
		63	#define PPTP_ECHO_REQUEST 5
		64	#define PPTP_ECHO_REPLY 6
		65	#define PPTP_OUT_CALL_REQUEST 7
		66	#define PPTP_OUT_CALL_REPLY 8
		67	#define PPTP_IN_CALL_REQUEST 9
		68	#define PPTP_IN_CALL_REPLY 10
		69	#define PPTP_IN_CALL_CONNECT 11
		70	#define PPTP_CALL_CLEAR_REQUEST 12
		71	#define PPTP_CALL_DISCONNECT_NOTIFY 13
		72	#define PPTP_WAN_ERROR_NOTIFY 14
		73	#define PPTP_SET_LINK_INFO 15
		74
		75	#define PPTP_MSG_MAX 15
		76
		77	/* PptpGeneralError values */
		78	#define PPTP_ERROR_CODE_NONE 0
		79	#define PPTP_NOT_CONNECTED 1
		80	#define PPTP_BAD_FORMAT 2
		81	#define PPTP_BAD_VALUE 3
		82	#define PPTP_NO_RESOURCE 4
		83	#define PPTP_BAD_CALLID 5
		84	#define PPTP_REMOVE_DEVICE_ERROR 6
		85
		86	struct PptpControlHeader {
		87	__be16 messageType;
		88	__u16 reserved;
		89	};
		90
		91	/* FramingCapability Bitmap Values */
		92	#define PPTP_FRAME_CAP_ASYNC 0x1
		93	#define PPTP_FRAME_CAP_SYNC 0x2
		94
		95	/* BearerCapability Bitmap Values */
		96	#define PPTP_BEARER_CAP_ANALOG 0x1
		97	#define PPTP_BEARER_CAP_DIGITAL 0x2
		98
		99	struct PptpStartSessionRequest {
		100	__be16 protocolVersion;
		101	__u16 reserved1;
		102	__be32 framingCapability;
		103	__be32 bearerCapability;
		104	__be16 maxChannels;
		105	__be16 firmwareRevision;
		106	__u8 hostName[64];
		107	__u8 vendorString[64];
		108	};
		109
		110	/* PptpStartSessionResultCode Values */
		111	#define PPTP_START_OK 1
		112	#define PPTP_START_GENERAL_ERROR 2
		113	#define PPTP_START_ALREADY_CONNECTED 3
		114	#define PPTP_START_NOT_AUTHORIZED 4
		115	#define PPTP_START_UNKNOWN_PROTOCOL 5
		116
		117	struct PptpStartSessionReply {
		118	__be16 protocolVersion;
		119	__u8 resultCode;
		120	__u8 generalErrorCode;
		121	__be32 framingCapability;
		122	__be32 bearerCapability;
		123	__be16 maxChannels;
		124	__be16 firmwareRevision;
		125	__u8 hostName[64];
		126	__u8 vendorString[64];
		127	};
		128
		129	/* PptpStopReasons */
		130	#define PPTP_STOP_NONE 1
		131	#define PPTP_STOP_PROTOCOL 2
		132	#define PPTP_STOP_LOCAL_SHUTDOWN 3
		133
		134	struct PptpStopSessionRequest {
		135	__u8 reason;
		136	__u8 reserved1;
		137	__u16 reserved2;
		138	};
		139
		140	/* PptpStopSessionResultCode */
		141	#define PPTP_STOP_OK 1
		142	#define PPTP_STOP_GENERAL_ERROR 2
		143
		144	struct PptpStopSessionReply {
		145	__u8 resultCode;
		146	__u8 generalErrorCode;
		147	__u16 reserved1;
		148	};
		149
		150	struct PptpEchoRequest {
		151	__be32 identNumber;
		152	};
		153
		154	/* PptpEchoReplyResultCode */
		155	#define PPTP_ECHO_OK 1
		156	#define PPTP_ECHO_GENERAL_ERROR 2
		157
		158	struct PptpEchoReply {
		159	__be32 identNumber;
		160	__u8 resultCode;
		161	__u8 generalErrorCode;
		162	__u16 reserved;
		163	};
		164
		165	/* PptpFramingType */
		166	#define PPTP_ASYNC_FRAMING 1
		167	#define PPTP_SYNC_FRAMING 2
		168	#define PPTP_DONT_CARE_FRAMING 3
		169
		170	/* PptpCallBearerType */
		171	#define PPTP_ANALOG_TYPE 1
		172	#define PPTP_DIGITAL_TYPE 2
		173	#define PPTP_DONT_CARE_BEARER_TYPE 3
		174
		175	struct PptpOutCallRequest {
		176	__be16 callID;
		177	__be16 callSerialNumber;
		178	__be32 minBPS;
		179	__be32 maxBPS;
		180	__be32 bearerType;
		181	__be32 framingType;
		182	__be16 packetWindow;
		183	__be16 packetProcDelay;
		184	__be16 phoneNumberLength;
		185	__u16 reserved1;
		186	__u8 phoneNumber[64];
		187	__u8 subAddress[64];
		188	};
		189
		190	/* PptpCallResultCode */
		191	#define PPTP_OUTCALL_CONNECT 1
		192	#define PPTP_OUTCALL_GENERAL_ERROR 2
		193	#define PPTP_OUTCALL_NO_CARRIER 3
		194	#define PPTP_OUTCALL_BUSY 4
		195	#define PPTP_OUTCALL_NO_DIAL_TONE 5
		196	#define PPTP_OUTCALL_TIMEOUT 6
		197	#define PPTP_OUTCALL_DONT_ACCEPT 7
		198
		199	struct PptpOutCallReply {
		200	__be16 callID;
		201	__be16 peersCallID;
		202	__u8 resultCode;
		203	__u8 generalErrorCode;
		204	__be16 causeCode;
		205	__be32 connectSpeed;
		206	__be16 packetWindow;
		207	__be16 packetProcDelay;
		208	__be32 physChannelID;
		209	};
		210
		211	struct PptpInCallRequest {
		212	__be16 callID;
		213	__be16 callSerialNumber;
		214	__be32 callBearerType;
		215	__be32 physChannelID;
		216	__be16 dialedNumberLength;
		217	__be16 dialingNumberLength;
		218	__u8 dialedNumber[64];
		219	__u8 dialingNumber[64];
		220	__u8 subAddress[64];
		221	};
		222
		223	/* PptpInCallResultCode */
		224	#define PPTP_INCALL_ACCEPT 1
		225	#define PPTP_INCALL_GENERAL_ERROR 2
		226	#define PPTP_INCALL_DONT_ACCEPT 3
		227
		228	struct PptpInCallReply {
		229	__be16 callID;
		230	__be16 peersCallID;
		231	__u8 resultCode;
		232	__u8 generalErrorCode;
		233	__be16 packetWindow;
		234	__be16 packetProcDelay;
		235	__u16 reserved;
		236	};
		237
		238	struct PptpInCallConnected {
		239	__be16 peersCallID;
		240	__u16 reserved;
		241	__be32 connectSpeed;
		242	__be16 packetWindow;
		243	__be16 packetProcDelay;
		244	__be32 callFramingType;
		245	};
		246
		247	struct PptpClearCallRequest {
		248	__be16 callID;
		249	__u16 reserved;
		250	};
		251
		252	struct PptpCallDisconnectNotify {
		253	__be16 callID;
		254	__u8 resultCode;
		255	__u8 generalErrorCode;
		256	__be16 causeCode;
		257	__u16 reserved;
		258	__u8 callStatistics[128];
		259	};
		260
		261	struct PptpWanErrorNotify {
		262	__be16 peersCallID;
		263	__u16 reserved;
		264	__be32 crcErrors;
		265	__be32 framingErrors;
		266	__be32 hardwareOverRuns;
		267	__be32 bufferOverRuns;
		268	__be32 timeoutErrors;
		269	__be32 alignmentErrors;
		270	};
		271
		272	struct PptpSetLinkInfo {
		273	__be16 peersCallID;
		274	__u16 reserved;
		275	__be32 sendAccm;
		276	__be32 recvAccm;
		277	};
		278
		279	union pptp_ctrl_union {
		280	struct PptpStartSessionRequest sreq;
		281	struct PptpStartSessionReply srep;
		282	struct PptpStopSessionRequest streq;
		283	struct PptpStopSessionReply strep;
		284	struct PptpOutCallRequest ocreq;
		285	struct PptpOutCallReply ocack;
		286	struct PptpInCallRequest icreq;
		287	struct PptpInCallReply icack;
		288	struct PptpInCallConnected iccon;
		289	struct PptpClearCallRequest clrreq;
		290	struct PptpCallDisconnectNotify disc;
		291	struct PptpWanErrorNotify wanerr;
		292	struct PptpSetLinkInfo setlink;
		293	};
		294
		295	/* crap needed for nf_conntrack_compat.h */
		296	struct nf_conn;
		297	struct nf_conntrack_expect;
		298	enum ip_conntrack_info;
		299
		300	extern int
		301	(nf_nat_pptp_hook_outbound)(struct sk_buff *pskb,
		302	struct nf_conn *ct, enum ip_conntrack_info ctinfo,
		303	struct PptpControlHeader *ctlh,
		304	union pptp_ctrl_union *pptpReq);
		305
		306	extern int
		307	(nf_nat_pptp_hook_inbound)(struct sk_buff *pskb,
		308	struct nf_conn *ct, enum ip_conntrack_info ctinfo,
		309	struct PptpControlHeader *ctlh,
		310	union pptp_ctrl_union *pptpReq);
		311
		312	extern void
		313	(nf_nat_pptp_hook_exp_gre)(struct nf_conntrack_expect exp_orig,
		314	struct nf_conntrack_expect *exp_reply);
		315
		316	extern void
		317	(nf_nat_pptp_hook_expectfn)(struct nf_conn ct,
		318	struct nf_conntrack_expect *exp);
		319
		320	#endif /* __KERNEL__ */
		321	#endif /* _NF_CONNTRACK_PPTP_H */


diff --git a/include/linux/netfilter/nf_conntrack_proto_gre.h b/include/linux/netfilter/nf_conntrack_proto_gre.h new file mode 100644 index 000000000000..4e6bbce04ff8 --- /dev/null +++ b/include/linux/netfilter/nf_conntrack_proto_gre.h
@@ -0,0 +1,112 @@
		1	#ifndef _CONNTRACK_PROTO_GRE_H
		2	#define _CONNTRACK_PROTO_GRE_H
		3	#include <asm/byteorder.h>
		4
		5	/* GRE PROTOCOL HEADER */
		6
		7	/* GRE Version field */
		8	#define GRE_VERSION_1701 0x0
		9	#define GRE_VERSION_PPTP 0x1
		10
		11	/* GRE Protocol field */
		12	#define GRE_PROTOCOL_PPTP 0x880B
		13
		14	/* GRE Flags */
		15	#define GRE_FLAG_C 0x80
		16	#define GRE_FLAG_R 0x40
		17	#define GRE_FLAG_K 0x20
		18	#define GRE_FLAG_S 0x10
		19	#define GRE_FLAG_A 0x80
		20
		21	#define GRE_IS_C(f) ((f)&GRE_FLAG_C)
		22	#define GRE_IS_R(f) ((f)&GRE_FLAG_R)
		23	#define GRE_IS_K(f) ((f)&GRE_FLAG_K)
		24	#define GRE_IS_S(f) ((f)&GRE_FLAG_S)
		25	#define GRE_IS_A(f) ((f)&GRE_FLAG_A)
		26
		27	/* GRE is a mess: Four different standards */
		28	struct gre_hdr {
		29	#if defined(__LITTLE_ENDIAN_BITFIELD)
		30	__u16 rec:3,
		31	srr:1,
		32	seq:1,
		33	key:1,
		34	routing:1,
		35	csum:1,
		36	version:3,
		37	reserved:4,
		38	ack:1;
		39	#elif defined(__BIG_ENDIAN_BITFIELD)
		40	__u16 csum:1,
		41	routing:1,
		42	key:1,
		43	seq:1,
		44	srr:1,
		45	rec:3,
		46	ack:1,
		47	reserved:4,
		48	version:3;
		49	#else
		50	#error "Adjust your <asm/byteorder.h> defines"
		51	#endif
		52	__be16 protocol;
		53	};
		54
		55	/* modified GRE header for PPTP */
		56	struct gre_hdr_pptp {
		57	__u8 flags; /* bitfield */
		58	__u8 version; /* should be GRE_VERSION_PPTP */
		59	__be16 protocol; /* should be GRE_PROTOCOL_PPTP */
		60	__be16 payload_len; /* size of ppp payload, not inc. gre header */
		61	__be16 call_id; /* peer's call_id for this session */
		62	__be32 seq; /* sequence number. Present if S==1 */
		63	__be32 ack; /* seq number of highest packet recieved by */
		64	/* sender in this session */
		65	};
		66
		67	struct nf_ct_gre {
		68	unsigned int stream_timeout;
		69	unsigned int timeout;
		70	};
		71
		72	#ifdef __KERNEL__
		73	#include <net/netfilter/nf_conntrack_tuple.h>
		74
		75	struct nf_conn;
		76
		77	/* structure for original <-> reply keymap */
		78	struct nf_ct_gre_keymap {
		79	struct list_head list;
		80	struct nf_conntrack_tuple tuple;
		81	};
		82
		83	/* add new tuple->key_reply pair to keymap */
		84	int nf_ct_gre_keymap_add(struct nf_conn *ct, enum ip_conntrack_dir dir,
		85	struct nf_conntrack_tuple *t);
		86
		87	/* delete keymap entries */
		88	void nf_ct_gre_keymap_destroy(struct nf_conn *ct);
		89
		90	/* get pointer to gre key, if present */
		91	static inline __be32 gre_key(struct gre_hdr greh)
		92	{
		93	if (!greh->key)
		94	return NULL;
		95	if (greh->csum \|\| greh->routing)
		96	return (__be32 )(greh+sizeof(greh)+4);
		97	return (__be32 )(greh+sizeof(greh));
		98	}
		99
		100	/* get pointer ot gre csum, if present */
		101	static inline __sum16 gre_csum(struct gre_hdr greh)
		102	{
		103	if (!greh->csum)
		104	return NULL;
		105	return (__sum16 )(greh+sizeof(greh));
		106	}
		107
		108	extern void nf_ct_gre_keymap_flush(void);
		109	extern void nf_nat_need_gre(void);
		110
		111	#endif /* __KERNEL__ */
		112	#endif /* _CONNTRACK_PROTO_GRE_H */


diff --git a/include/net/netfilter/ipv4/nf_conntrack_ipv4.h b/include/net/netfilter/ipv4/nf_conntrack_ipv4.h index a1c57ee0a4fa..1401ccc051c4 100644 --- a/include/net/netfilter/ipv4/nf_conntrack_ipv4.h +++ b/include/net/netfilter/ipv4/nf_conntrack_ipv4.h
@@ -11,10 +11,12 @@
11		11
12	#ifdef CONFIG_NF_NAT_NEEDED	12	#ifdef CONFIG_NF_NAT_NEEDED
13	#include <net/netfilter/nf_nat.h>	13	#include <net/netfilter/nf_nat.h>
		14	#include <linux/netfilter/nf_conntrack_pptp.h>
14		15
15	/* per conntrack: nat application helper private data */	16	/* per conntrack: nat application helper private data */
16	union nf_conntrack_nat_help {	17	union nf_conntrack_nat_help {
17	/* insert nat helper private data here */	18	/* insert nat helper private data here */
		19	struct nf_nat_pptp nat_pptp_info;
18	};	20	};
19		21
20	struct nf_conn_nat {	22	struct nf_conn_nat {


diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h index 1646076933b1..032b36a0e378 100644 --- a/include/net/netfilter/nf_conntrack.h +++ b/include/net/netfilter/nf_conntrack.h
@@ -21,6 +21,7 @@
21		21
22	#include <linux/netfilter/nf_conntrack_tcp.h>	22	#include <linux/netfilter/nf_conntrack_tcp.h>
23	#include <linux/netfilter/nf_conntrack_sctp.h>	23	#include <linux/netfilter/nf_conntrack_sctp.h>
		24	#include <linux/netfilter/nf_conntrack_proto_gre.h>
24	#include <net/netfilter/ipv4/nf_conntrack_icmp.h>	25	#include <net/netfilter/ipv4/nf_conntrack_icmp.h>
25	#include <net/netfilter/ipv6/nf_conntrack_icmpv6.h>	26	#include <net/netfilter/ipv6/nf_conntrack_icmpv6.h>
26		27
@@ -33,6 +34,7 @@ union nf_conntrack_proto {
33	struct ip_ct_tcp tcp;	34	struct ip_ct_tcp tcp;
34	struct ip_ct_icmp icmp;	35	struct ip_ct_icmp icmp;
35	struct nf_ct_icmpv6 icmpv6;	36	struct nf_ct_icmpv6 icmpv6;
		37	struct nf_ct_gre gre;
36	};	38	};
37		39
38	union nf_conntrack_expect_proto {	40	union nf_conntrack_expect_proto {
@@ -41,12 +43,14 @@ union nf_conntrack_expect_proto {
41		43
42	/* Add protocol helper include file here */	44	/* Add protocol helper include file here */
43	#include <linux/netfilter/nf_conntrack_ftp.h>	45	#include <linux/netfilter/nf_conntrack_ftp.h>
		46	#include <linux/netfilter/nf_conntrack_pptp.h>
44	#include <linux/netfilter/nf_conntrack_h323.h>	47	#include <linux/netfilter/nf_conntrack_h323.h>
45		48
46	/* per conntrack: application helper private data */	49	/* per conntrack: application helper private data */
47	union nf_conntrack_help {	50	union nf_conntrack_help {
48	/* insert conntrack helper private data (master) here */	51	/* insert conntrack helper private data (master) here */
49	struct nf_ct_ftp_master ct_ftp_info;	52	struct nf_ct_ftp_master ct_ftp_info;
		53	struct nf_ct_pptp_master ct_pptp_info;
50	struct nf_ct_h323_master ct_h323_info;	54	struct nf_ct_h323_master ct_h323_info;
51	};	55	};
52		56


diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h index fbba9e8b95fc..8c72ac9f0ab8 100644 --- a/include/net/netfilter/nf_conntrack_helper.h +++ b/include/net/netfilter/nf_conntrack_helper.h
@@ -34,6 +34,8 @@ struct nf_conntrack_helper
34	struct nf_conn *ct,	34	struct nf_conn *ct,
35	enum ip_conntrack_info conntrackinfo);	35	enum ip_conntrack_info conntrackinfo);
36		36
		37	void (destroy)(struct nf_conn ct);
		38
37	int (to_nfattr)(struct sk_buff skb, const struct nf_conn *ct);	39	int (to_nfattr)(struct sk_buff skb, const struct nf_conn *ct);
38	};	40	};
39		41


diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h index c96a9c576736..5d72b16e876f 100644 --- a/include/net/netfilter/nf_conntrack_tuple.h +++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -49,6 +49,9 @@ union nf_conntrack_man_proto
49	struct {	49	struct {
50	__be16 port;	50	__be16 port;
51	} sctp;	51	} sctp;
		52	struct {
		53	__be16 key; /* GRE key is 32bit, PPtP only uses 16bit */
		54	} gre;
52	};	55	};
53		56
54	/* The manipulable part of the tuple. */	57	/* The manipulable part of the tuple. */
@@ -84,6 +87,9 @@ struct nf_conntrack_tuple
84	struct {	87	struct {
85	__be16 port;	88	__be16 port;
86	} sctp;	89	} sctp;
		90	struct {
		91	__be16 key;
		92	} gre;
87	} u;	93	} u;
88		94
89	/* The protocol. */	95	/* The protocol. */