[NETFILTER]: Add new PPTP conntrack and NAT helper

This new "version 3" PPTP conntrack/nat helper is finally ready for mainline inclusion. Special thanks to lots of last-minute bugfixing by Patric McHardy. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Harald Welte <laforge@netfilter.org> 2005-09-19 18:33:08 -0400
committer: David S. Miller <davem@davemloft.net> 2005-09-19 18:33:08 -0400
commit: 926b50f92a30090da2c1a8675de954c2d9b09732 (patch)
tree: c8dd1cadf83c8e5e1cdc666b5b5596c2ae5dc76a /include
parent: 772cb712b1373d335ef2874ea357ec681edc754b (diff)
5 files changed, 476 insertions, 0 deletions
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h
index 7e033e9271a8..2df446c952ef 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack.h
@@ -133,11 +133,13 @@ enum ip_conntrack_expect_events {
 #include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
+#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h>
 #include <linux/netfilter_ipv4/ip_conntrack_sctp.h>
 /* per conntrack: protocol private data */
 union ip_conntrack_proto {
        /* insert conntrack proto private data here */
+        struct ip_ct_gre gre;
        struct ip_ct_sctp sctp;
        struct ip_ct_tcp tcp;
        struct ip_ct_icmp icmp;
@@ -148,6 +150,7 @@ union ip_conntrack_expect_proto {
 };
 /* Add protocol helper include file here */
+#include <linux/netfilter_ipv4/ip_conntrack_pptp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
 #include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_irc.h>
@@ -155,12 +158,20 @@ union ip_conntrack_expect_proto {
 /* per conntrack: application helper private data */
 union ip_conntrack_help {
        /* insert conntrack helper private data (master) here */
+        struct ip_ct_pptp_master ct_pptp_info;
        struct ip_ct_ftp_master ct_ftp_info;
        struct ip_ct_irc_master ct_irc_info;
 };
 #ifdef CONFIG_IP_NF_NAT_NEEDED
 #include <linux/netfilter_ipv4/ip_nat.h>
+#include <linux/netfilter_ipv4/ip_nat_pptp.h>
+/* per conntrack: nat application helper private data */
+union ip_conntrack_nat_help {
+        /* insert nat helper private data here */
+        struct ip_nat_pptp nat_pptp_info;
+};
 #endif
 #include <linux/types.h>
@@ -223,6 +234,7 @@ struct ip_conntrack
 #ifdef CONFIG_IP_NF_NAT_NEEDED
        struct {
                struct ip_nat_info info;
+                union ip_conntrack_nat_help help;
 #if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
        defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
                int masq_index;
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_pptp.h b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
new file mode 100644
index 000000000000..389e3851d52f
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
@@ -0,0 +1,332 @@
+/* PPTP constants and structs */
+#ifndef _CONNTRACK_PPTP_H
+#define _CONNTRACK_PPTP_H
+/* state of the control session */
+enum pptp_ctrlsess_state {
+        PPTP_SESSION_NONE,                      /* no session present */
+        PPTP_SESSION_ERROR,                     /* some session error */
+        PPTP_SESSION_STOPREQ,                   /* stop_sess request seen */
+        PPTP_SESSION_REQUESTED,                 /* start_sess request seen */
+        PPTP_SESSION_CONFIRMED,                 /* session established */
+};
+/* state of the call inside the control session */
+enum pptp_ctrlcall_state {
+        PPTP_CALL_NONE,
+        PPTP_CALL_ERROR,
+        PPTP_CALL_OUT_REQ,
+        PPTP_CALL_OUT_CONF,
+        PPTP_CALL_IN_REQ,
+        PPTP_CALL_IN_REP,
+        PPTP_CALL_IN_CONF,
+        PPTP_CALL_CLEAR_REQ,
+};
+/* conntrack private data */
+struct ip_ct_pptp_master {
+        enum pptp_ctrlsess_state sstate;        /* session state */
+        /* everything below is going to be per-expectation in newnat,
+         * since there could be more than one call within one session */
+        enum pptp_ctrlcall_state cstate;        /* call state */
+        u_int16_t pac_call_id;                  /* call id of PAC, host byte order */
+        u_int16_t pns_call_id;                  /* call id of PNS, host byte order */
+        /* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack
+         * and therefore imposes a fixed limit on the number of maps */
+        struct ip_ct_gre_keymap *keymap_orig, *keymap_reply;
+};
+/* conntrack_expect private member */
+struct ip_ct_pptp_expect {
+        enum pptp_ctrlcall_state cstate;        /* call state */
+        u_int16_t pac_call_id;                  /* call id of PAC */
+        u_int16_t pns_call_id;                  /* call id of PNS */
+};
+#ifdef __KERNEL__
+#define IP_CONNTR_PPTP          PPTP_CONTROL_PORT
+#define PPTP_CONTROL_PORT       1723
+#define PPTP_PACKET_CONTROL     1
+#define PPTP_PACKET_MGMT        2
+#define PPTP_MAGIC_COOKIE       0x1a2b3c4d
+struct pptp_pkt_hdr {
+        __u16   packetLength;
+        __u16   packetType;
+        __u32   magicCookie;
+};
+/* PptpControlMessageType values */
+#define PPTP_START_SESSION_REQUEST      1
+#define PPTP_START_SESSION_REPLY        2
+#define PPTP_STOP_SESSION_REQUEST       3
+#define PPTP_STOP_SESSION_REPLY         4
+#define PPTP_ECHO_REQUEST               5
+#define PPTP_ECHO_REPLY                 6
+#define PPTP_OUT_CALL_REQUEST           7
+#define PPTP_OUT_CALL_REPLY             8
+#define PPTP_IN_CALL_REQUEST            9
+#define PPTP_IN_CALL_REPLY              10
+#define PPTP_IN_CALL_CONNECT            11
+#define PPTP_CALL_CLEAR_REQUEST         12
+#define PPTP_CALL_DISCONNECT_NOTIFY     13
+#define PPTP_WAN_ERROR_NOTIFY           14
+#define PPTP_SET_LINK_INFO              15
+#define PPTP_MSG_MAX                    15
+/* PptpGeneralError values */
+#define PPTP_ERROR_CODE_NONE            0
+#define PPTP_NOT_CONNECTED              1
+#define PPTP_BAD_FORMAT                 2
+#define PPTP_BAD_VALUE                  3
+#define PPTP_NO_RESOURCE                4
+#define PPTP_BAD_CALLID                 5
+#define PPTP_REMOVE_DEVICE_ERROR        6
+struct PptpControlHeader {
+        __u16   messageType;
+        __u16   reserved;
+};
+/* FramingCapability Bitmap Values */
+#define PPTP_FRAME_CAP_ASYNC            0x1
+#define PPTP_FRAME_CAP_SYNC             0x2
+/* BearerCapability Bitmap Values */
+#define PPTP_BEARER_CAP_ANALOG          0x1
+#define PPTP_BEARER_CAP_DIGITAL         0x2
+struct PptpStartSessionRequest {
+        __u16   protocolVersion;
+        __u8    reserved1;
+        __u8    reserved2;
+        __u32   framingCapability;
+        __u32   bearerCapability;
+        __u16   maxChannels;
+        __u16   firmwareRevision;
+        __u8    hostName[64];
+        __u8    vendorString[64];
+};
+/* PptpStartSessionResultCode Values */
+#define PPTP_START_OK                   1
+#define PPTP_START_GENERAL_ERROR        2
+#define PPTP_START_ALREADY_CONNECTED    3
+#define PPTP_START_NOT_AUTHORIZED       4
+#define PPTP_START_UNKNOWN_PROTOCOL     5
+struct PptpStartSessionReply {
+        __u16   protocolVersion;
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __u32   framingCapability;
+        __u32   bearerCapability;
+        __u16   maxChannels;
+        __u16   firmwareRevision;
+        __u8    hostName[64];
+        __u8    vendorString[64];
+};
+/* PptpStopReasons */
+#define PPTP_STOP_NONE                  1
+#define PPTP_STOP_PROTOCOL              2
+#define PPTP_STOP_LOCAL_SHUTDOWN        3
+struct PptpStopSessionRequest {
+        __u8    reason;
+};
+/* PptpStopSessionResultCode */
+#define PPTP_STOP_OK                    1
+#define PPTP_STOP_GENERAL_ERROR         2
+struct PptpStopSessionReply {
+        __u8    resultCode;
+        __u8    generalErrorCode;
+};
+struct PptpEchoRequest {
+        __u32 identNumber;
+};
+/* PptpEchoReplyResultCode */
+#define PPTP_ECHO_OK                    1
+#define PPTP_ECHO_GENERAL_ERROR         2
+struct PptpEchoReply {
+        __u32   identNumber;
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __u16   reserved;
+};
+/* PptpFramingType */
+#define PPTP_ASYNC_FRAMING              1
+#define PPTP_SYNC_FRAMING               2
+#define PPTP_DONT_CARE_FRAMING          3
+/* PptpCallBearerType */
+#define PPTP_ANALOG_TYPE                1
+#define PPTP_DIGITAL_TYPE               2
+#define PPTP_DONT_CARE_BEARER_TYPE      3
+struct PptpOutCallRequest {
+        __u16   callID;
+        __u16   callSerialNumber;
+        __u32   minBPS;
+        __u32   maxBPS;
+        __u32   bearerType;
+        __u32   framingType;
+        __u16   packetWindow;
+        __u16   packetProcDelay;
+        __u16   reserved1;
+        __u16   phoneNumberLength;
+        __u16   reserved2;
+        __u8    phoneNumber[64];
+        __u8    subAddress[64];
+};
+/* PptpCallResultCode */
+#define PPTP_OUTCALL_CONNECT            1
+#define PPTP_OUTCALL_GENERAL_ERROR      2
+#define PPTP_OUTCALL_NO_CARRIER         3
+#define PPTP_OUTCALL_BUSY               4
+#define PPTP_OUTCALL_NO_DIAL_TONE       5
+#define PPTP_OUTCALL_TIMEOUT            6
+#define PPTP_OUTCALL_DONT_ACCEPT        7
+struct PptpOutCallReply {
+        __u16   callID;
+        __u16   peersCallID;
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __u16   causeCode;
+        __u32   connectSpeed;
+        __u16   packetWindow;
+        __u16   packetProcDelay;
+        __u32   physChannelID;
+};
+struct PptpInCallRequest {
+        __u16   callID;
+        __u16   callSerialNumber;
+        __u32   callBearerType;
+        __u32   physChannelID;
+        __u16   dialedNumberLength;
+        __u16   dialingNumberLength;
+        __u8    dialedNumber[64];
+        __u8    dialingNumber[64];
+        __u8    subAddress[64];
+};
+/* PptpInCallResultCode */
+#define PPTP_INCALL_ACCEPT              1
+#define PPTP_INCALL_GENERAL_ERROR       2
+#define PPTP_INCALL_DONT_ACCEPT         3
+struct PptpInCallReply {
+        __u16   callID;
+        __u16   peersCallID;
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __u16   packetWindow;
+        __u16   packetProcDelay;
+        __u16   reserved;
+};
+struct PptpInCallConnected {
+        __u16   peersCallID;
+        __u16   reserved;
+        __u32   connectSpeed;
+        __u16   packetWindow;
+        __u16   packetProcDelay;
+        __u32   callFramingType;
+};
+struct PptpClearCallRequest {
+        __u16   callID;
+        __u16   reserved;
+};
+struct PptpCallDisconnectNotify {
+        __u16   callID;
+        __u8    resultCode;
+        __u8    generalErrorCode;
+        __u16   causeCode;
+        __u16   reserved;
+        __u8    callStatistics[128];
+};
+struct PptpWanErrorNotify {
+        __u16   peersCallID;
+        __u16   reserved;
+        __u32   crcErrors;
+        __u32   framingErrors;
+        __u32   hardwareOverRuns;
+        __u32   bufferOverRuns;
+        __u32   timeoutErrors;
+        __u32   alignmentErrors;
+};
+struct PptpSetLinkInfo {
+        __u16   peersCallID;
+        __u16   reserved;
+        __u32   sendAccm;
+        __u32   recvAccm;
+};
+struct pptp_priv_data {
+        __u16   call_id;
+        __u16   mcall_id;
+        __u16   pcall_id;
+};
+union pptp_ctrl_union {
+                struct PptpStartSessionRequest  sreq;
+                struct PptpStartSessionReply    srep;
+                struct PptpStopSessionRequest   streq;
+                struct PptpStopSessionReply     strep;
+                struct PptpOutCallRequest       ocreq;
+                struct PptpOutCallReply         ocack;
+                struct PptpInCallRequest        icreq;
+                struct PptpInCallReply          icack;
+                struct PptpInCallConnected      iccon;
+                struct PptpClearCallRequest     clrreq;
+                struct PptpCallDisconnectNotify disc;
+                struct PptpWanErrorNotify       wanerr;
+                struct PptpSetLinkInfo          setlink;
+};
+extern int
+(*ip_nat_pptp_hook_outbound)(struct sk_buff **pskb,
+                          struct ip_conntrack *ct,
+                          enum ip_conntrack_info ctinfo,
+                          struct PptpControlHeader *ctlh,
+                          union pptp_ctrl_union *pptpReq);
+extern int
+(*ip_nat_pptp_hook_inbound)(struct sk_buff **pskb,
+                          struct ip_conntrack *ct,
+                          enum ip_conntrack_info ctinfo,
+                          struct PptpControlHeader *ctlh,
+                          union pptp_ctrl_union *pptpReq);
+extern int
+(*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *exp_orig,
+                            struct ip_conntrack_expect *exp_reply);
+extern void
+(*ip_nat_pptp_hook_expectfn)(struct ip_conntrack *ct,
+                             struct ip_conntrack_expect *exp);
+#endif /* __KERNEL__ */
+#endif /* _CONNTRACK_PPTP_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
new file mode 100644
index 000000000000..8d090ef82f5f
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
@@ -0,0 +1,114 @@
+#ifndef _CONNTRACK_PROTO_GRE_H
+#define _CONNTRACK_PROTO_GRE_H
+#include <asm/byteorder.h>
+/* GRE PROTOCOL HEADER */
+/* GRE Version field */
+#define GRE_VERSION_1701        0x0
+#define GRE_VERSION_PPTP        0x1
+/* GRE Protocol field */
+#define GRE_PROTOCOL_PPTP       0x880B
+/* GRE Flags */
+#define GRE_FLAG_C              0x80
+#define GRE_FLAG_R              0x40
+#define GRE_FLAG_K              0x20
+#define GRE_FLAG_S              0x10
+#define GRE_FLAG_A              0x80
+#define GRE_IS_C(f)     ((f)&GRE_FLAG_C)
+#define GRE_IS_R(f)     ((f)&GRE_FLAG_R)
+#define GRE_IS_K(f)     ((f)&GRE_FLAG_K)
+#define GRE_IS_S(f)     ((f)&GRE_FLAG_S)
+#define GRE_IS_A(f)     ((f)&GRE_FLAG_A)
+/* GRE is a mess: Four different standards */
+struct gre_hdr {
+#if defined(__LITTLE_ENDIAN_BITFIELD)
+        __u16   rec:3,
+                srr:1,
+                seq:1,
+                key:1,
+                routing:1,
+                csum:1,
+                version:3,
+                reserved:4,
+                ack:1;
+#elif defined(__BIG_ENDIAN_BITFIELD)
+        __u16   csum:1,
+                routing:1,
+                key:1,
+                seq:1,
+                srr:1,
+                rec:3,
+                ack:1,
+                reserved:4,
+                version:3;
+#else
+#error "Adjust your <asm/byteorder.h> defines"
+#endif
+        __u16   protocol;
+};
+/* modified GRE header for PPTP */
+struct gre_hdr_pptp {
+        __u8  flags;            /* bitfield */
+        __u8  version;          /* should be GRE_VERSION_PPTP */
+        __u16 protocol;         /* should be GRE_PROTOCOL_PPTP */
+        __u16 payload_len;      /* size of ppp payload, not inc. gre header */
+        __u16 call_id;          /* peer's call_id for this session */
+        __u32 seq;              /* sequence number.  Present if S==1 */
+        __u32 ack;              /* seq number of highest packet recieved by */
+                                /*  sender in this session */
+};
+/* this is part of ip_conntrack */
+struct ip_ct_gre {
+        unsigned int stream_timeout;
+        unsigned int timeout;
+};
+#ifdef __KERNEL__
+struct ip_conntrack_expect;
+struct ip_conntrack;
+/* structure for original <-> reply keymap */
+struct ip_ct_gre_keymap {
+        struct list_head list;
+        struct ip_conntrack_tuple tuple;
+};
+/* add new tuple->key_reply pair to keymap */
+int ip_ct_gre_keymap_add(struct ip_conntrack *ct,
+                         struct ip_conntrack_tuple *t,
+                         int reply);
+/* delete keymap entries */
+void ip_ct_gre_keymap_destroy(struct ip_conntrack *ct);
+/* get pointer to gre key, if present */
+static inline u_int32_t *gre_key(struct gre_hdr *greh)
+{
+        if (!greh->key)
+                return NULL;
+        if (greh->csum || greh->routing)
+                return (u_int32_t *) (greh+sizeof(*greh)+4);
+        return (u_int32_t *) (greh+sizeof(*greh));
+}
+/* get pointer ot gre csum, if present */
+static inline u_int16_t *gre_csum(struct gre_hdr *greh)
+{
+        if (!greh->csum)
+                return NULL;
+        return (u_int16_t *) (greh+sizeof(*greh));
+}
+#endif /* __KERNEL__ */
+#endif /* _CONNTRACK_PROTO_GRE_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
index c33f0b5e0d0a..14dc0f7b6556 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
@@ -28,6 +28,9 @@ union ip_conntrack_manip_proto
        struct {
                u_int16_t port;
        } sctp;
+        struct {
+                u_int16_t key;  /* key is 32bit, pptp only uses 16 */
+        } gre;
 };
 /* The manipulable part of the tuple. */
@@ -61,6 +64,10 @@ struct ip_conntrack_tuple
                        struct {
                                u_int16_t port;
                        } sctp;
+                        struct {
+                                u_int16_t key;  /* key is 32bit, 
+                                                 * pptp only uses 16 */
+                        } gre;
                } u;
                /* The protocol. */
diff --git a/include/linux/netfilter_ipv4/ip_nat_pptp.h b/include/linux/netfilter_ipv4/ip_nat_pptp.h
new file mode 100644
index 000000000000..eaf66c2e8f93
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ip_nat_pptp.h
@@ -0,0 +1,11 @@
+/* PPTP constants and structs */
+#ifndef _NAT_PPTP_H
+#define _NAT_PPTP_H
+/* conntrack private data */
+struct ip_nat_pptp {
+        u_int16_t pns_call_id;          /* NAT'ed PNS call id */
+        u_int16_t pac_call_id;          /* NAT'ed PAC call id */
+};
+#endif /* _NAT_PPTP_H */
author	Harald Welte <laforge@netfilter.org>	2005-09-19 18:33:08 -0400
committer	David S. Miller <davem@davemloft.net>	2005-09-19 18:33:08 -0400
commit	926b50f92a30090da2c1a8675de954c2d9b09732 (patch)
tree	c8dd1cadf83c8e5e1cdc666b5b5596c2ae5dc76a /include
parent	772cb712b1373d335ef2874ea357ec681edc754b (diff)

diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h index 7e033e9271a8..2df446c952ef 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack.h +++ b/include/linux/netfilter_ipv4/ip_conntrack.h
@@ -133,11 +133,13 @@ enum ip_conntrack_expect_events {
133		133
134	#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>	134	#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
135	#include <linux/netfilter_ipv4/ip_conntrack_icmp.h>	135	#include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
		136	#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h>
136	#include <linux/netfilter_ipv4/ip_conntrack_sctp.h>	137	#include <linux/netfilter_ipv4/ip_conntrack_sctp.h>
137		138
138	/* per conntrack: protocol private data */	139	/* per conntrack: protocol private data */
139	union ip_conntrack_proto {	140	union ip_conntrack_proto {
140	/* insert conntrack proto private data here */	141	/* insert conntrack proto private data here */
		142	struct ip_ct_gre gre;
141	struct ip_ct_sctp sctp;	143	struct ip_ct_sctp sctp;
142	struct ip_ct_tcp tcp;	144	struct ip_ct_tcp tcp;
143	struct ip_ct_icmp icmp;	145	struct ip_ct_icmp icmp;
@@ -148,6 +150,7 @@ union ip_conntrack_expect_proto {
148	};	150	};
149		151
150	/* Add protocol helper include file here */	152	/* Add protocol helper include file here */
		153	#include <linux/netfilter_ipv4/ip_conntrack_pptp.h>
151	#include <linux/netfilter_ipv4/ip_conntrack_amanda.h>	154	#include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
152	#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>	155	#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
153	#include <linux/netfilter_ipv4/ip_conntrack_irc.h>	156	#include <linux/netfilter_ipv4/ip_conntrack_irc.h>
@@ -155,12 +158,20 @@ union ip_conntrack_expect_proto {
155	/* per conntrack: application helper private data */	158	/* per conntrack: application helper private data */
156	union ip_conntrack_help {	159	union ip_conntrack_help {
157	/* insert conntrack helper private data (master) here */	160	/* insert conntrack helper private data (master) here */
		161	struct ip_ct_pptp_master ct_pptp_info;
158	struct ip_ct_ftp_master ct_ftp_info;	162	struct ip_ct_ftp_master ct_ftp_info;
159	struct ip_ct_irc_master ct_irc_info;	163	struct ip_ct_irc_master ct_irc_info;
160	};	164	};
161		165
162	#ifdef CONFIG_IP_NF_NAT_NEEDED	166	#ifdef CONFIG_IP_NF_NAT_NEEDED
163	#include <linux/netfilter_ipv4/ip_nat.h>	167	#include <linux/netfilter_ipv4/ip_nat.h>
		168	#include <linux/netfilter_ipv4/ip_nat_pptp.h>
		169
		170	/* per conntrack: nat application helper private data */
		171	union ip_conntrack_nat_help {
		172	/* insert nat helper private data here */
		173	struct ip_nat_pptp nat_pptp_info;
		174	};
164	#endif	175	#endif
165		176
166	#include <linux/types.h>	177	#include <linux/types.h>
@@ -223,6 +234,7 @@ struct ip_conntrack
223	#ifdef CONFIG_IP_NF_NAT_NEEDED	234	#ifdef CONFIG_IP_NF_NAT_NEEDED
224	struct {	235	struct {
225	struct ip_nat_info info;	236	struct ip_nat_info info;
		237	union ip_conntrack_nat_help help;
226	#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) \|\| \	238	#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) \|\| \
227	defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)	239	defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
228	int masq_index;	240	int masq_index;


diff --git a/include/linux/netfilter_ipv4/ip_conntrack_pptp.h b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h new file mode 100644 index 000000000000..389e3851d52f --- /dev/null +++ b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
@@ -0,0 +1,332 @@
		1	/* PPTP constants and structs */
		2	#ifndef _CONNTRACK_PPTP_H
		3	#define _CONNTRACK_PPTP_H
		4
		5	/* state of the control session */
		6	enum pptp_ctrlsess_state {
		7	PPTP_SESSION_NONE, /* no session present */
		8	PPTP_SESSION_ERROR, /* some session error */
		9	PPTP_SESSION_STOPREQ, /* stop_sess request seen */
		10	PPTP_SESSION_REQUESTED, /* start_sess request seen */
		11	PPTP_SESSION_CONFIRMED, /* session established */
		12	};
		13
		14	/* state of the call inside the control session */
		15	enum pptp_ctrlcall_state {
		16	PPTP_CALL_NONE,
		17	PPTP_CALL_ERROR,
		18	PPTP_CALL_OUT_REQ,
		19	PPTP_CALL_OUT_CONF,
		20	PPTP_CALL_IN_REQ,
		21	PPTP_CALL_IN_REP,
		22	PPTP_CALL_IN_CONF,
		23	PPTP_CALL_CLEAR_REQ,
		24	};
		25
		26
		27	/* conntrack private data */
		28	struct ip_ct_pptp_master {
		29	enum pptp_ctrlsess_state sstate; /* session state */
		30
		31	/* everything below is going to be per-expectation in newnat,
		32	* since there could be more than one call within one session */
		33	enum pptp_ctrlcall_state cstate; /* call state */
		34	u_int16_t pac_call_id; /* call id of PAC, host byte order */
		35	u_int16_t pns_call_id; /* call id of PNS, host byte order */
		36
		37	/* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack
		38	* and therefore imposes a fixed limit on the number of maps */
		39	struct ip_ct_gre_keymap keymap_orig, keymap_reply;
		40	};
		41
		42	/* conntrack_expect private member */
		43	struct ip_ct_pptp_expect {
		44	enum pptp_ctrlcall_state cstate; /* call state */
		45	u_int16_t pac_call_id; /* call id of PAC */
		46	u_int16_t pns_call_id; /* call id of PNS */
		47	};
		48
		49
		50	#ifdef __KERNEL__
		51
		52	#define IP_CONNTR_PPTP PPTP_CONTROL_PORT
		53
		54	#define PPTP_CONTROL_PORT 1723
		55
		56	#define PPTP_PACKET_CONTROL 1
		57	#define PPTP_PACKET_MGMT 2
		58
		59	#define PPTP_MAGIC_COOKIE 0x1a2b3c4d
		60
		61	struct pptp_pkt_hdr {
		62	__u16 packetLength;
		63	__u16 packetType;
		64	__u32 magicCookie;
		65	};
		66
		67	/* PptpControlMessageType values */
		68	#define PPTP_START_SESSION_REQUEST 1
		69	#define PPTP_START_SESSION_REPLY 2
		70	#define PPTP_STOP_SESSION_REQUEST 3
		71	#define PPTP_STOP_SESSION_REPLY 4
		72	#define PPTP_ECHO_REQUEST 5
		73	#define PPTP_ECHO_REPLY 6
		74	#define PPTP_OUT_CALL_REQUEST 7
		75	#define PPTP_OUT_CALL_REPLY 8
		76	#define PPTP_IN_CALL_REQUEST 9
		77	#define PPTP_IN_CALL_REPLY 10
		78	#define PPTP_IN_CALL_CONNECT 11
		79	#define PPTP_CALL_CLEAR_REQUEST 12
		80	#define PPTP_CALL_DISCONNECT_NOTIFY 13
		81	#define PPTP_WAN_ERROR_NOTIFY 14
		82	#define PPTP_SET_LINK_INFO 15
		83
		84	#define PPTP_MSG_MAX 15
		85
		86	/* PptpGeneralError values */
		87	#define PPTP_ERROR_CODE_NONE 0
		88	#define PPTP_NOT_CONNECTED 1
		89	#define PPTP_BAD_FORMAT 2
		90	#define PPTP_BAD_VALUE 3
		91	#define PPTP_NO_RESOURCE 4
		92	#define PPTP_BAD_CALLID 5
		93	#define PPTP_REMOVE_DEVICE_ERROR 6
		94
		95	struct PptpControlHeader {
		96	__u16 messageType;
		97	__u16 reserved;
		98	};
		99
		100	/* FramingCapability Bitmap Values */
		101	#define PPTP_FRAME_CAP_ASYNC 0x1
		102	#define PPTP_FRAME_CAP_SYNC 0x2
		103
		104	/* BearerCapability Bitmap Values */
		105	#define PPTP_BEARER_CAP_ANALOG 0x1
		106	#define PPTP_BEARER_CAP_DIGITAL 0x2
		107
		108	struct PptpStartSessionRequest {
		109	__u16 protocolVersion;
		110	__u8 reserved1;
		111	__u8 reserved2;
		112	__u32 framingCapability;
		113	__u32 bearerCapability;
		114	__u16 maxChannels;
		115	__u16 firmwareRevision;
		116	__u8 hostName[64];
		117	__u8 vendorString[64];
		118	};
		119
		120	/* PptpStartSessionResultCode Values */
		121	#define PPTP_START_OK 1
		122	#define PPTP_START_GENERAL_ERROR 2
		123	#define PPTP_START_ALREADY_CONNECTED 3
		124	#define PPTP_START_NOT_AUTHORIZED 4
		125	#define PPTP_START_UNKNOWN_PROTOCOL 5
		126
		127	struct PptpStartSessionReply {
		128	__u16 protocolVersion;
		129	__u8 resultCode;
		130	__u8 generalErrorCode;
		131	__u32 framingCapability;
		132	__u32 bearerCapability;
		133	__u16 maxChannels;
		134	__u16 firmwareRevision;
		135	__u8 hostName[64];
		136	__u8 vendorString[64];
		137	};
		138
		139	/* PptpStopReasons */
		140	#define PPTP_STOP_NONE 1
		141	#define PPTP_STOP_PROTOCOL 2
		142	#define PPTP_STOP_LOCAL_SHUTDOWN 3
		143
		144	struct PptpStopSessionRequest {
		145	__u8 reason;
		146	};
		147
		148	/* PptpStopSessionResultCode */
		149	#define PPTP_STOP_OK 1
		150	#define PPTP_STOP_GENERAL_ERROR 2
		151
		152	struct PptpStopSessionReply {
		153	__u8 resultCode;
		154	__u8 generalErrorCode;
		155	};
		156
		157	struct PptpEchoRequest {
		158	__u32 identNumber;
		159	};
		160
		161	/* PptpEchoReplyResultCode */
		162	#define PPTP_ECHO_OK 1
		163	#define PPTP_ECHO_GENERAL_ERROR 2
		164
		165	struct PptpEchoReply {
		166	__u32 identNumber;
		167	__u8 resultCode;
		168	__u8 generalErrorCode;
		169	__u16 reserved;
		170	};
		171
		172	/* PptpFramingType */
		173	#define PPTP_ASYNC_FRAMING 1
		174	#define PPTP_SYNC_FRAMING 2
		175	#define PPTP_DONT_CARE_FRAMING 3
		176
		177	/* PptpCallBearerType */
		178	#define PPTP_ANALOG_TYPE 1
		179	#define PPTP_DIGITAL_TYPE 2
		180	#define PPTP_DONT_CARE_BEARER_TYPE 3
		181
		182	struct PptpOutCallRequest {
		183	__u16 callID;
		184	__u16 callSerialNumber;
		185	__u32 minBPS;
		186	__u32 maxBPS;
		187	__u32 bearerType;
		188	__u32 framingType;
		189	__u16 packetWindow;
		190	__u16 packetProcDelay;
		191	__u16 reserved1;
		192	__u16 phoneNumberLength;
		193	__u16 reserved2;
		194	__u8 phoneNumber[64];
		195	__u8 subAddress[64];
		196	};
		197
		198	/* PptpCallResultCode */
		199	#define PPTP_OUTCALL_CONNECT 1
		200	#define PPTP_OUTCALL_GENERAL_ERROR 2
		201	#define PPTP_OUTCALL_NO_CARRIER 3
		202	#define PPTP_OUTCALL_BUSY 4
		203	#define PPTP_OUTCALL_NO_DIAL_TONE 5
		204	#define PPTP_OUTCALL_TIMEOUT 6
		205	#define PPTP_OUTCALL_DONT_ACCEPT 7
		206
		207	struct PptpOutCallReply {
		208	__u16 callID;
		209	__u16 peersCallID;
		210	__u8 resultCode;
		211	__u8 generalErrorCode;
		212	__u16 causeCode;
		213	__u32 connectSpeed;
		214	__u16 packetWindow;
		215	__u16 packetProcDelay;
		216	__u32 physChannelID;
		217	};
		218
		219	struct PptpInCallRequest {
		220	__u16 callID;
		221	__u16 callSerialNumber;
		222	__u32 callBearerType;
		223	__u32 physChannelID;
		224	__u16 dialedNumberLength;
		225	__u16 dialingNumberLength;
		226	__u8 dialedNumber[64];
		227	__u8 dialingNumber[64];
		228	__u8 subAddress[64];
		229	};
		230
		231	/* PptpInCallResultCode */
		232	#define PPTP_INCALL_ACCEPT 1
		233	#define PPTP_INCALL_GENERAL_ERROR 2
		234	#define PPTP_INCALL_DONT_ACCEPT 3
		235
		236	struct PptpInCallReply {
		237	__u16 callID;
		238	__u16 peersCallID;
		239	__u8 resultCode;
		240	__u8 generalErrorCode;
		241	__u16 packetWindow;
		242	__u16 packetProcDelay;
		243	__u16 reserved;
		244	};
		245
		246	struct PptpInCallConnected {
		247	__u16 peersCallID;
		248	__u16 reserved;
		249	__u32 connectSpeed;
		250	__u16 packetWindow;
		251	__u16 packetProcDelay;
		252	__u32 callFramingType;
		253	};
		254
		255	struct PptpClearCallRequest {
		256	__u16 callID;
		257	__u16 reserved;
		258	};
		259
		260	struct PptpCallDisconnectNotify {
		261	__u16 callID;
		262	__u8 resultCode;
		263	__u8 generalErrorCode;
		264	__u16 causeCode;
		265	__u16 reserved;
		266	__u8 callStatistics[128];
		267	};
		268
		269	struct PptpWanErrorNotify {
		270	__u16 peersCallID;
		271	__u16 reserved;
		272	__u32 crcErrors;
		273	__u32 framingErrors;
		274	__u32 hardwareOverRuns;
		275	__u32 bufferOverRuns;
		276	__u32 timeoutErrors;
		277	__u32 alignmentErrors;
		278	};
		279
		280	struct PptpSetLinkInfo {
		281	__u16 peersCallID;
		282	__u16 reserved;
		283	__u32 sendAccm;
		284	__u32 recvAccm;
		285	};
		286
		287
		288	struct pptp_priv_data {
		289	__u16 call_id;
		290	__u16 mcall_id;
		291	__u16 pcall_id;
		292	};
		293
		294	union pptp_ctrl_union {
		295	struct PptpStartSessionRequest sreq;
		296	struct PptpStartSessionReply srep;
		297	struct PptpStopSessionRequest streq;
		298	struct PptpStopSessionReply strep;
		299	struct PptpOutCallRequest ocreq;
		300	struct PptpOutCallReply ocack;
		301	struct PptpInCallRequest icreq;
		302	struct PptpInCallReply icack;
		303	struct PptpInCallConnected iccon;
		304	struct PptpClearCallRequest clrreq;
		305	struct PptpCallDisconnectNotify disc;
		306	struct PptpWanErrorNotify wanerr;
		307	struct PptpSetLinkInfo setlink;
		308	};
		309
		310	extern int
		311	(ip_nat_pptp_hook_outbound)(struct sk_buff *pskb,
		312	struct ip_conntrack *ct,
		313	enum ip_conntrack_info ctinfo,
		314	struct PptpControlHeader *ctlh,
		315	union pptp_ctrl_union *pptpReq);
		316
		317	extern int
		318	(ip_nat_pptp_hook_inbound)(struct sk_buff *pskb,
		319	struct ip_conntrack *ct,
		320	enum ip_conntrack_info ctinfo,
		321	struct PptpControlHeader *ctlh,
		322	union pptp_ctrl_union *pptpReq);
		323
		324	extern int
		325	(ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect exp_orig,
		326	struct ip_conntrack_expect *exp_reply);
		327
		328	extern void
		329	(ip_nat_pptp_hook_expectfn)(struct ip_conntrack ct,
		330	struct ip_conntrack_expect *exp);
		331	#endif /* __KERNEL__ */
		332	#endif /* _CONNTRACK_PPTP_H */


diff --git a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h new file mode 100644 index 000000000000..8d090ef82f5f --- /dev/null +++ b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
@@ -0,0 +1,114 @@
		1	#ifndef _CONNTRACK_PROTO_GRE_H
		2	#define _CONNTRACK_PROTO_GRE_H
		3	#include <asm/byteorder.h>
		4
		5	/* GRE PROTOCOL HEADER */
		6
		7	/* GRE Version field */
		8	#define GRE_VERSION_1701 0x0
		9	#define GRE_VERSION_PPTP 0x1
		10
		11	/* GRE Protocol field */
		12	#define GRE_PROTOCOL_PPTP 0x880B
		13
		14	/* GRE Flags */
		15	#define GRE_FLAG_C 0x80
		16	#define GRE_FLAG_R 0x40
		17	#define GRE_FLAG_K 0x20
		18	#define GRE_FLAG_S 0x10
		19	#define GRE_FLAG_A 0x80
		20
		21	#define GRE_IS_C(f) ((f)&GRE_FLAG_C)
		22	#define GRE_IS_R(f) ((f)&GRE_FLAG_R)
		23	#define GRE_IS_K(f) ((f)&GRE_FLAG_K)
		24	#define GRE_IS_S(f) ((f)&GRE_FLAG_S)
		25	#define GRE_IS_A(f) ((f)&GRE_FLAG_A)
		26
		27	/* GRE is a mess: Four different standards */
		28	struct gre_hdr {
		29	#if defined(__LITTLE_ENDIAN_BITFIELD)
		30	__u16 rec:3,
		31	srr:1,
		32	seq:1,
		33	key:1,
		34	routing:1,
		35	csum:1,
		36	version:3,
		37	reserved:4,
		38	ack:1;
		39	#elif defined(__BIG_ENDIAN_BITFIELD)
		40	__u16 csum:1,
		41	routing:1,
		42	key:1,
		43	seq:1,
		44	srr:1,
		45	rec:3,
		46	ack:1,
		47	reserved:4,
		48	version:3;
		49	#else
		50	#error "Adjust your <asm/byteorder.h> defines"
		51	#endif
		52	__u16 protocol;
		53	};
		54
		55	/* modified GRE header for PPTP */
		56	struct gre_hdr_pptp {
		57	__u8 flags; /* bitfield */
		58	__u8 version; /* should be GRE_VERSION_PPTP */
		59	__u16 protocol; /* should be GRE_PROTOCOL_PPTP */
		60	__u16 payload_len; /* size of ppp payload, not inc. gre header */
		61	__u16 call_id; /* peer's call_id for this session */
		62	__u32 seq; /* sequence number. Present if S==1 */
		63	__u32 ack; /* seq number of highest packet recieved by */
		64	/* sender in this session */
		65	};
		66
		67
		68	/* this is part of ip_conntrack */
		69	struct ip_ct_gre {
		70	unsigned int stream_timeout;
		71	unsigned int timeout;
		72	};
		73
		74	#ifdef __KERNEL__
		75	struct ip_conntrack_expect;
		76	struct ip_conntrack;
		77
		78	/* structure for original <-> reply keymap */
		79	struct ip_ct_gre_keymap {
		80	struct list_head list;
		81
		82	struct ip_conntrack_tuple tuple;
		83	};
		84
		85	/* add new tuple->key_reply pair to keymap */
		86	int ip_ct_gre_keymap_add(struct ip_conntrack *ct,
		87	struct ip_conntrack_tuple *t,
		88	int reply);
		89
		90	/* delete keymap entries */
		91	void ip_ct_gre_keymap_destroy(struct ip_conntrack *ct);
		92
		93
		94	/* get pointer to gre key, if present */
		95	static inline u_int32_t gre_key(struct gre_hdr greh)
		96	{
		97	if (!greh->key)
		98	return NULL;
		99	if (greh->csum \|\| greh->routing)
		100	return (u_int32_t ) (greh+sizeof(greh)+4);
		101	return (u_int32_t ) (greh+sizeof(greh));
		102	}
		103
		104	/* get pointer ot gre csum, if present */
		105	static inline u_int16_t gre_csum(struct gre_hdr greh)
		106	{
		107	if (!greh->csum)
		108	return NULL;
		109	return (u_int16_t ) (greh+sizeof(greh));
		110	}
		111
		112	#endif /* __KERNEL__ */
		113
		114	#endif /* _CONNTRACK_PROTO_GRE_H */


diff --git a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h index c33f0b5e0d0a..14dc0f7b6556 100644 --- a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h +++ b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
@@ -28,6 +28,9 @@ union ip_conntrack_manip_proto
28	struct {	28	struct {
29	u_int16_t port;	29	u_int16_t port;
30	} sctp;	30	} sctp;
		31	struct {
		32	u_int16_t key; /* key is 32bit, pptp only uses 16 */
		33	} gre;
31	};	34	};
32		35
33	/* The manipulable part of the tuple. */	36	/* The manipulable part of the tuple. */
@@ -61,6 +64,10 @@ struct ip_conntrack_tuple
61	struct {	64	struct {
62	u_int16_t port;	65	u_int16_t port;
63	} sctp;	66	} sctp;
		67	struct {
		68	u_int16_t key; /* key is 32bit,
		69	* pptp only uses 16 */
		70	} gre;
64	} u;	71	} u;
65		72
66	/* The protocol. */	73	/* The protocol. */


diff --git a/include/linux/netfilter_ipv4/ip_nat_pptp.h b/include/linux/netfilter_ipv4/ip_nat_pptp.h new file mode 100644 index 000000000000..eaf66c2e8f93 --- /dev/null +++ b/include/linux/netfilter_ipv4/ip_nat_pptp.h
@@ -0,0 +1,11 @@
		1	/* PPTP constants and structs */
		2	#ifndef _NAT_PPTP_H
		3	#define _NAT_PPTP_H
		4
		5	/* conntrack private data */
		6	struct ip_nat_pptp {
		7	u_int16_t pns_call_id; /* NAT'ed PNS call id */
		8	u_int16_t pac_call_id; /* NAT'ed PAC call id */
		9	};
		10
		11	#endif /* _NAT_PPTP_H */