/[linux-patches]/genpatches-2.6/trunk/2.6.14/1133_3_pptp-call-id.patch
Gentoo

Contents of /genpatches-2.6/trunk/2.6.14/1133_3_pptp-call-id.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 292 - (show annotations) (download) (as text)
Tue Jan 31 21:50:53 2006 UTC (14 years, 9 months ago) by johnm
File MIME type: text/x-diff
File size: 3052 byte(s)
Large update - thanks goes to Kerin Millar for the legwork.
1 From stable-bounces@linux.kernel.org Tue Nov 15 04:33:00 2005
2 Date: Tue, 15 Nov 2005 13:32:36 +0100
3 From: Harald Welte <laforge@netfilter.org>
4 To: Stable Kernel <stable@kernel.org>
5 Cc:
6 Subject: [PATCH] [NETFILTER] PPTP helper: fix PNS-PAC expectation call id
7
8 From: Philip Craig <philipc@snapgear.com>
9
10 The reply tuple of the PNS->PAC expectation was using the wrong call id.
11
12 So we had the following situation:
13 - PNS behind NAT firewall
14 - PNS call id requires NATing
15 - PNS->PAC gre packet arrives first
16
17 then the PNS->PAC expectation is matched, and the other expectation
18 is deleted, but the PAC->PNS gre packets do not match the gre conntrack
19 because the call id is wrong.
20
21 We also cannot use ip_nat_follow_master().
22
23 Signed-off-by: Philip Craig <philipc@snapgear.com>
24 Signed-off-by: Harald Welte <laforge@netfilter.org>
25 Signed-off-by: Chris Wright <chrisw@osdl.org>
26 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
27 ---
28 net/ipv4/netfilter/ip_nat_helper_pptp.c | 28 ++++++++++++++++++++++++++--
29 1 file changed, 26 insertions(+), 2 deletions(-)
30
31 --- linux-2.6.14.2.orig/net/ipv4/netfilter/ip_nat_helper_pptp.c
32 +++ linux-2.6.14.2/net/ipv4/netfilter/ip_nat_helper_pptp.c
33 @@ -73,6 +73,7 @@ static void pptp_nat_expected(struct ip_
34 struct ip_conntrack_tuple t;
35 struct ip_ct_pptp_master *ct_pptp_info;
36 struct ip_nat_pptp *nat_pptp_info;
37 + struct ip_nat_range range;
38
39 ct_pptp_info = &master->help.ct_pptp_info;
40 nat_pptp_info = &master->nat.help.nat_pptp_info;
41 @@ -110,7 +111,30 @@ static void pptp_nat_expected(struct ip_
42 DEBUGP("not found!\n");
43 }
44
45 - ip_nat_follow_master(ct, exp);
46 + /* This must be a fresh one. */
47 + BUG_ON(ct->status & IPS_NAT_DONE_MASK);
48 +
49 + /* Change src to where master sends to */
50 + range.flags = IP_NAT_RANGE_MAP_IPS;
51 + range.min_ip = range.max_ip
52 + = ct->master->tuplehash[!exp->dir].tuple.dst.ip;
53 + if (exp->dir == IP_CT_DIR_ORIGINAL) {
54 + range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
55 + range.min = range.max = exp->saved_proto;
56 + }
57 + /* hook doesn't matter, but it has to do source manip */
58 + ip_nat_setup_info(ct, &range, NF_IP_POST_ROUTING);
59 +
60 + /* For DST manip, map port here to where it's expected. */
61 + range.flags = IP_NAT_RANGE_MAP_IPS;
62 + range.min_ip = range.max_ip
63 + = ct->master->tuplehash[!exp->dir].tuple.src.ip;
64 + if (exp->dir == IP_CT_DIR_REPLY) {
65 + range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
66 + range.min = range.max = exp->saved_proto;
67 + }
68 + /* hook doesn't matter, but it has to do destination manip */
69 + ip_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING);
70 }
71
72 /* outbound packets == from PNS to PAC */
73 @@ -213,7 +237,7 @@ pptp_exp_gre(struct ip_conntrack_expect
74
75 /* alter expectation for PNS->PAC direction */
76 invert_tuplepr(&inv_t, &expect_orig->tuple);
77 - expect_orig->saved_proto.gre.key = htons(nat_pptp_info->pac_call_id);
78 + expect_orig->saved_proto.gre.key = htons(ct_pptp_info->pns_call_id);
79 expect_orig->tuple.src.u.gre.key = htons(nat_pptp_info->pns_call_id);
80 expect_orig->tuple.dst.u.gre.key = htons(ct_pptp_info->pac_call_id);
81 inv_t.src.ip = reply_t->src.ip;

  ViewVC Help
Powered by ViewVC 1.1.20