patch-2.4.21 linux-2.4.21/net/ipv4/netfilter/ip_conntrack_amanda.c
Next file: linux-2.4.21/net/ipv4/netfilter/ip_conntrack_core.c
Previous file: linux-2.4.21/net/ipv4/netfilter/Makefile
Back to the patch index
Back to the overall index
- Lines: 236
- Date:
2003-06-13 07:51:39.000000000 -0700
- Orig file:
linux-2.4.20/net/ipv4/netfilter/ip_conntrack_amanda.c
- Orig date:
1969-12-31 16:00:00.000000000 -0800
diff -urN linux-2.4.20/net/ipv4/netfilter/ip_conntrack_amanda.c linux-2.4.21/net/ipv4/netfilter/ip_conntrack_amanda.c
@@ -0,0 +1,235 @@
+/* Amanda extension for IP connection tracking, Version 0.2
+ * (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca>
+ * based on HW's ip_conntrack_irc.c as well as other modules
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Module load syntax:
+ * insmod ip_conntrack_amanda.o [master_timeout=n]
+ *
+ * Where master_timeout is the timeout (in seconds) of the master
+ * connection (port 10080). This defaults to 5 minutes but if
+ * your clients take longer than 5 minutes to do their work
+ * before getting back to the Amanda server, you can increase
+ * this value.
+ *
+ */
+
+#include <linux/module.h>
+#include <linux/netfilter.h>
+#include <linux/ip.h>
+#include <net/checksum.h>
+#include <net/udp.h>
+
+#include <linux/netfilter_ipv4/lockhelp.h>
+#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
+#include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
+
+static unsigned int master_timeout = 300;
+
+MODULE_AUTHOR("Brian J. Murrell <netfilter@interlinx.bc.ca>");
+MODULE_DESCRIPTION("Amanda connection tracking module");
+MODULE_LICENSE("GPL");
+MODULE_PARM(master_timeout, "i");
+MODULE_PARM_DESC(master_timeout, "timeout for the master connection");
+
+DECLARE_LOCK(ip_amanda_lock);
+struct module *ip_conntrack_amanda = THIS_MODULE;
+
+#define MAXMATCHLEN 6
+struct conn conns[NUM_MSGS] = {
+ {"DATA ", 5},
+ {"MESG ", 5},
+ {"INDEX ", 6},
+};
+
+#if 0
+#define DEBUGP printk
+#else
+#define DEBUGP(format, args...)
+#endif
+
+
+/* FIXME: This should be in userspace. Later. */
+static int help(const struct iphdr *iph, size_t len,
+ struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
+{
+ struct udphdr *udph = (void *)iph + iph->ihl * 4;
+ u_int32_t udplen = len - iph->ihl * 4;
+ u_int32_t datalen = udplen - sizeof(struct udphdr);
+ char *data = (char *)udph + sizeof(struct udphdr);
+ char *datap = data;
+ char *data_limit = (char *) data + datalen;
+ int dir = CTINFO2DIR(ctinfo);
+ struct ip_ct_amanda *info =
+ (struct ip_ct_amanda *)&ct->help.ct_ftp_info;
+
+ /* Can't track connections formed before we registered */
+ if (!info)
+ return NF_ACCEPT;
+
+ /* increase the UDP timeout of the master connection as replies from
+ * Amanda clients to the server can be quite delayed */
+ ip_ct_refresh(ct, master_timeout * HZ);
+
+ /* If packet is coming from Amanda server */
+ if (dir == IP_CT_DIR_ORIGINAL)
+ return NF_ACCEPT;
+
+ /* Not whole UDP header? */
+ if (udplen < sizeof(struct udphdr)) {
+ printk("ip_conntrack_amanda_help: udplen = %u\n",
+ (unsigned)udplen);
+ return NF_ACCEPT;
+ }
+
+ /* Checksum invalid? Ignore. */
+ if (csum_tcpudp_magic(iph->saddr, iph->daddr, udplen, IPPROTO_UDP,
+ csum_partial((char *)udph, udplen, 0))) {
+ DEBUGP("ip_ct_talk_help: bad csum: %p %u %u.%u.%u.%u "
+ "%u.%u.%u.%u\n",
+ udph, udplen, NIPQUAD(iph->saddr),
+ NIPQUAD(iph->daddr));
+ return NF_ACCEPT;
+ }
+
+ /* Search for the CONNECT string */
+ while (data < data_limit) {
+ if (!memcmp(data, "CONNECT ", 8)) {
+ break;
+ }
+ data++;
+ }
+ if (memcmp(data, "CONNECT ", 8))
+ return NF_ACCEPT;
+
+ DEBUGP("ip_conntrack_amanda_help: CONNECT found in connection "
+ "%u.%u.%u.%u:%u %u.%u.%u.%u:%u\n",
+ NIPQUAD(iph->saddr), htons(udph->source),
+ NIPQUAD(iph->daddr), htons(udph->dest));
+ data += 8;
+ while (*data != 0x0a && data < data_limit) {
+
+ int i;
+
+ for (i = 0; i < NUM_MSGS; i++) {
+ if (!memcmp(data, conns[i].match,
+ conns[i].matchlen)) {
+
+ char *portchr;
+ struct ip_conntrack_expect expect;
+ struct ip_ct_amanda_expect
+ *exp_amanda_info =
+ &expect.help.exp_amanda_info;
+
+ memset(&expect, 0, sizeof(expect));
+
+ data += conns[i].matchlen;
+ /* this is not really tcp, but let's steal an
+ * idea from a tcp stream helper :-)
+ */
+ // XXX expect.seq = data - datap;
+ exp_amanda_info->offset = data - datap;
+// XXX DEBUGP("expect.seq = %p - %p = %d\n", data, datap, expect.seq);
+DEBUGP("exp_amanda_info->offset = %p - %p = %d\n", data, datap, exp_amanda_info->offset);
+ portchr = data;
+ exp_amanda_info->port =
+ simple_strtoul(data, &data, 10);
+ exp_amanda_info->len = data - portchr;
+
+ /* eat whitespace */
+ while (*data == ' ')
+ data++;
+ DEBUGP ("ip_conntrack_amanda_help: "
+ "CONNECT %s request with port "
+ "%u found\n", conns[i].match,
+ exp_amanda_info->port);
+
+ LOCK_BH(&ip_amanda_lock);
+
+ expect.tuple = ((struct ip_conntrack_tuple)
+ { { ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip,
+ { 0 } },
+ { ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip,
+ { htons(exp_amanda_info->port) },
+ IPPROTO_TCP }});
+ expect.mask = ((struct ip_conntrack_tuple)
+ { { 0, { 0 } },
+ { 0xFFFFFFFF, { 0xFFFF }, 0xFFFF }});
+
+ expect.expectfn = NULL;
+
+ DEBUGP ("ip_conntrack_amanda_help: "
+ "expect_related: %u.%u.%u.%u:%u - "
+ "%u.%u.%u.%u:%u\n",
+ NIPQUAD(expect.tuple.src.ip),
+ ntohs(expect.tuple.src.u.tcp.port),
+ NIPQUAD(expect.tuple.dst.ip),
+ ntohs(expect.tuple.dst.u.tcp.port));
+ if (ip_conntrack_expect_related(ct, &expect) ==
+ -EEXIST) {
+ ;
+ /* this must be a packet being resent */
+ /* XXX - how do I get the
+ * ip_conntrack_expect that
+ * already exists so that I can
+ * update the .seq so that the
+ * nat module rewrites the port
+ * numbers?
+ * Perhaps I should use the
+ * exp_amanda_info instead of
+ * .seq.
+ */
+ }
+ UNLOCK_BH(&ip_amanda_lock);
+ } /* if memcmp(conns) */
+ } /* for .. NUM_MSGS */
+ data++;
+ } /* while (*data != 0x0a && data < data_limit) */
+
+ return NF_ACCEPT;
+}
+
+static struct ip_conntrack_helper amanda_helper;
+
+static void fini(void)
+{
+ DEBUGP("ip_ct_amanda: unregistering helper for port 10080\n");
+ ip_conntrack_helper_unregister(&amanda_helper);
+}
+
+static int __init init(void)
+{
+ int ret;
+
+ memset(&amanda_helper, 0, sizeof(struct ip_conntrack_helper));
+ amanda_helper.tuple.src.u.udp.port = htons(10080);
+ amanda_helper.tuple.dst.protonum = IPPROTO_UDP;
+ amanda_helper.mask.src.u.udp.port = 0xFFFF;
+ amanda_helper.mask.dst.protonum = 0xFFFF;
+ amanda_helper.max_expected = NUM_MSGS;
+ amanda_helper.timeout = 180;
+ amanda_helper.flags = IP_CT_HELPER_F_REUSE_EXPECT;
+ amanda_helper.me = ip_conntrack_amanda;
+ amanda_helper.help = help;
+ amanda_helper.name = "amanda";
+
+ DEBUGP("ip_ct_amanda: registering helper for port 10080\n");
+
+ ret = ip_conntrack_helper_register(&amanda_helper);
+
+ if (ret) {
+ printk("ip_ct_amanda: ERROR registering helper\n");
+ fini();
+ return -EBUSY;
+ }
+ return 0;
+}
+
+EXPORT_SYMBOL(ip_amanda_lock);
+
+module_init(init);
+module_exit(fini);
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)