Changes and improvements submitted to davem render cvs version of 0-newnat7
unusable
Attached is 'patch on patch'. I hope this will fix the thing.
Next chunk - snmp nat for newnat - will come tomorrow.
--
Paul P 'Stingray' Komkoff 'Greatest' Jr // (icq)23200764 // (irc)Spacebar
PPKJ1-RIPE // (smtp)[EMAIL PROTECTED] // (http)stingr.net // (pgp)0xA4B4ECA4
--- 0-newnat7.patch Wed Feb 20 17:45:03 2002
+++ /home/stingray/take1newnat Fri Mar 8 20:19:49 2002
@@ -1,6 +1,6 @@
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_conntrack.h
linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_conntrack.h
---- linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_conntrack.h Wed Oct 31
00:08:12 2001
-+++ linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_conntrack.h Thu Feb 7
15:03:55 2002
+diff -Nru a/include/linux/netfilter_ipv4/ip_conntrack.h
+b/include/linux/netfilter_ipv4/ip_conntrack.h
+--- a/include/linux/netfilter_ipv4/ip_conntrack.h Fri Mar 8 20:19:49 2002
++++ b/include/linux/netfilter_ipv4/ip_conntrack.h Fri Mar 8 20:19:49 2002
@@ -6,6 +6,7 @@
#include <linux/config.h>
@@ -9,9 +9,9 @@
enum ip_conntrack_info
{
-@@ -62,30 +63,58 @@
- IPS_ASSURED = (1 << IPS_ASSURED_BIT),
- };
+@@ -62,27 +63,58 @@
+ #define IP_NF_ASSERT(x)
+ #endif
+#ifdef CONFIG_IP_NF_NAT_NEEDED
+#include <linux/netfilter_ipv4/ip_nat.h>
@@ -44,7 +44,7 @@
+ struct timer_list timeout;
+
+ /* Data filled out by the conntrack helpers follow: */
-+
++
/* We expect this tuple, with the following mask */
struct ip_conntrack_tuple tuple, mask;
@@ -55,31 +55,29 @@
- struct ip_conntrack *expectant;
-};
-
--#ifdef CONFIG_IP_NF_NAT_NEEDED
--#include <linux/netfilter_ipv4/ip_nat.h>
--#endif
+ /* At which sequence number did this expectation occur */
+ u_int32_t seq;
-
--#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
++
+ union {
+ /* insert conntrack helper private data (expect) here */
+ struct ip_ct_ftp_expect exp_ftp_info;
+ struct ip_ct_irc_expect exp_irc_info;
-
--#if defined(CONFIG_IP_NF_IRC) || defined(CONFIG_IP_NF_IRC_MODULE)
--#include <linux/netfilter_ipv4/ip_conntrack_irc.h>
-+#ifdef CONFIG_IP_NF_NAT_NEEDED
-+ union {
++
+ #ifdef CONFIG_IP_NF_NAT_NEEDED
+-#include <linux/netfilter_ipv4/ip_nat.h>
++ union {
+ /* insert nat helper private data here */
+ } nat;
#endif
+-
+-#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
+-#include <linux/netfilter_ipv4/ip_conntrack_irc.h>
+ } help;
+};
struct ip_conntrack
{
-@@ -104,10 +133,13 @@
+@@ -101,10 +133,13 @@
/* If we're expecting another related connection, this will be
in expected linked list */
@@ -96,21 +94,19 @@
/* Helper, if any. */
struct ip_conntrack_helper *helper;
-@@ -124,10 +156,9 @@
+@@ -121,8 +156,9 @@
} proto;
union {
- struct ip_ct_ftp ct_ftp_info;
--#if defined(CONFIG_IP_NF_IRC) || defined(CONFIG_IP_NF_IRC_MODULE)
- struct ip_ct_irc ct_irc_info;
--#endif
+ /* insert conntrack helper private data (master) here */
+ struct ip_ct_ftp_master ct_ftp_info;
+ struct ip_ct_irc_master ct_irc_info;
} help;
#ifdef CONFIG_IP_NF_NAT_NEEDED
-@@ -144,6 +175,9 @@
+@@ -139,6 +175,9 @@
#endif /* CONFIG_IP_NF_NAT_NEEDED */
};
@@ -120,9 +116,9 @@
/* Alter reply tuple (maybe alter helper). If it's already taken,
return 0 and don't do alteration. */
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_conntrack_core.h
linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_conntrack_core.h
---- linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_conntrack_core.h Fri Apr 27
23:15:01 2001
-+++ linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_conntrack_core.h Thu
Feb 7 15:03:55 2002
+diff -Nru a/include/linux/netfilter_ipv4/ip_conntrack_core.h
+b/include/linux/netfilter_ipv4/ip_conntrack_core.h
+--- a/include/linux/netfilter_ipv4/ip_conntrack_core.h Fri Mar 8 20:19:49 2002
++++ b/include/linux/netfilter_ipv4/ip_conntrack_core.h Fri Mar 8 20:19:49 2002
@@ -15,7 +15,7 @@
extern void ip_conntrack_cleanup(void);
@@ -132,9 +128,9 @@
/* Like above, but you already have conntrack read lock. */
extern struct ip_conntrack_protocol *__find_proto(u_int8_t protocol);
extern struct list_head protocol_list;
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_conntrack_ftp.h
linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_conntrack_ftp.h
---- linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_conntrack_ftp.h Thu Apr 26
00:00:28 2001
-+++ linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_conntrack_ftp.h Thu
Feb 7 15:03:55 2002
+diff -Nru a/include/linux/netfilter_ipv4/ip_conntrack_ftp.h
+b/include/linux/netfilter_ipv4/ip_conntrack_ftp.h
+--- a/include/linux/netfilter_ipv4/ip_conntrack_ftp.h Fri Mar 8 20:19:49 2002
++++ b/include/linux/netfilter_ipv4/ip_conntrack_ftp.h Fri Mar 8 20:19:49 2002
@@ -11,6 +11,8 @@
/* Protects ftp part of conntracks */
DECLARE_LOCK_EXTERN(ip_ftp_lock);
@@ -176,9 +172,9 @@
/* Next valid seq position for cmd matching after newline */
u_int32_t seq_aft_nl[IP_CT_DIR_MAX];
/* 0 means seq_match_aft_nl not set */
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_conntrack_helper.h
linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_conntrack_helper.h
---- linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_conntrack_helper.h Mon
Dec 11 22:31:23 2000
-+++ linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_conntrack_helper.h Mon
Feb 11 10:32:48 2002
+diff -Nru a/include/linux/netfilter_ipv4/ip_conntrack_helper.h
+b/include/linux/netfilter_ipv4/ip_conntrack_helper.h
+--- a/include/linux/netfilter_ipv4/ip_conntrack_helper.h Fri Mar 8 20:19:49
+2002
++++ b/include/linux/netfilter_ipv4/ip_conntrack_helper.h Fri Mar 8 20:19:49
+2002
@@ -5,6 +5,9 @@
struct module;
@@ -232,9 +228,9 @@
+extern void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp);
#endif /*_IP_CONNTRACK_HELPER_H*/
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_conntrack_irc.h
linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_conntrack_irc.h
---- linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_conntrack_irc.h Wed Oct 31
00:08:12 2001
-+++ linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_conntrack_irc.h Thu
Feb 7 15:03:55 2002
+diff -Nru a/include/linux/netfilter_ipv4/ip_conntrack_irc.h
+b/include/linux/netfilter_ipv4/ip_conntrack_irc.h
+--- a/include/linux/netfilter_ipv4/ip_conntrack_irc.h Fri Mar 8 20:19:49 2002
++++ b/include/linux/netfilter_ipv4/ip_conntrack_irc.h Fri Mar 8 20:19:49 2002
@@ -20,7 +20,7 @@
#include <linux/netfilter_ipv4/lockhelp.h>
@@ -269,12 +265,12 @@
};
#endif /* _IP_CONNTRACK_IRC_H */
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_conntrack_protocol.h
linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_conntrack_protocol.h
---- linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_conntrack_protocol.h Fri
Apr 27 23:15:01 2001
-+++ linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_conntrack_protocol.h Thu
Feb 7 15:03:55 2002
-@@ -42,6 +42,10 @@
- int (*new)(struct ip_conntrack *conntrack, struct iphdr *iph,
- size_t len);
+diff -Nru a/include/linux/netfilter_ipv4/ip_conntrack_protocol.h
+b/include/linux/netfilter_ipv4/ip_conntrack_protocol.h
+--- a/include/linux/netfilter_ipv4/ip_conntrack_protocol.h Fri Mar 8 20:19:49
+2002
++++ b/include/linux/netfilter_ipv4/ip_conntrack_protocol.h Fri Mar 8 20:19:49
+2002
+@@ -45,6 +45,10 @@
+ /* Called when a conntrack entry is destroyed */
+ void (*destroy)(struct ip_conntrack *conntrack);
+ /* Has to decide if a expectation matches one packet or not */
+ int (*exp_matches_pkt)(struct ip_conntrack_expect *exp,
@@ -283,9 +279,9 @@
/* Module (if any) which this is connected to. */
struct module *me;
};
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_nat_helper.h
linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_nat_helper.h
---- linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_nat_helper.h Thu Apr 26
00:00:28 2001
-+++ linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_nat_helper.h Mon Feb 11
10:32:46 2002
+diff -Nru a/include/linux/netfilter_ipv4/ip_nat_helper.h
+b/include/linux/netfilter_ipv4/ip_nat_helper.h
+--- a/include/linux/netfilter_ipv4/ip_nat_helper.h Fri Mar 8 20:19:49 2002
++++ b/include/linux/netfilter_ipv4/ip_nat_helper.h Fri Mar 8 20:19:49 2002
@@ -6,6 +6,12 @@
struct sk_buff;
@@ -331,9 +327,9 @@
-extern void ip_nat_delete_sack(struct sk_buff *skb, struct tcphdr *tcph);
+extern void ip_nat_delete_sack(struct sk_buff *skb);
#endif
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_nat_rule.h
linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_nat_rule.h
---- linux-2.4.17-orig/include/linux/netfilter_ipv4/ip_nat_rule.h Mon Dec 11
22:31:32 2000
-+++ linux-2.4.17-newnat/include/linux/netfilter_ipv4/ip_nat_rule.h Thu Feb 7
15:04:01 2002
+diff -Nru a/include/linux/netfilter_ipv4/ip_nat_rule.h
+b/include/linux/netfilter_ipv4/ip_nat_rule.h
+--- a/include/linux/netfilter_ipv4/ip_nat_rule.h Fri Mar 8 20:19:49 2002
++++ b/include/linux/netfilter_ipv4/ip_nat_rule.h Fri Mar 8 20:19:49 2002
@@ -5,24 +5,7 @@
#include <linux/netfilter_ipv4/ip_nat.h>
@@ -359,9 +355,9 @@
extern int ip_nat_rule_init(void) __init;
extern void ip_nat_rule_cleanup(void);
extern int ip_nat_rule_find(struct sk_buff **pskb,
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/Makefile
linux-2.4.17-newnat/net/ipv4/netfilter/Makefile
---- linux-2.4.17-orig/net/ipv4/netfilter/Makefile Wed Oct 31 00:08:12 2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/Makefile Mon Jan 21 10:16:41 2002
+diff -Nru a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
+--- a/net/ipv4/netfilter/Makefile Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/Makefile Fri Mar 8 20:19:49 2002
@@ -9,7 +9,7 @@
O_TARGET := netfilter.o
@@ -371,34 +367,24 @@
# Multipart objects.
list-multi := ip_conntrack.o iptable_nat.o ipfwadm.o ipchains.o
-@@ -31,15 +31,21 @@
- # connection tracking
- obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o
+@@ -33,7 +33,14 @@
-+# conntrack/NAT protocol helpers:
+ # connection tracking helpers
+ obj-$(CONFIG_IP_NF_FTP) += ip_conntrack_ftp.o
++ifdef CONFIG_IP_NF_NAT_FTP
++ export-objs += ip_conntrack_ftp.o
++endif
+
- # IRC support
obj-$(CONFIG_IP_NF_IRC) += ip_conntrack_irc.o
- obj-$(CONFIG_IP_NF_NAT_IRC) += ip_nat_irc.o
+ifdef CONFIG_IP_NF_NAT_IRC
+ export-objs += ip_conntrack_irc.o
+endif
--# connection tracking helpers
-+# FTP support
- obj-$(CONFIG_IP_NF_FTP) += ip_conntrack_ftp.o
--
--# NAT helpers
+ # NAT helpers
obj-$(CONFIG_IP_NF_NAT_FTP) += ip_nat_ftp.o
-+ifdef CONFIG_IP_NF_NAT_FTP
-+ export-objs += ip_conntrack_ftp.o
-+endif
-
- # generic IP tables
- obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_core.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_core.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_core.c Tue Aug 7 17:30:50
2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_core.c Mon Feb 11 12:03:28
2002
+diff -Nru a/net/ipv4/netfilter/ip_conntrack_core.c
+b/net/ipv4/netfilter/ip_conntrack_core.c
+--- a/net/ipv4/netfilter/ip_conntrack_core.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_conntrack_core.c Fri Mar 8 20:19:49 2002
@@ -3,7 +3,12 @@
extension. */
@@ -505,9 +491,9 @@
}
static void
-@@ -176,14 +228,28 @@
- {
+@@ -177,21 +229,36 @@
struct ip_conntrack *ct = (struct ip_conntrack *)nfct;
+ struct ip_conntrack_protocol *proto;
+ DEBUGP("destroy_conntrack(%p)\n", ct);
IP_NF_ASSERT(atomic_read(&nfct->use) == 0);
@@ -515,12 +501,21 @@
- if (ct->master.master)
- nf_conntrack_put(&ct->master);
-+ if (ct->master && master_ct(ct))
-+ ip_conntrack_put(master_ct(ct));
+-
++ if (ct->master && master_ct(ct))
++ ip_conntrack_put(master_ct(ct));
++
+ /* Let's hope we don't get any weird locking issues here.
+ * destroy_conntrack MUST NOT be called with a write lock
+ * to ip_conntrack_lock!!! -HW */
+- proto = find_proto(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum);
++ proto = ip_ct_find_proto(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum);
+ if (proto && proto->destroy)
+ proto->destroy(ct);
- if (ip_conntrack_destroyed)
-+ if (ip_conntrack_destroyed) {
-+ DEBUGP("destr_conntr: calling ip_conntrack_destroyed\n");
++ if (ip_conntrack_destroyed) {
++ DEBUGP("destr_conntr: calling ip_conntrack_destroyed\n");
ip_conntrack_destroyed(ct);
+ }
+
@@ -534,10 +529,11 @@
+ WRITE_UNLOCK(&ip_conntrack_lock);
+
+ DEBUGP("destr_conntr: returning ct to slab\n");
++
kmem_cache_free(ip_conntrack_cachep, ct);
atomic_dec(&ip_conntrack_count);
}
-@@ -381,7 +447,7 @@
+@@ -389,7 +456,7 @@
return NULL;
}
@@ -546,7 +542,7 @@
/* Are they talking about one of our connections? */
if (inner->ihl * 4 + 8 > datalen
|| !get_tuple(inner, datalen, &origtuple, innerproto)) {
-@@ -461,10 +527,18 @@
+@@ -469,10 +536,18 @@
return ip_ct_tuple_mask_cmp(rtuple, &i->tuple, &i->mask);
}
@@ -565,7 +561,7 @@
return ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask);
}
-@@ -513,7 +587,7 @@
+@@ -521,7 +596,7 @@
return ERR_PTR(-ENOMEM);
}
@@ -574,7 +570,7 @@
atomic_set(&conntrack->ct_general.use, 1);
conntrack->ct_general.destroy = destroy_conntrack;
conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *tuple;
-@@ -532,31 +606,44 @@
+@@ -540,31 +615,44 @@
conntrack->timeout.data = (unsigned long)conntrack;
conntrack->timeout.function = death_by_timeout;
@@ -628,7 +624,7 @@
}
atomic_inc(&ip_conntrack_count);
WRITE_UNLOCK(&ip_conntrack_lock);
-@@ -661,7 +748,7 @@
+@@ -669,7 +757,7 @@
return NF_STOLEN;
}
@@ -637,7 +633,7 @@
/* It may be an icmp error... */
if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP
-@@ -705,66 +792,210 @@
+@@ -713,66 +801,210 @@
int invert_tuplepr(struct ip_conntrack_tuple *inverse,
const struct ip_conntrack_tuple *orig)
{
@@ -682,11 +678,11 @@
+ { i->mask.dst.ip & mask->dst.ip,
+ { i->mask.dst.u.all & mask->dst.u.all },
+ i->mask.dst.protonum & mask->dst.protonum } };
-
-- return ip_ct_tuple_mask_cmp(&i->tuple, &new->tuple, &intersect_mask);
++
+ return ip_ct_tuple_mask_cmp(&i->tuple, tuple, &intersect_mask);
+}
-+
+
+- return ip_ct_tuple_mask_cmp(&i->tuple, &new->tuple, &intersect_mask);
+void ip_conntrack_unexpect_related(struct ip_conntrack_expect *expect)
+{
+ WRITE_LOCK(&ip_conntrack_lock);
@@ -880,7 +876,7 @@
/* Alter reply tuple (maybe alter helper). If it's already taken,
return 0 and don't do alteration. */
int ip_conntrack_alter_reply(struct ip_conntrack *conntrack,
-@@ -782,10 +1013,12 @@
+@@ -790,10 +1022,12 @@
DUMP_TUPLE(newreply);
conntrack->tuplehash[IP_CT_DIR_REPLY].tuple = *newreply;
@@ -896,7 +892,7 @@
return 1;
}
-@@ -804,14 +1037,10 @@
+@@ -812,14 +1046,10 @@
const struct ip_conntrack_helper *me)
{
if (i->ctrack->helper == me) {
@@ -914,9 +910,9 @@
}
return 0;
}
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_ftp.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_ftp.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_ftp.c Wed Oct 31 00:08:12
2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_ftp.c Mon Feb 11 12:06:36
2002
+diff -Nru a/net/ipv4/netfilter/ip_conntrack_ftp.c
+b/net/ipv4/netfilter/ip_conntrack_ftp.c
+--- a/net/ipv4/netfilter/ip_conntrack_ftp.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_conntrack_ftp.c Fri Mar 8 20:19:49 2002
@@ -1,4 +1,5 @@
/* FTP extension for IP connection tracking. */
+#include <linux/config.h>
@@ -1061,9 +1057,9 @@
+MODULE_LICENSE("GPL");
module_init(init);
module_exit(fini);
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_irc.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_irc.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_irc.c Fri Dec 21 18:42:05
2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_irc.c Mon Feb 11 12:07:47
2002
+diff -Nru a/net/ipv4/netfilter/ip_conntrack_irc.c
+b/net/ipv4/netfilter/ip_conntrack_irc.c
+--- a/net/ipv4/netfilter/ip_conntrack_irc.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_conntrack_irc.c Fri Mar 8 20:19:49 2002
@@ -11,12 +11,18 @@
**
* Module load syntax:
@@ -1119,9 +1115,9 @@
- struct ip_ct_irc *info = &ct->help.ct_irc_info;
-
-- memset(&mask, 0, sizeof(struct ip_conntrack_tuple));
-- mask.dst.u.tcp.port = 0xFFFF;
-- mask.dst.protonum = 0xFFFF;
+- mask = ((struct ip_conntrack_tuple)
+- { { 0, { 0 } },
+- { 0xFFFFFFFF, { 0xFFFF }, 0xFFFF }});
-
DEBUGP("entered\n");
- /* Can't track connections formed before we registered */
@@ -1257,9 +1253,9 @@
module_init(init);
module_exit(fini);
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_proto_generic.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_proto_generic.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_proto_generic.c Fri Apr 27
23:15:01 2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_proto_generic.c Thu
Jan 31 13:45:42 2002
+diff -Nru a/net/ipv4/netfilter/ip_conntrack_proto_generic.c
+b/net/ipv4/netfilter/ip_conntrack_proto_generic.c
+--- a/net/ipv4/netfilter/ip_conntrack_proto_generic.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_conntrack_proto_generic.c Fri Mar 8 20:19:49 2002
@@ -54,8 +54,14 @@
return 1;
}
@@ -1273,12 +1269,12 @@
struct ip_conntrack_protocol ip_conntrack_generic_protocol
= { { NULL, NULL }, 0, "unknown",
generic_pkt_to_tuple, generic_invert_tuple, generic_print_tuple,
-- generic_print_conntrack, established, new, NULL };
-+ generic_print_conntrack, established, new, exp_matches_pkt, NULL };
+- generic_print_conntrack, established, new, NULL, NULL };
++ generic_print_conntrack, established, new, NULL, exp_matches_pkt, NULL };
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_proto_icmp.c Fri Apr 27
23:15:01 2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_proto_icmp.c Thu Jan 31
13:42:47 2002
+diff -Nru a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
+b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
+--- a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c Fri Mar 8 20:19:49 2002
@@ -110,7 +110,13 @@
return 1;
}
@@ -1292,11 +1288,11 @@
struct ip_conntrack_protocol ip_conntrack_protocol_icmp
= { { NULL, NULL }, IPPROTO_ICMP, "icmp",
icmp_pkt_to_tuple, icmp_invert_tuple, icmp_print_tuple,
-- icmp_print_conntrack, icmp_packet, icmp_new, NULL };
-+ icmp_print_conntrack, icmp_packet, icmp_new, icmp_exp_matches_pkt, NULL };
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_proto_tcp.c Fri Apr 27
23:15:01 2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_proto_tcp.c Thu Jan 31
13:50:38 2002
+- icmp_print_conntrack, icmp_packet, icmp_new, NULL, NULL };
++ icmp_print_conntrack, icmp_packet, icmp_new, NULL, icmp_exp_matches_pkt, NULL };
+diff -Nru a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c Fri Mar 8 20:19:49 2002
@@ -7,6 +7,9 @@
#include <linux/in.h>
#include <linux/ip.h>
@@ -1326,11 +1322,11 @@
struct ip_conntrack_protocol ip_conntrack_protocol_tcp
= { { NULL, NULL }, IPPROTO_TCP, "tcp",
tcp_pkt_to_tuple, tcp_invert_tuple, tcp_print_tuple, tcp_print_conntrack,
-- tcp_packet, tcp_new, NULL };
-+ tcp_packet, tcp_new, tcp_exp_matches_pkt, NULL };
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_proto_udp.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_proto_udp.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_proto_udp.c Fri Apr 27
23:15:01 2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_proto_udp.c Thu Jan 31
13:42:01 2002
+- tcp_packet, tcp_new, NULL, NULL };
++ tcp_packet, tcp_new, NULL, tcp_exp_matches_pkt, NULL };
+diff -Nru a/net/ipv4/netfilter/ip_conntrack_proto_udp.c
+b/net/ipv4/netfilter/ip_conntrack_proto_udp.c
+--- a/net/ipv4/netfilter/ip_conntrack_proto_udp.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_conntrack_proto_udp.c Fri Mar 8 20:19:49 2002
@@ -68,7 +68,13 @@
return 1;
}
@@ -1344,12 +1340,12 @@
struct ip_conntrack_protocol ip_conntrack_protocol_udp
= { { NULL, NULL }, IPPROTO_UDP, "udp",
udp_pkt_to_tuple, udp_invert_tuple, udp_print_tuple, udp_print_conntrack,
-- udp_packet, udp_new, NULL };
-+ udp_packet, udp_new, udp_exp_matches_pkt, NULL };
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_standalone.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_standalone.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_conntrack_standalone.c Sun Sep 30
21:26:08 2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_conntrack_standalone.c Fri Feb 8
09:03:50 2002
-@@ -56,7 +56,13 @@
+- udp_packet, udp_new, NULL, NULL };
++ udp_packet, udp_new, NULL, udp_exp_matches_pkt, NULL };
+diff -Nru a/net/ipv4/netfilter/ip_conntrack_standalone.c
+b/net/ipv4/netfilter/ip_conntrack_standalone.c
+--- a/net/ipv4/netfilter/ip_conntrack_standalone.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_conntrack_standalone.c Fri Mar 8 20:19:49 2002
+@@ -57,7 +57,13 @@
{
unsigned int len;
@@ -1364,7 +1360,16 @@
expect->tuple.dst.protonum);
len += print_tuple(buffer + len, &expect->tuple,
__find_proto(expect->tuple.dst.protonum));
-@@ -334,7 +340,12 @@
+@@ -309,7 +315,7 @@
+ {
+ WRITE_LOCK(&ip_conntrack_lock);
+
+- /* find_proto() returns proto_generic in case there is no protocol
++ /* ip_ct_find_proto() returns proto_generic in case there is no protocol
+ * helper. So this should be enough - HW */
+ LIST_DELETE(&protocol_list, proto);
+ WRITE_UNLOCK(&ip_conntrack_lock);
+@@ -345,7 +351,12 @@
EXPORT_SYMBOL(ip_conntrack_helper_unregister);
EXPORT_SYMBOL(ip_ct_selective_cleanup);
EXPORT_SYMBOL(ip_ct_refresh);
@@ -1377,9 +1382,21 @@
EXPORT_SYMBOL(ip_ct_gather_frags);
EXPORT_SYMBOL(ip_conntrack_htable_size);
+EXPORT_SYMBOL(ip_conntrack_lock);
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_core.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_core.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_core.c Fri Dec 21 18:42:05 2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_core.c Mon Feb 11 12:04:35
2002
+diff -Nru a/net/ipv4/netfilter/ip_fw_compat_masq.c
+b/net/ipv4/netfilter/ip_fw_compat_masq.c
+--- a/net/ipv4/netfilter/ip_fw_compat_masq.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_fw_compat_masq.c Fri Mar 8 20:19:49 2002
+@@ -130,7 +130,7 @@
+ struct ip_conntrack *ct;
+ int ret;
+
+- protocol = find_proto(iph->protocol);
++ protocol = ip_ct_find_proto(iph->protocol);
+
+ /* We don't feed packets to conntrack system unless we know
+ they're part of an connection already established by an
+diff -Nru a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
+--- a/net/ipv4/netfilter/ip_nat_core.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_nat_core.c Fri Mar 8 20:19:49 2002
@@ -21,10 +21,14 @@
#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_nat_lock)
#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_nat_lock)
@@ -1403,7 +1420,7 @@
/* Calculated at init based on memory size */
static unsigned int ip_nat_htable_size;
-@@ -621,8 +626,9 @@
+@@ -628,8 +633,9 @@
}
/* If there's a helper, assign it; based on new tuple. */
@@ -1415,7 +1432,7 @@
/* It's done. */
info->initialized |= (1 << HOOK2MANIP(hooknum));
-@@ -717,6 +723,19 @@
+@@ -724,6 +730,19 @@
#endif
}
@@ -1435,7 +1452,7 @@
/* Do packet manipulations according to binding. */
unsigned int
do_bindings(struct ip_conntrack *ct,
-@@ -728,6 +747,7 @@
+@@ -735,6 +754,7 @@
unsigned int i;
struct ip_nat_helper *helper;
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
@@ -1443,7 +1460,7 @@
/* Need nat lock to protect against modification, but neither
conntrack (referenced) and helper (deleted with
-@@ -766,11 +786,71 @@
+@@ -773,11 +793,71 @@
READ_UNLOCK(&ip_nat_lock);
if (helper) {
@@ -1517,9 +1534,9 @@
}
unsigned int
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_ftp.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_ftp.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_ftp.c Wed Oct 31 00:08:12 2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_ftp.c Mon Feb 11 12:08:53
2002
+diff -Nru a/net/ipv4/netfilter/ip_nat_ftp.c b/net/ipv4/netfilter/ip_nat_ftp.c
+--- a/net/ipv4/netfilter/ip_nat_ftp.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_nat_ftp.c Fri Mar 8 20:19:49 2002
@@ -28,38 +28,30 @@
/* FIXME: Time out? --RR */
@@ -1840,9 +1857,9 @@
return ret;
}
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_helper.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_helper.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_helper.c Fri Dec 21 18:42:05
2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_helper.c Mon Feb 11 12:10:16
2002
+diff -Nru a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c
+--- a/net/ipv4/netfilter/ip_nat_helper.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_nat_helper.c Fri Mar 8 20:19:49 2002
@@ -5,7 +5,9 @@
* distributed under the terms of GNU GPL
*/
@@ -1961,9 +1978,9 @@
+ me->me->name);
+ }
}
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_irc.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_irc.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_irc.c Fri Dec 21 18:42:05 2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_irc.c Mon Feb 11 12:09:06
2002
+diff -Nru a/net/ipv4/netfilter/ip_nat_irc.c b/net/ipv4/netfilter/ip_nat_irc.c
+--- a/net/ipv4/netfilter/ip_nat_irc.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_nat_irc.c Fri Mar 8 20:19:49 2002
@@ -51,42 +51,29 @@
/* FIXME: Time out? --RR */
@@ -2263,9 +2280,9 @@
}
return ret;
}
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_proto_tcp.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_proto_tcp.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_proto_tcp.c Tue Aug 7 17:30:50
2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_proto_tcp.c Thu Jan 31 13:50:37
2002
+diff -Nru a/net/ipv4/netfilter/ip_nat_proto_tcp.c
+b/net/ipv4/netfilter/ip_nat_proto_tcp.c
+--- a/net/ipv4/netfilter/ip_nat_proto_tcp.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_nat_proto_tcp.c Fri Mar 8 20:19:49 2002
@@ -4,7 +4,6 @@
#include <linux/ip.h>
#include <linux/tcp.h>
@@ -2274,9 +2291,9 @@
#include <linux/netfilter_ipv4/ip_nat.h>
#include <linux/netfilter_ipv4/ip_nat_rule.h>
#include <linux/netfilter_ipv4/ip_nat_protocol.h>
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_proto_unknown.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_proto_unknown.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_proto_unknown.c Fri Mar 17
19:56:20 2000
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_proto_unknown.c Tue Feb 5
11:38:13 2002
+diff -Nru a/net/ipv4/netfilter/ip_nat_proto_unknown.c
+b/net/ipv4/netfilter/ip_nat_proto_unknown.c
+--- a/net/ipv4/netfilter/ip_nat_proto_unknown.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_nat_proto_unknown.c Fri Mar 8 20:19:49 2002
@@ -1,5 +1,5 @@
/* The "unknown" protocol. This is what is used for protocols we
- * don't understand. It's returned by find_proto().
@@ -2284,19 +2301,19 @@
*/
#include <linux/types.h>
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_rule.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_rule.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_rule.c Fri Apr 27 23:15:01 2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_rule.c Wed Jan 9 11:06:34
2002
+diff -Nru a/net/ipv4/netfilter/ip_nat_rule.c b/net/ipv4/netfilter/ip_nat_rule.c
+--- a/net/ipv4/netfilter/ip_nat_rule.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_nat_rule.c Fri Mar 8 20:19:49 2002
@@ -106,8 +106,6 @@
= { { NULL, NULL }, "nat", &nat_initial_table.repl,
- NAT_VALID_HOOKS, RW_LOCK_UNLOCKED, NULL };
+ NAT_VALID_HOOKS, RW_LOCK_UNLOCKED, NULL, THIS_MODULE };
-LIST_HEAD(nat_expect_list);
-
/* Source NAT */
static unsigned int ipt_snat_target(struct sk_buff **pskb,
unsigned int hooknum,
-@@ -242,19 +240,6 @@
+@@ -254,19 +252,6 @@
return ip_nat_setup_info(conntrack, &mr, hooknum);
}
@@ -2316,7 +2333,7 @@
int ip_nat_rule_find(struct sk_buff **pskb,
unsigned int hooknum,
const struct net_device *in,
-@@ -264,41 +249,14 @@
+@@ -276,41 +261,14 @@
{
int ret;
@@ -2359,9 +2376,9 @@
}
static struct ipt_target ipt_snat_reg
-diff -urN --exclude-from=diff.exclude-newnat
linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_standalone.c
linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_standalone.c
---- linux-2.4.17-orig/net/ipv4/netfilter/ip_nat_standalone.c Sun Sep 30 21:26:08
2001
-+++ linux-2.4.17-newnat/net/ipv4/netfilter/ip_nat_standalone.c Wed Jan 9 11:06:34
2002
+diff -Nru a/net/ipv4/netfilter/ip_nat_standalone.c
+b/net/ipv4/netfilter/ip_nat_standalone.c
+--- a/net/ipv4/netfilter/ip_nat_standalone.c Fri Mar 8 20:19:49 2002
++++ b/net/ipv4/netfilter/ip_nat_standalone.c Fri Mar 8 20:19:49 2002
@@ -5,7 +5,12 @@
*/
@@ -2376,9 +2393,9 @@
#include <linux/config.h>
#include <linux/types.h>
-@@ -43,6 +48,15 @@
- : ((hooknum) == NF_IP_LOCAL_OUT ? "LOCAL_OUT" \
- : "*ERROR*")))
+@@ -44,6 +49,15 @@
+ : ((hooknum) == NF_IP_LOCAL_IN ? "LOCAL_IN" \
+ : "*ERROR*")))
+static inline int call_expect(struct ip_conntrack *master,
+ struct sk_buff **pskb,
@@ -2392,7 +2409,7 @@
static unsigned int
ip_nat_fn(unsigned int hooknum,
struct sk_buff **pskb,
-@@ -103,8 +117,16 @@
+@@ -110,8 +124,16 @@
int in_hashes = info->initialized;
unsigned int ret;
@@ -2411,8 +2428,8 @@
if (ret != NF_ACCEPT) {
WRITE_UNLOCK(&ip_nat_lock);
return ret;
-@@ -337,8 +359,6 @@
- EXPORT_SYMBOL(ip_nat_setup_info);
+@@ -334,8 +356,6 @@
+ EXPORT_SYMBOL(ip_nat_protocol_unregister);
EXPORT_SYMBOL(ip_nat_helper_register);
EXPORT_SYMBOL(ip_nat_helper_unregister);
-EXPORT_SYMBOL(ip_nat_expect_register);
