Hi,
This is a small patch to add a new parameter called loose to
ip_conntrack_irc. It's against newnat.
This parameter allows clients to use the "wrong" ip in DCC requests.
If used in combination with ip_nat_irc this is no problem as it will
replace the ip.
I added this when I was told that newer versions of mIRC (windows
client) defaults to using the ip the server says we have (the external
ip) and we have quite a few of those clients here and I descided to be
nice.
Harald, this is mostly just to get the patch out on the mailinglist in
case someone have a need for this. But if you like it please apply :)
--
/Martin
Never argue with an idiot. They drag you down to their level, then beat
you with experience.
diff -urN netfilter/userspace/patch-o-matic/extra.orig/irc-loose.patch netfilter/userspace/patch-o-matic/extra/irc-loose.patch
--- netfilter/userspace/patch-o-matic/extra.orig/irc-loose.patch Thu Jan 1 01:00:00 1970
+++ netfilter/userspace/patch-o-matic/extra/irc-loose.patch Fri Apr 5 02:27:42 2002
@@ -0,0 +1,60 @@
+--- linux-2.4.19-pre3-NAPI/net/ipv4/netfilter/ip_conntrack_irc.c.orig Fri Apr 5 00:50:43 2002
++++ linux-2.4.19-pre3-NAPI/net/ipv4/netfilter/ip_conntrack_irc.c Fri Apr 5 01:30:16 2002
+@@ -38,6 +38,7 @@
+ static int ports_n_c = 0;
+ static int max_dcc_channels = 8;
+ static unsigned int dcc_timeout = 240;
++static int loose = 0;
+
+ MODULE_AUTHOR("Harald Welte <[EMAIL PROTECTED]>");
+ MODULE_DESCRIPTION("IRC (DCC) connection tracking module");
+@@ -49,6 +50,8 @@
+ MODULE_PARM_DESC(max_dcc_channels, "max number of expected DCC channels per IRC session");
+ MODULE_PARM(dcc_timeout, "i");
+ MODULE_PARM_DESC(dcc_timeout, "timeout on expecting DCC channels");
++MODULE_PARM(loose, "i");
++MODULE_PARM_DESC(loose, "allow client to use any ip in DCC requests (will be replaced by NAT code)");
+ #endif
+
+ #define NUM_DCCPROTO 5
+@@ -181,17 +184,23 @@
+ continue;
+ }
+ DEBUGP("DCC bound ip/port: %u.%u.%u.%u:%u\n",
+- HIPQUAD(dcc_ip), dcc_port);
++ NIPQUAD(ct->tuplehash[dir].tuple.src.ip), dcc_port);
+
+ if (ct->tuplehash[dir].tuple.src.ip != htonl(dcc_ip)) {
+- if (net_ratelimit())
+- printk(KERN_WARNING
+- "Forged DCC command from "
+- "%u.%u.%u.%u: %u.%u.%u.%u:%u\n",
+- NIPQUAD(ct->tuplehash[dir].tuple.src.ip),
+- HIPQUAD(dcc_ip), dcc_port);
++ if (loose) {
++ DEBUGP("client %u.%u.%u.%u used %u.%u.%u.%u as dcc_ip\n",
++ NIPQUAD(ct->tuplehash[dir].tuple.src.ip),
++ HIPQUAD(dcc_ip));
++ } else {
++ if (net_ratelimit())
++ printk(KERN_WARNING
++ "Forged DCC command from "
++ "%u.%u.%u.%u: %u.%u.%u.%u:%u\n",
++ NIPQUAD(ct->tuplehash[dir].tuple.src.ip),
++ HIPQUAD(dcc_ip), dcc_port);
+
+- continue;
++ continue;
++ }
+ }
+
+ memset(&expect, 0, sizeof(expect));
+@@ -209,7 +218,7 @@
+
+ exp->tuple = ((struct ip_conntrack_tuple)
+ { { 0, { 0 } },
+- { htonl(dcc_ip), { htons(dcc_port) },
++ { ct->tuplehash[dir].tuple.src.ip, { htons(dcc_port) },
+ IPPROTO_TCP }});
+ exp->mask = ((struct ip_conntrack_tuple)
+ { { 0, { 0 } },
diff -urN netfilter/userspace/patch-o-matic/extra.orig/irc-loose.patch.help netfilter/userspace/patch-o-matic/extra/irc-loose.patch.help
--- netfilter/userspace/patch-o-matic/extra.orig/irc-loose.patch.help Thu Jan 1 01:00:00 1970
+++ netfilter/userspace/patch-o-matic/extra/irc-loose.patch.help Fri Apr 5 02:27:42 2002
@@ -0,0 +1,7 @@
+Author: Martin Josefsson <[EMAIL PROTECTED]>
+Status: Works for me
+
+This patch adds a moduleparameter to ip_conntrack_irc called loose.
+This parameter allows a client to specify the "wrong" ip in DCC requests.
+In combination with ip_nat_irc this is no problem as it will replace the ip.
+
