From ace2978e845725923c96b00cdd5cba611c5d172a Mon Sep 17 00:00:00 2001 From: lly Date: Sun, 14 Feb 2010 16:48:26 -0500 Subject: [PATCH] kernel 2.4 PPTP/GRE helper: GRE keys are 16-bit based on kernel 2.6 commit: a467704dcb4fa45da48079486f1b0e6baffb12d2 --- .../linux/netfilter_ipv4/ip_conntrack_proto_gre.h | 19 -------- .../linux/netfilter_ipv4/ip_conntrack_tuple.h | 20 +++------ .../linux/net/ipv4/netfilter/ip_conntrack_core.c | 11 ++--- .../linux/net/ipv4/netfilter/ip_conntrack_pptp.c | 45 ++++++++++--------- .../net/ipv4/netfilter/ip_conntrack_proto_gre.c | 21 +++++---- .../linux/linux/net/ipv4/netfilter/ip_nat_core.c | 6 +-- .../linux/linux/net/ipv4/netfilter/ip_nat_pptp.c | 50 +++++++++++----------- .../linux/net/ipv4/netfilter/ip_nat_proto_gre.c | 31 +++++++------- 8 files changed, 88 insertions(+), 115 deletions(-) diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h index 07646857c4..c2b5422332 100644 --- a/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h @@ -99,25 +99,6 @@ void ip_ct_gre_keymap_change(struct ip_ct_gre_keymap *km, /* delete keymap entries */ void ip_ct_gre_keymap_destroy(struct ip_conntrack_expect *exp); - -/* get pointer to gre key, if present */ -static inline u_int32_t *gre_key(struct gre_hdr *greh) -{ - if (!greh->key) - return NULL; - if (greh->csum || greh->routing) - return (u_int32_t *) (greh+sizeof(*greh)+4); - return (u_int32_t *) (greh+sizeof(*greh)); -} - -/* get pointer ot gre csum, if present */ -static inline u_int16_t *gre_csum(struct gre_hdr *greh) -{ - if (!greh->csum) - return NULL; - return (u_int16_t *) (greh+sizeof(*greh)); -} - #endif /* __KERNEL__ */ #endif /* _CONNTRACK_PROTO_GRE_H */ diff --git a/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_tuple.h b/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_tuple.h index d2bd0be999..c7a1875414 100644 --- a/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_tuple.h +++ b/release/src/linux/linux/include/linux/netfilter_ipv4/ip_conntrack_tuple.h @@ -14,7 +14,7 @@ union ip_conntrack_manip_proto { /* Add other protocols here. */ - u_int32_t all; + u_int16_t all; struct { u_int16_t port; @@ -26,7 +26,7 @@ union ip_conntrack_manip_proto u_int16_t id; } icmp; struct { - u_int32_t key; + u_int16_t key; /* GRE key is 32bit, PPtP only uses 16bit */ } gre; }; @@ -47,7 +47,7 @@ struct ip_conntrack_tuple u_int32_t ip; union { /* Add other protocols here. */ - u_int32_t all; + u_int16_t all; struct { u_int16_t port; @@ -59,7 +59,7 @@ struct ip_conntrack_tuple u_int8_t type, code; } icmp; struct { - u_int32_t key; + u_int16_t key; } gre; } u; @@ -86,16 +86,10 @@ enum ip_conntrack_dir #ifdef __KERNEL__ #define DUMP_TUPLE(tp) \ -DEBUGP("tuple %p: %u %u.%u.%u.%u:%u -> %u.%u.%u.%u:%u\n", \ +DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n", \ (tp), (tp)->dst.protonum, \ - NIPQUAD((tp)->src.ip), ntohl((tp)->src.u.all), \ - NIPQUAD((tp)->dst.ip), ntohl((tp)->dst.u.all)) - -#define DUMP_TUPLE_RAW(x) \ - DEBUGP("tuple %p: %u %u.%u.%u.%u:0x%08x -> %u.%u.%u.%u:0x%08x\n",\ - (x), (x)->dst.protonum, \ - NIPQUAD((x)->src.ip), ntohl((x)->src.u.all), \ - NIPQUAD((x)->dst.ip), ntohl((x)->dst.u.all)) + NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all), \ + NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all)) #define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL) diff --git a/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_core.c b/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_core.c index 4fbd6d9f7f..ff5b384509 100644 --- a/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_core.c +++ b/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_core.c @@ -985,8 +985,8 @@ int ip_conntrack_expect_related(struct ip_conntrack *related_to, * so there is no need to use the tuple lock too */ DEBUGP("ip_conntrack_expect_related %p\n", related_to); - DEBUGP("tuple: "); DUMP_TUPLE_RAW(&expect->tuple); - DEBUGP("mask: "); DUMP_TUPLE_RAW(&expect->mask); + DEBUGP("tuple: "); DUMP_TUPLE(&expect->tuple); + DEBUGP("mask: "); DUMP_TUPLE(&expect->mask); old = LIST_FIND(&ip_conntrack_expect_list, resent_expect, struct ip_conntrack_expect *, &expect->tuple, @@ -1104,10 +1104,11 @@ int ip_conntrack_change_expect(struct ip_conntrack_expect *expect, MUST_BE_READ_LOCKED(&ip_conntrack_lock); WRITE_LOCK(&ip_conntrack_expect_tuple_lock); + DEBUGP("change_expect:\n"); - DEBUGP("exp tuple: "); DUMP_TUPLE_RAW(&expect->tuple); - DEBUGP("exp mask: "); DUMP_TUPLE_RAW(&expect->mask); - DEBUGP("newtuple: "); DUMP_TUPLE_RAW(newtuple); + DEBUGP("exp tuple: "); DUMP_TUPLE(&expect->tuple); + DEBUGP("exp mask: "); DUMP_TUPLE(&expect->mask); + DEBUGP("newtuple: "); DUMP_TUPLE(newtuple); if (expect->ct_tuple.dst.protonum == 0) { /* Never seen before */ DEBUGP("change expect: never seen before\n"); diff --git a/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_pptp.c b/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_pptp.c index 682219a236..3325fc9158 100644 --- a/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_pptp.c +++ b/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_pptp.c @@ -57,8 +57,7 @@ DECLARE_LOCK(ip_pptp_lock); #if 0 #include "ip_conntrack_pptp_priv.h" -#define DEBUGP(format, args...) printk(KERN_DEBUG __FILE__ ":" __FUNCTION__ \ - ": " format, ## args) +#define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s: " format, __FILE__, __FUNCTION__, ## args) #else #define DEBUGP(format, args...) #endif @@ -96,18 +95,18 @@ static int pptp_expectfn(struct ip_conntrack *ct) DEBUGP("completing tuples with ct info\n"); /* we can do this, since we're unconfirmed */ if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.gre.key == - htonl(master->help.ct_pptp_info.pac_call_id)) { + master->help.ct_pptp_info.pac_call_id) { /* assume PNS->PAC */ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.gre.key = - htonl(master->help.ct_pptp_info.pns_call_id); + master->help.ct_pptp_info.pns_call_id; ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.gre.key = - htonl(master->help.ct_pptp_info.pns_call_id); + master->help.ct_pptp_info.pns_call_id; } else { /* assume PAC->PNS */ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.gre.key = - htonl(master->help.ct_pptp_info.pac_call_id); + master->help.ct_pptp_info.pac_call_id; ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.gre.key = - htonl(master->help.ct_pptp_info.pac_call_id); + master->help.ct_pptp_info.pac_call_id; } /* delete other expectation */ @@ -175,26 +174,26 @@ exp_gre(struct ip_conntrack *master, memset(&exp, 0, sizeof(exp)); /* tuple in original direction, PNS->PAC */ exp.tuple.src.ip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip; - exp.tuple.src.u.gre.key = htonl(ntohs(peer_callid)); + exp.tuple.src.u.gre.key = peer_callid; exp.tuple.dst.ip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip; - exp.tuple.dst.u.gre.key = htonl(ntohs(callid)); + exp.tuple.dst.u.gre.key = callid; exp.tuple.dst.protonum = IPPROTO_GRE; exp.mask.src.ip = 0xffffffff; exp.mask.src.u.all = 0; exp.mask.dst.u.all = 0; - exp.mask.dst.u.gre.key = 0xffffffff; + exp.mask.dst.u.gre.key = 0xffff; exp.mask.dst.ip = 0xffffffff; exp.mask.dst.protonum = 0xffff; exp.seq = seq; exp.expectfn = pptp_expectfn; - exp.help.exp_pptp_info.pac_call_id = ntohs(callid); - exp.help.exp_pptp_info.pns_call_id = ntohs(peer_callid); + exp.help.exp_pptp_info.pac_call_id = callid; + exp.help.exp_pptp_info.pns_call_id = peer_callid; DEBUGP("calling expect_related "); - DUMP_TUPLE_RAW(&exp.tuple); + DUMP_TUPLE(&exp.tuple); /* Add GRE keymap entries */ if (ip_ct_gre_keymap_add(&exp, &exp.tuple, 0) != 0) @@ -214,12 +213,12 @@ exp_gre(struct ip_conntrack *master, /* tuple in reply direction, PAC->PNS */ exp.tuple.src.ip = master->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip; - exp.tuple.src.u.gre.key = htonl(ntohs(callid)); + exp.tuple.src.u.gre.key = callid; exp.tuple.dst.ip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip; - exp.tuple.dst.u.gre.key = htonl(ntohs(peer_callid)); + exp.tuple.dst.u.gre.key = peer_callid; DEBUGP("calling expect_related "); - DUMP_TUPLE_RAW(&exp.tuple); + DUMP_TUPLE(&exp.tuple); /* Add GRE keymap entries */ ip_ct_gre_keymap_add(&exp, &exp.tuple, 0); @@ -307,9 +306,9 @@ pptp_inbound_pkt(struct tcphdr *tcph, cid = &pptpReq.ocack->callID; pcid = &pptpReq.ocack->peersCallID; - info->pac_call_id = ntohs(*cid); + info->pac_call_id = *cid; - if (htons(info->pns_call_id) != *pcid) { + if (info->pns_call_id != *pcid) { DEBUGP("%s for unknown callid %u\n", strMName[msg], ntohs(*pcid)); break; @@ -334,7 +333,7 @@ pptp_inbound_pkt(struct tcphdr *tcph, pcid = &pptpReq.icack->peersCallID; DEBUGP("%s, PCID=%X\n", strMName[msg], ntohs(*pcid)); info->cstate = PPTP_CALL_IN_REQ; - info->pac_call_id= ntohs(*pcid); + info->pac_call_id= *pcid; break; case PPTP_IN_CALL_CONNECT: @@ -353,7 +352,7 @@ pptp_inbound_pkt(struct tcphdr *tcph, pcid = &pptpReq.iccon->peersCallID; cid = &info->pac_call_id; - if (info->pns_call_id != ntohs(*pcid)) { + if (info->pns_call_id != *pcid) { DEBUGP("%s for unknown CallID %u\n", strMName[msg], ntohs(*cid)); break; @@ -439,7 +438,7 @@ pptp_outbound_pkt(struct tcphdr *tcph, /* track PNS call id */ cid = &pptpReq.ocreq->callID; DEBUGP("%s, CID=%X\n", strMName[msg], ntohs(*cid)); - info->pns_call_id = ntohs(*cid); + info->pns_call_id = *cid; break; case PPTP_IN_CALL_REPLY: /* client answers incoming call */ @@ -454,7 +453,7 @@ pptp_outbound_pkt(struct tcphdr *tcph, break; } pcid = &pptpReq.icack->peersCallID; - if (info->pac_call_id != ntohs(*pcid)) { + if (info->pac_call_id != *pcid) { DEBUGP("%s for unknown call %u\n", strMName[msg], ntohs(*pcid)); break; @@ -462,7 +461,7 @@ pptp_outbound_pkt(struct tcphdr *tcph, DEBUGP("%s, CID=%X\n", strMName[msg], ntohs(*pcid)); /* part two of the three-way handshake */ info->cstate = PPTP_CALL_IN_REP; - info->pns_call_id = ntohs(pptpReq.icack->callID); + info->pns_call_id = pptpReq.icack->callID; break; case PPTP_CALL_CLEAR_REQUEST: diff --git a/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_proto_gre.c b/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_proto_gre.c index 25125a160f..e6e3f92269 100644 --- a/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_proto_gre.c +++ b/release/src/linux/linux/net/ipv4/netfilter/ip_conntrack_proto_gre.c @@ -55,11 +55,10 @@ MODULE_DESCRIPTION("netfilter connection tracking protocol helper for GRE"); #define GRE_STREAM_TIMEOUT (180*HZ) #if 0 -#define DEBUGP(format, args...) printk(KERN_DEBUG __FILE__ ":" __FUNCTION__ \ - ": " format, ## args) +#define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s: " format , __FILE__, __FUNCTION__, ## args) #define DUMP_TUPLE_GRE(x) printk("%u.%u.%u.%u:0x%x -> %u.%u.%u.%u:0x%x:%u:0x%x\n", \ - NIPQUAD((x)->src.ip), ntohl((x)->src.u.gre.key), \ - NIPQUAD((x)->dst.ip), ntohl((x)->dst.u.gre.key)) + NIPQUAD((x)->src.ip), ntohs((x)->src.u.gre.key), \ + NIPQUAD((x)->dst.ip), ntohs((x)->dst.u.gre.key)) #else #define DEBUGP(x, args...) #define DUMP_TUPLE_GRE(x) @@ -78,10 +77,10 @@ static inline int gre_key_cmpfn(const struct ip_ct_gre_keymap *km, } /* look up the source key for a given tuple */ -static u_int32_t gre_keymap_lookup(struct ip_conntrack_tuple *t) +static u_int16_t gre_keymap_lookup(struct ip_conntrack_tuple *t) { struct ip_ct_gre_keymap *km; - u_int32_t key; + u_int16_t key; READ_LOCK(&ip_ct_gre_lock); km = LIST_FIND(&gre_keymap_list, gre_key_cmpfn, @@ -178,7 +177,7 @@ static int gre_pkt_to_tuple(const void *datah, size_t datalen, { struct gre_hdr *grehdr = (struct gre_hdr *) datah; struct gre_hdr_pptp *pgrehdr = (struct gre_hdr_pptp *) datah; - u_int32_t srckey; + u_int16_t srckey; /* core guarantees 8 protocol bytes, no need for size check */ @@ -195,11 +194,11 @@ static int gre_pkt_to_tuple(const void *datah, size_t datalen, return 0; } - tuple->dst.u.gre.key = htonl(ntohs(pgrehdr->call_id)); + tuple->dst.u.gre.key = pgrehdr->call_id; srckey = gre_keymap_lookup(tuple); #if 0 - DEBUGP("found src key %x for tuple ", ntohl(srckey)); + DEBUGP("found src key %x for tuple ", ntohs(srckey)); DUMP_TUPLE_GRE(tuple); #endif tuple->src.u.gre.key = srckey; @@ -212,8 +211,8 @@ static unsigned int gre_print_tuple(char *buffer, const struct ip_conntrack_tuple *tuple) { return sprintf(buffer, "srckey=0x%x dstkey=0x%x ", - ntohl(tuple->src.u.gre.key), - ntohl(tuple->dst.u.gre.key)); + ntohs(tuple->src.u.gre.key), + ntohs(tuple->dst.u.gre.key)); } /* print private data for conntrack */ diff --git a/release/src/linux/linux/net/ipv4/netfilter/ip_nat_core.c b/release/src/linux/linux/net/ipv4/netfilter/ip_nat_core.c index 1064c43ab9..8a99c7d262 100644 --- a/release/src/linux/linux/net/ipv4/netfilter/ip_nat_core.c +++ b/release/src/linux/linux/net/ipv4/netfilter/ip_nat_core.c @@ -424,7 +424,7 @@ get_unique_tuple(struct ip_conntrack_tuple *tuple, *tuple = *orig_tuple; while ((rptr = find_best_ips_proto_fast(tuple, mr, conntrack, hooknum)) != NULL) { - DEBUGP("Found best for "); DUMP_TUPLE_RAW(tuple); + DEBUGP("Found best for "); DUMP_TUPLE(tuple); /* 3) The per-protocol part of the manip is made to map into the range to make a unique tuple. */ @@ -564,9 +564,9 @@ ip_nat_setup_info(struct ip_conntrack *conntrack, HOOK2MANIP(hooknum)==IP_NAT_MANIP_SRC ? "SRC" : "DST", conntrack); DEBUGP("Original: "); - DUMP_TUPLE_RAW(&orig_tp); + DUMP_TUPLE(&orig_tp); DEBUGP("New: "); - DUMP_TUPLE_RAW(&new_tuple); + DUMP_TUPLE(&new_tuple); #endif /* We now have two tuples (SRCIP/SRCPT/DSTIP/DSTPT): diff --git a/release/src/linux/linux/net/ipv4/netfilter/ip_nat_pptp.c b/release/src/linux/linux/net/ipv4/netfilter/ip_nat_pptp.c index 143dd1a161..792faed702 100644 --- a/release/src/linux/linux/net/ipv4/netfilter/ip_nat_pptp.c +++ b/release/src/linux/linux/net/ipv4/netfilter/ip_nat_pptp.c @@ -54,8 +54,7 @@ MODULE_DESCRIPTION("Netfilter NAT helper module for PPTP"); #if 0 #include "ip_conntrack_pptp_priv.h" -#define DEBUGP(format, args...) printk(KERN_DEBUG __FILE__ ":" __FUNCTION__ \ - ": " format, ## args) +#define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s: " format, __FILE__, __FUNCTION__, ## args) #else #define DEBUGP(format, args...) #endif @@ -70,7 +69,8 @@ pptp_nat_expected(struct sk_buff **pskb, struct ip_nat_multi_range mr; struct ip_ct_pptp_master *ct_pptp_info; struct ip_nat_pptp *nat_pptp_info; - u_int32_t newip, newcid; + u_int32_t newip; + u_int16_t newcid; int ret; IP_NF_ASSERT(info); @@ -89,34 +89,34 @@ pptp_nat_expected(struct sk_buff **pskb, DEBUGP("completing tuples with NAT info \n"); /* we can do this, since we're unconfirmed */ if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.gre.key == - htonl(ct_pptp_info->pac_call_id)) { + ct_pptp_info->pac_call_id) { /* assume PNS->PAC */ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.gre.key = - htonl(nat_pptp_info->pns_call_id); + nat_pptp_info->pns_call_id; ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.gre.key = - htonl(nat_pptp_info->pns_call_id); + nat_pptp_info->pns_call_id; newip = master->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip; - newcid = htonl(nat_pptp_info->pac_call_id); + newcid = nat_pptp_info->pac_call_id; } else { /* assume PAC->PNS */ ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.gre.key = - htonl(nat_pptp_info->pac_call_id); + nat_pptp_info->pac_call_id; ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.gre.key = - htonl(nat_pptp_info->pac_call_id); + nat_pptp_info->pac_call_id; newip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip; - newcid = htonl(nat_pptp_info->pns_call_id); + newcid = nat_pptp_info->pns_call_id; } } else { if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.gre.key == - htonl(ct_pptp_info->pac_call_id)) { + ct_pptp_info->pac_call_id) { /* assume PNS->PAC */ newip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip; - newcid = htonl(ct_pptp_info->pns_call_id); + newcid = ct_pptp_info->pns_call_id; } else { /* assume PAC->PNS */ newip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip; - newcid = htonl(ct_pptp_info->pac_call_id); + newcid = ct_pptp_info->pac_call_id; } } @@ -127,7 +127,7 @@ pptp_nat_expected(struct sk_buff **pskb, ((union ip_conntrack_manip_proto ) { newcid }); DEBUGP("change ip to %u.%u.%u.%u\n", NIPQUAD(newip)); - DEBUGP("change key to 0x%x\n", ntohl(newcid)); + DEBUGP("change key to 0x%x\n", newcid); ret = ip_nat_setup_info(ct, &mr, hooknum); UNLOCK_BH(&ip_pptp_lock); @@ -160,7 +160,7 @@ pptp_outbound_pkt(struct sk_buff **pskb, ctlh = (struct PptpControlHeader *) ((void *) pptph + sizeof(*pptph)); pptpReq.rawreq = (void *) ((void *) ctlh + sizeof(*ctlh)); - new_callid = htons(ct_pptp_info->pns_call_id); + new_callid = ct_pptp_info->pns_call_id; switch (msg = ntohs(ctlh->messageType)) { case PPTP_OUT_CALL_REQUEST: @@ -178,7 +178,7 @@ pptp_outbound_pkt(struct sk_buff **pskb, new_callid = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.tcp.port; /* save new call ID in ct info */ - ct_pptp_info->pns_call_id = ntohs(new_callid); + ct_pptp_info->pns_call_id = new_callid; break; case PPTP_IN_CALL_REPLY: cid = &pptpReq.icreq->callID; @@ -243,7 +243,7 @@ pptp_inbound_pkt(struct sk_buff **pskb, ctlh = (struct PptpControlHeader *) ((void *) pptph + sizeof(*pptph)); pptpReq.rawreq = (void *) ((void *) ctlh + sizeof(*ctlh)); - new_pcid = htons(nat_pptp_info->pns_call_id); + new_pcid = nat_pptp_info->pns_call_id; switch (msg = ntohs(ctlh->messageType)) { case PPTP_OUT_CALL_REPLY: @@ -265,20 +265,20 @@ pptp_inbound_pkt(struct sk_buff **pskb, reply_t = &ct->tuplehash[IP_CT_DIR_REPLY].tuple; if (t.src.ip == orig_t->src.ip && t.dst.ip == orig_t->dst.ip) { /* expectation for PNS->PAC direction */ - t.src.u.gre.key = htonl(nat_pptp_info->pns_call_id); - t.dst.u.gre.key = htonl(ct_pptp_info->pac_call_id); + t.src.u.gre.key = nat_pptp_info->pns_call_id; + t.dst.u.gre.key = ct_pptp_info->pac_call_id; inv_t.src.ip = reply_t->src.ip; inv_t.dst.ip = reply_t->dst.ip; - inv_t.src.u.gre.key = htonl(nat_pptp_info->pac_call_id); - inv_t.dst.u.gre.key = htonl(ct_pptp_info->pns_call_id); + inv_t.src.u.gre.key = nat_pptp_info->pac_call_id; + inv_t.dst.u.gre.key = ct_pptp_info->pns_call_id; } else { /* expectation for PAC->PNS direction */ - t.src.u.gre.key = htonl(nat_pptp_info->pac_call_id); - t.dst.u.gre.key = htonl(ct_pptp_info->pns_call_id); + t.src.u.gre.key = nat_pptp_info->pac_call_id; + t.dst.u.gre.key = ct_pptp_info->pns_call_id; inv_t.src.ip = orig_t->src.ip; inv_t.dst.ip = orig_t->dst.ip; - inv_t.src.u.gre.key = htonl(nat_pptp_info->pns_call_id); - inv_t.dst.u.gre.key = htonl(ct_pptp_info->pac_call_id); + inv_t.src.u.gre.key = nat_pptp_info->pns_call_id; + inv_t.dst.u.gre.key = ct_pptp_info->pac_call_id; } if (!ip_conntrack_change_expect(oldexp, &t)) { diff --git a/release/src/linux/linux/net/ipv4/netfilter/ip_nat_proto_gre.c b/release/src/linux/linux/net/ipv4/netfilter/ip_nat_proto_gre.c index f524a5fcde..ab7ef7c6a4 100644 --- a/release/src/linux/linux/net/ipv4/netfilter/ip_nat_proto_gre.c +++ b/release/src/linux/linux/net/ipv4/netfilter/ip_nat_proto_gre.c @@ -36,8 +36,7 @@ MODULE_AUTHOR("Harald Welte "); MODULE_DESCRIPTION("Netfilter NAT protocol helper module for GRE"); #if 0 -#define DEBUGP(format, args...) printk(KERN_DEBUG __FILE__ ":" __FUNCTION__ \ - ": " format, ## args) +#define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s: " format, __FILE__, __FUNCTION__, ## args) #else #define DEBUGP(x, args...) #endif @@ -49,15 +48,15 @@ gre_in_range(const struct ip_conntrack_tuple *tuple, const union ip_conntrack_manip_proto *min, const union ip_conntrack_manip_proto *max) { - u_int32_t key; + u_int16_t key; if (maniptype == IP_NAT_MANIP_SRC) key = tuple->src.u.gre.key; else key = tuple->dst.u.gre.key; - return ntohl(key) >= ntohl(min->gre.key) - && ntohl(key) <= ntohl(max->gre.key); + return ntohs(key) >= ntohs(min->gre.key) + && ntohs(key) <= ntohs(max->gre.key); } /* generate unique tuple ... */ @@ -67,8 +66,8 @@ gre_unique_tuple(struct ip_conntrack_tuple *tuple, enum ip_nat_manip_type maniptype, const struct ip_conntrack *conntrack) { - u_int32_t min, i, range_size; - u_int32_t key = 0, *keyptr; + unsigned int min, i, range_size; + u_int16_t key = 0, *keyptr; /* If there is no master conntrack we are not PPTP, do not change tuples */ @@ -87,14 +86,14 @@ gre_unique_tuple(struct ip_conntrack_tuple *tuple, range_size = 0xffff; } else { - min = ntohl(range->min.gre.key); - range_size = ntohl(range->max.gre.key) - min + 1; + min = ntohs(range->min.gre.key); + range_size = ntohs(range->max.gre.key) - min + 1; } DEBUGP("min = %u, range_size = %u\n", min, range_size); for (i = 0; i < range_size; i++, key++) { - *keyptr = htonl(min + key % range_size); + *keyptr = htons(min + key % range_size); if (!ip_nat_used_tuple(tuple, conntrack)) return 1; } @@ -124,7 +123,7 @@ gre_manip_pkt(struct iphdr *iph, size_t len, break; case GRE_VERSION_PPTP: DEBUGP("call_id -> 0x%04x\n", - ntohl(manip->u.gre.key)); + ntohs(manip->u.gre.key)); pgreh->call_id = manip->u.gre.key; break; default: @@ -144,11 +143,11 @@ gre_print(char *buffer, if (mask->src.u.gre.key) len += sprintf(buffer + len, "srckey=0x%x ", - ntohl(match->src.u.gre.key)); + ntohs(match->src.u.gre.key)); if (mask->dst.u.gre.key) len += sprintf(buffer + len, "dstkey=0x%x ", - ntohl(match->src.u.gre.key)); + ntohs(match->src.u.gre.key)); return len; } @@ -161,11 +160,11 @@ gre_print_range(char *buffer, const struct ip_nat_range *range) || range->max.gre.key != 0xFFFF) { if (range->min.gre.key == range->max.gre.key) return sprintf(buffer, "key 0x%x ", - ntohl(range->min.gre.key)); + ntohs(range->min.gre.key)); else return sprintf(buffer, "keys 0x%u-0x%u ", - ntohl(range->min.gre.key), - ntohl(range->max.gre.key)); + ntohs(range->min.gre.key), + ntohs(range->max.gre.key)); } else return 0; } -- 2.11.4.GIT