net/ipv4/netfilter/ip_nat_amanda.c

   1 /* Amanda extension for TCP NAT alteration.
   2  * (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca>
   3  * based on a copy of HW's ip_nat_irc.c as well as other modules
   4  *
   5  *      This program is free software; you can redistribute it and/or
   6  *      modify it under the terms of the GNU General Public License
   7  *      as published by the Free Software Foundation; either version
   8  *      2 of the License, or (at your option) any later version.
   9  *
  10  *      Module load syntax:
  11  *      insmod ip_nat_amanda.o
  12  */
  13
  14 #include <linux/kernel.h>
  15 #include <linux/module.h>
  16 #include <linux/netfilter.h>
  17 #include <linux/skbuff.h>
  18 #include <linux/ip.h>
  19 #include <linux/udp.h>
  20 #include <net/tcp.h>
  21 #include <net/udp.h>
  22
  23 #include <linux/netfilter_ipv4.h>
  24 #include <linux/netfilter_ipv4/ip_nat.h>
  25 #include <linux/netfilter_ipv4/ip_nat_helper.h>
  26 #include <linux/netfilter_ipv4/ip_conntrack_helper.h>
  27 #include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
  28
  29
  30 MODULE_AUTHOR("Brian J. Murrell <netfilter@interlinx.bc.ca>");
  31 MODULE_DESCRIPTION("Amanda NAT helper");
  32 MODULE_LICENSE("GPL");
  33
  34 static unsigned int
  35 amanda_nat_expected(struct sk_buff **pskb,
  36                     unsigned int hooknum,
  37                     struct ip_conntrack *ct,
  38                     struct ip_nat_info *info)
  39 {
  40         struct ip_conntrack *master = master_ct(ct);
  41         struct ip_ct_amanda_expect *exp_amanda_info;
  42         struct ip_nat_range range;
  43         u_int32_t newip;
  44
  45         IP_NF_ASSERT(info);
  46         IP_NF_ASSERT(master);
  47         IP_NF_ASSERT(!(info->initialized & (1 << HOOK2MANIP(hooknum))));
  48
  49         if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC)
  50                 newip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
  51         else
  52                 newip = master->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip;
  53
  54         /* We don't want to manip the per-protocol, just the IPs. */
  55         range.flags = IP_NAT_RANGE_MAP_IPS;
  56         range.min_ip = range.max_ip = newip;
  57
  58         if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_DST) {
  59                 exp_amanda_info = &ct->master->help.exp_amanda_info;
  60                 range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
  61                 range.min = range.max
  62                         = ((union ip_conntrack_manip_proto)
  63                                 { .udp = { htons(exp_amanda_info->port) } });
  64         }
  65
  66         return ip_nat_setup_info(ct, &range, hooknum);
  67 }
  68
  69 static int amanda_data_fixup(struct ip_conntrack *ct,
  70                              struct sk_buff **pskb,
  71                              enum ip_conntrack_info ctinfo,
  72                              struct ip_conntrack_expect *exp)
  73 {
  74         struct ip_ct_amanda_expect *exp_amanda_info;
  75         struct ip_conntrack_tuple t = exp->tuple;
  76         char buffer[sizeof("65535")];
  77         u_int16_t port;
  78
  79         /* Alter conntrack's expectations. */
  80         exp_amanda_info = &exp->help.exp_amanda_info;
  81         t.dst.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
  82         for (port = exp_amanda_info->port; port != 0; port++) {
  83                 t.dst.u.tcp.port = htons(port);
  84                 if (ip_conntrack_change_expect(exp, &t) == 0)
  85                         break;
  86         }
  87         if (port == 0)
  88                 return 0;
  89
  90         sprintf(buffer, "%u", port);
  91         return ip_nat_mangle_udp_packet(pskb, ct, ctinfo,
  92                                         exp_amanda_info->offset,
  93                                         exp_amanda_info->len,
  94                                         buffer, strlen(buffer));
  95 }
  96
  97 static unsigned int help(struct ip_conntrack *ct,
  98                          struct ip_conntrack_expect *exp,
  99                          struct ip_nat_info *info,
 100                          enum ip_conntrack_info ctinfo,
 101                          unsigned int hooknum,
 102                          struct sk_buff **pskb)
 103 {
 104         int dir = CTINFO2DIR(ctinfo);
 105         int ret = NF_ACCEPT;
 106
 107         /* Only mangle things once: original direction in POST_ROUTING
 108            and reply direction on PRE_ROUTING. */
 109         if (!((hooknum == NF_IP_POST_ROUTING && dir == IP_CT_DIR_ORIGINAL)
 110               || (hooknum == NF_IP_PRE_ROUTING && dir == IP_CT_DIR_REPLY)))
 111                 return NF_ACCEPT;
 112
 113         /* if this exectation has a "offset" the packet needs to be mangled */
 114         if (exp->help.exp_amanda_info.offset != 0)
 115                 if (!amanda_data_fixup(ct, pskb, ctinfo, exp))
 116                         ret = NF_DROP;
 117         exp->help.exp_amanda_info.offset = 0;
 118
 119         return ret;
 120 }
 121
 122 static struct ip_nat_helper ip_nat_amanda_helper;
 123
 124 static void __exit fini(void)
 125 {
 126         ip_nat_helper_unregister(&ip_nat_amanda_helper);
 127 }
 128
 129 static int __init init(void)
 130 {
 131         struct ip_nat_helper *hlpr = &ip_nat_amanda_helper;
 132
 133         hlpr->tuple.dst.protonum = IPPROTO_UDP;
 134         hlpr->tuple.src.u.udp.port = htons(10080);
 135         hlpr->mask.src.u.udp.port = 0xFFFF;
 136         hlpr->mask.dst.protonum = 0xFFFF;
 137         hlpr->help = help;
 138         hlpr->flags = 0;
 139         hlpr->me = THIS_MODULE;
 140         hlpr->expect = amanda_nat_expected;
 141         hlpr->name = "amanda";
 142
 143         return ip_nat_helper_register(hlpr);
 144 }
 145
 146 NEEDS_CONNTRACK(amanda);
 147 module_init(init);
 148 module_exit(fini);