diff options
Diffstat (limited to 'obsolete-buildroot/sources/openwrt/kernel')
11 files changed, 0 insertions, 19817 deletions
diff --git a/obsolete-buildroot/sources/openwrt/kernel/compressed-20040531.tar.bz2 b/obsolete-buildroot/sources/openwrt/kernel/compressed-20040531.tar.bz2 Binary files differdeleted file mode 100644 index c8e06b8..0000000 --- a/obsolete-buildroot/sources/openwrt/kernel/compressed-20040531.tar.bz2 +++ /dev/null diff --git a/obsolete-buildroot/sources/openwrt/kernel/diag.c b/obsolete-buildroot/sources/openwrt/kernel/diag.c deleted file mode 100644 index 41cb17b..0000000 --- a/obsolete-buildroot/sources/openwrt/kernel/diag.c +++ /dev/null @@ -1,210 +0,0 @@ -// replacement diag module -// (c) 2004 openwrt -// mbm at alt dot org -// -// initial release 2004/03/28 -// -// 2004/08/26 asus & buffalo support added - -#include <linux/module.h> -#include <linux/init.h> -#include <linux/kernel.h> -#include <linux/sysctl.h> -#include <asm/io.h> -#include <typedefs.h> -#include <bcm4710.h> -#include <sbutils.h> - -extern char * nvram_get(const char *name); -static void *sbh; - -// v2.x - - - - - -#define DIAG_GPIO (1<<1) -#define DMZ_GPIO (1<<7) - -static void set_gpio(uint32 mask, uint32 value) { - sb_gpiocontrol(sbh,mask,0); - sb_gpioouten(sbh,mask,mask); - sb_gpioout(sbh,mask,value); -} - -static void v2_set_diag(u8 state) { - set_gpio(DIAG_GPIO,state); -} -static void v2_set_dmz(u8 state) { - set_gpio(DMZ_GPIO,state); -} - -// v1.x - - - - - -#define LED_DIAG 0x13 -#define LED_DMZ 0x12 - -static void v1_set_diag(u8 state) { - if (!state) { - *(volatile u8*)(KSEG1ADDR(BCM4710_EUART)+LED_DIAG)=0xFF; - } else { - *(volatile u8*)(KSEG1ADDR(BCM4710_EUART)+LED_DIAG); - } -} -static void v1_set_dmz(u8 state) { - if (!state) { - *(volatile u8*)(KSEG1ADDR(BCM4710_EUART)+LED_DMZ)=0xFF; - } else { - *(volatile u8*)(KSEG1ADDR(BCM4710_EUART)+LED_DMZ); - } -} - -// - - - - - -static void ignore(u8 ignored) {}; - -// - - - - - -#define BIT_DMZ 0x01 -#define BIT_DIAG 0x04 - -void (*set_diag)(u8 state); -void (*set_dmz)(u8 state); - -static unsigned int diag = 0; - -static void diag_change() -{ - //printk(KERN_INFO "led -> %02x\n",diag); - - set_diag(0xFF); // off - set_dmz(0xFF); // off - - if(diag & BIT_DIAG) - set_diag(0x00); // on - if(diag & BIT_DMZ) - set_dmz(0x00); // on -} - -static int proc_diag(ctl_table *table, int write, struct file *filp, - void *buffer, size_t *lenp) -{ - int r; - r = proc_dointvec(table, write, filp, buffer, lenp); - if (write && !r) { - diag_change(); - } - return r; -} - -// - - - - - -static unsigned char reset_gpio = 0; -static unsigned char reset_polarity = 0; -static unsigned int reset = 0; - -static int proc_reset(ctl_table *table, int write, struct file *filp, - void *buffer, size_t *lenp) -{ - - if (reset_gpio) { - sb_gpiocontrol(sbh,reset_gpio,reset_gpio); - sb_gpioouten(sbh,reset_gpio,0); - reset=!(sb_gpioin(sbh)&reset_gpio); - - if (reset_polarity) reset=!reset; - } else { - reset=0; - } - - return proc_dointvec(table, write, filp, buffer, lenp); -} - -// - - - - - -static struct ctl_table_header *diag_sysctl_header; - -static ctl_table sys_diag[] = { - { - ctl_name: 2000, - procname: "diag", - data: &diag, - maxlen: sizeof(diag), - mode: 0644, - proc_handler: proc_diag - }, - { - ctl_name: 2001, - procname: "reset", - data: &reset, - maxlen: sizeof(reset), - mode: 0444, - proc_handler: proc_reset - }, - { 0 } -}; - -static int __init diag_init() -{ - char *buf; - u32 board_type; - sbh = sb_kattach(); - sb_gpiosetcore(sbh); - - board_type = sb_boardtype(sbh); - printk(KERN_INFO "diag boardtype: %08x\n",board_type); - - set_diag=ignore; - set_dmz=ignore; - - if ((board_type & 0xf00) == 0x400) { - board_type=1; - buf=nvram_get("boardtype")?:""; - if (!strcmp(buf,"bcm94710dev")) { - buf=nvram_get("boardnum")?:""; - if (!strcmp(buf,"42")) { - // wrt54g v1.x - set_diag=v1_set_diag; - set_dmz=v1_set_dmz; - reset_gpio=(1<<6); - reset_polarity=0; - } else if (!strcmp(buf,"asusX")) { - //asus wl-500g - //no leds - reset_gpio=(1<<6); - reset_polarity=1; - } - } else if (!strcmp(buf,"bcm94710ap")) { - buf=nvram_get("boardnum")?:""; - if (!strcmp(buf,"42")) { - // buffalo - set_dmz=v2_set_dmz; - reset_gpio=(1<<4); - reset_polarity=1; - } else if (!strcmp(buf,"44")) { - //dell truemobile - set_dmz=v2_set_dmz; - reset_gpio=(1<<0); - reset_polarity=0; - } - } - } else { - board_type=2; - set_diag=v2_set_diag; - set_dmz=v2_set_dmz; - reset_gpio=(1<<6); - reset_polarity=0; - buf=nvram_get("boardnum")?:""; - if (!strcmp(buf,"44")) { - set_diag=ignore; - set_dmz=ignore; - reset_gpio=(1<<5); - reset_polarity=0; - } - } - printk(KERN_INFO "using v%d hardware\n",board_type); - - diag_sysctl_header = register_sysctl_table(sys_diag, 0); - diag_change(); - - return 0; -} - -static void __exit diag_exit() -{ - unregister_sysctl_table(diag_sysctl_header); -} - -module_init(diag_init); -module_exit(diag_exit); diff --git a/obsolete-buildroot/sources/openwrt/kernel/linux.config b/obsolete-buildroot/sources/openwrt/kernel/linux.config deleted file mode 100644 index 60424ce..0000000 --- a/obsolete-buildroot/sources/openwrt/kernel/linux.config +++ /dev/null @@ -1,853 +0,0 @@ -# -# Automatically generated by make menuconfig: don't edit -# -CONFIG_MIPS=y -CONFIG_MIPS32=y -# CONFIG_MIPS64 is not set - -# -# Code maturity level options -# -CONFIG_EXPERIMENTAL=y - -# -# Loadable module support -# -CONFIG_MODULES=y -# CONFIG_MODVERSIONS is not set -# CONFIG_KMOD is not set - -# -# Machine selection -# -# CONFIG_ACER_PICA_61 is not set -# CONFIG_MIPS_DB1000 is not set -# CONFIG_MIPS_DB1100 is not set -# CONFIG_MIPS_DB1500 is not set -# CONFIG_MIPS_PB1000 is not set -# CONFIG_MIPS_PB1100 is not set -# CONFIG_MIPS_PB1500 is not set -# CONFIG_BAGET_MIPS is not set -# CONFIG_CASIO_E55 is not set -# CONFIG_MIPS_COBALT is not set -# CONFIG_DECSTATION is not set -# CONFIG_MIPS_EV64120 is not set -# CONFIG_MIPS_EV96100 is not set -# CONFIG_MIPS_IVR is not set -# CONFIG_HP_LASERJET is not set -# CONFIG_IBM_WORKPAD is not set -# CONFIG_LASAT is not set -# CONFIG_MIPS_ITE8172 is not set -# CONFIG_MIPS_ATLAS is not set -# CONFIG_MIPS_MAGNUM_4000 is not set -# CONFIG_MIPS_MALTA is not set -# CONFIG_MIPS_SEAD is not set -# CONFIG_MOMENCO_OCELOT is not set -# CONFIG_MOMENCO_OCELOT_G is not set -# CONFIG_DDB5074 is not set -# CONFIG_DDB5476 is not set -# CONFIG_DDB5477 is not set -# CONFIG_NEC_OSPREY is not set -# CONFIG_NEC_EAGLE is not set -# CONFIG_OLIVETTI_M700 is not set -# CONFIG_NINO is not set -# CONFIG_SGI_IP22 is not set -# CONFIG_SGI_IP27 is not set -# CONFIG_SGI_IP32 is not set -# CONFIG_SIBYTE_SB1xxx_SOC is not set -CONFIG_MIPS_BRCM=y -CONFIG_BCM947XX=y -CONFIG_BCM4710=y -CONFIG_BCM4310=y -CONFIG_BCM4704=y -# CONFIG_BCM5365 is not set -# CONFIG_SNI_RM200_PCI is not set -# CONFIG_TOSHIBA_JMR3927 is not set -# CONFIG_VICTOR_MPC30X is not set -# CONFIG_ZAO_CAPCELLA is not set -# CONFIG_HIGHMEM is not set -CONFIG_RWSEM_GENERIC_SPINLOCK=y -# CONFIG_RWSEM_XCHGADD_ALGORITHM is not set -CONFIG_CMDLINE="root=/dev/mtdblock2 rootfstype=squashfs init=/etc/preinit noinitrd console=ttyS0,115200" -CONFIG_PCI=y -CONFIG_NONCOHERENT_IO=y -CONFIG_NEW_TIME_C=y -CONFIG_NEW_IRQ=y -CONFIG_HND=y -# CONFIG_MIPS_AU1000 is not set - -# -# CPU selection -# -CONFIG_CPU_MIPS32=y -# CONFIG_CPU_MIPS64 is not set -# CONFIG_CPU_R3000 is not set -# CONFIG_CPU_TX39XX is not set -# CONFIG_CPU_VR41XX is not set -# CONFIG_CPU_R4300 is not set -# CONFIG_CPU_R4X00 is not set -# CONFIG_CPU_TX49XX is not set -# CONFIG_CPU_R5000 is not set -# CONFIG_CPU_R5432 is not set -# CONFIG_CPU_R6000 is not set -# CONFIG_CPU_NEVADA is not set -# CONFIG_CPU_R8000 is not set -# CONFIG_CPU_R10000 is not set -# CONFIG_CPU_RM7000 is not set -# CONFIG_CPU_SB1 is not set -CONFIG_CPU_HAS_PREFETCH=y -# CONFIG_VTAG_ICACHE is not set -# CONFIG_64BIT_PHYS_ADDR is not set -# CONFIG_CPU_ADVANCED is not set -CONFIG_CPU_HAS_LLSC=y -# CONFIG_CPU_HAS_LLDSCD is not set -# CONFIG_CPU_HAS_WB is not set -CONFIG_CPU_HAS_SYNC=y - -# -# General setup -# -CONFIG_CPU_LITTLE_ENDIAN=y -CONFIG_NET=y -# CONFIG_PCI_NAMES is not set -# CONFIG_ISA is not set -# CONFIG_EISA is not set -# CONFIG_TC is not set -# CONFIG_MCA is not set -# CONFIG_SBUS is not set -CONFIG_HOTPLUG=y - -# -# PCMCIA/CardBus support -# -# CONFIG_PCMCIA is not set - -# -# PCI Hotplug Support -# -# CONFIG_HOTPLUG_PCI is not set -# CONFIG_HOTPLUG_PCI_COMPAQ is not set -# CONFIG_HOTPLUG_PCI_COMPAQ_NVRAM is not set -# CONFIG_HOTPLUG_PCI_ACPI is not set -CONFIG_SYSVIPC=y -# CONFIG_BSD_PROCESS_ACCT is not set -CONFIG_SYSCTL=y -# CONFIG_PRINT_SYSCALLS is not set -CONFIG_KCORE_ELF=y -# CONFIG_KCORE_AOUT is not set -# CONFIG_BINFMT_AOUT is not set -CONFIG_BINFMT_ELF=y -# CONFIG_MIPS32_COMPAT is not set -# CONFIG_MIPS32_O32 is not set -# CONFIG_MIPS32_N32 is not set -# CONFIG_BINFMT_ELF32 is not set -# CONFIG_BINFMT_MISC is not set -# CONFIG_PM is not set - -# -# Memory Technology Devices (MTD) -# -CONFIG_MTD=y -# CONFIG_MTD_DEBUG is not set -CONFIG_MTD_PARTITIONS=y -# CONFIG_MTD_CONCAT is not set -# CONFIG_MTD_REDBOOT_PARTS is not set -CONFIG_MTD_CHAR=y -# CONFIG_MTD_BLOCK is not set -CONFIG_MTD_BLOCK_RO=y -# CONFIG_FTL is not set -# CONFIG_NFTL is not set - -# -# RAM/ROM/Flash chip drivers -# -CONFIG_MTD_CFI=y -# CONFIG_MTD_JEDECPROBE is not set -CONFIG_MTD_GEN_PROBE=y -CONFIG_MTD_CFI_ADV_OPTIONS=y -CONFIG_MTD_CFI_NOSWAP=y -# CONFIG_MTD_CFI_BE_BYTE_SWAP is not set -# CONFIG_MTD_CFI_LE_BYTE_SWAP is not set -CONFIG_MTD_CFI_GEOMETRY=y -# CONFIG_MTD_CFI_B1 is not set -CONFIG_MTD_CFI_B2=y -# CONFIG_MTD_CFI_B4 is not set -CONFIG_MTD_CFI_I1=y -# CONFIG_MTD_CFI_I2 is not set -# CONFIG_MTD_CFI_I4 is not set -CONFIG_MTD_CFI_INTELEXT=y -CONFIG_MTD_CFI_AMDSTD=y -CONFIG_MTD_CFI_SSTSTD=y -# CONFIG_MTD_RAM is not set -# CONFIG_MTD_ROM is not set -# CONFIG_MTD_ABSENT is not set -# CONFIG_MTD_OBSOLETE_CHIPS is not set -# CONFIG_MTD_AMDSTD is not set -# CONFIG_MTD_SHARP is not set -# CONFIG_MTD_JEDEC is not set - -# -# Mapping drivers for chip access -# -# CONFIG_MTD_PHYSMAP is not set -CONFIG_MTD_BCM947XX=y -# CONFIG_MTD_PB1000 is not set -# CONFIG_MTD_PB1500 is not set -# CONFIG_MTD_PB1100 is not set -# CONFIG_MTD_CSTM_MIPS_IXX is not set -# CONFIG_MTD_OCELOT is not set -# CONFIG_MTD_LASAT is not set -# CONFIG_MTD_PCI is not set - -# -# Self-contained MTD device drivers -# -CONFIG_MTD_SFLASH=y -# CONFIG_MTD_PMC551 is not set -# CONFIG_MTD_SLRAM is not set -# CONFIG_MTD_MTDRAM is not set -# CONFIG_MTD_BLKMTD is not set -# CONFIG_MTD_DOC1000 is not set -# CONFIG_MTD_DOC2000 is not set -# CONFIG_MTD_DOC2001 is not set -# CONFIG_MTD_DOCPROBE is not set - -# -# NAND Flash Device Drivers -# -# CONFIG_MTD_NAND is not set - -# -# Parallel port support -# -# CONFIG_PARPORT is not set - -# -# Plug and Play configuration -# -# CONFIG_PNP is not set -# CONFIG_ISAPNP is not set - -# -# Block devices -# -# CONFIG_BLK_DEV_MSYS is not set -# CONFIG_NOROOT is not set -# CONFIG_BLK_DEV_FD is not set -# CONFIG_BLK_DEV_XD is not set -# CONFIG_PARIDE is not set -# CONFIG_BLK_CPQ_DA is not set -# CONFIG_BLK_CPQ_CISS_DA is not set -# CONFIG_CISS_SCSI_TAPE is not set -# CONFIG_BLK_DEV_DAC960 is not set -# CONFIG_BLK_DEV_UMEM is not set -CONFIG_BLK_DEV_LOOP=y -CONFIG_BLK_DEV_NBD=m -# CONFIG_BLK_DEV_RAM is not set -# CONFIG_BLK_DEV_INITRD is not set -# CONFIG_BLK_STATS is not set - -# -# Multi-device support (RAID and LVM) -# -# CONFIG_MD is not set -# CONFIG_BLK_DEV_MD is not set -# CONFIG_MD_LINEAR is not set -# CONFIG_MD_RAID0 is not set -# CONFIG_MD_RAID1 is not set -# CONFIG_MD_RAID5 is not set -# CONFIG_MD_MULTIPATH is not set -# CONFIG_BLK_DEV_LVM is not set - -# -# Networking options -# -CONFIG_PACKET=y -CONFIG_PACKET_MMAP=y -CONFIG_NETLINK_DEV=m -CONFIG_NETFILTER=y -# CONFIG_NETFILTER_DEBUG is not set -# CONFIG_FILTER is not set -CONFIG_UNIX=y -CONFIG_NETSWAP=y -CONFIG_INET=y -# CONFIG_IP_MULTICAST is not set -CONFIG_IP_ADVANCED_ROUTER=y -CONFIG_IP_MULTIPLE_TABLES=y -CONFIG_IP_ROUTE_FWMARK=y -CONFIG_IP_ROUTE_NAT=y -CONFIG_IP_ROUTE_MULTIPATH=y -CONFIG_IP_ROUTE_TOS=y -# CONFIG_IP_ROUTE_VERBOSE is not set -# CONFIG_IP_ROUTE_LARGE_TABLES is not set -# CONFIG_IP_PNP is not set -CONFIG_NET_IPIP=m -CONFIG_NET_IPGRE=m -# CONFIG_ARPD is not set -# CONFIG_INET_ECN is not set -# CONFIG_SYN_COOKIES is not set - -# -# IP: Netfilter Configuration -# -CONFIG_IP_NF_CONNTRACK=y -CONFIG_IP_NF_FTP=y -CONFIG_IP_NF_H323=y -CONFIG_IP_NF_CONNTRACK_MARK=y -# CONFIG_IP_NF_AMANDA is not set -CONFIG_IP_NF_TFTP=y -CONFIG_IP_NF_IRC=y -CONFIG_IP_NF_CT_PROTO_GRE=y -CONFIG_IP_NF_PPTP=y -CONFIG_IP_NF_MMS=y -CONFIG_IP_NF_QUEUE=m -CONFIG_IP_NF_IPTABLES=y -CONFIG_IP_NF_MATCH_LIMIT=m -CONFIG_IP_NF_SET=m -CONFIG_IP_NF_SET_MAX=256 -CONFIG_IP_NF_SET_IPMAP=m -CONFIG_IP_NF_SET_PORTMAP=m -CONFIG_IP_NF_SET_MACIPMAP=m -CONFIG_IP_NF_SET_IPHASH=m -CONFIG_IP_NF_MATCH_QUOTA=m -CONFIG_IP_NF_POOL=m -CONFIG_IP_POOL_STATISTICS=y -CONFIG_IP_NF_MATCH_IPRANGE=m -CONFIG_IP_NF_MATCH_DSTLIMIT=m -CONFIG_IP_NF_MATCH_MAC=m -CONFIG_IP_NF_MATCH_PKTTYPE=m -CONFIG_IP_NF_MATCH_MARK=y -CONFIG_IP_NF_MATCH_MULTIPORT=y -CONFIG_IP_NF_MATCH_TOS=m -CONFIG_IP_NF_MATCH_CONDITION=m -# CONFIG_IP_NF_MATCH_RANDOM is not set -CONFIG_IP_NF_MATCH_PSD=m -# CONFIG_IP_NF_MATCH_OSF is not set -# CONFIG_IP_NF_MATCH_NTH is not set -CONFIG_IP_NF_MATCH_IPV4OPTIONS=m -# CONFIG_IP_NF_MATCH_FUZZY is not set -CONFIG_IP_NF_MATCH_RECENT=m -CONFIG_IP_NF_MATCH_ECN=m -CONFIG_IP_NF_MATCH_DSCP=m -CONFIG_IP_NF_MATCH_AH_ESP=m -CONFIG_IP_NF_MATCH_LENGTH=m -# CONFIG_IP_NF_MATCH_U32 is not set -CONFIG_IP_NF_MATCH_TTL=m -CONFIG_IP_NF_MATCH_TCPMSS=y -# CONFIG_IP_NF_MATCH_REALM is not set -CONFIG_IP_NF_MATCH_HELPER=m -CONFIG_IP_NF_MATCH_STATE=y -CONFIG_IP_NF_MATCH_CONNMARK=m -CONFIG_IP_NF_MATCH_CONNLIMIT=m -CONFIG_IP_NF_MATCH_CONNTRACK=m -CONFIG_IP_NF_MATCH_UNCLEAN=m -CONFIG_IP_NF_MATCH_STRING=m -# CONFIG_IP_NF_MATCH_OWNER is not set -CONFIG_IP_NF_MATCH_PHYSDEV=m -CONFIG_IP_NF_FILTER=y -CONFIG_IP_NF_TARGET_REJECT=y -CONFIG_IP_NF_TARGET_NETLINK=m -CONFIG_IP_NF_TARGET_IPV4OPTSSTRIP=m -CONFIG_IP_NF_TARGET_MIRROR=m -CONFIG_IP_NF_NAT=y -CONFIG_IP_NF_NAT_NEEDED=y -CONFIG_IP_NF_TARGET_MASQUERADE=y -CONFIG_IP_NF_TARGET_REDIRECT=y -CONFIG_IP_NF_NAT_H323=y -# CONFIG_IP_NF_TARGET_SAME is not set -# CONFIG_IP_NF_TARGET_NETMAP is not set -CONFIG_IP_NF_NAT_PPTP=y -CONFIG_IP_NF_NAT_PROTO_GRE=y -# CONFIG_IP_NF_NAT_LOCAL is not set -CONFIG_IP_NF_NAT_SNMP_BASIC=m -CONFIG_IP_NF_NAT_IRC=y -CONFIG_IP_NF_NAT_MMS=y -CONFIG_IP_NF_NAT_FTP=y -CONFIG_IP_NF_NAT_TFTP=y -CONFIG_IP_NF_MANGLE=y -CONFIG_IP_NF_TARGET_TOS=m -CONFIG_IP_NF_TARGET_ECN=m -CONFIG_IP_NF_TARGET_DSCP=m -CONFIG_IP_NF_TARGET_MARK=y -CONFIG_IP_NF_TARGET_IPMARK=m -CONFIG_IP_NF_TARGET_CLASSIFY=m -CONFIG_IP_NF_TARGET_LOG=y -CONFIG_IP_NF_TARGET_CONNMARK=m -CONFIG_IP_NF_TARGET_TTL=m -CONFIG_IP_NF_TARGET_ULOG=m -CONFIG_IP_NF_TARGET_TCPMSS=y -# CONFIG_IP_NF_RAW is not set -CONFIG_IP_NF_ARPTABLES=m -CONFIG_IP_NF_ARPFILTER=m -CONFIG_IP_NF_ARP_MANGLE=m -CONFIG_IPV6=m - -# -# IPv6: Netfilter Configuration -# -CONFIG_IP6_NF_QUEUE=m -CONFIG_IP6_NF_IPTABLES=m -CONFIG_IP6_NF_MATCH_LIMIT=m -CONFIG_IP6_NF_MATCH_MAC=m -# CONFIG_IP6_NF_MATCH_RANDOM is not set -# CONFIG_IP6_NF_MATCH_NTH is not set -# CONFIG_IP6_NF_MATCH_FUZZY is not set -# CONFIG_IP6_NF_MATCH_RT is not set -# CONFIG_IP6_NF_MATCH_OPTS is not set -# CONFIG_IP6_NF_MATCH_FRAG is not set -# CONFIG_IP6_NF_MATCH_HL is not set -CONFIG_IP6_NF_MATCH_MULTIPORT=m -CONFIG_IP6_NF_MATCH_OWNER=m -CONFIG_IP6_NF_MATCH_MARK=m -# CONFIG_IP6_NF_MATCH_IPV6HEADER is not set -# CONFIG_IP6_NF_MATCH_AHESP is not set -CONFIG_IP6_NF_MATCH_LENGTH=m -CONFIG_IP6_NF_MATCH_EUI64=m -CONFIG_IP6_NF_FILTER=m -CONFIG_IP6_NF_TARGET_REJECT=m -# CONFIG_IP6_NF_TARGET_HL is not set -CONFIG_IP6_NF_TARGET_LOG=m -CONFIG_IP6_NF_MANGLE=m -CONFIG_IP6_NF_TARGET_MARK=m -# CONFIG_KHTTPD is not set -# CONFIG_ATM is not set -CONFIG_VLAN_8021Q=y -# CONFIG_IPX is not set -# CONFIG_ATALK is not set - -# -# Appletalk devices -# -# CONFIG_DEV_APPLETALK is not set -# CONFIG_DECNET is not set -CONFIG_BRIDGE=y -CONFIG_BRIDGE_NF_EBTABLES=m -CONFIG_BRIDGE_EBT_T_FILTER=m -CONFIG_BRIDGE_EBT_T_NAT=m -CONFIG_BRIDGE_EBT_BROUTE=m -CONFIG_BRIDGE_EBT_LOG=m -CONFIG_BRIDGE_EBT_IPF=m -CONFIG_BRIDGE_EBT_ARPF=m -CONFIG_BRIDGE_EBT_AMONG=m -CONFIG_BRIDGE_EBT_LIMIT=m -CONFIG_BRIDGE_EBT_VLANF=m -CONFIG_BRIDGE_EBT_802_3=m -CONFIG_BRIDGE_EBT_PKTTYPE=m -CONFIG_BRIDGE_EBT_STP=m -CONFIG_BRIDGE_EBT_MARKF=m -CONFIG_BRIDGE_EBT_ARPREPLY=m -CONFIG_BRIDGE_EBT_SNAT=m -CONFIG_BRIDGE_EBT_DNAT=m -CONFIG_BRIDGE_EBT_REDIRECT=m -CONFIG_BRIDGE_EBT_MARK_T=m -# CONFIG_X25 is not set -# CONFIG_LAPB is not set -# CONFIG_LLC is not set -# CONFIG_NET_DIVERT is not set -# CONFIG_ECONET is not set -CONFIG_WAN_ROUTER=m -# CONFIG_NET_FASTROUTE is not set -# CONFIG_NET_HW_FLOWCONTROL is not set - -# -# QoS and/or fair queueing -# -CONFIG_NET_SCHED=y -CONFIG_NET_SCH_CBQ=m -CONFIG_NET_SCH_HTB=m -CONFIG_NET_SCH_CSZ=m -CONFIG_NET_SCH_PRIO=m -CONFIG_NET_SCH_RED=m -CONFIG_NET_SCH_SFQ=m -CONFIG_NET_SCH_TEQL=m -CONFIG_NET_SCH_TBF=m -CONFIG_NET_SCH_GRED=m -CONFIG_NET_SCH_DSMARK=m -CONFIG_NET_SCH_INGRESS=m -CONFIG_NET_QOS=y -CONFIG_NET_ESTIMATOR=y -CONFIG_NET_CLS=y -CONFIG_NET_CLS_TCINDEX=m -CONFIG_NET_CLS_ROUTE4=m -CONFIG_NET_CLS_ROUTE=y -CONFIG_NET_CLS_FW=m -CONFIG_NET_CLS_U32=m -CONFIG_NET_CLS_RSVP=m -CONFIG_NET_CLS_RSVP6=m -CONFIG_NET_CLS_POLICE=y - -# -# Network testing -# -# CONFIG_NET_PKTGEN is not set - -# -# Telephony Support -# -# CONFIG_PHONE is not set -# CONFIG_PHONE_IXJ is not set -# CONFIG_PHONE_IXJ_PCMCIA is not set - -# -# ATA/IDE/MFM/RLL support -# -# CONFIG_IDE is not set -# CONFIG_BLK_DEV_IDE_MODES is not set -# CONFIG_BLK_DEV_HD is not set - -# -# SCSI support -# -# CONFIG_SCSI is not set - -# -# I2O device support -# -# CONFIG_I2O is not set -# CONFIG_I2O_PCI is not set -# CONFIG_I2O_BLOCK is not set -# CONFIG_I2O_LAN is not set -# CONFIG_I2O_SCSI is not set -# CONFIG_I2O_PROC is not set - -# -# Network device support -# -CONFIG_NETDEVICES=y - -# -# Broadcom HND network devices -# -CONFIG_HND=y -# CONFIG_IL is not set -CONFIG_ET=m -# CONFIG_ET_4413 is not set -CONFIG_ET_47XX=y -CONFIG_WL=m -CONFIG_WL_AP=y -CONFIG_WL_STA=y - -# -# ARCnet devices -# -# CONFIG_ARCNET is not set -# CONFIG_DUMMY is not set -# CONFIG_BONDING is not set -# CONFIG_EQUALIZER is not set -CONFIG_TUN=m -# CONFIG_ETHERTAP is not set - -# -# Ethernet (10 or 100Mbit) -# -CONFIG_NET_ETHERNET=y -# CONFIG_SUNLANCE is not set -# CONFIG_HAPPYMEAL is not set -# CONFIG_SUNBMAC is not set -# CONFIG_SUNQE is not set -# CONFIG_SUNGEM is not set -# CONFIG_NET_VENDOR_3COM is not set -# CONFIG_LANCE is not set -# CONFIG_NET_VENDOR_SMC is not set -# CONFIG_NET_VENDOR_RACAL is not set -# CONFIG_HP100 is not set -# CONFIG_NET_ISA is not set -# CONFIG_NET_PCI is not set -# CONFIG_NET_POCKET is not set - -# -# Ethernet (1000 Mbit) -# -# CONFIG_ACENIC is not set -# CONFIG_DL2K is not set -# CONFIG_E1000 is not set -# CONFIG_MYRI_SBUS is not set -# CONFIG_NS83820 is not set -# CONFIG_HAMACHI is not set -# CONFIG_YELLOWFIN is not set -# CONFIG_SK98LIN is not set -# CONFIG_TIGON3 is not set -# CONFIG_FDDI is not set -# CONFIG_HIPPI is not set -# CONFIG_PLIP is not set -CONFIG_PPP=y -# CONFIG_PPP_MULTILINK is not set -# CONFIG_PPP_FILTER is not set -CONFIG_PPP_ASYNC=m -# CONFIG_PPP_SYNC_TTY is not set -CONFIG_PPP_DEFLATE=m -CONFIG_PPP_BSDCOMP=m -CONFIG_PPP_MPPE=m -CONFIG_PPPOE=m -# CONFIG_SLIP is not set - -# -# Wireless LAN (non-hamradio) -# -CONFIG_NET_RADIO=y -# CONFIG_STRIP is not set -# CONFIG_WAVELAN is not set -# CONFIG_ARLAN is not set -# CONFIG_AIRONET4500 is not set -# CONFIG_AIRONET4500_NONCS is not set -# CONFIG_AIRONET4500_PROC is not set -# CONFIG_AIRO is not set -# CONFIG_HERMES is not set -# CONFIG_PLX_HERMES is not set -# CONFIG_PCI_HERMES is not set -CONFIG_NET_WIRELESS=y - -# -# Token Ring devices -# -# CONFIG_TR is not set -# CONFIG_NET_FC is not set -# CONFIG_RCPCI is not set -CONFIG_SHAPER=m - -# -# Wan interfaces -# -# CONFIG_WAN is not set - -# -# Amateur Radio support -# -# CONFIG_HAMRADIO is not set - -# -# IrDA (infrared) support -# -# CONFIG_IRDA is not set - -# -# ISDN subsystem -# -# CONFIG_ISDN is not set - -# -# Input core support -# -# CONFIG_INPUT is not set -# CONFIG_INPUT_KEYBDEV is not set -# CONFIG_INPUT_MOUSEDEV is not set -# CONFIG_INPUT_JOYDEV is not set -# CONFIG_INPUT_EVDEV is not set - -# -# Character devices -# -# CONFIG_VT is not set -CONFIG_SERIAL=y -CONFIG_SERIAL_CONSOLE=y -# CONFIG_SERIAL_EXTENDED is not set -# CONFIG_SERIAL_NONSTANDARD is not set -CONFIG_UNIX98_PTYS=y -CONFIG_UNIX98_PTY_COUNT=128 - -# -# I2C support -# -# CONFIG_I2C is not set - -# -# Mice -# -# CONFIG_BUSMOUSE is not set -# CONFIG_MOUSE is not set - -# -# Joysticks -# -# CONFIG_INPUT_GAMEPORT is not set -# CONFIG_QIC02_TAPE is not set - -# -# Watchdog Cards -# -CONFIG_WATCHDOG=y -CONFIG_WATCHDOG_NOWAYOUT=y -# CONFIG_ACQUIRE_WDT is not set -# CONFIG_ADVANTECH_WDT is not set -# CONFIG_ALIM7101_WDT is not set -# CONFIG_SC520_WDT is not set -# CONFIG_PCWATCHDOG is not set -# CONFIG_EUROTECH_WDT is not set -# CONFIG_IB700_WDT is not set -# CONFIG_WAFER_WDT is not set -# CONFIG_I810_TCO is not set -# CONFIG_MIXCOMWD is not set -# CONFIG_60XX_WDT is not set -# CONFIG_SC1200_WDT is not set -CONFIG_SOFT_WATCHDOG=y -# CONFIG_W83877F_WDT is not set -# CONFIG_WDT is not set -# CONFIG_WDTPCI is not set -# CONFIG_MACHZ_WDT is not set -# CONFIG_INDYDOG is not set -# CONFIG_AMD7XX_TCO is not set -# CONFIG_AMD_PM768 is not set -# CONFIG_NVRAM is not set -# CONFIG_RTC is not set -# CONFIG_DTLK is not set -# CONFIG_R3964 is not set -# CONFIG_APPLICOM is not set - -# -# Ftape, the floppy tape device driver -# -# CONFIG_FTAPE is not set -# CONFIG_AGP is not set -# CONFIG_DRM is not set - -# -# File systems -# -CONFIG_BLKDEV_SWAP=m -# CONFIG_QUOTA is not set -# CONFIG_AUTOFS_FS is not set -# CONFIG_AUTOFS4_FS is not set -# CONFIG_REISERFS_FS is not set -# CONFIG_REISERFS_CHECK is not set -# CONFIG_REISERFS_PROC_INFO is not set -# CONFIG_ADFS_FS is not set -# CONFIG_ADFS_FS_RW is not set -# CONFIG_AFFS_FS is not set -# CONFIG_HFS_FS is not set -# CONFIG_BEFS_FS is not set -# CONFIG_BEFS_DEBUG is not set -# CONFIG_BFS_FS is not set -# CONFIG_EXT3_FS is not set -# CONFIG_JBD is not set -# CONFIG_JBD_DEBUG is not set -# CONFIG_FAT_FS is not set -# CONFIG_MSDOS_FS is not set -# CONFIG_UMSDOS_FS is not set -# CONFIG_VFAT_FS is not set -# CONFIG_EFS_FS is not set -# CONFIG_JFFS_FS is not set -CONFIG_JFFS2_FS=y -CONFIG_JFFS2_FS_DEBUG=0 -# CONFIG_JFFS2_BBC_ARMLIB is not set -CONFIG_JFFS2_BBC_LZO=y -CONFIG_JFFS2_BBC_LZARI=y -CONFIG_JFFS2_BBC_LZHD=y -CONFIG_JFFS2_BBC_LZSS=y -# CONFIG_CRAMFS is not set -CONFIG_SQUASHFS=y -# CONFIG_TMPFS is not set -CONFIG_RAMFS=y -# CONFIG_ISO9660_FS is not set -# CONFIG_JOLIET is not set -# CONFIG_ZISOFS is not set -# CONFIG_JFS_FS is not set -# CONFIG_JFS_DEBUG is not set -# CONFIG_JFS_STATISTICS is not set -# CONFIG_MINIX_FS is not set -# CONFIG_VXFS_FS is not set -# CONFIG_NTFS_FS is not set -# CONFIG_NTFS_RW is not set -# CONFIG_HPFS_FS is not set -CONFIG_PROC_FS=y -CONFIG_DEVFS_FS=y -CONFIG_DEVFS_MOUNT=y -# CONFIG_DEVFS_DEBUG is not set -# CONFIG_DEVPTS_FS is not set -# CONFIG_QNX4FS_FS is not set -# CONFIG_QNX4FS_RW is not set -# CONFIG_ROMFS_FS is not set -# CONFIG_EXT2_FS is not set -# CONFIG_SYSV_FS is not set -# CONFIG_UDF_FS is not set -# CONFIG_UDF_RW is not set -# CONFIG_UFS_FS is not set -# CONFIG_UFS_FS_WRITE is not set - -# -# Network File Systems -# -# CONFIG_CODA_FS is not set -# CONFIG_INTERMEZZO_FS is not set -CONFIG_NFS_FS=m -CONFIG_NFS_V3=y -# CONFIG_ROOT_NFS is not set -CONFIG_SWAP_VIA_NFS=m -CONFIG_NETSWAP=y -# CONFIG_NFSD is not set -# CONFIG_NFSD_V3 is not set -# CONFIG_NFSD_TCP is not set -CONFIG_SUNRPC=m -CONFIG_LOCKD=m -CONFIG_LOCKD_V4=y -# CONFIG_SMB_FS is not set -# CONFIG_NCP_FS is not set -# CONFIG_NCPFS_PACKET_SIGNING is not set -# CONFIG_NCPFS_IOCTL_LOCKING is not set -# CONFIG_NCPFS_STRONG is not set -# CONFIG_NCPFS_NFS_NS is not set -# CONFIG_NCPFS_OS2_NS is not set -# CONFIG_NCPFS_SMALLDOS is not set -# CONFIG_NCPFS_NLS is not set -# CONFIG_NCPFS_EXTRAS is not set -# CONFIG_ZISOFS_FS is not set - -# -# Partition Types -# -CONFIG_PARTITION_ADVANCED=y -# CONFIG_ACORN_PARTITION is not set -# CONFIG_OSF_PARTITION is not set -# CONFIG_AMIGA_PARTITION is not set -# CONFIG_ATARI_PARTITION is not set -# CONFIG_MAC_PARTITION is not set -# CONFIG_MSDOS_PARTITION is not set -# CONFIG_LDM_PARTITION is not set -# CONFIG_SGI_PARTITION is not set -# CONFIG_ULTRIX_PARTITION is not set -# CONFIG_SUN_PARTITION is not set -# CONFIG_EFI_PARTITION is not set -# CONFIG_SMB_NLS is not set -# CONFIG_NLS is not set - -# -# Multimedia devices -# -# CONFIG_VIDEO_DEV is not set - -# -# Sound -# -# CONFIG_SOUND is not set - -# -# USB support -# -# CONFIG_USB is not set - -# -# Support for USB gadgets -# -# CONFIG_USB_GADGET is not set - -# -# Bluetooth support -# -# CONFIG_BLUEZ is not set - -# -# Kernel hacking -# -CONFIG_CROSSCOMPILE=y -# CONFIG_KERNPROF is not set -# CONFIG_MCOUNT is not set -# CONFIG_DEBUG is not set -CONFIG_MAGIC_SYSRQ=y -# CONFIG_MIPS_UNCACHED is not set -# CONFIG_KTRACE is not set -# CONFIG_HWSIM is not set - -# -# Library routines -# -CONFIG_ZLIB_INFLATE=y -CONFIG_ZLIB_DEFLATE=y diff --git a/obsolete-buildroot/sources/openwrt/kernel/netfilter/patches/100-revert_netfilter.patch b/obsolete-buildroot/sources/openwrt/kernel/netfilter/patches/100-revert_netfilter.patch deleted file mode 100644 index 611261f..0000000 --- a/obsolete-buildroot/sources/openwrt/kernel/netfilter/patches/100-revert_netfilter.patch +++ /dev/null @@ -1,5834 +0,0 @@ -diff -Nurb linux/include/linux/netfilter_ipv4/ip_conntrack.h linux.stock/include/linux/netfilter_ipv4/ip_conntrack.h ---- linux/include/linux/netfilter_ipv4/ip_conntrack.h 2003-08-12 07:43:11.000000000 -0400 -+++ linux.stock/include/linux/netfilter_ipv4/ip_conntrack.h 2004-05-09 04:13:03.000000000 -0400 -@@ -45,39 +45,27 @@ - - #include <linux/netfilter_ipv4/ip_conntrack_tcp.h> - #include <linux/netfilter_ipv4/ip_conntrack_icmp.h> --#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h> - - /* per conntrack: protocol private data */ - union ip_conntrack_proto { - /* insert conntrack proto private data here */ -- struct ip_ct_gre gre; - struct ip_ct_tcp tcp; - struct ip_ct_icmp icmp; - }; - - union ip_conntrack_expect_proto { - /* insert expect proto private data here */ -- struct ip_ct_gre_expect gre; - }; - - /* Add protocol helper include file here */ --#include <linux/netfilter_ipv4/ip_conntrack_pptp.h> --#include <linux/netfilter_ipv4/ip_conntrack_mms.h> --#include <linux/netfilter_ipv4/ip_conntrack_h323.h> -- - #include <linux/netfilter_ipv4/ip_conntrack_ftp.h> - #include <linux/netfilter_ipv4/ip_conntrack_irc.h> --#include <linux/netfilter_ipv4/ip_autofw.h> - - /* per expectation: application helper private data */ - union ip_conntrack_expect_help { - /* insert conntrack helper private data (expect) here */ -- struct ip_ct_pptp_expect exp_pptp_info; -- struct ip_ct_mms_expect exp_mms_info; -- struct ip_ct_h225_expect exp_h225_info; - struct ip_ct_ftp_expect exp_ftp_info; - struct ip_ct_irc_expect exp_irc_info; -- struct ip_autofw_expect exp_autofw_info; - - #ifdef CONFIG_IP_NF_NAT_NEEDED - union { -@@ -89,21 +77,16 @@ - /* per conntrack: application helper private data */ - union ip_conntrack_help { - /* insert conntrack helper private data (master) here */ -- struct ip_ct_pptp_master ct_pptp_info; -- struct ip_ct_mms_master ct_mms_info; -- struct ip_ct_h225_master ct_h225_info; - struct ip_ct_ftp_master ct_ftp_info; - struct ip_ct_irc_master ct_irc_info; - }; - - #ifdef CONFIG_IP_NF_NAT_NEEDED - #include <linux/netfilter_ipv4/ip_nat.h> --#include <linux/netfilter_ipv4/ip_nat_pptp.h> - - /* per conntrack: nat application helper private data */ - union ip_conntrack_nat_help { - /* insert nat helper private data here */ -- struct ip_nat_pptp nat_pptp_info; - }; - #endif - -@@ -275,9 +258,5 @@ - } - - extern unsigned int ip_conntrack_htable_size; -- --/* connection tracking time out variables. */ --extern int sysctl_ip_conntrack_tcp_timeouts[10]; --extern int sysctl_ip_conntrack_udp_timeouts[2]; - #endif /* __KERNEL__ */ - #endif /* _IP_CONNTRACK_H */ -diff -Nurb linux/include/linux/netfilter_ipv4/ip_conntrack_h323.h linux.stock/include/linux/netfilter_ipv4/ip_conntrack_h323.h ---- linux/include/linux/netfilter_ipv4/ip_conntrack_h323.h 2003-07-04 04:12:27.000000000 -0400 -+++ linux.stock/include/linux/netfilter_ipv4/ip_conntrack_h323.h 1969-12-31 19:00:00.000000000 -0500 -@@ -1,30 +0,0 @@ --#ifndef _IP_CONNTRACK_H323_H --#define _IP_CONNTRACK_H323_H --/* H.323 connection tracking. */ -- --#ifdef __KERNEL__ --/* Protects H.323 related data */ --DECLARE_LOCK_EXTERN(ip_h323_lock); --#endif -- --/* Default H.225 port */ --#define H225_PORT 1720 -- --/* This structure is per expected connection */ --struct ip_ct_h225_expect { -- u_int16_t port; /* Port of the H.225 helper/RTCP/RTP channel */ -- enum ip_conntrack_dir dir; /* Direction of the original connection */ -- unsigned int offset; /* offset of the address in the payload */ --}; -- --/* This structure exists only once per master */ --struct ip_ct_h225_master { -- int is_h225; /* H.225 or H.245 connection */ --#ifdef CONFIG_IP_NF_NAT_NEEDED -- enum ip_conntrack_dir dir; /* Direction of the original connection */ -- u_int32_t seq[IP_CT_DIR_MAX]; /* Exceptional packet mangling for signal addressess... */ -- unsigned int offset[IP_CT_DIR_MAX]; /* ...and the offset of the addresses in the payload */ --#endif --}; -- --#endif /* _IP_CONNTRACK_H323_H */ -diff -Nurb linux/include/linux/netfilter_ipv4/ip_conntrack_mms.h linux.stock/include/linux/netfilter_ipv4/ip_conntrack_mms.h ---- linux/include/linux/netfilter_ipv4/ip_conntrack_mms.h 2003-07-04 04:12:27.000000000 -0400 -+++ linux.stock/include/linux/netfilter_ipv4/ip_conntrack_mms.h 1969-12-31 19:00:00.000000000 -0500 -@@ -1,31 +0,0 @@ --#ifndef _IP_CONNTRACK_MMS_H --#define _IP_CONNTRACK_MMS_H --/* MMS tracking. */ -- --#ifdef __KERNEL__ --#include <linux/netfilter_ipv4/lockhelp.h> -- --DECLARE_LOCK_EXTERN(ip_mms_lock); -- --#define MMS_PORT 1755 --#define MMS_SRV_MSG_ID 196610 -- --#define MMS_SRV_MSG_OFFSET 36 --#define MMS_SRV_UNICODE_STRING_OFFSET 60 --#define MMS_SRV_CHUNKLENLV_OFFSET 16 --#define MMS_SRV_CHUNKLENLM_OFFSET 32 --#define MMS_SRV_MESSAGELENGTH_OFFSET 8 --#endif -- --/* This structure is per expected connection */ --struct ip_ct_mms_expect { -- u_int32_t len; -- u_int32_t padding; -- u_int16_t port; --}; -- --/* This structure exists only once per master */ --struct ip_ct_mms_master { --}; -- --#endif /* _IP_CONNTRACK_MMS_H */ -diff -Nurb linux/include/linux/netfilter_ipv4/ip_conntrack_pptp.h linux.stock/include/linux/netfilter_ipv4/ip_conntrack_pptp.h ---- linux/include/linux/netfilter_ipv4/ip_conntrack_pptp.h 2003-07-04 04:12:27.000000000 -0400 -+++ linux.stock/include/linux/netfilter_ipv4/ip_conntrack_pptp.h 1969-12-31 19:00:00.000000000 -0500 -@@ -1,313 +0,0 @@ --/* PPTP constants and structs */ --#ifndef _CONNTRACK_PPTP_H --#define _CONNTRACK_PPTP_H -- --/* state of the control session */ --enum pptp_ctrlsess_state { -- PPTP_SESSION_NONE, /* no session present */ -- PPTP_SESSION_ERROR, /* some session error */ -- PPTP_SESSION_STOPREQ, /* stop_sess request seen */ -- PPTP_SESSION_REQUESTED, /* start_sess request seen */ -- PPTP_SESSION_CONFIRMED, /* session established */ --}; -- --/* state of the call inside the control session */ --enum pptp_ctrlcall_state { -- PPTP_CALL_NONE, -- PPTP_CALL_ERROR, -- PPTP_CALL_OUT_REQ, -- PPTP_CALL_OUT_CONF, -- PPTP_CALL_IN_REQ, -- PPTP_CALL_IN_REP, -- PPTP_CALL_IN_CONF, -- PPTP_CALL_CLEAR_REQ, --}; -- -- --/* conntrack private data */ --struct ip_ct_pptp_master { -- enum pptp_ctrlsess_state sstate; /* session state */ -- -- /* everything below is going to be per-expectation in newnat, -- * since there could be more than one call within one session */ -- enum pptp_ctrlcall_state cstate; /* call state */ -- u_int16_t pac_call_id; /* call id of PAC, host byte order */ -- u_int16_t pns_call_id; /* call id of PNS, host byte order */ --}; -- --/* conntrack_expect private member */ --struct ip_ct_pptp_expect { -- enum pptp_ctrlcall_state cstate; /* call state */ -- u_int16_t pac_call_id; /* call id of PAC */ -- u_int16_t pns_call_id; /* call id of PNS */ --}; -- -- --#ifdef __KERNEL__ -- --#include <linux/netfilter_ipv4/lockhelp.h> --DECLARE_LOCK_EXTERN(ip_pptp_lock); -- --#define IP_CONNTR_PPTP PPTP_CONTROL_PORT -- --union pptp_ctrl_union { -- void *rawreq; -- struct PptpStartSessionRequest *sreq; -- struct PptpStartSessionReply *srep; -- struct PptpStopSessionReqest *streq; -- struct PptpStopSessionReply *strep; -- struct PptpOutCallRequest *ocreq; -- struct PptpOutCallReply *ocack; -- struct PptpInCallRequest *icreq; -- struct PptpInCallReply *icack; -- struct PptpInCallConnected *iccon; -- struct PptpClearCallRequest *clrreq; -- struct PptpCallDisconnectNotify *disc; -- struct PptpWanErrorNotify *wanerr; -- struct PptpSetLinkInfo *setlink; --}; -- -- -- --#define PPTP_CONTROL_PORT 1723 -- --#define PPTP_PACKET_CONTROL 1 --#define PPTP_PACKET_MGMT 2 -- --#define PPTP_MAGIC_COOKIE 0x1a2b3c4d -- --struct pptp_pkt_hdr { -- __u16 packetLength; -- __u16 packetType; -- __u32 magicCookie; --}; -- --/* PptpControlMessageType values */ --#define PPTP_START_SESSION_REQUEST 1 --#define PPTP_START_SESSION_REPLY 2 --#define PPTP_STOP_SESSION_REQUEST 3 --#define PPTP_STOP_SESSION_REPLY 4 --#define PPTP_ECHO_REQUEST 5 --#define PPTP_ECHO_REPLY 6 --#define PPTP_OUT_CALL_REQUEST 7 --#define PPTP_OUT_CALL_REPLY 8 --#define PPTP_IN_CALL_REQUEST 9 --#define PPTP_IN_CALL_REPLY 10 --#define PPTP_IN_CALL_CONNECT 11 --#define PPTP_CALL_CLEAR_REQUEST 12 --#define PPTP_CALL_DISCONNECT_NOTIFY 13 --#define PPTP_WAN_ERROR_NOTIFY 14 --#define PPTP_SET_LINK_INFO 15 -- --#define PPTP_MSG_MAX 15 -- --/* PptpGeneralError values */ --#define PPTP_ERROR_CODE_NONE 0 --#define PPTP_NOT_CONNECTED 1 --#define PPTP_BAD_FORMAT 2 --#define PPTP_BAD_VALUE 3 --#define PPTP_NO_RESOURCE 4 --#define PPTP_BAD_CALLID 5 --#define PPTP_REMOVE_DEVICE_ERROR 6 -- --struct PptpControlHeader { -- __u16 messageType; -- __u16 reserved; --}; -- --/* FramingCapability Bitmap Values */ --#define PPTP_FRAME_CAP_ASYNC 0x1 --#define PPTP_FRAME_CAP_SYNC 0x2 -- --/* BearerCapability Bitmap Values */ --#define PPTP_BEARER_CAP_ANALOG 0x1 --#define PPTP_BEARER_CAP_DIGITAL 0x2 -- --struct PptpStartSessionRequest { -- __u16 protocolVersion; -- __u8 reserved1; -- __u8 reserved2; -- __u32 framingCapability; -- __u32 bearerCapability; -- __u16 maxChannels; -- __u16 firmwareRevision; -- __u8 hostName[64]; -- __u8 vendorString[64]; --}; -- --/* PptpStartSessionResultCode Values */ --#define PPTP_START_OK 1 --#define PPTP_START_GENERAL_ERROR 2 --#define PPTP_START_ALREADY_CONNECTED 3 --#define PPTP_START_NOT_AUTHORIZED 4 --#define PPTP_START_UNKNOWN_PROTOCOL 5 -- --struct PptpStartSessionReply { -- __u16 protocolVersion; -- __u8 resultCode; -- __u8 generalErrorCode; -- __u32 framingCapability; -- __u32 bearerCapability; -- __u16 maxChannels; -- __u16 firmwareRevision; -- __u8 hostName[64]; -- __u8 vendorString[64]; --}; -- --/* PptpStopReasons */ --#define PPTP_STOP_NONE 1 --#define PPTP_STOP_PROTOCOL 2 --#define PPTP_STOP_LOCAL_SHUTDOWN 3 -- --struct PptpStopSessionRequest { -- __u8 reason; --}; -- --/* PptpStopSessionResultCode */ --#define PPTP_STOP_OK 1 --#define PPTP_STOP_GENERAL_ERROR 2 -- --struct PptpStopSessionReply { -- __u8 resultCode; -- __u8 generalErrorCode; --}; -- --struct PptpEchoRequest { -- __u32 identNumber; --}; -- --/* PptpEchoReplyResultCode */ --#define PPTP_ECHO_OK 1 --#define PPTP_ECHO_GENERAL_ERROR 2 -- --struct PptpEchoReply { -- __u32 identNumber; -- __u8 resultCode; -- __u8 generalErrorCode; -- __u16 reserved; --}; -- --/* PptpFramingType */ --#define PPTP_ASYNC_FRAMING 1 --#define PPTP_SYNC_FRAMING 2 --#define PPTP_DONT_CARE_FRAMING 3 -- --/* PptpCallBearerType */ --#define PPTP_ANALOG_TYPE 1 --#define PPTP_DIGITAL_TYPE 2 --#define PPTP_DONT_CARE_BEARER_TYPE 3 -- --struct PptpOutCallRequest { -- __u16 callID; -- __u16 callSerialNumber; -- __u32 minBPS; -- __u32 maxBPS; -- __u32 bearerType; -- __u32 framingType; -- __u16 packetWindow; -- __u16 packetProcDelay; -- __u16 reserved1; -- __u16 phoneNumberLength; -- __u16 reserved2; -- __u8 phoneNumber[64]; -- __u8 subAddress[64]; --}; -- --/* PptpCallResultCode */ --#define PPTP_OUTCALL_CONNECT 1 --#define PPTP_OUTCALL_GENERAL_ERROR 2 --#define PPTP_OUTCALL_NO_CARRIER 3 --#define PPTP_OUTCALL_BUSY 4 --#define PPTP_OUTCALL_NO_DIAL_TONE 5 --#define PPTP_OUTCALL_TIMEOUT 6 --#define PPTP_OUTCALL_DONT_ACCEPT 7 -- --struct PptpOutCallReply { -- __u16 callID; -- __u16 peersCallID; -- __u8 resultCode; -- __u8 generalErrorCode; -- __u16 causeCode; -- __u32 connectSpeed; -- __u16 packetWindow; -- __u16 packetProcDelay; -- __u32 physChannelID; --}; -- --struct PptpInCallRequest { -- __u16 callID; -- __u16 callSerialNumber; -- __u32 callBearerType; -- __u32 physChannelID; -- __u16 dialedNumberLength; -- __u16 dialingNumberLength; -- __u8 dialedNumber[64]; -- __u8 dialingNumber[64]; -- __u8 subAddress[64]; --}; -- --/* PptpInCallResultCode */ --#define PPTP_INCALL_ACCEPT 1 --#define PPTP_INCALL_GENERAL_ERROR 2 --#define PPTP_INCALL_DONT_ACCEPT 3 -- --struct PptpInCallReply { -- __u16 callID; -- __u16 peersCallID; -- __u8 resultCode; -- __u8 generalErrorCode; -- __u16 packetWindow; -- __u16 packetProcDelay; -- __u16 reserved; --}; -- --struct PptpInCallConnected { -- __u16 peersCallID; -- __u16 reserved; -- __u32 connectSpeed; -- __u16 packetWindow; -- __u16 packetProcDelay; -- __u32 callFramingType; --}; -- --struct PptpClearCallRequest { -- __u16 callID; -- __u16 reserved; --}; -- --struct PptpCallDisconnectNotify { -- __u16 callID; -- __u8 resultCode; -- __u8 generalErrorCode; -- __u16 causeCode; -- __u16 reserved; -- __u8 callStatistics[128]; --}; -- --struct PptpWanErrorNotify { -- __u16 peersCallID; -- __u16 reserved; -- __u32 crcErrors; -- __u32 framingErrors; -- __u32 hardwareOverRuns; -- __u32 bufferOverRuns; -- __u32 timeoutErrors; -- __u32 alignmentErrors; --}; -- --struct PptpSetLinkInfo { -- __u16 peersCallID; -- __u16 reserved; -- __u32 sendAccm; -- __u32 recvAccm; --}; -- -- --struct pptp_priv_data { -- __u16 call_id; -- __u16 mcall_id; -- __u16 pcall_id; --}; -- --#endif /* __KERNEL__ */ --#endif /* _CONNTRACK_PPTP_H */ -diff -Nurb linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h linux.stock/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h ---- linux/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h 2003-07-04 04:12:27.000000000 -0400 -+++ linux.stock/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h 1969-12-31 19:00:00.000000000 -0500 -@@ -1,121 +0,0 @@ --#ifndef _CONNTRACK_PROTO_GRE_H --#define _CONNTRACK_PROTO_GRE_H --#include <asm/byteorder.h> -- --/* GRE PROTOCOL HEADER */ -- --/* GRE Version field */ --#define GRE_VERSION_1701 0x0 --#define GRE_VERSION_PPTP 0x1 -- --/* GRE Protocol field */ --#define GRE_PROTOCOL_PPTP 0x880B -- --/* GRE Flags */ --#define GRE_FLAG_C 0x80 --#define GRE_FLAG_R 0x40 --#define GRE_FLAG_K 0x20 --#define GRE_FLAG_S 0x10 --#define GRE_FLAG_A 0x80 -- --#define GRE_IS_C(f) ((f)&GRE_FLAG_C) --#define GRE_IS_R(f) ((f)&GRE_FLAG_R) --#define GRE_IS_K(f) ((f)&GRE_FLAG_K) --#define GRE_IS_S(f) ((f)&GRE_FLAG_S) --#define GRE_IS_A(f) ((f)&GRE_FLAG_A) -- --/* GRE is a mess: Four different standards */ --struct gre_hdr { --#if defined(__LITTLE_ENDIAN_BITFIELD) -- __u16 rec:3, -- srr:1, -- seq:1, -- key:1, -- routing:1, -- csum:1, -- version:3, -- reserved:4, -- ack:1; --#elif defined(__BIG_ENDIAN_BITFIELD) -- __u16 csum:1, -- routing:1, -- key:1, -- seq:1, -- srr:1, -- rec:3, -- ack:1, -- reserved:4, -- version:3; --#else --#error "Adjust your <asm/byteorder.h> defines" --#endif -- __u16 protocol; --}; -- --/* modified GRE header for PPTP */ --struct gre_hdr_pptp { -- __u8 flags; /* bitfield */ -- __u8 version; /* should be GRE_VERSION_PPTP */ -- __u16 protocol; /* should be GRE_PROTOCOL_PPTP */ -- __u16 payload_len; /* size of ppp payload, not inc. gre header */ -- __u16 call_id; /* peer's call_id for this session */ -- __u32 seq; /* sequence number. Present if S==1 */ -- __u32 ack; /* seq number of highest packet recieved by */ -- /* sender in this session */ --}; -- -- --/* this is part of ip_conntrack */ --struct ip_ct_gre { -- unsigned int stream_timeout; -- unsigned int timeout; --}; -- --/* this is part of ip_conntrack_expect */ --struct ip_ct_gre_expect { -- struct ip_ct_gre_keymap *keymap_orig, *keymap_reply; --}; -- --#ifdef __KERNEL__ -- --/* structure for original <-> reply keymap */ --struct ip_ct_gre_keymap { -- struct list_head list; -- -- struct ip_conntrack_tuple tuple; -- struct ip_conntrack_expect *master; --}; -- -- --/* add new tuple->key_reply pair to keymap */ --int ip_ct_gre_keymap_add(struct ip_conntrack_expect *exp, -- struct ip_conntrack_tuple *t, -- int reply); -- --/* change an existing keymap entry */ --void ip_ct_gre_keymap_change(struct ip_ct_gre_keymap *km, -- struct ip_conntrack_tuple *t); -- -- -- --/* get pointer to gre key, if present */ --static inline u_int32_t *gre_key(struct gre_hdr *greh) --{ -- if (!greh->key) -- return NULL; -- if (greh->csum || greh->routing) -- return (u_int32_t *) (greh+sizeof(*greh)+4); -- return (u_int32_t *) (greh+sizeof(*greh)); --} -- --/* get pointer ot gre csum, if present */ --static inline u_int16_t *gre_csum(struct gre_hdr *greh) --{ -- if (!greh->csum) -- return NULL; -- return (u_int16_t *) (greh+sizeof(*greh)); --} -- --#endif /* __KERNEL__ */ -- --#endif /* _CONNTRACK_PROTO_GRE_H */ -diff -Nurb linux/include/linux/netfilter_ipv4/ip_conntrack_tftp.h linux.stock/include/linux/netfilter_ipv4/ip_conntrack_tftp.h ---- linux/include/linux/netfilter_ipv4/ip_conntrack_tftp.h 2003-07-04 04:12:27.000000000 -0400 -+++ linux.stock/include/linux/netfilter_ipv4/ip_conntrack_tftp.h 1969-12-31 19:00:00.000000000 -0500 -@@ -1,13 +0,0 @@ --#ifndef _IP_CT_TFTP --#define _IP_CT_TFTP -- --#define TFTP_PORT 69 -- --struct tftphdr { -- u_int16_t opcode; --}; -- --#define TFTP_OPCODE_READ 1 --#define TFTP_OPCODE_WRITE 2 -- --#endif /* _IP_CT_TFTP */ -diff -Nurb linux/include/linux/netfilter_ipv4/ip_conntrack_tuple.h linux.stock/include/linux/netfilter_ipv4/ip_conntrack_tuple.h ---- linux/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2003-07-04 04:12:27.000000000 -0400 -+++ linux.stock/include/linux/netfilter_ipv4/ip_conntrack_tuple.h 2004-05-09 04:13:03.000000000 -0400 -@@ -14,7 +14,7 @@ - union ip_conntrack_manip_proto - { - /* Add other protocols here. */ -- u_int32_t all; -+ u_int16_t all; - - struct { - u_int16_t port; -@@ -25,9 +25,6 @@ - struct { - u_int16_t id; - } icmp; -- struct { -- u_int32_t key; -- } gre; - }; - - /* The manipulable part of the tuple. */ -@@ -47,7 +44,7 @@ - u_int32_t ip; - union { - /* Add other protocols here. */ -- u_int64_t all; -+ u_int16_t all; - - struct { - u_int16_t port; -@@ -58,11 +55,6 @@ - struct { - u_int8_t type, code; - } icmp; -- struct { -- u_int16_t protocol; -- u_int8_t version; -- u_int32_t key; -- } gre; - } u; - - /* The protocol. */ -@@ -80,16 +72,10 @@ - #ifdef __KERNEL__ - - #define DUMP_TUPLE(tp) \ --DEBUGP("tuple %p: %u %u.%u.%u.%u:%u -> %u.%u.%u.%u:%u\n", \ -+DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n", \ - (tp), (tp)->dst.protonum, \ -- NIPQUAD((tp)->src.ip), ntohl((tp)->src.u.all), \ -- NIPQUAD((tp)->dst.ip), ntohl((tp)->dst.u.all)) -- --#define DUMP_TUPLE_RAW(x) \ -- DEBUGP("tuple %p: %u %u.%u.%u.%u:0x%08x -> %u.%u.%u.%u:0x%08x\n",\ -- (x), (x)->dst.protonum, \ -- NIPQUAD((x)->src.ip), ntohl((x)->src.u.all), \ -- NIPQUAD((x)->dst.ip), ntohl((x)->dst.u.all)) -+ NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all), \ -+ NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all)) - - #define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL) - -diff -Nurb linux/include/linux/netfilter_ipv4/ip_nat_pptp.h linux.stock/include/linux/netfilter_ipv4/ip_nat_pptp.h ---- linux/include/linux/netfilter_ipv4/ip_nat_pptp.h 2003-07-04 04:12:27.000000000 -0400 -+++ linux.stock/include/linux/netfilter_ipv4/ip_nat_pptp.h 1969-12-31 19:00:00.000000000 -0500 -@@ -1,11 +0,0 @@ --/* PPTP constants and structs */ --#ifndef _NAT_PPTP_H --#define _NAT_PPTP_H -- --/* conntrack private data */ --struct ip_nat_pptp { -- u_int16_t pns_call_id; /* NAT'ed PNS call id */ -- u_int16_t pac_call_id; /* NAT'ed PAC call id */ --}; -- --#endif /* _NAT_PPTP_H */ -diff -Nurb linux/include/linux/netfilter_ipv4/ip_pool.h linux.stock/include/linux/netfilter_ipv4/ip_pool.h ---- linux/include/linux/netfilter_ipv4/ip_pool.h 2003-07-04 04:12:27.000000000 -0400 -+++ linux.stock/include/linux/netfilter_ipv4/ip_pool.h 1969-12-31 19:00:00.000000000 -0500 -@@ -1,64 +0,0 @@ --#ifndef _IP_POOL_H --#define _IP_POOL_H -- --/***************************************************************************/ --/* This program is free software; you can redistribute it and/or modify */ --/* it under the terms of the GNU General Public License as published by */ --/* the Free Software Foundation; either version 2 of the License, or */ --/* (at your option) any later version. */ --/* */ --/* This program is distributed in the hope that it will be useful, */ --/* but WITHOUT ANY WARRANTY; without even the implied warranty of */ --/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ --/* GNU General Public License for more details. */ --/* */ --/* You should have received a copy of the GNU General Public License */ --/* along with this program; if not, write to the Free Software */ --/* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA*/ --/***************************************************************************/ -- --/* A sockopt of such quality has hardly ever been seen before on the open -- * market! This little beauty, hardly ever used: above 64, so it's -- * traditionally used for firewalling, not touched (even once!) by the -- * 2.0, 2.2 and 2.4 kernels! -- * -- * Comes with its own certificate of authenticity, valid anywhere in the -- * Free world! -- * -- * Rusty, 19.4.2000 -- */ --#define SO_IP_POOL 81 -- --typedef int ip_pool_t; /* pool index */ --#define IP_POOL_NONE ((ip_pool_t)-1) -- --struct ip_pool_request { -- int op; -- ip_pool_t index; -- u_int32_t addr; -- u_int32_t addr2; --}; -- --/* NOTE: I deliberately break the first cut ippool utility. Nobody uses it. */ -- --#define IP_POOL_BAD001 0x00000010 -- --#define IP_POOL_FLUSH 0x00000011 /* req.index, no arguments */ --#define IP_POOL_INIT 0x00000012 /* from addr to addr2 incl. */ --#define IP_POOL_DESTROY 0x00000013 /* req.index, no arguments */ --#define IP_POOL_ADD_ADDR 0x00000014 /* add addr to pool */ --#define IP_POOL_DEL_ADDR 0x00000015 /* del addr from pool */ --#define IP_POOL_HIGH_NR 0x00000016 /* result in req.index */ --#define IP_POOL_LOOKUP 0x00000017 /* result in addr and addr2 */ --#define IP_POOL_USAGE 0x00000018 /* result in addr */ --#define IP_POOL_TEST_ADDR 0x00000019 /* result (0/1) returned */ -- --#ifdef __KERNEL__ -- --/* NOTE: ip_pool_match() and ip_pool_mod() expect ADDR to be host byte order */ --extern int ip_pool_match(ip_pool_t pool, u_int32_t addr); --extern int ip_pool_mod(ip_pool_t pool, u_int32_t addr, int isdel); -- --#endif -- --#endif /*_IP_POOL_H*/ -diff -Nurb linux/include/linux/netfilter_ipv4/ipt_pool.h linux.stock/include/linux/netfilter_ipv4/ipt_pool.h ---- linux/include/linux/netfilter_ipv4/ipt_pool.h 2003-07-04 04:12:27.000000000 -0400 -+++ linux.stock/include/linux/netfilter_ipv4/ipt_pool.h 1969-12-31 19:00:00.000000000 -0500 -@@ -1,25 +0,0 @@ --#ifndef _IPT_POOL_H --#define _IPT_POOL_H -- --#include <linux/netfilter_ipv4/ip_pool.h> -- --#define IPT_POOL_INV_SRC 0x00000001 --#define IPT_POOL_INV_DST 0x00000002 --#define IPT_POOL_DEL_SRC 0x00000004 --#define IPT_POOL_DEL_DST 0x00000008 --#define IPT_POOL_INV_MOD_SRC 0x00000010 --#define IPT_POOL_INV_MOD_DST 0x00000020 --#define IPT_POOL_MOD_SRC_ACCEPT 0x00000040 --#define IPT_POOL_MOD_DST_ACCEPT 0x00000080 --#define IPT_POOL_MOD_SRC_DROP 0x00000100 --#define IPT_POOL_MOD_DST_DROP 0x00000200 -- --/* match info */ --struct ipt_pool_info --{ -- ip_pool_t src; -- ip_pool_t dst; -- unsigned flags; --}; -- --#endif /*_IPT_POOL_H*/ -diff -Nurb linux/net/ipv4/netfilter/Config.in linux.stock/net/ipv4/netfilter/Config.in ---- linux/net/ipv4/netfilter/Config.in 2004-02-19 06:04:35.000000000 -0500 -+++ linux.stock/net/ipv4/netfilter/Config.in 2004-05-09 04:13:03.000000000 -0400 -@@ -7,12 +7,7 @@ - tristate 'Connection tracking (required for masq/NAT)' CONFIG_IP_NF_CONNTRACK - if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then - dep_tristate ' FTP protocol support' CONFIG_IP_NF_FTP $CONFIG_IP_NF_CONNTRACK -- dep_tristate ' TFTP protocol support' CONFIG_IP_NF_TFTP $CONFIG_IP_NF_CONNTRACK -- dep_tristate ' H.323 (netmeeting) support' CONFIG_IP_NF_H323 $CONFIG_IP_NF_CONNTRACK - dep_tristate ' IRC protocol support' CONFIG_IP_NF_IRC $CONFIG_IP_NF_CONNTRACK -- dep_tristate ' MMS protocol support' CONFIG_IP_NF_MMS $CONFIG_IP_NF_CONNTRACK -- dep_tristate ' GRE protocol support' CONFIG_IP_NF_CT_PROTO_GRE $CONFIG_IP_NF_CONNTRACK -- dep_tristate ' PPTP protocol support' CONFIG_IP_NF_PPTP $CONFIG_IP_NF_CT_PROTO_GRE - fi - - if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then -@@ -22,19 +17,11 @@ - if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; then - # The simple matches. - dep_tristate ' limit match support' CONFIG_IP_NF_MATCH_LIMIT $CONFIG_IP_NF_IPTABLES -- -- dep_tristate ' IP address pool support' CONFIG_IP_NF_POOL $CONFIG_IP_NF_IPTABLES -- if [ "$CONFIG_IP_NF_POOL" = "y" -o "$CONFIG_IP_NF_POOL" = "m" ]; then -- bool ' enable statistics on pool usage' CONFIG_IP_POOL_STATISTICS n -- fi -- - dep_tristate ' MAC address match support' CONFIG_IP_NF_MATCH_MAC $CONFIG_IP_NF_IPTABLES - dep_tristate ' Packet type match support' CONFIG_IP_NF_MATCH_PKTTYPE $CONFIG_IP_NF_IPTABLES - dep_tristate ' netfilter MARK match support' CONFIG_IP_NF_MATCH_MARK $CONFIG_IP_NF_IPTABLES - dep_tristate ' Multiple port match support' CONFIG_IP_NF_MATCH_MULTIPORT $CONFIG_IP_NF_IPTABLES -- dep_tristate ' Multiple port with ranges match support' CONFIG_IP_NF_MATCH_MPORT $CONFIG_IP_NF_IPTABLES - dep_tristate ' TOS match support' CONFIG_IP_NF_MATCH_TOS $CONFIG_IP_NF_IPTABLES -- dep_tristate ' TIME match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_TIME $CONFIG_IP_NF_IPTABLES - dep_tristate ' ECN match support' CONFIG_IP_NF_MATCH_ECN $CONFIG_IP_NF_IPTABLES - - dep_tristate ' DSCP match support' CONFIG_IP_NF_MATCH_DSCP $CONFIG_IP_NF_IPTABLES -@@ -52,7 +39,6 @@ - fi - if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then - dep_tristate ' Unclean match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_UNCLEAN $CONFIG_IP_NF_IPTABLES -- dep_tristate ' Webstr match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_WEBSTR $CONFIG_IP_NF_IPTABLES - dep_tristate ' Owner match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_OWNER $CONFIG_IP_NF_IPTABLES - fi - # The targets -@@ -70,29 +56,6 @@ - define_bool CONFIG_IP_NF_NAT_NEEDED y - dep_tristate ' MASQUERADE target support' CONFIG_IP_NF_TARGET_MASQUERADE $CONFIG_IP_NF_NAT - dep_tristate ' REDIRECT target support' CONFIG_IP_NF_TARGET_REDIRECT $CONFIG_IP_NF_NAT -- dep_tristate ' Automatic port forwarding (autofw) target support' CONFIG_IP_NF_AUTOFW $CONFIG_IP_NF_NAT -- dep_tristate ' TRIGGER target support (port-trigger)' CONFIG_IP_NF_TARGET_TRIGGER $CONFIG_IP_NF_NAT -- if [ "$CONFIG_IP_NF_H323" = "m" ]; then -- define_tristate CONFIG_IP_NF_NAT_H323 m -- else -- if [ "$CONFIG_IP_NF_H323" = "y" ]; then -- define_tristate CONFIG_IP_NF_NAT_H323 $CONFIG_IP_NF_NAT -- fi -- fi -- if [ "$CONFIG_IP_NF_PPTP" = "m" ]; then -- define_tristate CONFIG_IP_NF_NAT_PPTP m -- else -- if [ "$CONFIG_IP_NF_PPTP" = "y" ]; then -- define_tristate CONFIG_IP_NF_NAT_PPTP $CONFIG_IP_NF_NAT -- fi -- fi -- if [ "$CONFIG_IP_NF_CT_PROTO_GRE" = "m" ]; then -- define_tristate CONFIG_IP_NF_NAT_PROTO_GRE m -- else -- if [ "$CONFIG_IP_NF_CT_PROTO_GRE" = "y" ]; then -- define_tristate CONFIG_IP_NF_NAT_PROTO_GRE $CONFIG_IP_NF_NAT -- fi -- fi - bool ' NAT of local connections (READ HELP)' CONFIG_IP_NF_NAT_LOCAL - if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then - dep_tristate ' Basic SNMP-ALG support (EXPERIMENTAL)' CONFIG_IP_NF_NAT_SNMP_BASIC $CONFIG_IP_NF_NAT -@@ -104,13 +67,6 @@ - define_tristate CONFIG_IP_NF_NAT_IRC $CONFIG_IP_NF_NAT - fi - fi -- if [ "$CONFIG_IP_NF_MMS" = "m" ]; then -- define_tristate CONFIG_IP_NF_NAT_MMS m -- else -- if [ "$CONFIG_IP_NF_MMS" = "y" ]; then -- define_tristate CONFIG_IP_NF_NAT_MMS $CONFIG_IP_NF_NAT -- fi -- fi - # If they want FTP, set to $CONFIG_IP_NF_NAT (m or y), - # or $CONFIG_IP_NF_FTP (m or y), whichever is weaker. Argh. - if [ "$CONFIG_IP_NF_FTP" = "m" ]; then -@@ -120,13 +76,6 @@ - define_tristate CONFIG_IP_NF_NAT_FTP $CONFIG_IP_NF_NAT - fi - fi -- if [ "$CONFIG_IP_NF_TFTP" = "m" ]; then -- define_tristate CONFIG_IP_NF_NAT_TFTP m -- else -- if [ "$CONFIG_IP_NF_TFTP" = "y" ]; then -- define_tristate CONFIG_IP_NF_NAT_TFTP $CONFIG_IP_NF_NAT -- fi -- fi - fi - fi - -diff -Nurb linux/net/ipv4/netfilter/Makefile linux.stock/net/ipv4/netfilter/Makefile ---- linux/net/ipv4/netfilter/Makefile 2004-02-19 06:04:35.000000000 -0500 -+++ linux.stock/net/ipv4/netfilter/Makefile 2004-05-09 04:13:03.000000000 -0400 -@@ -31,48 +31,20 @@ - # connection tracking - obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o - --# H.323 support --obj-$(CONFIG_IP_NF_H323) += ip_conntrack_h323.o --obj-$(CONFIG_IP_NF_NAT_H323) += ip_nat_h323.o --ifdef CONFIG_IP_NF_NAT_H323 -- export-objs += ip_conntrack_h323.o --endif -- -- --# connection tracking protocol helpers --obj-$(CONFIG_IP_NF_CT_PROTO_GRE) += ip_conntrack_proto_gre.o --ifdef CONFIG_IP_NF_CT_PROTO_GRE -- export-objs += ip_conntrack_proto_gre.o --endif -- --# NAT protocol helpers --obj-$(CONFIG_IP_NF_NAT_PROTO_GRE) += ip_nat_proto_gre.o -- - # connection tracking helpers --obj-$(CONFIG_IP_NF_MMS) += ip_conntrack_mms.o --ifdef CONFIG_IP_NF_NAT_MMS -- export-objs += ip_conntrack_mms.o --endif --obj-$(CONFIG_IP_NF_PPTP) += ip_conntrack_pptp.o --ifdef CONFIG_IP_NF_NAT_PPTP -- export-objs += ip_conntrack_pptp.o --endif --obj-$(CONFIG_IP_NF_TFTP) += ip_conntrack_tftp.o - obj-$(CONFIG_IP_NF_FTP) += ip_conntrack_ftp.o - ifdef CONFIG_IP_NF_NAT_FTP - export-objs += ip_conntrack_ftp.o - endif -+ - obj-$(CONFIG_IP_NF_IRC) += ip_conntrack_irc.o - ifdef CONFIG_IP_NF_NAT_IRC - export-objs += ip_conntrack_irc.o - endif - - # NAT helpers --obj-$(CONFIG_IP_NF_NAT_PPTP) += ip_nat_pptp.o --obj-$(CONFIG_IP_NF_NAT_TFTP) += ip_nat_tftp.o - obj-$(CONFIG_IP_NF_NAT_FTP) += ip_nat_ftp.o - obj-$(CONFIG_IP_NF_NAT_IRC) += ip_nat_irc.o --obj-$(CONFIG_IP_NF_NAT_MMS) += ip_nat_mms.o - - # generic IP tables - obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o -@@ -86,19 +58,12 @@ - obj-$(CONFIG_IP_NF_MATCH_HELPER) += ipt_helper.o - obj-$(CONFIG_IP_NF_MATCH_LIMIT) += ipt_limit.o - obj-$(CONFIG_IP_NF_MATCH_MARK) += ipt_mark.o --obj-$(CONFIG_IP_NF_POOL) += ipt_pool.o ip_pool.o - obj-$(CONFIG_IP_NF_MATCH_MAC) += ipt_mac.o - - obj-$(CONFIG_IP_NF_MATCH_PKTTYPE) += ipt_pkttype.o - obj-$(CONFIG_IP_NF_MATCH_MULTIPORT) += ipt_multiport.o -- --obj-$(CONFIG_IP_NF_MATCH_MPORT) += ipt_mport.o -- - obj-$(CONFIG_IP_NF_MATCH_OWNER) += ipt_owner.o - obj-$(CONFIG_IP_NF_MATCH_TOS) += ipt_tos.o -- --obj-$(CONFIG_IP_NF_MATCH_TIME) += ipt_time.o -- - obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o - obj-$(CONFIG_IP_NF_MATCH_DSCP) += ipt_dscp.o - obj-$(CONFIG_IP_NF_MATCH_AH_ESP) += ipt_ah.o ipt_esp.o -@@ -109,7 +74,6 @@ - obj-$(CONFIG_IP_NF_MATCH_STATE) += ipt_state.o - obj-$(CONFIG_IP_NF_MATCH_CONNTRACK) += ipt_conntrack.o - obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean.o --obj-$(CONFIG_IP_NF_MATCH_WEBSTR) += ipt_webstr.o - obj-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss.o - - # targets -@@ -125,8 +89,6 @@ - obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o - obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o - obj-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS.o --obj-$(CONFIG_IP_NF_AUTOFW) += ip_autofw.o --obj-$(CONFIG_IP_NF_TARGET_TRIGGER) += ipt_TRIGGER.o - - # generic ARP tables - obj-$(CONFIG_IP_NF_ARPTABLES) += arp_tables.o -diff -Nurb linux/net/ipv4/netfilter/ip_conntrack_core.c linux.stock/net/ipv4/netfilter/ip_conntrack_core.c ---- linux/net/ipv4/netfilter/ip_conntrack_core.c 2003-08-12 07:33:45.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_conntrack_core.c 2004-05-09 04:13:03.000000000 -0400 -@@ -47,7 +47,11 @@ - - #define IP_CONNTRACK_VERSION "2.1" - -+#if 0 -+#define DEBUGP printk -+#else - #define DEBUGP(format, args...) -+#endif - - DECLARE_RWLOCK(ip_conntrack_lock); - DECLARE_RWLOCK(ip_conntrack_expect_tuple_lock); -@@ -62,29 +66,6 @@ - struct list_head *ip_conntrack_hash; - static kmem_cache_t *ip_conntrack_cachep; - --#define SECS * HZ --#define MINS * 60 SECS --#define HOURS * 60 MINS --#define DAYS * 24 HOURS -- --int sysctl_ip_conntrack_tcp_timeouts[10] = { -- 30 MINS, /* TCP_CONNTRACK_NONE, */ -- 5 DAYS, /* TCP_CONNTRACK_ESTABLISHED, */ -- 2 MINS, /* TCP_CONNTRACK_SYN_SENT, */ -- 60 SECS, /* TCP_CONNTRACK_SYN_RECV, */ -- 2 MINS, /* TCP_CONNTRACK_FIN_WAIT, */ -- 2 MINS, /* TCP_CONNTRACK_TIME_WAIT, */ -- 10 SECS, /* TCP_CONNTRACK_CLOSE, */ -- 60 SECS, /* TCP_CONNTRACK_CLOSE_WAIT, */ -- 30 SECS, /* TCP_CONNTRACK_LAST_ACK, */ -- 2 MINS, /* TCP_CONNTRACK_LISTEN, */ --}; -- --int sysctl_ip_conntrack_udp_timeouts[2] = { -- 30 SECS, /* UNREPLIED */ -- 180 SECS /* ASSURED */ --}; -- - extern struct ip_conntrack_protocol ip_conntrack_generic_protocol; - - static inline int proto_cmpfn(const struct ip_conntrack_protocol *curr, -@@ -129,6 +110,9 @@ - static inline u_int32_t - hash_conntrack(const struct ip_conntrack_tuple *tuple) - { -+#if 0 -+ dump_tuple(tuple); -+#endif - /* ntohl because more differences in low bits. */ - /* To ensure that halves of the same connection don't hash - clash, we add the source per-proto again. */ -@@ -160,8 +144,6 @@ - tuple->dst.ip = iph->daddr; - tuple->dst.protonum = iph->protocol; - -- tuple->src.u.all = tuple->dst.u.all = 0; -- - ret = protocol->pkt_to_tuple((u_int32_t *)iph + iph->ihl, - len - 4*iph->ihl, - tuple); -@@ -177,8 +159,6 @@ - inverse->dst.ip = orig->src.ip; - inverse->dst.protonum = orig->dst.protonum; - -- inverse->src.u.all = inverse->dst.u.all = 0; -- - return protocol->invert_tuple(inverse, orig); - } - -@@ -196,8 +176,8 @@ - static void - destroy_expect(struct ip_conntrack_expect *exp) - { -- DEBUGP("destroy_expect(%p) use=%d\n", exp, atomic_read(&exp->use)); -- IP_NF_ASSERT(atomic_read(&exp->use)); -+ DEBUGP("destroy_expect(%p) use=%d\n", exp, atomic_read(exp->use)); -+ IP_NF_ASSERT(atomic_read(exp->use)); - IP_NF_ASSERT(!timer_pending(&exp->timeout)); - - kfree(exp); -@@ -267,11 +247,11 @@ - static void unexpect_related(struct ip_conntrack_expect *expect) - { - IP_NF_ASSERT(expect->expectant); -+ IP_NF_ASSERT(expect->expectant->helper); - /* if we are supposed to have a timer, but we can't delete - * it: race condition. __unexpect_related will - * be calledd by timeout function */ -- if (expect->expectant->helper -- && expect->expectant->helper->timeout -+ if (expect->expectant->helper->timeout - && !del_timer(&expect->timeout)) - return; - -@@ -580,6 +560,7 @@ - if (!h) { - /* Locally generated ICMPs will match inverted if they - haven't been SNAT'ed yet */ -+ /* FIXME: NAT code has to handle half-done double NAT --RR */ - if (hooknum == NF_IP_LOCAL_OUT) - h = ip_conntrack_find_get(&origtuple, NULL); - -@@ -725,7 +706,6 @@ - - /* If the expectation is dying, then this is a looser. */ - if (expected -- && expected->expectant->helper - && expected->expectant->helper->timeout - && ! del_timer(&expected->timeout)) - expected = NULL; -@@ -744,7 +724,6 @@ - conntrack->master = expected; - expected->sibling = conntrack; - LIST_DELETE(&ip_conntrack_expect_list, expected); -- INIT_LIST_HEAD(&expected->list); - expected->expectant->expecting--; - nf_conntrack_get(&master_ct(conntrack)->infos[0]); - } -@@ -821,9 +800,23 @@ - int set_reply; - int ret; - -+ /* FIXME: Do this right please. --RR */ - (*pskb)->nfcache |= NFC_UNKNOWN; - - /* Doesn't cover locally-generated broadcast, so not worth it. */ -+#if 0 -+ /* Ignore broadcast: no `connection'. */ -+ if ((*pskb)->pkt_type == PACKET_BROADCAST) { -+ printk("Broadcast packet!\n"); -+ return NF_ACCEPT; -+ } else if (((*pskb)->nh.iph->daddr & htonl(0x000000FF)) -+ == htonl(0x000000FF)) { -+ printk("Should bcast: %u.%u.%u.%u->%u.%u.%u.%u (sk=%p, ptype=%u)\n", -+ NIPQUAD((*pskb)->nh.iph->saddr), -+ NIPQUAD((*pskb)->nh.iph->daddr), -+ (*pskb)->sk, (*pskb)->pkt_type); -+ } -+#endif - - /* Previously seen (loopback)? Ignore. Do this before - fragment check. */ -@@ -943,8 +936,8 @@ - * so there is no need to use the tuple lock too */ - - DEBUGP("ip_conntrack_expect_related %p\n", related_to); -- DEBUGP("tuple: "); DUMP_TUPLE_RAW(&expect->tuple); -- DEBUGP("mask: "); DUMP_TUPLE_RAW(&expect->mask); -+ DEBUGP("tuple: "); DUMP_TUPLE(&expect->tuple); -+ DEBUGP("mask: "); DUMP_TUPLE(&expect->mask); - - old = LIST_FIND(&ip_conntrack_expect_list, resent_expect, - struct ip_conntrack_expect *, &expect->tuple, -@@ -954,8 +947,7 @@ - pointing into the payload - otherwise we should have to copy - the data filled out by the helper over the old one */ - DEBUGP("expect_related: resent packet\n"); -- if (related_to->helper && -- related_to->helper->timeout) { -+ if (related_to->helper->timeout) { - if (!del_timer(&old->timeout)) { - /* expectation is dying. Fall through */ - old = NULL; -@@ -970,32 +962,26 @@ - WRITE_UNLOCK(&ip_conntrack_lock); - return -EEXIST; - } -- } else if (related_to->helper && -- related_to->helper->max_expected && -+ } else if (related_to->helper->max_expected && - related_to->expecting >= related_to->helper->max_expected) { - struct list_head *cur_item; - /* old == NULL */ -- if (!(related_to->helper->flags & -- IP_CT_HELPER_F_REUSE_EXPECT)) { -- WRITE_UNLOCK(&ip_conntrack_lock); - if (net_ratelimit()) - printk(KERN_WARNING - "ip_conntrack: max number of expected " - "connections %i of %s reached for " -- "%u.%u.%u.%u->%u.%u.%u.%u\n", -+ "%u.%u.%u.%u->%u.%u.%u.%u%s\n", - related_to->helper->max_expected, - related_to->helper->name, - NIPQUAD(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip), -- NIPQUAD(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip)); -+ NIPQUAD(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip), -+ related_to->helper->flags & IP_CT_HELPER_F_REUSE_EXPECT ? -+ ", reusing" : ""); -+ if (!(related_to->helper->flags & -+ IP_CT_HELPER_F_REUSE_EXPECT)) { -+ WRITE_UNLOCK(&ip_conntrack_lock); - return -EPERM; - } -- DEBUGP("ip_conntrack: max number of expected " -- "connections %i of %s reached for " -- "%u.%u.%u.%u->%u.%u.%u.%u, reusing\n", -- related_to->helper->max_expected, -- related_to->helper->name, -- NIPQUAD(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip), -- NIPQUAD(related_to->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip)); - - /* choose the the oldest expectation to evict */ - list_for_each(cur_item, &related_to->sibling_list) { -@@ -1055,8 +1041,7 @@ - /* add to global list of expectations */ - list_prepend(&ip_conntrack_expect_list, &new->list); - /* add and start timer if required */ -- if (related_to->helper && -- related_to->helper->timeout) { -+ if (related_to->helper->timeout) { - init_timer(&new->timeout); - new->timeout.data = (unsigned long)new; - new->timeout.function = expectation_timed_out; -@@ -1079,10 +1064,11 @@ - - MUST_BE_READ_LOCKED(&ip_conntrack_lock); - WRITE_LOCK(&ip_conntrack_expect_tuple_lock); -+ - DEBUGP("change_expect:\n"); -- DEBUGP("exp tuple: "); DUMP_TUPLE_RAW(&expect->tuple); -- DEBUGP("exp mask: "); DUMP_TUPLE_RAW(&expect->mask); -- DEBUGP("newtuple: "); DUMP_TUPLE_RAW(newtuple); -+ DEBUGP("exp tuple: "); DUMP_TUPLE(&expect->tuple); -+ DEBUGP("exp mask: "); DUMP_TUPLE(&expect->mask); -+ DEBUGP("newtuple: "); DUMP_TUPLE(newtuple); - if (expect->ct_tuple.dst.protonum == 0) { - /* Never seen before */ - DEBUGP("change expect: never seen before\n"); -@@ -1360,8 +1346,6 @@ - 0, NULL }; - - #define NET_IP_CONNTRACK_MAX 2089 --#define NET_IP_CONNTRACK_TCP_TIMEOUTS 2090 --#define NET_IP_CONNTRACK_UDP_TIMEOUTS 2091 - #define NET_IP_CONNTRACK_MAX_NAME "ip_conntrack_max" - - #ifdef CONFIG_SYSCTL -@@ -1370,14 +1354,6 @@ - static ctl_table ip_conntrack_table[] = { - { NET_IP_CONNTRACK_MAX, NET_IP_CONNTRACK_MAX_NAME, &ip_conntrack_max, - sizeof(ip_conntrack_max), 0644, NULL, proc_dointvec }, -- { NET_IP_CONNTRACK_TCP_TIMEOUTS, "ip_conntrack_tcp_timeouts", -- &sysctl_ip_conntrack_tcp_timeouts, -- sizeof(sysctl_ip_conntrack_tcp_timeouts), -- 0644, NULL, &proc_dointvec_jiffies, &sysctl_jiffies }, -- { NET_IP_CONNTRACK_UDP_TIMEOUTS, "ip_conntrack_udp_timeouts", -- &sysctl_ip_conntrack_udp_timeouts, -- sizeof(sysctl_ip_conntrack_udp_timeouts), -- 0644, NULL, &proc_dointvec_jiffies, &sysctl_jiffies }, - { 0 } - }; - -diff -Nurb linux/net/ipv4/netfilter/ip_conntrack_ftp.c linux.stock/net/ipv4/netfilter/ip_conntrack_ftp.c ---- linux/net/ipv4/netfilter/ip_conntrack_ftp.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_conntrack_ftp.c 2004-05-09 04:13:03.000000000 -0400 -@@ -24,7 +24,11 @@ - static int loose = 0; - MODULE_PARM(loose, "i"); - -+#if 0 -+#define DEBUGP printk -+#else - #define DEBUGP(format, args...) -+#endif - - static int try_rfc959(const char *, size_t, u_int32_t [], char); - static int try_eprt(const char *, size_t, u_int32_t [], char); -@@ -191,6 +195,16 @@ - } - - if (strnicmp(data, pattern, plen) != 0) { -+#if 0 -+ size_t i; -+ -+ DEBUGP("ftp: string mismatch\n"); -+ for (i = 0; i < plen; i++) { -+ DEBUGFTP("ftp:char %u `%c'(%u) vs `%c'(%u)\n", -+ i, data[i], data[i], -+ pattern[i], pattern[i]); -+ } -+#endif - return 0; - } - -@@ -214,6 +228,7 @@ - return 1; - } - -+/* FIXME: This should be in userspace. Later. */ - static int help(const struct iphdr *iph, size_t len, - struct ip_conntrack *ct, - enum ip_conntrack_info ctinfo) -@@ -249,6 +264,7 @@ - } - - /* Checksum invalid? Ignore. */ -+ /* FIXME: Source route IP option packets --RR */ - if (tcp_v4_check(tcph, tcplen, iph->saddr, iph->daddr, - csum_partial((char *)tcph, tcplen, 0))) { - DEBUGP("ftp_help: bad csum: %p %u %u.%u.%u.%u %u.%u.%u.%u\n", -diff -Nurb linux/net/ipv4/netfilter/ip_conntrack_h323.c linux.stock/net/ipv4/netfilter/ip_conntrack_h323.c ---- linux/net/ipv4/netfilter/ip_conntrack_h323.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_conntrack_h323.c 1969-12-31 19:00:00.000000000 -0500 -@@ -1,302 +0,0 @@ --/* -- * H.323 'brute force' extension for H.323 connection tracking. -- * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> -- * -- * Based on ip_masq_h323.c for 2.2 kernels from CoRiTel, Sofia project. -- * (http://www.coritel.it/projects/sofia/nat/) -- * Uses Sampsa Ranta's excellent idea on using expectfn to 'bind' -- * the unregistered helpers to the conntrack entries. -- */ -- -- --#include <linux/module.h> --#include <linux/netfilter.h> --#include <linux/ip.h> --#include <net/checksum.h> --#include <net/tcp.h> -- --#include <linux/netfilter_ipv4/lockhelp.h> --#include <linux/netfilter_ipv4/ip_conntrack.h> --#include <linux/netfilter_ipv4/ip_conntrack_core.h> --#include <linux/netfilter_ipv4/ip_conntrack_helper.h> --#include <linux/netfilter_ipv4/ip_conntrack_tuple.h> --#include <linux/netfilter_ipv4/ip_conntrack_h323.h> -- --MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); --MODULE_DESCRIPTION("H.323 'brute force' connection tracking module"); --MODULE_LICENSE("GPL"); -- --DECLARE_LOCK(ip_h323_lock); --struct module *ip_conntrack_h323 = THIS_MODULE; -- --#define DEBUGP(format, args...) -- --static int h245_help(const struct iphdr *iph, size_t len, -- struct ip_conntrack *ct, -- enum ip_conntrack_info ctinfo) --{ -- struct tcphdr *tcph = (void *)iph + iph->ihl * 4; -- unsigned char *data = (unsigned char *) tcph + tcph->doff * 4; -- unsigned char *data_limit; -- u_int32_t tcplen = len - iph->ihl * 4; -- u_int32_t datalen = tcplen - tcph->doff * 4; -- int dir = CTINFO2DIR(ctinfo); -- struct ip_ct_h225_master *info = &ct->help.ct_h225_info; -- struct ip_conntrack_expect expect, *exp = &expect; -- struct ip_ct_h225_expect *exp_info = &exp->help.exp_h225_info; -- u_int16_t data_port; -- u_int32_t data_ip; -- unsigned int i; -- -- DEBUGP("ct_h245_help: help entered %u.%u.%u.%u:%u->%u.%u.%u.%u:%u\n", -- NIPQUAD(iph->saddr), ntohs(tcph->source), -- NIPQUAD(iph->daddr), ntohs(tcph->dest)); -- -- /* Can't track connections formed before we registered */ -- if (!info) -- return NF_ACCEPT; -- -- /* Until there's been traffic both ways, don't look in packets. */ -- if (ctinfo != IP_CT_ESTABLISHED -- && ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { -- DEBUGP("ct_h245_help: Conntrackinfo = %u\n", ctinfo); -- return NF_ACCEPT; -- } -- -- /* Not whole TCP header or too short packet? */ -- if (tcplen < sizeof(struct tcphdr) || tcplen < tcph->doff * 4 + 5) { -- DEBUGP("ct_h245_help: tcplen = %u\n", (unsigned)tcplen); -- return NF_ACCEPT; -- } -- -- /* Checksum invalid? Ignore. */ -- if (tcp_v4_check(tcph, tcplen, iph->saddr, iph->daddr, -- csum_partial((char *)tcph, tcplen, 0))) { -- DEBUGP("ct_h245_help: bad csum: %p %u %u.%u.%u.%u %u.%u.%u.%u\n", -- tcph, tcplen, NIPQUAD(iph->saddr), -- NIPQUAD(iph->daddr)); -- return NF_ACCEPT; -- } -- -- data_limit = (unsigned char *) data + datalen; -- /* bytes: 0123 45 -- ipadrr port */ -- for (i = 0; data < (data_limit - 5); data++, i++) { -- memcpy(&data_ip, data, sizeof(u_int32_t)); -- if (data_ip == iph->saddr) { -- memcpy(&data_port, data + 4, sizeof(u_int16_t)); -- memset(&expect, 0, sizeof(expect)); -- /* update the H.225 info */ -- DEBUGP("ct_h245_help: new RTCP/RTP requested %u.%u.%u.%u:->%u.%u.%u.%u:%u\n", -- NIPQUAD(ct->tuplehash[!dir].tuple.src.ip), -- NIPQUAD(iph->saddr), ntohs(data_port)); -- LOCK_BH(&ip_h323_lock); -- info->is_h225 = H225_PORT + 1; -- exp_info->port = data_port; -- exp_info->dir = dir; -- exp_info->offset = i; -- -- exp->seq = ntohl(tcph->seq) + i; -- -- exp->tuple = ((struct ip_conntrack_tuple) -- { { ct->tuplehash[!dir].tuple.src.ip, -- { 0 } }, -- { data_ip, -- { data_port }, -- IPPROTO_UDP }}); -- exp->mask = ((struct ip_conntrack_tuple) -- { { 0xFFFFFFFF, { 0 } }, -- { 0xFFFFFFFF, { 0xFFFF }, 0xFFFF }}); -- -- exp->expectfn = NULL; -- -- /* Ignore failure; should only happen with NAT */ -- ip_conntrack_expect_related(ct, exp); -- -- UNLOCK_BH(&ip_h323_lock); -- } -- } -- -- return NF_ACCEPT; -- --} -- --/* H.245 helper is not registered! */ --static struct ip_conntrack_helper h245 = -- { { NULL, NULL }, -- "H.245", /* name */ -- IP_CT_HELPER_F_REUSE_EXPECT, /* flags */ -- NULL, /* module */ -- 8, /* max_ expected */ -- 240, /* timeout */ -- { { 0, { 0 } }, /* tuple */ -- { 0, { 0 }, IPPROTO_TCP } }, -- { { 0, { 0xFFFF } }, /* mask */ -- { 0, { 0 }, 0xFFFF } }, -- h245_help /* helper */ -- }; -- --static int h225_expect(struct ip_conntrack *ct) --{ -- WRITE_LOCK(&ip_conntrack_lock); -- ct->helper = &h245; -- DEBUGP("h225_expect: helper for %p added\n", ct); -- WRITE_UNLOCK(&ip_conntrack_lock); -- -- return NF_ACCEPT; /* unused */ --} -- --static int h225_help(const struct iphdr *iph, size_t len, -- struct ip_conntrack *ct, -- enum ip_conntrack_info ctinfo) --{ -- struct tcphdr *tcph = (void *)iph + iph->ihl * 4; -- unsigned char *data = (unsigned char *) tcph + tcph->doff * 4; -- unsigned char *data_limit; -- u_int32_t tcplen = len - iph->ihl * 4; -- u_int32_t datalen = tcplen - tcph->doff * 4; -- int dir = CTINFO2DIR(ctinfo); -- struct ip_ct_h225_master *info = &ct->help.ct_h225_info; -- struct ip_conntrack_expect expect, *exp = &expect; -- struct ip_ct_h225_expect *exp_info = &exp->help.exp_h225_info; -- u_int16_t data_port; -- u_int32_t data_ip; -- unsigned int i; -- -- DEBUGP("ct_h225_help: help entered %u.%u.%u.%u:%u->%u.%u.%u.%u:%u\n", -- NIPQUAD(iph->saddr), ntohs(tcph->source), -- NIPQUAD(iph->daddr), ntohs(tcph->dest)); -- -- /* Can't track connections formed before we registered */ -- if (!info) -- return NF_ACCEPT; -- -- /* Until there's been traffic both ways, don't look in packets. */ -- if (ctinfo != IP_CT_ESTABLISHED -- && ctinfo != IP_CT_ESTABLISHED + IP_CT_IS_REPLY) { -- DEBUGP("ct_h225_help: Conntrackinfo = %u\n", ctinfo); -- return NF_ACCEPT; -- } -- -- /* Not whole TCP header or too short packet? */ -- if (tcplen < sizeof(struct tcphdr) || tcplen < tcph->doff * 4 + 5) { -- DEBUGP("ct_h225_help: tcplen = %u\n", (unsigned)tcplen); -- return NF_ACCEPT; -- } -- -- /* Checksum invalid? Ignore. */ -- if (tcp_v4_check(tcph, tcplen, iph->saddr, iph->daddr, -- csum_partial((char *)tcph, tcplen, 0))) { -- DEBUGP("ct_h225_help: bad csum: %p %u %u.%u.%u.%u %u.%u.%u.%u\n", -- tcph, tcplen, NIPQUAD(iph->saddr), -- NIPQUAD(iph->daddr)); -- return NF_ACCEPT; -- } -- -- data_limit = (unsigned char *) data + datalen; -- /* bytes: 0123 45 -- ipadrr port */ -- for (i = 0; data < (data_limit - 5); data++, i++) { -- memcpy(&data_ip, data, sizeof(u_int32_t)); -- if (data_ip == iph->saddr) { -- memcpy(&data_port, data + 4, sizeof(u_int16_t)); -- if (data_port == tcph->source) { -- /* Signal address */ -- DEBUGP("ct_h225_help: sourceCallSignalAddress from %u.%u.%u.%u\n", -- NIPQUAD(iph->saddr)); -- /* Update the H.225 info so that NAT can mangle the address/port -- even when we have no expected connection! */ --#ifdef CONFIG_IP_NF_NAT_NEEDED -- LOCK_BH(&ip_h323_lock); -- info->dir = dir; -- info->seq[IP_CT_DIR_ORIGINAL] = ntohl(tcph->seq) + i; -- info->offset[IP_CT_DIR_ORIGINAL] = i; -- UNLOCK_BH(&ip_h323_lock); --#endif -- } else { -- memset(&expect, 0, sizeof(expect)); -- -- /* update the H.225 info */ -- LOCK_BH(&ip_h323_lock); -- info->is_h225 = H225_PORT; -- exp_info->port = data_port; -- exp_info->dir = dir; -- exp_info->offset = i; -- -- exp->seq = ntohl(tcph->seq) + i; -- -- exp->tuple = ((struct ip_conntrack_tuple) -- { { ct->tuplehash[!dir].tuple.src.ip, -- { 0 } }, -- { data_ip, -- { data_port }, -- IPPROTO_TCP }}); -- exp->mask = ((struct ip_conntrack_tuple) -- { { 0xFFFFFFFF, { 0 } }, -- { 0xFFFFFFFF, { 0xFFFF }, 0xFFFF }}); -- -- exp->expectfn = h225_expect; -- -- /* Ignore failure */ -- ip_conntrack_expect_related(ct, exp); -- -- DEBUGP("ct_h225_help: new H.245 requested %u.%u.%u.%u->%u.%u.%u.%u:%u\n", -- NIPQUAD(ct->tuplehash[!dir].tuple.src.ip), -- NIPQUAD(iph->saddr), ntohs(data_port)); -- -- UNLOCK_BH(&ip_h323_lock); -- } --#ifdef CONFIG_IP_NF_NAT_NEEDED -- } else if (data_ip == iph->daddr) { -- memcpy(&data_port, data + 4, sizeof(u_int16_t)); -- if (data_port == tcph->dest) { -- /* Signal address */ -- DEBUGP("ct_h225_help: destCallSignalAddress %u.%u.%u.%u\n", -- NIPQUAD(iph->daddr)); -- /* Update the H.225 info so that NAT can mangle the address/port -- even when we have no expected connection! */ -- LOCK_BH(&ip_h323_lock); -- info->dir = dir; -- info->seq[IP_CT_DIR_REPLY] = ntohl(tcph->seq) + i; -- info->offset[IP_CT_DIR_REPLY] = i; -- UNLOCK_BH(&ip_h323_lock); -- } --#endif -- } -- } -- -- return NF_ACCEPT; -- --} -- --static struct ip_conntrack_helper h225 = -- { { NULL, NULL }, -- "H.225", /* name */ -- IP_CT_HELPER_F_REUSE_EXPECT, /* flags */ -- THIS_MODULE, /* module */ -- 2, /* max_expected */ -- 240, /* timeout */ -- { { 0, { __constant_htons(H225_PORT) } }, /* tuple */ -- { 0, { 0 }, IPPROTO_TCP } }, -- { { 0, { 0xFFFF } }, /* mask */ -- { 0, { 0 }, 0xFFFF } }, -- h225_help /* helper */ -- }; -- --static int __init init(void) --{ -- return ip_conntrack_helper_register(&h225); --} -- --static void __exit fini(void) --{ -- /* Unregister H.225 helper */ -- ip_conntrack_helper_unregister(&h225); --} -- --#ifdef CONFIG_IP_NF_NAT_NEEDED --EXPORT_SYMBOL(ip_h323_lock); --#endif -- --module_init(init); --module_exit(fini); -diff -Nurb linux/net/ipv4/netfilter/ip_conntrack_mms.c linux.stock/net/ipv4/netfilter/ip_conntrack_mms.c ---- linux/net/ipv4/netfilter/ip_conntrack_mms.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_conntrack_mms.c 1969-12-31 19:00:00.000000000 -0500 -@@ -1,292 +0,0 @@ --/* MMS extension for IP connection tracking -- * (C) 2002 by Filip Sneppe <filip.sneppe@cronos.be> -- * based on ip_conntrack_ftp.c and ip_conntrack_irc.c -- * -- * ip_conntrack_mms.c v0.3 2002-09-22 -- * -- * This program is free software; you can redistribute it and/or -- * modify it under the terms of the GNU General Public License -- * as published by the Free Software Foundation; either version -- * 2 of the License, or (at your option) any later version. -- * -- * Module load syntax: -- * insmod ip_conntrack_mms.o ports=port1,port2,...port<MAX_PORTS> -- * -- * Please give the ports of all MMS servers You wish to connect to. -- * If you don't specify ports, the default will be TCP port 1755. -- * -- * More info on MMS protocol, firewalls and NAT: -- * http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwmt/html/MMSFirewall.asp -- * http://www.microsoft.com/windows/windowsmedia/serve/firewall.asp -- * -- * The SDP project people are reverse-engineering MMS: -- * http://get.to/sdp -- */ -- --#include <linux/config.h> --#include <linux/module.h> --#include <linux/netfilter.h> --#include <linux/ip.h> --#include <linux/ctype.h> --#include <net/checksum.h> --#include <net/tcp.h> -- --#include <linux/netfilter_ipv4/lockhelp.h> --#include <linux/netfilter_ipv4/ip_conntrack_helper.h> --#include <linux/netfilter_ipv4/ip_conntrack_mms.h> -- --DECLARE_LOCK(ip_mms_lock); --struct module *ip_conntrack_mms = THIS_MODULE; -- --#define MAX_PORTS 8 --static int ports[MAX_PORTS]; --static int ports_c; --#ifdef MODULE_PARM --MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i"); --#endif -- --#define DEBUGP(format, args...) -- --#ifdef CONFIG_IP_NF_NAT_NEEDED --EXPORT_SYMBOL(ip_mms_lock); --#endif -- --MODULE_AUTHOR("Filip Sneppe <filip.sneppe@cronos.be>"); --MODULE_DESCRIPTION("Microsoft Windows Media Services (MMS) connection tracking module"); --MODULE_LICENSE("GPL"); -- --/* #define isdigit(c) (c >= '0' && c <= '9') */ -- --/* copied from drivers/usb/serial/io_edgeport.c - not perfect but will do the trick */ --static void unicode_to_ascii (char *string, short *unicode, int unicode_size) --{ -- int i; -- for (i = 0; i < unicode_size; ++i) { -- string[i] = (char)(unicode[i]); -- } -- string[unicode_size] = 0x00; --} -- --__inline static int atoi(char *s) --{ -- int i=0; -- while (isdigit(*s)) { -- i = i*10 + *(s++) - '0'; -- } -- return i; --} -- --/* convert ip address string like "192.168.0.10" to unsigned int */ --__inline static u_int32_t asciiiptoi(char *s) --{ -- unsigned int i, j, k; -- -- for(i=k=0; k<3; ++k, ++s, i<<=8) { -- i+=atoi(s); -- for(j=0; (*(++s) != '.') && (j<3); ++j) -- ; -- } -- i+=atoi(s); -- return ntohl(i); --} -- --int parse_mms(const char *data, -- const unsigned int datalen, -- u_int32_t *mms_ip, -- u_int16_t *mms_proto, -- u_int16_t *mms_port, -- char **mms_string_b, -- char **mms_string_e, -- char **mms_padding_e) --{ -- int unicode_size, i; -- char tempstring[28]; /* "\\255.255.255.255\UDP\65535" */ -- char getlengthstring[28]; -- -- for(unicode_size=0; -- (char) *(data+(MMS_SRV_UNICODE_STRING_OFFSET+unicode_size*2)) != (char)0; -- unicode_size++) -- if ((unicode_size == 28) || (MMS_SRV_UNICODE_STRING_OFFSET+unicode_size*2 >= datalen)) -- return -1; /* out of bounds - incomplete packet */ -- -- unicode_to_ascii(tempstring, (short *)(data+MMS_SRV_UNICODE_STRING_OFFSET), unicode_size); -- DEBUGP("ip_conntrack_mms: offset 60: %s\n", (const char *)(tempstring)); -- -- /* IP address ? */ -- *mms_ip = asciiiptoi(tempstring+2); -- -- i=sprintf(getlengthstring, "%u.%u.%u.%u", HIPQUAD(*mms_ip)); -- -- /* protocol ? */ -- if(strncmp(tempstring+3+i, "TCP", 3)==0) -- *mms_proto = IPPROTO_TCP; -- else if(strncmp(tempstring+3+i, "UDP", 3)==0) -- *mms_proto = IPPROTO_UDP; -- -- /* port ? */ -- *mms_port = atoi(tempstring+7+i); -- -- /* we store a pointer to the beginning of the "\\a.b.c.d\proto\port" -- unicode string, one to the end of the string, and one to the end -- of the packet, since we must keep track of the number of bytes -- between end of the unicode string and the end of packet (padding) */ -- *mms_string_b = (char *)(data + MMS_SRV_UNICODE_STRING_OFFSET); -- *mms_string_e = (char *)(data + MMS_SRV_UNICODE_STRING_OFFSET + unicode_size * 2); -- *mms_padding_e = (char *)(data + datalen); /* looks funny, doesn't it */ -- return 0; --} -- -- --static int help(const struct iphdr *iph, size_t len, -- struct ip_conntrack *ct, -- enum ip_conntrack_info ctinfo) --{ -- /* tcplen not negative guaranteed by ip_conntrack_tcp.c */ -- struct tcphdr *tcph = (void *)iph + iph->ihl * 4; -- const char *data = (const char *)tcph + tcph->doff * 4; -- unsigned int tcplen = len - iph->ihl * 4; -- unsigned int datalen = tcplen - tcph->doff * 4; -- int dir = CTINFO2DIR(ctinfo); -- struct ip_conntrack_expect expect, *exp = &expect; -- struct ip_ct_mms_expect *exp_mms_info = &exp->help.exp_mms_info; -- -- u_int32_t mms_ip; -- u_int16_t mms_proto; -- char mms_proto_string[8]; -- u_int16_t mms_port; -- char *mms_string_b, *mms_string_e, *mms_padding_e; -- -- /* Until there's been traffic both ways, don't look in packets. */ -- if (ctinfo != IP_CT_ESTABLISHED -- && ctinfo != IP_CT_ESTABLISHED+IP_CT_IS_REPLY) { -- DEBUGP("ip_conntrack_mms: Conntrackinfo = %u\n", ctinfo); -- return NF_ACCEPT; -- } -- -- /* Not whole TCP header? */ -- if (tcplen < sizeof(struct tcphdr) || tcplen < tcph->doff*4) { -- DEBUGP("ip_conntrack_mms: tcplen = %u\n", (unsigned)tcplen); -- return NF_ACCEPT; -- } -- -- /* Checksum invalid? Ignore. */ -- if (tcp_v4_check(tcph, tcplen, iph->saddr, iph->daddr, -- csum_partial((char *)tcph, tcplen, 0))) { -- DEBUGP("mms_help: bad csum: %p %u %u.%u.%u.%u %u.%u.%u.%u\n", -- tcph, tcplen, NIPQUAD(iph->saddr), -- NIPQUAD(iph->daddr)); -- return NF_ACCEPT; -- } -- -- /* Only look at packets with 0x00030002/196610 on bytes 36->39 of TCP payload */ -- if( (MMS_SRV_MSG_OFFSET < datalen) && -- ((*(u32 *)(data+MMS_SRV_MSG_OFFSET)) == MMS_SRV_MSG_ID)) { -- DEBUGP("ip_conntrack_mms: offset 37: %u %u %u %u, datalen:%u\n", -- (u8)*(data+36), (u8)*(data+37), -- (u8)*(data+38), (u8)*(data+39), -- datalen); -- if(parse_mms(data, datalen, &mms_ip, &mms_proto, &mms_port, -- &mms_string_b, &mms_string_e, &mms_padding_e)) -- if(net_ratelimit()) -- printk(KERN_WARNING -- "ip_conntrack_mms: Unable to parse data payload\n"); -- -- memset(&expect, 0, sizeof(expect)); -- -- sprintf(mms_proto_string, "(%u)", mms_proto); -- DEBUGP("ip_conntrack_mms: adding %s expectation %u.%u.%u.%u -> %u.%u.%u.%u:%u\n", -- mms_proto == IPPROTO_TCP ? "TCP" -- : mms_proto == IPPROTO_UDP ? "UDP":mms_proto_string, -- NIPQUAD(ct->tuplehash[!dir].tuple.src.ip), -- NIPQUAD(mms_ip), -- mms_port); -- -- /* it's possible that the client will just ask the server to tunnel -- the stream over the same TCP session (from port 1755): there's -- shouldn't be a need to add an expectation in that case, but it -- makes NAT packet mangling so much easier */ -- LOCK_BH(&ip_mms_lock); -- -- DEBUGP("ip_conntrack_mms: tcph->seq = %u\n", tcph->seq); -- -- exp->seq = ntohl(tcph->seq) + (mms_string_b - data); -- exp_mms_info->len = (mms_string_e - mms_string_b); -- exp_mms_info->padding = (mms_padding_e - mms_string_e); -- exp_mms_info->port = mms_port; -- -- DEBUGP("ip_conntrack_mms: wrote info seq=%u (ofs=%u), len=%d, padding=%u\n", -- exp->seq, (mms_string_e - data), exp_mms_info->len, exp_mms_info->padding); -- -- exp->tuple = ((struct ip_conntrack_tuple) -- { { ct->tuplehash[!dir].tuple.src.ip, { 0 } }, -- { mms_ip, -- { (__u16) ntohs(mms_port) }, -- mms_proto } } -- ); -- exp->mask = ((struct ip_conntrack_tuple) -- { { 0xFFFFFFFF, { 0 } }, -- { 0xFFFFFFFF, { 0xFFFF }, 0xFFFF }}); -- exp->expectfn = NULL; -- ip_conntrack_expect_related(ct, &expect); -- UNLOCK_BH(&ip_mms_lock); -- } -- -- return NF_ACCEPT; --} -- --static struct ip_conntrack_helper mms[MAX_PORTS]; --static char mms_names[MAX_PORTS][10]; -- --/* Not __exit: called from init() */ --static void fini(void) --{ -- int i; -- for (i = 0; (i < MAX_PORTS) && ports[i]; i++) { -- DEBUGP("ip_conntrack_mms: unregistering helper for port %d\n", -- ports[i]); -- ip_conntrack_helper_unregister(&mms[i]); -- } --} -- --static int __init init(void) --{ -- int i, ret; -- char *tmpname; -- -- if (ports[0] == 0) -- ports[0] = MMS_PORT; -- -- for (i = 0; (i < MAX_PORTS) && ports[i]; i++) { -- memset(&mms[i], 0, sizeof(struct ip_conntrack_helper)); -- mms[i].tuple.src.u.tcp.port = htons(ports[i]); -- mms[i].tuple.dst.protonum = IPPROTO_TCP; -- mms[i].mask.src.u.tcp.port = 0xFFFF; -- mms[i].mask.dst.protonum = 0xFFFF; -- mms[i].max_expected = 1; -- mms[i].timeout = 0; -- mms[i].flags = IP_CT_HELPER_F_REUSE_EXPECT; -- mms[i].me = THIS_MODULE; -- mms[i].help = help; -- -- tmpname = &mms_names[i][0]; -- if (ports[i] == MMS_PORT) -- sprintf(tmpname, "mms"); -- else -- sprintf(tmpname, "mms-%d", ports[i]); -- mms[i].name = tmpname; -- -- DEBUGP("ip_conntrack_mms: registering helper for port %d\n", -- ports[i]); -- ret = ip_conntrack_helper_register(&mms[i]); -- -- if (ret) { -- fini(); -- return ret; -- } -- ports_c++; -- } -- return 0; --} -- --module_init(init); --module_exit(fini); -diff -Nurb linux/net/ipv4/netfilter/ip_conntrack_pptp.c linux.stock/net/ipv4/netfilter/ip_conntrack_pptp.c ---- linux/net/ipv4/netfilter/ip_conntrack_pptp.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_conntrack_pptp.c 1969-12-31 19:00:00.000000000 -0500 -@@ -1,531 +0,0 @@ --/* -- * ip_conntrack_pptp.c - Version 1.11 -- * -- * Connection tracking support for PPTP (Point to Point Tunneling Protocol). -- * PPTP is a a protocol for creating virtual private networks. -- * It is a specification defined by Microsoft and some vendors -- * working with Microsoft. PPTP is built on top of a modified -- * version of the Internet Generic Routing Encapsulation Protocol. -- * GRE is defined in RFC 1701 and RFC 1702. Documentation of -- * PPTP can be found in RFC 2637 -- * -- * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org>, -- * -- * Development of this code funded by Astaro AG (http://www.astaro.com/) -- * -- * Limitations: -- * - We blindly assume that control connections are always -- * established in PNS->PAC direction. This is a violation -- * of RFFC2673 -- * -- * TODO: - finish support for multiple calls within one session -- * (needs expect reservations in newnat) -- * - testing of incoming PPTP calls -- */ -- --#include <linux/config.h> --#include <linux/module.h> --#include <linux/netfilter.h> --#include <linux/ip.h> --#include <net/checksum.h> --#include <net/tcp.h> -- --#include <linux/netfilter_ipv4/lockhelp.h> --#include <linux/netfilter_ipv4/ip_conntrack_helper.h> --#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h> --#include <linux/netfilter_ipv4/ip_conntrack_pptp.h> -- --MODULE_LICENSE("GPL"); --MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>"); --MODULE_DESCRIPTION("Netfilter connection tracking helper module for PPTP"); -- --DECLARE_LOCK(ip_pptp_lock); -- --#define DEBUGP(format, args...) -- --#define SECS *HZ --#define MINS * 60 SECS --#define HOURS * 60 MINS --#define DAYS * 24 HOURS -- --#define PPTP_GRE_TIMEOUT (10 MINS) --#define PPTP_GRE_STREAM_TIMEOUT (5 DAYS) -- --static int pptp_expectfn(struct ip_conntrack *ct) --{ -- struct ip_conntrack_expect *exp, *other_exp; -- struct ip_conntrack *master; -- -- DEBUGP("increasing timeouts\n"); -- /* increase timeout of GRE data channel conntrack entry */ -- ct->proto.gre.timeout = PPTP_GRE_TIMEOUT; -- ct->proto.gre.stream_timeout = PPTP_GRE_STREAM_TIMEOUT; -- -- master = master_ct(ct); -- if (!master) { -- DEBUGP(" no master!!!\n"); -- return 0; -- } -- -- DEBUGP("completing tuples with ct info\n"); -- /* we can do this, since we're unconfirmed */ -- if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.gre.key == -- htonl(master->help.ct_pptp_info.pac_call_id)) { -- /* assume PNS->PAC */ -- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.gre.key = -- htonl(master->help.ct_pptp_info.pns_call_id); -- ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.gre.key = -- htonl(master->help.ct_pptp_info.pns_call_id); -- } else { -- /* assume PAC->PNS */ -- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.gre.key = -- htonl(master->help.ct_pptp_info.pac_call_id); -- ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.gre.key = -- htonl(master->help.ct_pptp_info.pns_call_id); -- } -- -- return 0; --} -- --/* timeout GRE data connections */ --static int pptp_timeout_related(struct ip_conntrack *ct) --{ -- struct list_head *cur_item; -- struct ip_conntrack_expect *exp; -- -- list_for_each(cur_item, &ct->sibling_list) { -- exp = list_entry(cur_item, struct ip_conntrack_expect, -- expected_list); -- -- if (!exp->sibling) -- continue; -- -- DEBUGP("setting timeout of conntrack %p to 0\n", -- exp->sibling); -- exp->sibling->proto.gre.timeout = 0; -- exp->sibling->proto.gre.stream_timeout = 0; -- ip_ct_refresh(exp->sibling, 0); -- } -- -- return 0; --} -- --/* expect GRE connection in PNS->PAC direction */ --static inline int --exp_gre(struct ip_conntrack *master, -- u_int32_t seq, -- u_int16_t callid, -- u_int16_t peer_callid) --{ -- struct ip_conntrack_expect exp; -- struct ip_conntrack_tuple inv_tuple; -- -- memset(&exp, 0, sizeof(exp)); -- /* tuple in original direction, PAC->PNS */ -- exp.tuple.src.ip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip; -- exp.tuple.src.u.gre.key = htonl(ntohs(peer_callid)); -- exp.tuple.dst.ip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip; -- exp.tuple.dst.u.gre.key = htonl(ntohs(callid)); -- exp.tuple.dst.u.gre.protocol = __constant_htons(GRE_PROTOCOL_PPTP); -- exp.tuple.dst.u.gre.version = GRE_VERSION_PPTP; -- exp.tuple.dst.protonum = IPPROTO_GRE; -- -- exp.mask.src.ip = 0xffffffff; -- exp.mask.src.u.all = 0; -- exp.mask.dst.u.all = 0; -- exp.mask.dst.u.gre.key = 0xffffffff; -- exp.mask.dst.u.gre.version = 0xff; -- exp.mask.dst.u.gre.protocol = 0xffff; -- exp.mask.dst.ip = 0xffffffff; -- exp.mask.dst.protonum = 0xffff; -- -- exp.seq = seq; -- exp.expectfn = pptp_expectfn; -- -- exp.help.exp_pptp_info.pac_call_id = ntohs(callid); -- exp.help.exp_pptp_info.pns_call_id = ntohs(peer_callid); -- -- DEBUGP("calling expect_related "); -- DUMP_TUPLE_RAW(&exp.tuple); -- -- /* Add GRE keymap entries */ -- ip_ct_gre_keymap_add(&exp, &exp.tuple, 0); -- invert_tuplepr(&inv_tuple, &exp.tuple); -- ip_ct_gre_keymap_add(&exp, &inv_tuple, 1); -- -- ip_conntrack_expect_related(master, &exp); -- -- return 0; --} -- --static inline int --pptp_inbound_pkt(struct tcphdr *tcph, -- struct pptp_pkt_hdr *pptph, -- size_t datalen, -- struct ip_conntrack *ct, -- enum ip_conntrack_info ctinfo) --{ -- struct PptpControlHeader *ctlh; -- union pptp_ctrl_union pptpReq; -- -- struct ip_ct_pptp_master *info = &ct->help.ct_pptp_info; -- u_int16_t msg, *cid, *pcid; -- u_int32_t seq; -- -- ctlh = (struct PptpControlHeader *) -- ((char *) pptph + sizeof(struct pptp_pkt_hdr)); -- pptpReq.rawreq = (void *) -- ((char *) ctlh + sizeof(struct PptpControlHeader)); -- -- msg = ntohs(ctlh->messageType); -- DEBUGP("inbound control message %s\n", strMName[msg]); -- -- switch (msg) { -- case PPTP_START_SESSION_REPLY: -- /* server confirms new control session */ -- if (info->sstate < PPTP_SESSION_REQUESTED) { -- DEBUGP("%s without START_SESS_REQUEST\n", -- strMName[msg]); -- break; -- } -- if (pptpReq.srep->resultCode == PPTP_START_OK) -- info->sstate = PPTP_SESSION_CONFIRMED; -- else -- info->sstate = PPTP_SESSION_ERROR; -- break; -- -- case PPTP_STOP_SESSION_REPLY: -- /* server confirms end of control session */ -- if (info->sstate > PPTP_SESSION_STOPREQ) { -- DEBUGP("%s without STOP_SESS_REQUEST\n", -- strMName[msg]); -- break; -- } -- if (pptpReq.strep->resultCode == PPTP_STOP_OK) -- info->sstate = PPTP_SESSION_NONE; -- else -- info->sstate = PPTP_SESSION_ERROR; -- break; -- -- case PPTP_OUT_CALL_REPLY: -- /* server accepted call, we now expect GRE frames */ -- if (info->sstate != PPTP_SESSION_CONFIRMED) { -- DEBUGP("%s but no session\n", strMName[msg]); -- break; -- } -- if (info->cstate != PPTP_CALL_OUT_REQ && -- info->cstate != PPTP_CALL_OUT_CONF) { -- DEBUGP("%s without OUTCALL_REQ\n", strMName[msg]); -- break; -- } -- if (pptpReq.ocack->resultCode != PPTP_OUTCALL_CONNECT) { -- info->cstate = PPTP_CALL_NONE; -- break; -- } -- -- cid = &pptpReq.ocack->callID; -- pcid = &pptpReq.ocack->peersCallID; -- -- info->pac_call_id = ntohs(*cid); -- -- if (htons(info->pns_call_id) != *pcid) { -- DEBUGP("%s for unknown callid %u\n", -- strMName[msg], ntohs(*pcid)); -- break; -- } -- -- DEBUGP("%s, CID=%X, PCID=%X\n", strMName[msg], -- ntohs(*cid), ntohs(*pcid)); -- -- info->cstate = PPTP_CALL_OUT_CONF; -- -- seq = ntohl(tcph->seq) + ((void *)pcid - (void *)pptph); -- exp_gre(ct, seq, *cid, *pcid); -- break; -- -- case PPTP_IN_CALL_REQUEST: -- /* server tells us about incoming call request */ -- if (info->sstate != PPTP_SESSION_CONFIRMED) { -- DEBUGP("%s but no session\n", strMName[msg]); -- break; -- } -- pcid = &pptpReq.icack->peersCallID; -- DEBUGP("%s, PCID=%X\n", strMName[msg], ntohs(*pcid)); -- info->cstate = PPTP_CALL_IN_REQ; -- info->pac_call_id= ntohs(*pcid); -- break; -- -- case PPTP_IN_CALL_CONNECT: -- /* server tells us about incoming call established */ -- if (info->sstate != PPTP_SESSION_CONFIRMED) { -- DEBUGP("%s but no session\n", strMName[msg]); -- break; -- } -- if (info->sstate != PPTP_CALL_IN_REP -- && info->sstate != PPTP_CALL_IN_CONF) { -- DEBUGP("%s but never sent IN_CALL_REPLY\n", -- strMName[msg]); -- break; -- } -- -- pcid = &pptpReq.iccon->peersCallID; -- cid = &info->pac_call_id; -- -- if (info->pns_call_id != ntohs(*pcid)) { -- DEBUGP("%s for unknown CallID %u\n", -- strMName[msg], ntohs(*cid)); -- break; -- } -- -- DEBUGP("%s, PCID=%X\n", strMName[msg], ntohs(*pcid)); -- info->cstate = PPTP_CALL_IN_CONF; -- -- /* we expect a GRE connection from PAC to PNS */ -- seq = ntohl(tcph->seq) + ((void *)pcid - (void *)pptph); -- exp_gre(ct, seq, *cid, *pcid); -- -- break; -- -- case PPTP_CALL_DISCONNECT_NOTIFY: -- /* server confirms disconnect */ -- cid = &pptpReq.disc->callID; -- DEBUGP("%s, CID=%X\n", strMName[msg], ntohs(*cid)); -- info->cstate = PPTP_CALL_NONE; -- -- /* untrack this call id, unexpect GRE packets */ -- pptp_timeout_related(ct); -- /* NEWNAT: look up exp for call id and unexpct_related */ -- break; -- -- case PPTP_WAN_ERROR_NOTIFY: -- break; -- -- case PPTP_ECHO_REQUEST: -- case PPTP_ECHO_REPLY: -- /* I don't have to explain these ;) */ -- break; -- default: -- DEBUGP("invalid %s (TY=%d)\n", (msg <= PPTP_MSG_MAX) -- ? strMName[msg]:strMName[0], msg); -- break; -- } -- -- return NF_ACCEPT; -- --} -- --static inline int --pptp_outbound_pkt(struct tcphdr *tcph, -- struct pptp_pkt_hdr *pptph, -- size_t datalen, -- struct ip_conntrack *ct, -- enum ip_conntrack_info ctinfo) --{ -- struct PptpControlHeader *ctlh; -- union pptp_ctrl_union pptpReq; -- struct ip_ct_pptp_master *info = &ct->help.ct_pptp_info; -- u_int16_t msg, *cid, *pcid; -- -- ctlh = (struct PptpControlHeader *) ((void *) pptph + sizeof(*pptph)); -- pptpReq.rawreq = (void *) ((void *) ctlh + sizeof(*ctlh)); -- -- msg = ntohs(ctlh->messageType); -- DEBUGP("outbound control message %s\n", strMName[msg]); -- -- switch (msg) { -- case PPTP_START_SESSION_REQUEST: -- /* client requests for new control session */ -- if (info->sstate != PPTP_SESSION_NONE) { -- DEBUGP("%s but we already have one", -- strMName[msg]); -- } -- info->sstate = PPTP_SESSION_REQUESTED; -- break; -- case PPTP_STOP_SESSION_REQUEST: -- /* client requests end of control session */ -- info->sstate = PPTP_SESSION_STOPREQ; -- break; -- -- case PPTP_OUT_CALL_REQUEST: -- /* client initiating connection to server */ -- if (info->sstate != PPTP_SESSION_CONFIRMED) { -- DEBUGP("%s but no session\n", -- strMName[msg]); -- break; -- } -- info->cstate = PPTP_CALL_OUT_REQ; -- /* track PNS call id */ -- cid = &pptpReq.ocreq->callID; -- DEBUGP("%s, CID=%X\n", strMName[msg], ntohs(*cid)); -- info->pns_call_id = ntohs(*cid); -- break; -- case PPTP_IN_CALL_REPLY: -- /* client answers incoming call */ -- if (info->cstate != PPTP_CALL_IN_REQ -- && info->cstate != PPTP_CALL_IN_REP) { -- DEBUGP("%s without incall_req\n", -- strMName[msg]); -- break; -- } -- if (pptpReq.icack->resultCode != PPTP_INCALL_ACCEPT) { -- info->cstate = PPTP_CALL_NONE; -- break; -- } -- pcid = &pptpReq.icack->peersCallID; -- if (info->pac_call_id != ntohs(*pcid)) { -- DEBUGP("%s for unknown call %u\n", -- strMName[msg], ntohs(*pcid)); -- break; -- } -- DEBUGP("%s, CID=%X\n", strMName[msg], ntohs(*pcid)); -- /* part two of the three-way handshake */ -- info->cstate = PPTP_CALL_IN_REP; -- info->pns_call_id = ntohs(pptpReq.icack->callID); -- break; -- -- case PPTP_CALL_CLEAR_REQUEST: -- /* client requests hangup of call */ -- if (info->sstate != PPTP_SESSION_CONFIRMED) { -- DEBUGP("CLEAR_CALL but no session\n"); -- break; -- } -- /* FUTURE: iterate over all calls and check if -- * call ID is valid. We don't do this without newnat, -- * because we only know about last call */ -- info->cstate = PPTP_CALL_CLEAR_REQ; -- break; -- case PPTP_SET_LINK_INFO: -- break; -- case PPTP_ECHO_REQUEST: -- case PPTP_ECHO_REPLY: -- /* I don't have to explain these ;) */ -- break; -- default: -- DEBUGP("invalid %s (TY=%d)\n", (msg <= PPTP_MSG_MAX)? -- strMName[msg]:strMName[0], msg); -- /* unknown: no need to create GRE masq table entry */ -- break; -- } -- -- return NF_ACCEPT; --} -- -- --/* track caller id inside control connection, call expect_related */ --static int --conntrack_pptp_help(const struct iphdr *iph, size_t len, -- struct ip_conntrack *ct, enum ip_conntrack_info ctinfo) -- --{ -- struct pptp_pkt_hdr *pptph; -- -- struct tcphdr *tcph = (void *) iph + iph->ihl * 4; -- u_int32_t tcplen = len - iph->ihl * 4; -- u_int32_t datalen = tcplen - tcph->doff * 4; -- void *datalimit; -- int dir = CTINFO2DIR(ctinfo); -- struct ip_ct_pptp_master *info = &ct->help.ct_pptp_info; -- -- int oldsstate, oldcstate; -- int ret; -- -- /* don't do any tracking before tcp handshake complete */ -- if (ctinfo != IP_CT_ESTABLISHED -- && ctinfo != IP_CT_ESTABLISHED+IP_CT_IS_REPLY) { -- DEBUGP("ctinfo = %u, skipping\n", ctinfo); -- return NF_ACCEPT; -- } -- -- /* not a complete TCP header? */ -- if (tcplen < sizeof(struct tcphdr) || tcplen < tcph->doff * 4) { -- DEBUGP("tcplen = %u\n", tcplen); -- return NF_ACCEPT; -- } -- -- /* checksum invalid? */ -- if (tcp_v4_check(tcph, tcplen, iph->saddr, iph->daddr, -- csum_partial((char *) tcph, tcplen, 0))) { -- printk(KERN_NOTICE __FILE__ ": bad csum\n"); --// return NF_ACCEPT; -- } -- -- if (tcph->fin || tcph->rst) { -- DEBUGP("RST/FIN received, timeouting GRE\n"); -- /* can't do this after real newnat */ -- info->cstate = PPTP_CALL_NONE; -- -- /* untrack this call id, unexpect GRE packets */ -- pptp_timeout_related(ct); -- /* no need to call unexpect_related since master conn -- * dies anyway */ -- } -- -- -- pptph = (struct pptp_pkt_hdr *) ((void *) tcph + tcph->doff * 4); -- datalimit = (void *) pptph + datalen; -- -- /* not a full pptp packet header? */ -- if ((void *) pptph+sizeof(*pptph) >= datalimit) { -- DEBUGP("no full PPTP header, can't track\n"); -- return NF_ACCEPT; -- } -- -- /* if it's not a control message we can't do anything with it */ -- if (ntohs(pptph->packetType) != PPTP_PACKET_CONTROL || -- ntohl(pptph->magicCookie) != PPTP_MAGIC_COOKIE) { -- DEBUGP("not a control packet\n"); -- return NF_ACCEPT; -- } -- -- oldsstate = info->sstate; -- oldcstate = info->cstate; -- -- LOCK_BH(&ip_pptp_lock); -- -- if (dir == IP_CT_DIR_ORIGINAL) -- /* client -> server (PNS -> PAC) */ -- ret = pptp_outbound_pkt(tcph, pptph, datalen, ct, ctinfo); -- else -- /* server -> client (PAC -> PNS) */ -- ret = pptp_inbound_pkt(tcph, pptph, datalen, ct, ctinfo); -- DEBUGP("sstate: %d->%d, cstate: %d->%d\n", -- oldsstate, info->sstate, oldcstate, info->cstate); -- UNLOCK_BH(&ip_pptp_lock); -- -- return ret; --} -- --/* control protocol helper */ --static struct ip_conntrack_helper pptp = { -- { NULL, NULL }, -- "pptp", IP_CT_HELPER_F_REUSE_EXPECT, THIS_MODULE, 2, 0, -- { { 0, { tcp: { port: __constant_htons(PPTP_CONTROL_PORT) } } }, -- { 0, { 0 }, IPPROTO_TCP } }, -- { { 0, { tcp: { port: 0xffff } } }, -- { 0, { 0 }, 0xffff } }, -- conntrack_pptp_help }; -- --/* ip_conntrack_pptp initialization */ --static int __init init(void) --{ -- int retcode; -- -- DEBUGP(__FILE__ ": registering helper\n"); -- if ((retcode = ip_conntrack_helper_register(&pptp))) { -- printk(KERN_ERR "Unable to register conntrack application " -- "helper for pptp: %d\n", retcode); -- return -EIO; -- } -- -- return 0; --} -- --static void __exit fini(void) --{ -- ip_conntrack_helper_unregister(&pptp); --} -- --module_init(init); --module_exit(fini); -- --EXPORT_SYMBOL(ip_pptp_lock); -diff -Nurb linux/net/ipv4/netfilter/ip_conntrack_pptp_priv.h linux.stock/net/ipv4/netfilter/ip_conntrack_pptp_priv.h ---- linux/net/ipv4/netfilter/ip_conntrack_pptp_priv.h 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_conntrack_pptp_priv.h 1969-12-31 19:00:00.000000000 -0500 -@@ -1,24 +0,0 @@ --#ifndef _IP_CT_PPTP_PRIV_H --#define _IP_CT_PPTP_PRIV_H -- --/* PptpControlMessageType names */ --static const char *strMName[] = { -- "UNKNOWN_MESSAGE", -- "START_SESSION_REQUEST", -- "START_SESSION_REPLY", -- "STOP_SESSION_REQUEST", -- "STOP_SESSION_REPLY", -- "ECHO_REQUEST", -- "ECHO_REPLY", -- "OUT_CALL_REQUEST", -- "OUT_CALL_REPLY", -- "IN_CALL_REQUEST", -- "IN_CALL_REPLY", -- "IN_CALL_CONNECT", -- "CALL_CLEAR_REQUEST", -- "CALL_DISCONNECT_NOTIFY", -- "WAN_ERROR_NOTIFY", -- "SET_LINK_INFO" --}; -- --#endif -diff -Nurb linux/net/ipv4/netfilter/ip_conntrack_proto_gre.c linux.stock/net/ipv4/netfilter/ip_conntrack_proto_gre.c ---- linux/net/ipv4/netfilter/ip_conntrack_proto_gre.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_conntrack_proto_gre.c 1969-12-31 19:00:00.000000000 -0500 -@@ -1,320 +0,0 @@ --/* -- * ip_conntrack_proto_gre.c - Version 1.11 -- * -- * Connection tracking protocol helper module for GRE. -- * -- * GRE is a generic encapsulation protocol, which is generally not very -- * suited for NAT, as it has no protocol-specific part as port numbers. -- * -- * It has an optional key field, which may help us distinguishing two -- * connections between the same two hosts. -- * -- * GRE is defined in RFC 1701 and RFC 1702, as well as RFC 2784 -- * -- * PPTP is built on top of a modified version of GRE, and has a mandatory -- * field called "CallID", which serves us for the same purpose as the key -- * field in plain GRE. -- * -- * Documentation about PPTP can be found in RFC 2637 -- * -- * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org> -- * -- * Development of this code funded by Astaro AG (http://www.astaro.com/) -- * -- */ -- --#include <linux/config.h> --#include <linux/module.h> --#include <linux/types.h> --#include <linux/timer.h> --#include <linux/netfilter.h> --#include <linux/ip.h> --#include <linux/in.h> --#include <linux/list.h> -- --#include <linux/netfilter_ipv4/lockhelp.h> -- --DECLARE_RWLOCK(ip_ct_gre_lock); --#define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_ct_gre_lock) --#define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_ct_gre_lock) -- --#include <linux/netfilter_ipv4/listhelp.h> --#include <linux/netfilter_ipv4/ip_conntrack_protocol.h> --#include <linux/netfilter_ipv4/ip_conntrack_helper.h> --#include <linux/netfilter_ipv4/ip_conntrack_core.h> -- --#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h> --#include <linux/netfilter_ipv4/ip_conntrack_pptp.h> -- --MODULE_LICENSE("GPL"); --MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>"); --MODULE_DESCRIPTION("netfilter connection tracking protocol helper for GRE"); -- --/* shamelessly stolen from ip_conntrack_proto_udp.c */ --#define GRE_TIMEOUT (30*HZ) --#define GRE_STREAM_TIMEOUT (180*HZ) -- --#define DEBUGP(x, args...) --#define DUMP_TUPLE_GRE(x) -- --/* GRE KEYMAP HANDLING FUNCTIONS */ --static LIST_HEAD(gre_keymap_list); -- --static inline int gre_key_cmpfn(const struct ip_ct_gre_keymap *km, -- const struct ip_conntrack_tuple *t) --{ -- return ((km->tuple.src.ip == t->src.ip) && -- (km->tuple.dst.ip == t->dst.ip) && -- (km->tuple.dst.protonum == t->dst.protonum) && -- (km->tuple.dst.u.all == t->dst.u.all)); --} -- --/* look up the source key for a given tuple */ --static u_int32_t gre_keymap_lookup(struct ip_conntrack_tuple *t) --{ -- struct ip_ct_gre_keymap *km; -- u_int32_t key; -- -- READ_LOCK(&ip_ct_gre_lock); -- km = LIST_FIND(&gre_keymap_list, gre_key_cmpfn, -- struct ip_ct_gre_keymap *, t); -- if (!km) { -- READ_UNLOCK(&ip_ct_gre_lock); -- return 0; -- } -- -- key = km->tuple.src.u.gre.key; -- READ_UNLOCK(&ip_ct_gre_lock); -- -- return key; --} -- --/* add a single keymap entry, associate with specified expect */ --int ip_ct_gre_keymap_add(struct ip_conntrack_expect *exp, -- struct ip_conntrack_tuple *t, int reply) --{ -- struct ip_ct_gre_keymap *km; -- -- km = kmalloc(sizeof(*km), GFP_ATOMIC); -- if (!km) -- return -1; -- -- /* initializing list head should be sufficient */ -- memset(km, 0, sizeof(*km)); -- -- memcpy(&km->tuple, t, sizeof(*t)); -- km->master = exp; -- -- if (!reply) -- exp->proto.gre.keymap_orig = km; -- else -- exp->proto.gre.keymap_reply = km; -- -- DEBUGP("adding new entry %p: ", km); -- DUMP_TUPLE_GRE(&km->tuple); -- -- WRITE_LOCK(&ip_ct_gre_lock); -- list_append(&gre_keymap_list, km); -- WRITE_UNLOCK(&ip_ct_gre_lock); -- -- return 0; --} -- --/* change the tuple of a keymap entry (used by nat helper) */ --void ip_ct_gre_keymap_change(struct ip_ct_gre_keymap *km, -- struct ip_conntrack_tuple *t) --{ -- DEBUGP("changing entry %p to: ", km); -- DUMP_TUPLE_GRE(t); -- -- WRITE_LOCK(&ip_ct_gre_lock); -- memcpy(&km->tuple, t, sizeof(km->tuple)); -- WRITE_UNLOCK(&ip_ct_gre_lock); --} -- -- --/* PUBLIC CONNTRACK PROTO HELPER FUNCTIONS */ -- --/* invert gre part of tuple */ --static int gre_invert_tuple(struct ip_conntrack_tuple *tuple, -- const struct ip_conntrack_tuple *orig) --{ -- tuple->dst.u.gre.protocol = orig->dst.u.gre.protocol; -- tuple->dst.u.gre.version = orig->dst.u.gre.version; -- -- tuple->dst.u.gre.key = orig->src.u.gre.key; -- tuple->src.u.gre.key = orig->dst.u.gre.key; -- -- return 1; --} -- --/* gre hdr info to tuple */ --static int gre_pkt_to_tuple(const void *datah, size_t datalen, -- struct ip_conntrack_tuple *tuple) --{ -- struct gre_hdr *grehdr = (struct gre_hdr *) datah; -- struct gre_hdr_pptp *pgrehdr = (struct gre_hdr_pptp *) datah; -- u_int32_t srckey; -- -- /* core guarantees 8 protocol bytes, no need for size check */ -- -- tuple->dst.u.gre.version = grehdr->version; -- tuple->dst.u.gre.protocol = grehdr->protocol; -- -- switch (grehdr->version) { -- case GRE_VERSION_1701: -- if (!grehdr->key) { -- DEBUGP("Can't track GRE without key\n"); -- return 0; -- } -- tuple->dst.u.gre.key = *(gre_key(grehdr)); -- break; -- -- case GRE_VERSION_PPTP: -- if (ntohs(grehdr->protocol) != GRE_PROTOCOL_PPTP) { -- DEBUGP("GRE_VERSION_PPTP but unknown proto\n"); -- return 0; -- } -- tuple->dst.u.gre.key = htonl(ntohs(pgrehdr->call_id)); -- break; -- -- default: -- printk(KERN_WARNING "unknown GRE version %hu\n", -- tuple->dst.u.gre.version); -- return 0; -- } -- -- srckey = gre_keymap_lookup(tuple); -- -- tuple->src.u.gre.key = srckey; -- -- return 1; --} -- --/* print gre part of tuple */ --static unsigned int gre_print_tuple(char *buffer, -- const struct ip_conntrack_tuple *tuple) --{ -- return sprintf(buffer, "version=%d protocol=0x%04x srckey=0x%x dstkey=0x%x ", -- tuple->dst.u.gre.version, -- ntohs(tuple->dst.u.gre.protocol), -- ntohl(tuple->src.u.gre.key), -- ntohl(tuple->dst.u.gre.key)); --} -- --/* print private data for conntrack */ --static unsigned int gre_print_conntrack(char *buffer, -- const struct ip_conntrack *ct) --{ -- return sprintf(buffer, "timeout=%u, stream_timeout=%u ", -- (ct->proto.gre.timeout / HZ), -- (ct->proto.gre.stream_timeout / HZ)); --} -- --/* Returns verdict for packet, and may modify conntrack */ --static int gre_packet(struct ip_conntrack *ct, -- struct iphdr *iph, size_t len, -- enum ip_conntrack_info conntrackinfo) --{ -- /* If we've seen traffic both ways, this is a GRE connection. -- * Extend timeout. */ -- if (ct->status & IPS_SEEN_REPLY) { -- ip_ct_refresh(ct, ct->proto.gre.stream_timeout); -- /* Also, more likely to be important, and not a probe. */ -- set_bit(IPS_ASSURED_BIT, &ct->status); -- } else -- ip_ct_refresh(ct, ct->proto.gre.timeout); -- -- return NF_ACCEPT; --} -- --/* Called when a new connection for this protocol found. */ --static int gre_new(struct ip_conntrack *ct, -- struct iphdr *iph, size_t len) --{ -- DEBUGP(": "); -- DUMP_TUPLE_GRE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); -- -- /* initialize to sane value. Ideally a conntrack helper -- * (e.g. in case of pptp) is increasing them */ -- ct->proto.gre.stream_timeout = GRE_STREAM_TIMEOUT; -- ct->proto.gre.timeout = GRE_TIMEOUT; -- -- return 1; --} -- --/* Called when a conntrack entry has already been removed from the hashes -- * and is about to be deleted from memory */ --static void gre_destroy(struct ip_conntrack *ct) --{ -- struct ip_conntrack_expect *master = ct->master; -- -- DEBUGP(" entering\n"); -- -- if (!master) { -- DEBUGP("no master exp for ct %p\n", ct); -- return; -- } -- -- WRITE_LOCK(&ip_ct_gre_lock); -- if (master->proto.gre.keymap_orig) { -- DEBUGP("removing %p from list\n", master->proto.gre.keymap_orig); -- list_del(&master->proto.gre.keymap_orig->list); -- kfree(master->proto.gre.keymap_orig); -- } -- if (master->proto.gre.keymap_reply) { -- DEBUGP("removing %p from list\n", master->proto.gre.keymap_reply); -- list_del(&master->proto.gre.keymap_reply->list); -- kfree(master->proto.gre.keymap_reply); -- } -- WRITE_UNLOCK(&ip_ct_gre_lock); --} -- --/* protocol helper struct */ --static struct ip_conntrack_protocol gre = { { NULL, NULL }, IPPROTO_GRE, -- "gre", -- gre_pkt_to_tuple, -- gre_invert_tuple, -- gre_print_tuple, -- gre_print_conntrack, -- gre_packet, -- gre_new, -- gre_destroy, -- NULL, -- THIS_MODULE }; -- --/* ip_conntrack_proto_gre initialization */ --static int __init init(void) --{ -- int retcode; -- -- if ((retcode = ip_conntrack_protocol_register(&gre))) { -- printk(KERN_ERR "Unable to register conntrack protocol " -- "helper for gre: %d\n", retcode); -- return -EIO; -- } -- -- return 0; --} -- --static void __exit fini(void) --{ -- struct list_head *pos, *n; -- -- /* delete all keymap entries */ -- WRITE_LOCK(&ip_ct_gre_lock); -- list_for_each_safe(pos, n, &gre_keymap_list) { -- DEBUGP("deleting keymap %p\n", pos); -- list_del(pos); -- kfree(pos); -- } -- WRITE_UNLOCK(&ip_ct_gre_lock); -- -- ip_conntrack_protocol_unregister(&gre); --} -- --EXPORT_SYMBOL(ip_ct_gre_keymap_add); --EXPORT_SYMBOL(ip_ct_gre_keymap_change); -- --module_init(init); --module_exit(fini); -diff -Nurb linux/net/ipv4/netfilter/ip_conntrack_proto_tcp.c linux.stock/net/ipv4/netfilter/ip_conntrack_proto_tcp.c ---- linux/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2003-08-12 07:33:45.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_conntrack_proto_tcp.c 2004-05-09 04:13:03.000000000 -0400 -@@ -15,11 +15,17 @@ - #include <linux/netfilter_ipv4/ip_conntrack_protocol.h> - #include <linux/netfilter_ipv4/lockhelp.h> - -+#if 0 -+#define DEBUGP printk -+#else - #define DEBUGP(format, args...) -+#endif - - /* Protects conntrack->proto.tcp */ - static DECLARE_RWLOCK(tcp_lock); - -+/* FIXME: Examine ipfilter's timeouts and conntrack transitions more -+ closely. They're more complex. --RR */ - - /* Actually, I believe that neither ipmasq (where this code is stolen - from) nor ipfilter do it exactly right. A new conntrack machine taking -@@ -39,6 +45,25 @@ - "LISTEN" - }; - -+#define SECS *HZ -+#define MINS * 60 SECS -+#define HOURS * 60 MINS -+#define DAYS * 24 HOURS -+ -+ -+static unsigned long tcp_timeouts[] -+= { 30 MINS, /* TCP_CONNTRACK_NONE, */ -+ 5 DAYS, /* TCP_CONNTRACK_ESTABLISHED, */ -+ 2 MINS, /* TCP_CONNTRACK_SYN_SENT, */ -+ 60 SECS, /* TCP_CONNTRACK_SYN_RECV, */ -+ 2 MINS, /* TCP_CONNTRACK_FIN_WAIT, */ -+ 2 MINS, /* TCP_CONNTRACK_TIME_WAIT, */ -+ 10 SECS, /* TCP_CONNTRACK_CLOSE, */ -+ 60 SECS, /* TCP_CONNTRACK_CLOSE_WAIT, */ -+ 30 SECS, /* TCP_CONNTRACK_LAST_ACK, */ -+ 2 MINS, /* TCP_CONNTRACK_LISTEN, */ -+}; -+ - #define sNO TCP_CONNTRACK_NONE - #define sES TCP_CONNTRACK_ESTABLISHED - #define sSS TCP_CONNTRACK_SYN_SENT -@@ -161,13 +186,13 @@ - && tcph->syn && tcph->ack) - conntrack->proto.tcp.handshake_ack - = htonl(ntohl(tcph->seq) + 1); -+ WRITE_UNLOCK(&tcp_lock); - - /* If only reply is a RST, we can consider ourselves not to - have an established connection: this is a fairly common - problem case, so we can delete the conntrack - immediately. --RR */ - if (!(conntrack->status & IPS_SEEN_REPLY) && tcph->rst) { -- WRITE_UNLOCK(&tcp_lock); - if (del_timer(&conntrack->timeout)) - conntrack->timeout.function((unsigned long)conntrack); - } else { -@@ -178,9 +203,7 @@ - && tcph->ack_seq == conntrack->proto.tcp.handshake_ack) - set_bit(IPS_ASSURED_BIT, &conntrack->status); - -- WRITE_UNLOCK(&tcp_lock); -- ip_ct_refresh(conntrack, -- sysctl_ip_conntrack_tcp_timeouts[newconntrack]); -+ ip_ct_refresh(conntrack, tcp_timeouts[newconntrack]); - } - - return NF_ACCEPT; -diff -Nurb linux/net/ipv4/netfilter/ip_conntrack_proto_udp.c linux.stock/net/ipv4/netfilter/ip_conntrack_proto_udp.c ---- linux/net/ipv4/netfilter/ip_conntrack_proto_udp.c 2003-08-12 07:33:45.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_conntrack_proto_udp.c 2004-05-09 04:13:03.000000000 -0400 -@@ -5,7 +5,9 @@ - #include <linux/in.h> - #include <linux/udp.h> - #include <linux/netfilter_ipv4/ip_conntrack_protocol.h> --#include <linux/netfilter_ipv4/ip_conntrack_udp.h> -+ -+#define UDP_TIMEOUT (30*HZ) -+#define UDP_STREAM_TIMEOUT (180*HZ) - - static int udp_pkt_to_tuple(const void *datah, size_t datalen, - struct ip_conntrack_tuple *tuple) -@@ -50,13 +52,11 @@ - /* If we've seen traffic both ways, this is some kind of UDP - stream. Extend timeout. */ - if (conntrack->status & IPS_SEEN_REPLY) { -- ip_ct_refresh(conntrack, -- sysctl_ip_conntrack_udp_timeouts[UDP_STREAM_TIMEOUT]); -+ ip_ct_refresh(conntrack, UDP_STREAM_TIMEOUT); - /* Also, more likely to be important, and not a probe */ - set_bit(IPS_ASSURED_BIT, &conntrack->status); - } else -- ip_ct_refresh(conntrack, -- sysctl_ip_conntrack_udp_timeouts[UDP_TIMEOUT]); -+ ip_ct_refresh(conntrack, UDP_TIMEOUT); - - return NF_ACCEPT; - } -diff -Nurb linux/net/ipv4/netfilter/ip_conntrack_standalone.c linux.stock/net/ipv4/netfilter/ip_conntrack_standalone.c ---- linux/net/ipv4/netfilter/ip_conntrack_standalone.c 2003-08-12 07:33:45.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_conntrack_standalone.c 2004-05-09 04:13:03.000000000 -0400 -@@ -27,7 +27,11 @@ - #include <linux/netfilter_ipv4/ip_conntrack_helper.h> - #include <linux/netfilter_ipv4/listhelp.h> - -+#if 0 -+#define DEBUGP printk -+#else - #define DEBUGP(format, args...) -+#endif - - struct module *ip_conntrack_module = THIS_MODULE; - MODULE_LICENSE("GPL"); -@@ -52,17 +56,12 @@ - return len; - } - -+/* FIXME: Don't print source proto part. --RR */ - static unsigned int - print_expect(char *buffer, const struct ip_conntrack_expect *expect) - { - unsigned int len; - -- if (!expect || !expect->expectant || !expect->expectant->helper) { -- DEBUGP("expect %x expect->expectant %x expect->expectant->helper %x\n", -- expect, expect->expectant, expect->expectant->helper); -- return 0; -- } -- - if (expect->expectant->helper->timeout) - len = sprintf(buffer, "EXPECTING: %lu ", - timer_pending(&expect->timeout) -@@ -294,6 +293,8 @@ - return ret; - } - -+/* FIXME: Allow NULL functions and sub in pointers to generic for -+ them. --RR */ - int ip_conntrack_protocol_register(struct ip_conntrack_protocol *proto) - { - int ret = 0; -@@ -362,8 +363,6 @@ - EXPORT_SYMBOL(ip_ct_find_proto); - EXPORT_SYMBOL(__ip_ct_find_proto); - EXPORT_SYMBOL(ip_ct_find_helper); --EXPORT_SYMBOL(sysctl_ip_conntrack_tcp_timeouts); --EXPORT_SYMBOL(sysctl_ip_conntrack_udp_timeouts); - EXPORT_SYMBOL(ip_conntrack_expect_related); - EXPORT_SYMBOL(ip_conntrack_change_expect); - EXPORT_SYMBOL(ip_conntrack_unexpect_related); -diff -Nurb linux/net/ipv4/netfilter/ip_conntrack_tftp.c linux.stock/net/ipv4/netfilter/ip_conntrack_tftp.c ---- linux/net/ipv4/netfilter/ip_conntrack_tftp.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_conntrack_tftp.c 1969-12-31 19:00:00.000000000 -0500 -@@ -1,126 +0,0 @@ --/* -- * Licensed under GNU GPL version 2 Copyright Magnus Boden <mb@ozaba.mine.nu> -- * Version: 0.0.7 -- * -- * Thu 21 Mar 2002 Harald Welte <laforge@gnumonks.org> -- * - port to newnat API -- * -- */ -- --#include <linux/module.h> --#include <linux/ip.h> --#include <linux/udp.h> -- --#include <linux/netfilter.h> --#include <linux/netfilter_ipv4/ip_tables.h> --#include <linux/netfilter_ipv4/ip_conntrack_helper.h> --#include <linux/netfilter_ipv4/ip_conntrack_tftp.h> -- --MODULE_AUTHOR("Magnus Boden <mb@ozaba.mine.nu>"); --MODULE_DESCRIPTION("Netfilter connection tracking module for tftp"); --MODULE_LICENSE("GPL"); -- --#define MAX_PORTS 8 --static int ports[MAX_PORTS]; --static int ports_c = 0; --#ifdef MODULE_PARM --MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i"); --MODULE_PARM_DESC(ports, "port numbers of tftp servers"); --#endif -- --#define DEBUGP(format, args...) -- --static int tftp_help(const struct iphdr *iph, size_t len, -- struct ip_conntrack *ct, -- enum ip_conntrack_info ctinfo) --{ -- struct udphdr *udph = (void *)iph + iph->ihl * 4; -- struct tftphdr *tftph = (void *)udph + 8; -- struct ip_conntrack_expect exp; -- -- switch (ntohs(tftph->opcode)) { -- /* RRQ and WRQ works the same way */ -- case TFTP_OPCODE_READ: -- case TFTP_OPCODE_WRITE: -- DEBUGP(""); -- DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); -- DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_REPLY].tuple); -- memset(&exp, 0, sizeof(exp)); -- -- exp.tuple = ct->tuplehash[IP_CT_DIR_REPLY].tuple; -- exp.mask.src.ip = 0xffffffff; -- exp.mask.dst.ip = 0xffffffff; -- exp.mask.dst.u.udp.port = 0xffff; -- exp.mask.dst.protonum = 0xffff; -- exp.expectfn = NULL; -- -- DEBUGP("expect: "); -- DUMP_TUPLE(&exp.tuple); -- DUMP_TUPLE(&exp.mask); -- ip_conntrack_expect_related(ct, &exp); -- break; -- default: -- DEBUGP("Unknown opcode\n"); -- } -- return NF_ACCEPT; --} -- --static struct ip_conntrack_helper tftp[MAX_PORTS]; --static char tftp_names[MAX_PORTS][10]; -- --static void fini(void) --{ -- int i; -- -- for (i = 0 ; i < ports_c; i++) { -- DEBUGP("unregistering helper for port %d\n", -- ports[i]); -- ip_conntrack_helper_unregister(&tftp[i]); -- } --} -- --static int __init init(void) --{ -- int i, ret; -- char *tmpname; -- -- if (!ports[0]) -- ports[0]=TFTP_PORT; -- -- for (i = 0 ; (i < MAX_PORTS) && ports[i] ; i++) { -- /* Create helper structure */ -- memset(&tftp[i], 0, sizeof(struct ip_conntrack_helper)); -- -- tftp[i].tuple.dst.protonum = IPPROTO_UDP; -- tftp[i].tuple.src.u.udp.port = htons(ports[i]); -- tftp[i].mask.dst.protonum = 0xFFFF; -- tftp[i].mask.src.u.udp.port = 0xFFFF; -- tftp[i].max_expected = 1; -- tftp[i].timeout = 0; -- tftp[i].flags = IP_CT_HELPER_F_REUSE_EXPECT; -- tftp[i].me = THIS_MODULE; -- tftp[i].help = tftp_help; -- -- tmpname = &tftp_names[i][0]; -- if (ports[i] == TFTP_PORT) -- sprintf(tmpname, "tftp"); -- else -- sprintf(tmpname, "tftp-%d", i); -- tftp[i].name = tmpname; -- -- DEBUGP("port #%d: %d\n", i, ports[i]); -- -- ret=ip_conntrack_helper_register(&tftp[i]); -- if (ret) { -- printk("ERROR registering helper for port %d\n", -- ports[i]); -- fini(); -- return(ret); -- } -- ports_c++; -- } -- return(0); --} -- --module_init(init); --module_exit(fini); -diff -Nurb linux/net/ipv4/netfilter/ip_nat_core.c linux.stock/net/ipv4/netfilter/ip_nat_core.c ---- linux/net/ipv4/netfilter/ip_nat_core.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_nat_core.c 2004-05-09 04:13:03.000000000 -0400 -@@ -31,7 +31,11 @@ - #include <linux/netfilter_ipv4/ip_conntrack_helper.h> - #include <linux/netfilter_ipv4/listhelp.h> - -+#if 0 -+#define DEBUGP printk -+#else - #define DEBUGP(format, args...) -+#endif - - DECLARE_RWLOCK(ip_nat_lock); - DECLARE_RWLOCK_EXTERN(ip_conntrack_lock); -@@ -207,6 +211,7 @@ - { - struct rtable *rt; - -+ /* FIXME: IPTOS_TOS(iph->tos) --RR */ - if (ip_route_output(&rt, var_ip, 0, 0, 0) != 0) { - DEBUGP("do_extra_mangle: Can't get route to %u.%u.%u.%u\n", - NIPQUAD(var_ip)); -@@ -429,7 +434,7 @@ - *tuple = *orig_tuple; - while ((rptr = find_best_ips_proto_fast(tuple, mr, conntrack, hooknum)) - != NULL) { -- DEBUGP("Found best for "); DUMP_TUPLE_RAW(tuple); -+ DEBUGP("Found best for "); DUMP_TUPLE(tuple); - /* 3) The per-protocol part of the manip is made to - map into the range to make a unique tuple. */ - -@@ -529,6 +534,31 @@ - invert_tuplepr(&orig_tp, - &conntrack->tuplehash[IP_CT_DIR_REPLY].tuple); - -+#if 0 -+ { -+ unsigned int i; -+ -+ DEBUGP("Hook %u (%s), ", hooknum, -+ HOOK2MANIP(hooknum)==IP_NAT_MANIP_SRC ? "SRC" : "DST"); -+ DUMP_TUPLE(&orig_tp); -+ DEBUGP("Range %p: ", mr); -+ for (i = 0; i < mr->rangesize; i++) { -+ DEBUGP("%u:%s%s%s %u.%u.%u.%u - %u.%u.%u.%u %u - %u\n", -+ i, -+ (mr->range[i].flags & IP_NAT_RANGE_MAP_IPS) -+ ? " MAP_IPS" : "", -+ (mr->range[i].flags -+ & IP_NAT_RANGE_PROTO_SPECIFIED) -+ ? " PROTO_SPECIFIED" : "", -+ (mr->range[i].flags & IP_NAT_RANGE_FULL) -+ ? " FULL" : "", -+ NIPQUAD(mr->range[i].min_ip), -+ NIPQUAD(mr->range[i].max_ip), -+ mr->range[i].min.all, -+ mr->range[i].max.all); -+ } -+ } -+#endif - - do { - if (!get_unique_tuple(&new_tuple, &orig_tp, mr, conntrack, -@@ -538,6 +568,15 @@ - return NF_DROP; - } - -+#if 0 -+ DEBUGP("Hook %u (%s) %p\n", hooknum, -+ HOOK2MANIP(hooknum)==IP_NAT_MANIP_SRC ? "SRC" : "DST", -+ conntrack); -+ DEBUGP("Original: "); -+ DUMP_TUPLE(&orig_tp); -+ DEBUGP("New: "); -+ DUMP_TUPLE(&new_tuple); -+#endif - - /* We now have two tuples (SRCIP/SRCPT/DSTIP/DSTPT): - the original (A/B/C/D') and the mangled one (E/F/G/H'). -@@ -554,6 +593,8 @@ - If fail this race (reply tuple now used), repeat. */ - } while (!ip_conntrack_alter_reply(conntrack, &reply)); - -+ /* FIXME: We can simply used existing conntrack reply tuple -+ here --RR */ - /* Create inverse of original: C/D/A/B' */ - invert_tuplepr(&inv_tuple, &orig_tp); - -@@ -678,6 +719,17 @@ - iph->check); - iph->daddr = manip->ip; - } -+#if 0 -+ if (ip_fast_csum((u8 *)iph, iph->ihl) != 0) -+ DEBUGP("IP: checksum on packet bad.\n"); -+ -+ if (proto == IPPROTO_TCP) { -+ void *th = (u_int32_t *)iph + iph->ihl; -+ if (tcp_v4_check(th, len - 4*iph->ihl, iph->saddr, iph->daddr, -+ csum_partial((char *)th, len-4*iph->ihl, 0))) -+ DEBUGP("TCP: checksum on packet bad\n"); -+ } -+#endif - } - - static inline int exp_for_packet(struct ip_conntrack_expect *exp, -@@ -765,6 +817,7 @@ - continue; - - if (exp_for_packet(exp, pskb)) { -+ /* FIXME: May be true multiple times in the case of UDP!! */ - DEBUGP("calling nat helper (exp=%p) for packet\n", - exp); - ret = helper->help(ct, exp, info, ctinfo, -@@ -926,6 +979,7 @@ - INIT_LIST_HEAD(&byipsproto[i]); - } - -+ /* FIXME: Man, this is a hack. <SIGH> */ - IP_NF_ASSERT(ip_conntrack_destroyed == NULL); - ip_conntrack_destroyed = &ip_nat_cleanup_conntrack; - -diff -Nurb linux/net/ipv4/netfilter/ip_nat_h323.c linux.stock/net/ipv4/netfilter/ip_nat_h323.c ---- linux/net/ipv4/netfilter/ip_nat_h323.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_nat_h323.c 1969-12-31 19:00:00.000000000 -0500 -@@ -1,403 +0,0 @@ --/* -- * H.323 'brute force' extension for NAT alteration. -- * Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> -- * -- * Based on ip_masq_h323.c for 2.2 kernels from CoRiTel, Sofia project. -- * (http://www.coritel.it/projects/sofia/nat.html) -- * Uses Sampsa Ranta's excellent idea on using expectfn to 'bind' -- * the unregistered helpers to the conntrack entries. -- */ -- -- --#include <linux/module.h> --#include <linux/netfilter.h> --#include <linux/ip.h> --#include <net/checksum.h> --#include <net/tcp.h> -- --#include <linux/netfilter_ipv4/lockhelp.h> --#include <linux/netfilter_ipv4/ip_nat.h> --#include <linux/netfilter_ipv4/ip_nat_helper.h> --#include <linux/netfilter_ipv4/ip_nat_rule.h> --#include <linux/netfilter_ipv4/ip_conntrack_tuple.h> --#include <linux/netfilter_ipv4/ip_conntrack_helper.h> --#include <linux/netfilter_ipv4/ip_conntrack_h323.h> -- --MODULE_AUTHOR("Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>"); --MODULE_DESCRIPTION("H.323 'brute force' connection tracking module"); --MODULE_LICENSE("GPL"); -- --DECLARE_LOCK_EXTERN(ip_h323_lock); --struct module *ip_nat_h323 = THIS_MODULE; -- --#define DEBUGP(format, args...) -- -- --static unsigned int --h225_nat_expected(struct sk_buff **pskb, -- unsigned int hooknum, -- struct ip_conntrack *ct, -- struct ip_nat_info *info); -- --static unsigned int h225_nat_help(struct ip_conntrack *ct, -- struct ip_conntrack_expect *exp, -- struct ip_nat_info *info, -- enum ip_conntrack_info ctinfo, -- unsigned int hooknum, -- struct sk_buff **pskb); -- --static struct ip_nat_helper h245 = -- { { NULL, NULL }, -- "H.245", /* name */ -- 0, /* flags */ -- NULL, /* module */ -- { { 0, { 0 } }, /* tuple */ -- { 0, { 0 }, IPPROTO_TCP } }, -- { { 0, { 0xFFFF } }, /* mask */ -- { 0, { 0 }, 0xFFFF } }, -- h225_nat_help, /* helper */ -- h225_nat_expected /* expectfn */ -- }; -- --static unsigned int --h225_nat_expected(struct sk_buff **pskb, -- unsigned int hooknum, -- struct ip_conntrack *ct, -- struct ip_nat_info *info) --{ -- struct ip_nat_multi_range mr; -- u_int32_t newdstip, newsrcip, newip; -- u_int16_t port; -- struct ip_ct_h225_expect *exp_info; -- struct ip_ct_h225_master *master_info; -- struct ip_conntrack *master = master_ct(ct); -- unsigned int is_h225, ret; -- -- IP_NF_ASSERT(info); -- IP_NF_ASSERT(master); -- -- IP_NF_ASSERT(!(info->initialized & (1<<HOOK2MANIP(hooknum)))); -- -- DEBUGP("h225_nat_expected: We have a connection!\n"); -- master_info = &ct->master->expectant->help.ct_h225_info; -- exp_info = &ct->master->help.exp_h225_info; -- -- LOCK_BH(&ip_h323_lock); -- -- DEBUGP("master: "); -- DUMP_TUPLE(&master->tuplehash[IP_CT_DIR_ORIGINAL].tuple); -- DUMP_TUPLE(&master->tuplehash[IP_CT_DIR_REPLY].tuple); -- DEBUGP("conntrack: "); -- DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); -- if (exp_info->dir == IP_CT_DIR_ORIGINAL) { -- /* Make connection go to the client. */ -- newdstip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip; -- newsrcip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip; -- DEBUGP("h225_nat_expected: %u.%u.%u.%u->%u.%u.%u.%u (to client)\n", -- NIPQUAD(newsrcip), NIPQUAD(newdstip)); -- } else { -- /* Make the connection go to the server */ -- newdstip = master->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip; -- newsrcip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip; -- DEBUGP("h225_nat_expected: %u.%u.%u.%u->%u.%u.%u.%u (to server)\n", -- NIPQUAD(newsrcip), NIPQUAD(newdstip)); -- } -- port = exp_info->port; -- is_h225 = master_info->is_h225 == H225_PORT; -- UNLOCK_BH(&ip_h323_lock); -- -- if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC) -- newip = newsrcip; -- else -- newip = newdstip; -- -- DEBUGP("h225_nat_expected: IP to %u.%u.%u.%u\n", NIPQUAD(newip)); -- -- mr.rangesize = 1; -- /* We don't want to manip the per-protocol, just the IPs... */ -- mr.range[0].flags = IP_NAT_RANGE_MAP_IPS; -- mr.range[0].min_ip = mr.range[0].max_ip = newip; -- -- /* ... unless we're doing a MANIP_DST, in which case, make -- sure we map to the correct port */ -- if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_DST) { -- mr.range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED; -- mr.range[0].min = mr.range[0].max -- = ((union ip_conntrack_manip_proto) -- { port }); -- } -- -- ret = ip_nat_setup_info(ct, &mr, hooknum); -- -- if (is_h225) { -- DEBUGP("h225_nat_expected: H.225, setting NAT helper for %p\n", ct); -- /* NAT expectfn called with ip_nat_lock write-locked */ -- info->helper = &h245; -- } -- return ret; --} -- --static int h323_signal_address_fixup(struct ip_conntrack *ct, -- struct sk_buff **pskb, -- enum ip_conntrack_info ctinfo) --{ -- struct iphdr *iph = (*pskb)->nh.iph; -- struct tcphdr *tcph = (void *)iph + iph->ihl*4; -- unsigned char *data; -- u_int32_t tcplen = (*pskb)->len - iph->ihl*4; -- u_int32_t datalen = tcplen - tcph->doff*4; -- struct ip_ct_h225_master *info = &ct->help.ct_h225_info; -- u_int32_t newip; -- u_int16_t port; -- u_int8_t buffer[6]; -- int i; -- -- MUST_BE_LOCKED(&ip_h323_lock); -- -- DEBUGP("h323_signal_address_fixup: %s %s\n", -- between(info->seq[IP_CT_DIR_ORIGINAL], ntohl(tcph->seq), ntohl(tcph->seq) + datalen) -- ? "yes" : "no", -- between(info->seq[IP_CT_DIR_REPLY], ntohl(tcph->seq), ntohl(tcph->seq) + datalen) -- ? "yes" : "no"); -- if (!(between(info->seq[IP_CT_DIR_ORIGINAL], ntohl(tcph->seq), ntohl(tcph->seq) + datalen) -- || between(info->seq[IP_CT_DIR_REPLY], ntohl(tcph->seq), ntohl(tcph->seq) + datalen))) -- return 1; -- -- DEBUGP("h323_signal_address_fixup: offsets %u + 6 and %u + 6 in %u\n", -- info->offset[IP_CT_DIR_ORIGINAL], -- info->offset[IP_CT_DIR_REPLY], -- tcplen); -- DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); -- DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_REPLY].tuple); -- -- for (i = 0; i < IP_CT_DIR_MAX; i++) { -- DEBUGP("h323_signal_address_fixup: %s %s\n", -- info->dir == IP_CT_DIR_ORIGINAL ? "original" : "reply", -- i == IP_CT_DIR_ORIGINAL ? "caller" : "callee"); -- if (!between(info->seq[i], ntohl(tcph->seq), -- ntohl(tcph->seq) + datalen)) -- continue; -- if (!between(info->seq[i] + 6, ntohl(tcph->seq), -- ntohl(tcph->seq) + datalen)) { -- /* Partial retransmisison. It's a cracker being funky. */ -- if (net_ratelimit()) { -- printk("H.323_NAT: partial packet %u/6 in %u/%u\n", -- info->seq[i], -- ntohl(tcph->seq), -- ntohl(tcph->seq) + datalen); -- } -- return 0; -- } -- -- /* Change address inside packet to match way we're mapping -- this connection. */ -- if (i == IP_CT_DIR_ORIGINAL) { -- newip = ct->tuplehash[!info->dir].tuple.dst.ip; -- port = ct->tuplehash[!info->dir].tuple.dst.u.tcp.port; -- } else { -- newip = ct->tuplehash[!info->dir].tuple.src.ip; -- port = ct->tuplehash[!info->dir].tuple.src.u.tcp.port; -- } -- -- data = (char *) tcph + tcph->doff * 4 + info->offset[i]; -- -- DEBUGP("h323_signal_address_fixup: orig %s IP:port %u.%u.%u.%u:%u\n", -- i == IP_CT_DIR_ORIGINAL ? "source" : "dest ", -- data[0], data[1], data[2], data[3], -- (data[4] << 8 | data[5])); -- -- /* Modify the packet */ -- memcpy(buffer, &newip, 4); -- memcpy(buffer + 4, &port, 2); -- if (!ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, info->offset[i], -- 6, buffer, 6)) -- return 0; -- -- DEBUGP("h323_signal_address_fixup: new %s IP:port %u.%u.%u.%u:%u\n", -- i == IP_CT_DIR_ORIGINAL ? "source" : "dest ", -- data[0], data[1], data[2], data[3], -- (data[4] << 8 | data[5])); -- } -- -- return 1; --} -- --static int h323_data_fixup(struct ip_ct_h225_expect *info, -- struct ip_conntrack *ct, -- struct sk_buff **pskb, -- enum ip_conntrack_info ctinfo, -- struct ip_conntrack_expect *expect) --{ -- u_int32_t newip; -- u_int16_t port; -- u_int8_t buffer[6]; -- struct ip_conntrack_tuple newtuple; -- struct iphdr *iph = (*pskb)->nh.iph; -- struct tcphdr *tcph = (void *)iph + iph->ihl*4; -- unsigned char *data; -- u_int32_t tcplen = (*pskb)->len - iph->ihl*4; -- struct ip_ct_h225_master *master_info = &ct->help.ct_h225_info; -- int is_h225; -- -- MUST_BE_LOCKED(&ip_h323_lock); -- DEBUGP("h323_data_fixup: offset %u + 6 in %u\n", info->offset, tcplen); -- DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); -- DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_REPLY].tuple); -- -- if (!between(expect->seq + 6, ntohl(tcph->seq), -- ntohl(tcph->seq) + tcplen - tcph->doff * 4)) { -- /* Partial retransmisison. It's a cracker being funky. */ -- if (net_ratelimit()) { -- printk("H.323_NAT: partial packet %u/6 in %u/%u\n", -- expect->seq, -- ntohl(tcph->seq), -- ntohl(tcph->seq) + tcplen - tcph->doff * 4); -- } -- return 0; -- } -- -- /* Change address inside packet to match way we're mapping -- this connection. */ -- if (info->dir == IP_CT_DIR_REPLY) { -- /* Must be where client thinks server is */ -- newip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip; -- /* Expect something from client->server */ -- newtuple.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip; -- newtuple.dst.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip; -- } else { -- /* Must be where server thinks client is */ -- newip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip; -- /* Expect something from server->client */ -- newtuple.src.ip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip; -- newtuple.dst.ip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip; -- } -- -- is_h225 = (master_info->is_h225 == H225_PORT); -- -- if (is_h225) { -- newtuple.dst.protonum = IPPROTO_TCP; -- newtuple.src.u.tcp.port = expect->tuple.src.u.tcp.port; -- } else { -- newtuple.dst.protonum = IPPROTO_UDP; -- newtuple.src.u.udp.port = expect->tuple.src.u.udp.port; -- } -- -- /* Try to get same port: if not, try to change it. */ -- for (port = ntohs(info->port); port != 0; port++) { -- if (is_h225) -- newtuple.dst.u.tcp.port = htons(port); -- else -- newtuple.dst.u.udp.port = htons(port); -- -- if (ip_conntrack_change_expect(expect, &newtuple) == 0) -- break; -- } -- if (port == 0) { -- DEBUGP("h323_data_fixup: no free port found!\n"); -- return 0; -- } -- -- port = htons(port); -- -- data = (char *) tcph + tcph->doff * 4 + info->offset; -- -- DEBUGP("h323_data_fixup: orig IP:port %u.%u.%u.%u:%u\n", -- data[0], data[1], data[2], data[3], -- (data[4] << 8 | data[5])); -- -- /* Modify the packet */ -- memcpy(buffer, &newip, 4); -- memcpy(buffer + 4, &port, 2); -- if (!ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, info->offset, -- 6, buffer, 6)) -- return 0; -- -- DEBUGP("h323_data_fixup: new IP:port %u.%u.%u.%u:%u\n", -- data[0], data[1], data[2], data[3], -- (data[4] << 8 | data[5])); -- -- return 1; --} -- --static unsigned int h225_nat_help(struct ip_conntrack *ct, -- struct ip_conntrack_expect *exp, -- struct ip_nat_info *info, -- enum ip_conntrack_info ctinfo, -- unsigned int hooknum, -- struct sk_buff **pskb) --{ -- int dir; -- struct ip_ct_h225_expect *exp_info; -- -- /* Only mangle things once: original direction in POST_ROUTING -- and reply direction on PRE_ROUTING. */ -- dir = CTINFO2DIR(ctinfo); -- DEBUGP("nat_h323: dir %s at hook %s\n", -- dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY", -- hooknum == NF_IP_POST_ROUTING ? "POSTROUTING" -- : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING" -- : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???"); -- if (!((hooknum == NF_IP_POST_ROUTING && dir == IP_CT_DIR_ORIGINAL) -- || (hooknum == NF_IP_PRE_ROUTING && dir == IP_CT_DIR_REPLY))) { -- DEBUGP("nat_h323: Not touching dir %s at hook %s\n", -- dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY", -- hooknum == NF_IP_POST_ROUTING ? "POSTROUTING" -- : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING" -- : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???"); -- return NF_ACCEPT; -- } -- -- if (!exp) { -- LOCK_BH(&ip_h323_lock); -- if (!h323_signal_address_fixup(ct, pskb, ctinfo)) { -- UNLOCK_BH(&ip_h323_lock); -- return NF_DROP; -- } -- UNLOCK_BH(&ip_h323_lock); -- return NF_ACCEPT; -- } -- -- exp_info = &exp->help.exp_h225_info; -- -- LOCK_BH(&ip_h323_lock); -- if (!h323_data_fixup(exp_info, ct, pskb, ctinfo, exp)) { -- UNLOCK_BH(&ip_h323_lock); -- return NF_DROP; -- } -- UNLOCK_BH(&ip_h323_lock); -- -- return NF_ACCEPT; --} -- --static struct ip_nat_helper h225 = -- { { NULL, NULL }, -- "H.225", /* name */ -- IP_NAT_HELPER_F_ALWAYS, /* flags */ -- THIS_MODULE, /* module */ -- { { 0, { __constant_htons(H225_PORT) } }, /* tuple */ -- { 0, { 0 }, IPPROTO_TCP } }, -- { { 0, { 0xFFFF } }, /* mask */ -- { 0, { 0 }, 0xFFFF } }, -- h225_nat_help, /* helper */ -- h225_nat_expected /* expectfn */ -- }; -- --static int __init init(void) --{ -- int ret; -- -- ret = ip_nat_helper_register(&h225); -- -- if (ret != 0) -- printk("ip_nat_h323: cannot initialize the module!\n"); -- -- return ret; --} -- --static void __exit fini(void) --{ -- ip_nat_helper_unregister(&h225); --} -- --module_init(init); --module_exit(fini); -diff -Nurb linux/net/ipv4/netfilter/ip_nat_helper.c linux.stock/net/ipv4/netfilter/ip_nat_helper.c ---- linux/net/ipv4/netfilter/ip_nat_helper.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_nat_helper.c 2004-05-09 04:13:03.000000000 -0400 -@@ -8,9 +8,6 @@ - * - add support for SACK adjustment - * 14 Mar 2002 Harald Welte <laforge@gnumonks.org>: - * - merge SACK support into newnat API -- * 16 Aug 2002 Brian J. Murrell <netfilter@interlinx.bc.ca>: -- * - make ip_nat_resize_packet more generic (TCP and UDP) -- * - add ip_nat_mangle_udp_packet - */ - #include <linux/version.h> - #include <linux/config.h> -@@ -25,7 +22,6 @@ - #include <net/icmp.h> - #include <net/ip.h> - #include <net/tcp.h> --#include <net/udp.h> - - #define ASSERT_READ_LOCK(x) MUST_BE_READ_LOCKED(&ip_nat_lock) - #define ASSERT_WRITE_LOCK(x) MUST_BE_WRITE_LOCKED(&ip_nat_lock) -@@ -38,8 +34,13 @@ - #include <linux/netfilter_ipv4/ip_nat_helper.h> - #include <linux/netfilter_ipv4/listhelp.h> - -+#if 0 -+#define DEBUGP printk -+#define DUMP_OFFSET(x) printk("offset_before=%d, offset_after=%d, correction_pos=%u\n", x->offset_before, x->offset_after, x->correction_pos); -+#else - #define DEBUGP(format, args...) - #define DUMP_OFFSET(x) -+#endif - - DECLARE_LOCK(ip_nat_seqofs_lock); - -@@ -50,12 +51,18 @@ - int new_size) - { - struct iphdr *iph; -+ struct tcphdr *tcph; -+ void *data; - int dir; - struct ip_nat_seq *this_way, *other_way; - - DEBUGP("ip_nat_resize_packet: old_size = %u, new_size = %u\n", - (*skb)->len, new_size); - -+ iph = (*skb)->nh.iph; -+ tcph = (void *)iph + iph->ihl*4; -+ data = (void *)tcph + tcph->doff*4; -+ - dir = CTINFO2DIR(ctinfo); - - this_way = &ct->nat.info.seq[dir]; -@@ -77,9 +84,8 @@ - } - - iph = (*skb)->nh.iph; -- if (iph->protocol == IPPROTO_TCP) { -- struct tcphdr *tcph = (void *)iph + iph->ihl*4; -- void *data = (void *)tcph + tcph->doff*4; -+ tcph = (void *)iph + iph->ihl*4; -+ data = (void *)tcph + tcph->doff*4; - - DEBUGP("ip_nat_resize_packet: Seq_offset before: "); - DUMP_OFFSET(this_way); -@@ -95,20 +101,25 @@ - this_way->correction_pos = ntohl(tcph->seq); - this_way->offset_before = this_way->offset_after; - this_way->offset_after = (int32_t) -- this_way->offset_before + new_size - -- (*skb)->len; -+ this_way->offset_before + new_size - (*skb)->len; - } - - UNLOCK_BH(&ip_nat_seqofs_lock); - - DEBUGP("ip_nat_resize_packet: Seq_offset after: "); - DUMP_OFFSET(this_way); -- } - - return 1; - } - - -+/* Generic function for mangling variable-length address changes inside -+ * NATed connections (like the PORT XXX,XXX,XXX,XXX,XXX,XXX command in FTP). -+ * -+ * Takes care about all the nasty sequence number changes, checksumming, -+ * skb enlargement, ... -+ * -+ * */ - int - ip_nat_mangle_tcp_packet(struct sk_buff **skb, - struct ip_conntrack *ct, -@@ -163,7 +174,6 @@ - tcph = (void *)iph + iph->ihl*4; - data = (void *)tcph + tcph->doff*4; - -- if (rep_len != match_len) - /* move post-replacement */ - memmove(data + match_offset + rep_len, - data + match_offset + match_len, -@@ -198,104 +208,6 @@ - return 1; - } - --int --ip_nat_mangle_udp_packet(struct sk_buff **skb, -- struct ip_conntrack *ct, -- enum ip_conntrack_info ctinfo, -- unsigned int match_offset, -- unsigned int match_len, -- char *rep_buffer, -- unsigned int rep_len) --{ -- struct iphdr *iph = (*skb)->nh.iph; -- struct udphdr *udph = (void *)iph + iph->ihl * 4; -- unsigned char *data; -- u_int32_t udplen, newlen, newudplen; -- -- udplen = (*skb)->len - iph->ihl*4; -- newudplen = udplen - match_len + rep_len; -- newlen = iph->ihl*4 + newudplen; -- -- if (newlen > 65535) { -- if (net_ratelimit()) -- printk("ip_nat_mangle_udp_packet: nat'ed packet " -- "exceeds maximum packet size\n"); -- return 0; -- } -- -- if ((*skb)->len != newlen) { -- if (!ip_nat_resize_packet(skb, ct, ctinfo, newlen)) { -- printk("resize_packet failed!!\n"); -- return 0; -- } -- } -- -- /* Alexey says: if a hook changes _data_ ... it can break -- original packet sitting in tcp queue and this is fatal */ -- if (skb_cloned(*skb)) { -- struct sk_buff *nskb = skb_copy(*skb, GFP_ATOMIC); -- if (!nskb) { -- if (net_ratelimit()) -- printk("Out of memory cloning TCP packet\n"); -- return 0; -- } -- /* Rest of kernel will get very unhappy if we pass it -- a suddenly-orphaned skbuff */ -- if ((*skb)->sk) -- skb_set_owner_w(nskb, (*skb)->sk); -- kfree_skb(*skb); -- *skb = nskb; -- } -- -- /* skb may be copied !! */ -- iph = (*skb)->nh.iph; -- udph = (void *)iph + iph->ihl*4; -- data = (void *)udph + sizeof(struct udphdr); -- -- if (rep_len != match_len) -- /* move post-replacement */ -- memmove(data + match_offset + rep_len, -- data + match_offset + match_len, -- (*skb)->tail - (data + match_offset + match_len)); -- -- /* insert data from buffer */ -- memcpy(data + match_offset, rep_buffer, rep_len); -- -- /* update skb info */ -- if (newlen > (*skb)->len) { -- DEBUGP("ip_nat_mangle_udp_packet: Extending packet by " -- "%u to %u bytes\n", newlen - (*skb)->len, newlen); -- skb_put(*skb, newlen - (*skb)->len); -- } else { -- DEBUGP("ip_nat_mangle_udp_packet: Shrinking packet from " -- "%u to %u bytes\n", (*skb)->len, newlen); -- skb_trim(*skb, newlen); -- } -- -- /* update the length of the UDP and IP packets to the new values*/ -- udph->len = htons((*skb)->len - iph->ihl*4); -- iph->tot_len = htons(newlen); -- -- /* fix udp checksum if udp checksum was previously calculated */ -- if ((*skb)->csum != 0) { -- (*skb)->csum = csum_partial((char *)udph + -- sizeof(struct udphdr), -- newudplen - sizeof(struct udphdr), -- 0); -- -- udph->check = 0; -- udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr, -- newudplen, IPPROTO_UDP, -- csum_partial((char *)udph, -- sizeof(struct udphdr), -- (*skb)->csum)); -- } -- -- ip_send_check(iph); -- -- return 1; --} -- - /* Adjust one found SACK option including checksum correction */ - static void - sack_adjust(struct tcphdr *tcph, -diff -Nurb linux/net/ipv4/netfilter/ip_nat_mms.c linux.stock/net/ipv4/netfilter/ip_nat_mms.c ---- linux/net/ipv4/netfilter/ip_nat_mms.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_nat_mms.c 1969-12-31 19:00:00.000000000 -0500 -@@ -1,330 +0,0 @@ --/* MMS extension for TCP NAT alteration. -- * (C) 2002 by Filip Sneppe <filip.sneppe@cronos.be> -- * based on ip_nat_ftp.c and ip_nat_irc.c -- * -- * ip_nat_mms.c v0.3 2002-09-22 -- * -- * This program is free software; you can redistribute it and/or -- * modify it under the terms of the GNU General Public License -- * as published by the Free Software Foundation; either version -- * 2 of the License, or (at your option) any later version. -- * -- * Module load syntax: -- * insmod ip_nat_mms.o ports=port1,port2,...port<MAX_PORTS> -- * -- * Please give the ports of all MMS servers You wish to connect to. -- * If you don't specify ports, the default will be TCP port 1755. -- * -- * More info on MMS protocol, firewalls and NAT: -- * http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwmt/html/MMSFirewall.asp -- * http://www.microsoft.com/windows/windowsmedia/serve/firewall.asp -- * -- * The SDP project people are reverse-engineering MMS: -- * http://get.to/sdp -- */ -- -- --#include <linux/module.h> --#include <linux/netfilter_ipv4.h> --#include <linux/ip.h> --#include <linux/tcp.h> --#include <net/tcp.h> --#include <linux/netfilter_ipv4/ip_nat.h> --#include <linux/netfilter_ipv4/ip_nat_helper.h> --#include <linux/netfilter_ipv4/ip_nat_rule.h> --#include <linux/netfilter_ipv4/ip_conntrack_mms.h> --#include <linux/netfilter_ipv4/ip_conntrack_helper.h> -- --#define DEBUGP(format, args...) --#define DUMP_BYTES(address, counter) -- --#define MAX_PORTS 8 --static int ports[MAX_PORTS]; --static int ports_c = 0; -- --#ifdef MODULE_PARM --MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i"); --#endif -- --MODULE_AUTHOR("Filip Sneppe <filip.sneppe@cronos.be>"); --MODULE_DESCRIPTION("Microsoft Windows Media Services (MMS) NAT module"); --MODULE_LICENSE("GPL"); -- --DECLARE_LOCK_EXTERN(ip_mms_lock); -- -- --static int mms_data_fixup(const struct ip_ct_mms_expect *ct_mms_info, -- struct ip_conntrack *ct, -- struct sk_buff **pskb, -- enum ip_conntrack_info ctinfo, -- struct ip_conntrack_expect *expect) --{ -- u_int32_t newip; -- struct ip_conntrack_tuple t; -- struct iphdr *iph = (*pskb)->nh.iph; -- struct tcphdr *tcph = (void *) iph + iph->ihl * 4; -- char *data = (char *)tcph + tcph->doff * 4; -- int i, j, k, port; -- u_int16_t mms_proto; -- -- u_int32_t *mms_chunkLenLV = (u_int32_t *)(data + MMS_SRV_CHUNKLENLV_OFFSET); -- u_int32_t *mms_chunkLenLM = (u_int32_t *)(data + MMS_SRV_CHUNKLENLM_OFFSET); -- u_int32_t *mms_messageLength = (u_int32_t *)(data + MMS_SRV_MESSAGELENGTH_OFFSET); -- -- int zero_padding; -- -- char buffer[28]; /* "\\255.255.255.255\UDP\65635" * 2 (for unicode) */ -- char unicode_buffer[75]; /* 27*2 (unicode) + 20 + 1 */ -- char proto_string[6]; -- -- MUST_BE_LOCKED(&ip_mms_lock); -- -- /* what was the protocol again ? */ -- mms_proto = expect->tuple.dst.protonum; -- sprintf(proto_string, "%u", mms_proto); -- -- DEBUGP("ip_nat_mms: mms_data_fixup: info (seq %u + %u) in %u, proto %s\n", -- expect->seq, ct_mms_info->len, ntohl(tcph->seq), -- mms_proto == IPPROTO_UDP ? "UDP" -- : mms_proto == IPPROTO_TCP ? "TCP":proto_string); -- -- newip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip; -- -- /* Alter conntrack's expectations. */ -- t = expect->tuple; -- t.dst.ip = newip; -- for (port = ct_mms_info->port; port != 0; port++) { -- t.dst.u.tcp.port = htons(port); -- if (ip_conntrack_change_expect(expect, &t) == 0) { -- DEBUGP("ip_nat_mms: mms_data_fixup: using port %d\n", port); -- break; -- } -- } -- -- if(port == 0) -- return 0; -- -- sprintf(buffer, "\\\\%u.%u.%u.%u\\%s\\%u", -- NIPQUAD(newip), -- expect->tuple.dst.protonum == IPPROTO_UDP ? "UDP" -- : expect->tuple.dst.protonum == IPPROTO_TCP ? "TCP":proto_string, -- port); -- DEBUGP("ip_nat_mms: new unicode string=%s\n", buffer); -- -- memset(unicode_buffer, 0, sizeof(char)*75); -- -- for (i=0; i<strlen(buffer); ++i) -- *(unicode_buffer+i*2)=*(buffer+i); -- -- DEBUGP("ip_nat_mms: mms_data_fixup: padding: %u len: %u\n", ct_mms_info->padding, ct_mms_info->len); -- DEBUGP("ip_nat_mms: mms_data_fixup: offset: %u\n", MMS_SRV_UNICODE_STRING_OFFSET+ct_mms_info->len); -- DUMP_BYTES(data+MMS_SRV_UNICODE_STRING_OFFSET, 60); -- -- /* add end of packet to it */ -- for (j=0; j<ct_mms_info->padding; ++j) { -- DEBUGP("ip_nat_mms: mms_data_fixup: i=%u j=%u byte=%u\n", -- i, j, (u8)*(data+MMS_SRV_UNICODE_STRING_OFFSET+ct_mms_info->len+j)); -- *(unicode_buffer+i*2+j) = *(data+MMS_SRV_UNICODE_STRING_OFFSET+ct_mms_info->len+j); -- } -- -- /* pad with zeroes at the end ? see explanation of weird math below */ -- zero_padding = (8-(strlen(buffer)*2 + ct_mms_info->padding + 4)%8)%8; -- for (k=0; k<zero_padding; ++k) -- *(unicode_buffer+i*2+j+k)= (char)0; -- -- DEBUGP("ip_nat_mms: mms_data_fixup: zero_padding = %u\n", zero_padding); -- DEBUGP("ip_nat_mms: original=> chunkLenLV=%u chunkLenLM=%u messageLength=%u\n", -- *mms_chunkLenLV, *mms_chunkLenLM, *mms_messageLength); -- -- /* explanation, before I forget what I did: -- strlen(buffer)*2 + ct_mms_info->padding + 4 must be divisable by 8; -- divide by 8 and add 3 to compute the mms_chunkLenLM field, -- but note that things may have to be padded with zeroes to align by 8 -- bytes, hence we add 7 and divide by 8 to get the correct length */ -- *mms_chunkLenLM = (u_int32_t) (3+(strlen(buffer)*2+ct_mms_info->padding+11)/8); -- *mms_chunkLenLV = *mms_chunkLenLM+2; -- *mms_messageLength = *mms_chunkLenLV*8; -- -- DEBUGP("ip_nat_mms: modified=> chunkLenLV=%u chunkLenLM=%u messageLength=%u\n", -- *mms_chunkLenLV, *mms_chunkLenLM, *mms_messageLength); -- -- ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, -- expect->seq - ntohl(tcph->seq), -- ct_mms_info->len + ct_mms_info->padding, unicode_buffer, -- strlen(buffer)*2 + ct_mms_info->padding + zero_padding); -- DUMP_BYTES(unicode_buffer, 60); -- -- return 1; --} -- --static unsigned int --mms_nat_expected(struct sk_buff **pskb, -- unsigned int hooknum, -- struct ip_conntrack *ct, -- struct ip_nat_info *info) --{ -- struct ip_nat_multi_range mr; -- u_int32_t newdstip, newsrcip, newip; -- -- struct ip_conntrack *master = master_ct(ct); -- -- IP_NF_ASSERT(info); -- IP_NF_ASSERT(master); -- -- IP_NF_ASSERT(!(info->initialized & (1 << HOOK2MANIP(hooknum)))); -- -- DEBUGP("ip_nat_mms: mms_nat_expected: We have a connection!\n"); -- -- newdstip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip; -- newsrcip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip; -- DEBUGP("ip_nat_mms: mms_nat_expected: hook %s: newsrc->newdst %u.%u.%u.%u->%u.%u.%u.%u\n", -- hooknum == NF_IP_POST_ROUTING ? "POSTROUTING" -- : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING" -- : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???", -- NIPQUAD(newsrcip), NIPQUAD(newdstip)); -- -- if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC) -- newip = newsrcip; -- else -- newip = newdstip; -- -- DEBUGP("ip_nat_mms: mms_nat_expected: IP to %u.%u.%u.%u\n", NIPQUAD(newip)); -- -- mr.rangesize = 1; -- /* We don't want to manip the per-protocol, just the IPs. */ -- mr.range[0].flags = IP_NAT_RANGE_MAP_IPS; -- mr.range[0].min_ip = mr.range[0].max_ip = newip; -- -- return ip_nat_setup_info(ct, &mr, hooknum); --} -- -- --static unsigned int mms_nat_help(struct ip_conntrack *ct, -- struct ip_conntrack_expect *exp, -- struct ip_nat_info *info, -- enum ip_conntrack_info ctinfo, -- unsigned int hooknum, -- struct sk_buff **pskb) --{ -- struct iphdr *iph = (*pskb)->nh.iph; -- struct tcphdr *tcph = (void *) iph + iph->ihl * 4; -- unsigned int datalen; -- int dir; -- struct ip_ct_mms_expect *ct_mms_info; -- -- if (!exp) -- DEBUGP("ip_nat_mms: no exp!!"); -- -- ct_mms_info = &exp->help.exp_mms_info; -- -- /* Only mangle things once: original direction in POST_ROUTING -- and reply direction on PRE_ROUTING. */ -- dir = CTINFO2DIR(ctinfo); -- if (!((hooknum == NF_IP_POST_ROUTING && dir == IP_CT_DIR_ORIGINAL) -- ||(hooknum == NF_IP_PRE_ROUTING && dir == IP_CT_DIR_REPLY))) { -- DEBUGP("ip_nat_mms: mms_nat_help: not touching dir %s at hook %s\n", -- dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY", -- hooknum == NF_IP_POST_ROUTING ? "POSTROUTING" -- : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING" -- : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???"); -- return NF_ACCEPT; -- } -- DEBUGP("ip_nat_mms: mms_nat_help: beyond not touching (dir %s at hook %s)\n", -- dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY", -- hooknum == NF_IP_POST_ROUTING ? "POSTROUTING" -- : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING" -- : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???"); -- -- datalen = (*pskb)->len - iph->ihl * 4 - tcph->doff * 4; -- -- DEBUGP("ip_nat_mms: mms_nat_help: %u+%u=%u %u %u\n", exp->seq, ct_mms_info->len, -- exp->seq + ct_mms_info->len, -- ntohl(tcph->seq), -- ntohl(tcph->seq) + datalen); -- -- LOCK_BH(&ip_mms_lock); -- /* Check wether the whole IP/proto/port pattern is carried in the payload */ -- if (between(exp->seq + ct_mms_info->len, -- ntohl(tcph->seq), -- ntohl(tcph->seq) + datalen)) { -- if (!mms_data_fixup(ct_mms_info, ct, pskb, ctinfo, exp)) { -- UNLOCK_BH(&ip_mms_lock); -- return NF_DROP; -- } -- } else { -- /* Half a match? This means a partial retransmisison. -- It's a cracker being funky. */ -- if (net_ratelimit()) { -- printk("ip_nat_mms: partial packet %u/%u in %u/%u\n", -- exp->seq, ct_mms_info->len, -- ntohl(tcph->seq), -- ntohl(tcph->seq) + datalen); -- } -- UNLOCK_BH(&ip_mms_lock); -- return NF_DROP; -- } -- UNLOCK_BH(&ip_mms_lock); -- -- return NF_ACCEPT; --} -- --static struct ip_nat_helper mms[MAX_PORTS]; --static char mms_names[MAX_PORTS][10]; -- --/* Not __exit: called from init() */ --static void fini(void) --{ -- int i; -- -- for (i = 0; (i < MAX_PORTS) && ports[i]; i++) { -- DEBUGP("ip_nat_mms: unregistering helper for port %d\n", ports[i]); -- ip_nat_helper_unregister(&mms[i]); -- } --} -- --static int __init init(void) --{ -- int i, ret = 0; -- char *tmpname; -- -- if (ports[0] == 0) -- ports[0] = MMS_PORT; -- -- for (i = 0; (i < MAX_PORTS) && ports[i]; i++) { -- -- memset(&mms[i], 0, sizeof(struct ip_nat_helper)); -- -- mms[i].tuple.dst.protonum = IPPROTO_TCP; -- mms[i].tuple.src.u.tcp.port = htons(ports[i]); -- mms[i].mask.dst.protonum = 0xFFFF; -- mms[i].mask.src.u.tcp.port = 0xFFFF; -- mms[i].help = mms_nat_help; -- mms[i].me = THIS_MODULE; -- mms[i].flags = 0; -- mms[i].expect = mms_nat_expected; -- -- tmpname = &mms_names[i][0]; -- if (ports[i] == MMS_PORT) -- sprintf(tmpname, "mms"); -- else -- sprintf(tmpname, "mms-%d", i); -- mms[i].name = tmpname; -- -- DEBUGP("ip_nat_mms: register helper for port %d\n", -- ports[i]); -- ret = ip_nat_helper_register(&mms[i]); -- -- if (ret) { -- printk("ip_nat_mms: error registering " -- "helper for port %d\n", ports[i]); -- fini(); -- return ret; -- } -- ports_c++; -- } -- -- return ret; --} -- --module_init(init); --module_exit(fini); -diff -Nurb linux/net/ipv4/netfilter/ip_nat_pptp.c linux.stock/net/ipv4/netfilter/ip_nat_pptp.c ---- linux/net/ipv4/netfilter/ip_nat_pptp.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_nat_pptp.c 1969-12-31 19:00:00.000000000 -0500 -@@ -1,412 +0,0 @@ --/* -- * ip_nat_pptp.c - Version 1.11 -- * -- * NAT support for PPTP (Point to Point Tunneling Protocol). -- * PPTP is a a protocol for creating virtual private networks. -- * It is a specification defined by Microsoft and some vendors -- * working with Microsoft. PPTP is built on top of a modified -- * version of the Internet Generic Routing Encapsulation Protocol. -- * GRE is defined in RFC 1701 and RFC 1702. Documentation of -- * PPTP can be found in RFC 2637 -- * -- * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org> -- * -- * Development of this code funded by Astaro AG (http://www.astaro.com/) -- * -- * TODO: - Support for multiple calls within one session -- * (needs netfilter newnat code) -- * - NAT to a unique tuple, not to TCP source port -- * (needs netfilter tuple reservation) -- * - Support other NAT scenarios than SNAT of PNS -- * -- */ -- --#include <linux/config.h> --#include <linux/module.h> --#include <linux/ip.h> --#include <linux/tcp.h> --#include <net/tcp.h> --#include <linux/netfilter_ipv4/ip_nat.h> --#include <linux/netfilter_ipv4/ip_nat_rule.h> --#include <linux/netfilter_ipv4/ip_nat_helper.h> --#include <linux/netfilter_ipv4/ip_nat_pptp.h> --#include <linux/netfilter_ipv4/ip_conntrack_helper.h> --#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h> --#include <linux/netfilter_ipv4/ip_conntrack_pptp.h> -- --MODULE_LICENSE("GPL"); --MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>"); --MODULE_DESCRIPTION("Netfilter NAT helper module for PPTP"); -- -- --#define DEBUGP(format, args...) -- --static unsigned int --pptp_nat_expected(struct sk_buff **pskb, -- unsigned int hooknum, -- struct ip_conntrack *ct, -- struct ip_nat_info *info) --{ -- struct ip_conntrack *master = master_ct(ct); -- struct ip_nat_multi_range mr; -- struct ip_ct_pptp_master *ct_pptp_info; -- struct ip_nat_pptp *nat_pptp_info; -- u_int32_t newsrcip, newdstip, newcid; -- int ret; -- -- IP_NF_ASSERT(info); -- IP_NF_ASSERT(master); -- IP_NF_ASSERT(!(info->initialized & (1 << HOOK2MANIP(hooknum)))); -- -- DEBUGP("we have a connection!\n"); -- -- LOCK_BH(&ip_pptp_lock); -- ct_pptp_info = &master->help.ct_pptp_info; -- nat_pptp_info = &master->nat.help.nat_pptp_info; -- -- /* need to alter GRE tuple because conntrack expectfn() used 'wrong' -- * (unmanipulated) values */ -- if (hooknum == NF_IP_PRE_ROUTING) { -- DEBUGP("completing tuples with NAT info \n"); -- /* we can do this, since we're unconfirmed */ -- if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.u.gre.key == -- htonl(ct_pptp_info->pac_call_id)) { -- /* assume PNS->PAC */ -- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.gre.key = -- htonl(nat_pptp_info->pns_call_id); --// ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u.gre.key = --// htonl(nat_pptp_info->pac_call_id); -- ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.gre.key = -- htonl(nat_pptp_info->pns_call_id); -- } else { -- /* assume PAC->PNS */ -- DEBUGP("WRONG DIRECTION\n"); -- ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.gre.key = -- htonl(nat_pptp_info->pac_call_id); -- ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.gre.key = -- htonl(nat_pptp_info->pns_call_id); -- } -- } -- -- if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_DST) { -- newdstip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip; -- newcid = htonl(master->nat.help.nat_pptp_info.pac_call_id); -- -- mr.rangesize = 1; -- mr.range[0].flags = IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED; -- mr.range[0].min_ip = mr.range[0].max_ip = newdstip; -- mr.range[0].min = mr.range[0].max = -- ((union ip_conntrack_manip_proto ) { newcid }); -- DEBUGP("change dest ip to %u.%u.%u.%u\n", -- NIPQUAD(newdstip)); -- DEBUGP("change dest key to 0x%x\n", ntohl(newcid)); -- ret = ip_nat_setup_info(ct, &mr, hooknum); -- } else { -- newsrcip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip; -- /* nat_multi_range is in network byte order, and GRE tuple -- * is 32 bits, not 16 like callID */ -- newcid = htonl(master->help.ct_pptp_info.pns_call_id); -- -- mr.rangesize = 1; -- mr.range[0].flags = IP_NAT_RANGE_MAP_IPS -- |IP_NAT_RANGE_PROTO_SPECIFIED; -- mr.range[0].min_ip = mr.range[0].max_ip = newsrcip; -- mr.range[0].min = mr.range[0].max = -- ((union ip_conntrack_manip_proto ) { newcid }); -- DEBUGP("change src ip to %u.%u.%u.%u\n", -- NIPQUAD(newsrcip)); -- DEBUGP("change 'src' key to 0x%x\n", ntohl(newcid)); -- ret = ip_nat_setup_info(ct, &mr, hooknum); -- } -- -- UNLOCK_BH(&ip_pptp_lock); -- -- return ret; -- --} -- --/* outbound packets == from PNS to PAC */ --static inline unsigned int --pptp_outbound_pkt(struct tcphdr *tcph, struct pptp_pkt_hdr *pptph, -- size_t datalen, -- struct ip_conntrack *ct, -- enum ip_conntrack_info ctinfo, -- struct ip_conntrack_expect *exp) -- --{ -- struct PptpControlHeader *ctlh; -- union pptp_ctrl_union pptpReq; -- struct ip_ct_pptp_master *ct_pptp_info = &ct->help.ct_pptp_info; -- struct ip_nat_pptp *nat_pptp_info = &ct->nat.help.nat_pptp_info; -- -- u_int16_t msg, *cid = NULL, new_callid; -- -- ctlh = (struct PptpControlHeader *) ((void *) pptph + sizeof(*pptph)); -- pptpReq.rawreq = (void *) ((void *) ctlh + sizeof(*ctlh)); -- -- new_callid = htons(ct_pptp_info->pns_call_id); -- -- switch (msg = ntohs(ctlh->messageType)) { -- case PPTP_OUT_CALL_REQUEST: -- cid = &pptpReq.ocreq->callID; -- -- /* save original call ID in nat_info */ -- nat_pptp_info->pns_call_id = ct_pptp_info->pns_call_id; -- -- new_callid = tcph->source; -- /* save new call ID in ct info */ -- ct_pptp_info->pns_call_id = ntohs(new_callid); -- break; -- case PPTP_IN_CALL_REPLY: -- cid = &pptpReq.icreq->callID; -- break; -- case PPTP_CALL_CLEAR_REQUEST: -- cid = &pptpReq.clrreq->callID; -- break; -- case PPTP_CALL_DISCONNECT_NOTIFY: -- cid = &pptpReq.disc->callID; -- break; -- -- default: -- DEBUGP("unknown outbound packet 0x%04x:%s\n", msg, -- (msg <= PPTP_MSG_MAX)? strMName[msg]:strMName[0]); -- /* fall through */ -- -- case PPTP_SET_LINK_INFO: -- /* only need to NAT in case PAC is behind NAT box */ -- case PPTP_START_SESSION_REQUEST: -- case PPTP_START_SESSION_REPLY: -- case PPTP_STOP_SESSION_REQUEST: -- case PPTP_STOP_SESSION_REPLY: -- case PPTP_ECHO_REQUEST: -- case PPTP_ECHO_REPLY: -- /* no need to alter packet */ -- return NF_ACCEPT; -- } -- -- IP_NF_ASSERT(cid); -- -- DEBUGP("altering call id from 0x%04x to 0x%04x\n", -- ntohs(*cid), ntohs(new_callid)); -- /* mangle packet */ -- tcph->check = ip_nat_cheat_check(*cid^0xFFFF, -- new_callid, tcph->check); -- *cid = new_callid; -- -- return NF_ACCEPT; --} -- --/* inbound packets == from PAC to PNS */ --static inline unsigned int --pptp_inbound_pkt(struct tcphdr *tcph, struct pptp_pkt_hdr *pptph, -- size_t datalen, -- struct ip_conntrack *ct, -- enum ip_conntrack_info ctinfo, -- struct ip_conntrack_expect *oldexp) --{ -- struct PptpControlHeader *ctlh; -- union pptp_ctrl_union pptpReq; -- struct ip_ct_pptp_master *ct_pptp_info = &ct->help.ct_pptp_info; -- struct ip_nat_pptp *nat_pptp_info = &ct->nat.help.nat_pptp_info; -- -- u_int16_t msg, new_cid = 0, new_pcid, *pcid = NULL, *cid = NULL; -- u_int32_t old_dst_ip; -- -- struct ip_conntrack_tuple t; -- -- ctlh = (struct PptpControlHeader *) ((void *) pptph + sizeof(*pptph)); -- pptpReq.rawreq = (void *) ((void *) ctlh + sizeof(*ctlh)); -- -- new_pcid = htons(nat_pptp_info->pns_call_id); -- -- switch (msg = ntohs(ctlh->messageType)) { -- case PPTP_OUT_CALL_REPLY: -- pcid = &pptpReq.ocack->peersCallID; -- cid = &pptpReq.ocack->callID; -- if (!oldexp) { -- DEBUGP("outcall but no expectation\n"); -- break; -- } -- old_dst_ip = oldexp->tuple.dst.ip; -- t = oldexp->tuple; -- -- /* save original PAC call ID in nat_info */ -- nat_pptp_info->pac_call_id = ct_pptp_info->pac_call_id; -- -- /* store new callID in ct_info, so conntrack works */ -- //ct_pptp_info->pac_call_id = ntohs(tcph->source); -- //new_cid = htons(ct_pptp_info->pac_call_id); -- -- /* alter expectation */ -- if (t.dst.ip == ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip) { -- /* expectation for PNS->PAC direction */ -- t.dst.u.gre.key = htonl(ct_pptp_info->pac_call_id); -- t.src.u.gre.key = htonl(nat_pptp_info->pns_call_id); -- } else { -- /* expectation for PAC->PNS direction */ -- t.dst.ip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip; -- DEBUGP("EXPECTATION IN WRONG DIRECTION!!!\n"); -- } -- -- if (!ip_conntrack_change_expect(oldexp, &t)) { -- DEBUGP("successfully changed expect\n"); -- } else { -- DEBUGP("can't change expect\n"); -- } -- ip_ct_gre_keymap_change(oldexp->proto.gre.keymap_orig, &t); -- /* reply keymap */ -- t.src.ip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip; -- t.dst.ip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip; -- t.src.u.gre.key = htonl(nat_pptp_info->pac_call_id); -- t.dst.u.gre.key = htonl(ct_pptp_info->pns_call_id); -- ip_ct_gre_keymap_change(oldexp->proto.gre.keymap_reply, &t); -- -- break; -- case PPTP_IN_CALL_CONNECT: -- pcid = &pptpReq.iccon->peersCallID; -- if (!oldexp) -- break; -- old_dst_ip = oldexp->tuple.dst.ip; -- t = oldexp->tuple; -- -- /* alter expectation, no need for callID */ -- if (t.dst.ip == ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip) { -- /* expectation for PNS->PAC direction */ -- t.src.ip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip; -- } else { -- /* expectation for PAC->PNS direction */ -- t.dst.ip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip; -- } -- -- if (!ip_conntrack_change_expect(oldexp, &t)) { -- DEBUGP("successfully changed expect\n"); -- } else { -- DEBUGP("can't change expect\n"); -- } -- break; -- case PPTP_IN_CALL_REQUEST: -- /* only need to nat in case PAC is behind NAT box */ -- break; -- case PPTP_WAN_ERROR_NOTIFY: -- pcid = &pptpReq.wanerr->peersCallID; -- break; -- default: -- DEBUGP("unknown inbound packet %s\n", -- (msg <= PPTP_MSG_MAX)? strMName[msg]:strMName[0]); -- /* fall through */ -- -- case PPTP_START_SESSION_REQUEST: -- case PPTP_START_SESSION_REPLY: -- case PPTP_STOP_SESSION_REQUEST: -- case PPTP_ECHO_REQUEST: -- case PPTP_ECHO_REPLY: -- /* no need to alter packet */ -- return NF_ACCEPT; -- } -- -- /* mangle packet */ -- IP_NF_ASSERT(pcid); -- DEBUGP("altering peer call id from 0x%04x to 0x%04x\n", -- ntohs(*pcid), ntohs(new_pcid)); -- tcph->check = ip_nat_cheat_check(*pcid^0xFFFF, -- new_pcid, tcph->check); -- *pcid = new_pcid; -- -- if (new_cid) { -- IP_NF_ASSERT(cid); -- DEBUGP("altering call id from 0x%04x to 0x%04x\n", -- ntohs(*cid), ntohs(new_cid)); -- tcph->check = ip_nat_cheat_check(*cid^0xFFFF, -- new_cid, tcph->check); -- *cid = new_cid; -- } -- -- /* great, at least we don't need to resize packets */ -- return NF_ACCEPT; --} -- -- --static unsigned int tcp_help(struct ip_conntrack *ct, -- struct ip_conntrack_expect *exp, -- struct ip_nat_info *info, -- enum ip_conntrack_info ctinfo, -- unsigned int hooknum, struct sk_buff **pskb) --{ -- struct iphdr *iph = (*pskb)->nh.iph; -- struct tcphdr *tcph = (void *) iph + iph->ihl*4; -- unsigned int datalen = (*pskb)->len - iph->ihl*4 - tcph->doff*4; -- struct pptp_pkt_hdr *pptph; -- void *datalimit; -- -- int dir; -- -- DEBUGP("entering\n"); -- -- /* Only mangle things once: original direction in POST_ROUTING -- and reply direction on PRE_ROUTING. */ -- dir = CTINFO2DIR(ctinfo); -- if (!((hooknum == NF_IP_POST_ROUTING && dir == IP_CT_DIR_ORIGINAL) -- || (hooknum == NF_IP_PRE_ROUTING && dir == IP_CT_DIR_REPLY))) { -- DEBUGP("Not touching dir %s at hook %s\n", -- dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY", -- hooknum == NF_IP_POST_ROUTING ? "POSTROUTING" -- : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING" -- : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???"); -- return NF_ACCEPT; -- } -- -- /* if packet is too small, just skip it */ -- if (datalen < sizeof(struct pptp_pkt_hdr)+ -- sizeof(struct PptpControlHeader)) { -- DEBUGP("pptp packet too short\n"); -- return NF_ACCEPT; -- } -- -- -- pptph = (struct pptp_pkt_hdr *) ((void *)tcph + tcph->doff*4); -- datalimit = (void *) pptph + datalen; -- -- LOCK_BH(&ip_pptp_lock); -- -- if (dir == IP_CT_DIR_ORIGINAL) { -- /* reuqests sent by client to server (PNS->PAC) */ -- pptp_outbound_pkt(tcph, pptph, datalen, ct, ctinfo, exp); -- } else { -- /* response from the server to the client (PAC->PNS) */ -- pptp_inbound_pkt(tcph, pptph, datalen, ct, ctinfo, exp); -- } -- -- UNLOCK_BH(&ip_pptp_lock); -- -- return NF_ACCEPT; --} -- --/* nat helper struct for control connection */ --static struct ip_nat_helper pptp_tcp_helper = { -- { NULL, NULL }, -- "pptp", IP_NAT_HELPER_F_ALWAYS, THIS_MODULE, -- { { 0, { tcp: { port: __constant_htons(PPTP_CONTROL_PORT) } } }, -- { 0, { 0 }, IPPROTO_TCP } }, -- { { 0, { tcp: { port: 0xFFFF } } }, -- { 0, { 0 }, 0xFFFF } }, -- tcp_help, pptp_nat_expected }; -- -- --static int __init init(void) --{ -- DEBUGP("init_module\n" ); -- -- if (ip_nat_helper_register(&pptp_tcp_helper)) -- return -EIO; -- -- return 0; --} -- --static void __exit fini(void) --{ -- DEBUGP("cleanup_module\n" ); -- ip_nat_helper_unregister(&pptp_tcp_helper); --} -- --module_init(init); --module_exit(fini); -diff -Nurb linux/net/ipv4/netfilter/ip_nat_proto_gre.c linux.stock/net/ipv4/netfilter/ip_nat_proto_gre.c ---- linux/net/ipv4/netfilter/ip_nat_proto_gre.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_nat_proto_gre.c 1969-12-31 19:00:00.000000000 -0500 -@@ -1,212 +0,0 @@ --/* -- * ip_nat_proto_gre.c - Version 1.11 -- * -- * NAT protocol helper module for GRE. -- * -- * GRE is a generic encapsulation protocol, which is generally not very -- * suited for NAT, as it has no protocol-specific part as port numbers. -- * -- * It has an optional key field, which may help us distinguishing two -- * connections between the same two hosts. -- * -- * GRE is defined in RFC 1701 and RFC 1702, as well as RFC 2784 -- * -- * PPTP is built on top of a modified version of GRE, and has a mandatory -- * field called "CallID", which serves us for the same purpose as the key -- * field in plain GRE. -- * -- * Documentation about PPTP can be found in RFC 2637 -- * -- * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org> -- * -- * Development of this code funded by Astaro AG (http://www.astaro.com/) -- * -- */ -- --#include <linux/config.h> --#include <linux/module.h> --#include <linux/ip.h> --#include <linux/netfilter_ipv4/ip_nat.h> --#include <linux/netfilter_ipv4/ip_nat_rule.h> --#include <linux/netfilter_ipv4/ip_nat_protocol.h> --#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h> -- --MODULE_LICENSE("GPL"); --MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>"); --MODULE_DESCRIPTION("Netfilter NAT protocol helper module for GRE"); -- --#define DEBUGP(x, args...) -- --/* is key in given range between min and max */ --static int --gre_in_range(const struct ip_conntrack_tuple *tuple, -- enum ip_nat_manip_type maniptype, -- const union ip_conntrack_manip_proto *min, -- const union ip_conntrack_manip_proto *max) --{ -- return ntohl(tuple->src.u.gre.key) >= ntohl(min->gre.key) -- && ntohl(tuple->src.u.gre.key) <= ntohl(max->gre.key); --} -- --/* generate unique tuple ... */ --static int --gre_unique_tuple(struct ip_conntrack_tuple *tuple, -- const struct ip_nat_range *range, -- enum ip_nat_manip_type maniptype, -- const struct ip_conntrack *conntrack) --{ -- u_int32_t min, i, range_size; -- u_int32_t key = 0, *keyptr; -- -- if (maniptype == IP_NAT_MANIP_SRC) -- keyptr = &tuple->src.u.gre.key; -- else -- keyptr = &tuple->dst.u.gre.key; -- -- if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED)) { -- -- switch (tuple->dst.u.gre.version) { -- case 0: -- DEBUGP("NATing GRE version 0 (ct=%p)\n", -- conntrack); -- min = 1; -- range_size = 0xffffffff; -- break; -- case GRE_VERSION_PPTP: -- DEBUGP("%p: NATing GRE PPTP\n", -- conntrack); -- min = 1; -- range_size = 0xffff; -- break; -- default: -- printk(KERN_WARNING "nat_gre: unknown GRE version\n"); -- return 0; -- break; -- } -- -- } else { -- min = ntohl(range->min.gre.key); -- range_size = ntohl(range->max.gre.key) - min + 1; -- } -- -- DEBUGP("min = %u, range_size = %u\n", min, range_size); -- -- for (i = 0; i < range_size; i++, key++) { -- *keyptr = htonl(min + key % range_size); -- if (!ip_nat_used_tuple(tuple, conntrack)) -- return 1; -- } -- -- DEBUGP("%p: no NAT mapping\n", conntrack); -- -- return 0; --} -- --/* manipulate a GRE packet according to maniptype */ --static void --gre_manip_pkt(struct iphdr *iph, size_t len, -- const struct ip_conntrack_manip *manip, -- enum ip_nat_manip_type maniptype) --{ -- struct gre_hdr *greh = (struct gre_hdr *)((u_int32_t *)iph+iph->ihl); -- struct gre_hdr_pptp *pgreh = (struct gre_hdr_pptp *) greh; -- -- /* we only have destination manip of a packet, since 'source key' -- * is not present in the packet itself */ -- if (maniptype == IP_NAT_MANIP_DST) { -- /* key manipulation is always dest */ -- switch (greh->version) { -- case 0: -- if (!greh->key) { -- DEBUGP("can't nat GRE w/o key\n"); -- break; -- } -- if (greh->csum) { -- *(gre_csum(greh)) = -- ip_nat_cheat_check(~*(gre_key(greh)), -- manip->u.gre.key, -- *(gre_csum(greh))); -- } -- *(gre_key(greh)) = manip->u.gre.key; -- break; -- case GRE_VERSION_PPTP: -- DEBUGP("call_id -> 0x%04x\n", -- ntohl(manip->u.gre.key)); -- pgreh->call_id = htons(ntohl(manip->u.gre.key)); -- break; -- default: -- DEBUGP("can't nat unknown GRE version\n"); -- break; -- } -- } --} -- --/* print out a nat tuple */ --static unsigned int --gre_print(char *buffer, -- const struct ip_conntrack_tuple *match, -- const struct ip_conntrack_tuple *mask) --{ -- unsigned int len = 0; -- -- if (mask->dst.u.gre.version) -- len += sprintf(buffer + len, "version=%d ", -- ntohs(match->dst.u.gre.version)); -- -- if (mask->dst.u.gre.protocol) -- len += sprintf(buffer + len, "protocol=0x%x ", -- ntohs(match->dst.u.gre.protocol)); -- -- if (mask->src.u.gre.key) -- len += sprintf(buffer + len, "srckey=0x%x ", -- ntohl(match->src.u.gre.key)); -- -- if (mask->dst.u.gre.key) -- len += sprintf(buffer + len, "dstkey=0x%x ", -- ntohl(match->src.u.gre.key)); -- -- return len; --} -- --/* print a range of keys */ --static unsigned int --gre_print_range(char *buffer, const struct ip_nat_range *range) --{ -- if (range->min.gre.key != 0 -- || range->max.gre.key != 0xFFFF) { -- if (range->min.gre.key == range->max.gre.key) -- return sprintf(buffer, "key 0x%x ", -- ntohl(range->min.gre.key)); -- else -- return sprintf(buffer, "keys 0x%u-0x%u ", -- ntohl(range->min.gre.key), -- ntohl(range->max.gre.key)); -- } else -- return 0; --} -- --/* nat helper struct */ --static struct ip_nat_protocol gre = -- { { NULL, NULL }, "GRE", IPPROTO_GRE, -- gre_manip_pkt, -- gre_in_range, -- gre_unique_tuple, -- gre_print, -- gre_print_range -- }; -- --static int __init init(void) --{ -- if (ip_nat_protocol_register(&gre)) -- return -EIO; -- -- return 0; --} -- --static void __exit fini(void) --{ -- ip_nat_protocol_unregister(&gre); --} -- --module_init(init); --module_exit(fini); -diff -Nurb linux/net/ipv4/netfilter/ip_nat_standalone.c linux.stock/net/ipv4/netfilter/ip_nat_standalone.c ---- linux/net/ipv4/netfilter/ip_nat_standalone.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_nat_standalone.c 2004-05-09 04:13:03.000000000 -0400 -@@ -37,7 +37,11 @@ - #include <linux/netfilter_ipv4/ip_conntrack_core.h> - #include <linux/netfilter_ipv4/listhelp.h> - -+#if 0 -+#define DEBUGP printk -+#else - #define DEBUGP(format, args...) -+#endif - - #define HOOKNAME(hooknum) ((hooknum) == NF_IP_POST_ROUTING ? "POST_ROUTING" \ - : ((hooknum) == NF_IP_PRE_ROUTING ? "PRE_ROUTING" \ -@@ -354,6 +358,5 @@ - EXPORT_SYMBOL(ip_nat_helper_unregister); - EXPORT_SYMBOL(ip_nat_cheat_check); - EXPORT_SYMBOL(ip_nat_mangle_tcp_packet); --EXPORT_SYMBOL(ip_nat_mangle_udp_packet); - EXPORT_SYMBOL(ip_nat_used_tuple); - MODULE_LICENSE("GPL"); -diff -Nurb linux/net/ipv4/netfilter/ip_nat_tftp.c linux.stock/net/ipv4/netfilter/ip_nat_tftp.c ---- linux/net/ipv4/netfilter/ip_nat_tftp.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_nat_tftp.c 1969-12-31 19:00:00.000000000 -0500 -@@ -1,186 +0,0 @@ --/* -- * Licensed under GNU GPL version 2 Copyright Magnus Boden <mb@ozaba.mine.nu> -- * Version: 0.0.7 -- * -- * Thu 21 Mar 2002 Harald Welte <laforge@gnumonks.org> -- * - Port to newnat API -- * -- * This module currently supports DNAT: -- * iptables -t nat -A PREROUTING -d x.x.x.x -j DNAT --to-dest x.x.x.y -- * -- * and SNAT: -- * iptables -t nat -A POSTROUTING { -j MASQUERADE , -j SNAT --to-source x.x.x.x } -- * -- * It has not been tested with -- * -j SNAT --to-source x.x.x.x-x.x.x.y since I only have one external ip -- * If you do test this please let me know if it works or not. -- * -- */ -- --#include <linux/module.h> --#include <linux/netfilter_ipv4.h> --#include <linux/ip.h> --#include <linux/udp.h> -- --#include <linux/netfilter.h> --#include <linux/netfilter_ipv4/ip_tables.h> --#include <linux/netfilter_ipv4/ip_conntrack_helper.h> --#include <linux/netfilter_ipv4/ip_conntrack_tftp.h> --#include <linux/netfilter_ipv4/ip_nat_helper.h> --#include <linux/netfilter_ipv4/ip_nat_rule.h> -- --MODULE_AUTHOR("Magnus Boden <mb@ozaba.mine.nu>"); --MODULE_DESCRIPTION("Netfilter NAT helper for tftp"); --MODULE_LICENSE("GPL"); -- --#define MAX_PORTS 8 -- --static int ports[MAX_PORTS]; --static int ports_c = 0; --#ifdef MODULE_PARM --MODULE_PARM(ports,"1-" __MODULE_STRING(MAX_PORTS) "i"); --MODULE_PARM_DESC(ports, "port numbers of tftp servers"); --#endif -- --#define DEBUGP(format, args...) --static unsigned int --tftp_nat_help(struct ip_conntrack *ct, -- struct ip_conntrack_expect *exp, -- struct ip_nat_info *info, -- enum ip_conntrack_info ctinfo, -- unsigned int hooknum, -- struct sk_buff **pskb) --{ -- int dir = CTINFO2DIR(ctinfo); -- struct iphdr *iph = (*pskb)->nh.iph; -- struct udphdr *udph = (void *)iph + iph->ihl * 4; -- struct tftphdr *tftph = (void *)udph + 8; -- struct ip_conntrack_tuple repl; -- -- if (!((hooknum == NF_IP_POST_ROUTING && dir == IP_CT_DIR_ORIGINAL) -- || (hooknum == NF_IP_PRE_ROUTING && dir == IP_CT_DIR_REPLY))) -- return NF_ACCEPT; -- -- if (!exp) { -- DEBUGP("no conntrack expectation to modify\n"); -- return NF_ACCEPT; -- } -- -- switch (ntohs(tftph->opcode)) { -- /* RRQ and WRQ works the same way */ -- case TFTP_OPCODE_READ: -- case TFTP_OPCODE_WRITE: -- repl = ct->tuplehash[IP_CT_DIR_REPLY].tuple; -- DEBUGP(""); -- DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple); -- DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_REPLY].tuple); -- DEBUGP("expecting: "); -- DUMP_TUPLE_RAW(&repl); -- DUMP_TUPLE_RAW(&exp->mask); -- ip_conntrack_change_expect(exp, &repl); -- break; -- default: -- DEBUGP("Unknown opcode\n"); -- } -- -- return NF_ACCEPT; --} -- --static unsigned int --tftp_nat_expected(struct sk_buff **pskb, -- unsigned int hooknum, -- struct ip_conntrack *ct, -- struct ip_nat_info *info) --{ -- const struct ip_conntrack *master = ct->master->expectant; -- const struct ip_conntrack_tuple *orig = -- &master->tuplehash[IP_CT_DIR_ORIGINAL].tuple; -- struct ip_nat_multi_range mr; -- -- IP_NF_ASSERT(info); -- IP_NF_ASSERT(master); -- IP_NF_ASSERT(!(info->initialized & (1 << HOOK2MANIP(hooknum)))); -- -- mr.rangesize = 1; -- mr.range[0].flags = IP_NAT_RANGE_MAP_IPS; -- -- if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC) { -- mr.range[0].min_ip = mr.range[0].max_ip = orig->dst.ip; -- DEBUGP("orig: %u.%u.%u.%u:%u <-> %u.%u.%u.%u:%u " -- "newsrc: %u.%u.%u.%u\n", -- NIPQUAD((*pskb)->nh.iph->saddr), ntohs(udph->source), -- NIPQUAD((*pskb)->nh.iph->daddr), ntohs(udph->dest), -- NIPQUAD(orig->dst.ip)); -- } else { -- mr.range[0].min_ip = mr.range[0].max_ip = orig->src.ip; -- mr.range[0].min.udp.port = mr.range[0].max.udp.port = -- orig->src.u.udp.port; -- mr.range[0].flags |= IP_NAT_RANGE_PROTO_SPECIFIED; -- -- DEBUGP("orig: %u.%u.%u.%u:%u <-> %u.%u.%u.%u:%u " -- "newdst: %u.%u.%u.%u:%u\n", -- NIPQUAD((*pskb)->nh.iph->saddr), ntohs(udph->source), -- NIPQUAD((*pskb)->nh.iph->daddr), ntohs(udph->dest), -- NIPQUAD(orig->src.ip), ntohs(orig->src.u.udp.port)); -- } -- -- return ip_nat_setup_info(ct,&mr,hooknum); --} -- --static struct ip_nat_helper tftp[MAX_PORTS]; --static char tftp_names[MAX_PORTS][10]; -- --static void fini(void) --{ -- int i; -- -- for (i = 0 ; i < ports_c; i++) { -- DEBUGP("unregistering helper for port %d\n", ports[i]); -- ip_nat_helper_unregister(&tftp[i]); -- } --} -- --static int __init init(void) --{ -- int i, ret; -- char *tmpname; -- -- if (!ports[0]) -- ports[0] = TFTP_PORT; -- -- for (i = 0 ; (i < MAX_PORTS) && ports[i] ; i++) { -- memset(&tftp[i], 0, sizeof(struct ip_nat_helper)); -- -- tftp[i].tuple.dst.protonum = IPPROTO_UDP; -- tftp[i].tuple.src.u.udp.port = htons(ports[i]); -- tftp[i].mask.dst.protonum = 0xFFFF; -- tftp[i].mask.src.u.udp.port = 0xFFFF; -- tftp[i].help = tftp_nat_help; -- tftp[i].flags = 0; -- tftp[i].me = THIS_MODULE; -- tftp[i].expect = tftp_nat_expected; -- -- tmpname = &tftp_names[i][0]; -- if (ports[i] == TFTP_PORT) -- sprintf(tmpname, "tftp"); -- else -- sprintf(tmpname, "tftp-%d", i); -- tftp[i].name = tmpname; -- -- DEBUGP("ip_nat_tftp: registering for port %d: name %s\n", -- ports[i], tftp[i].name); -- ret = ip_nat_helper_register(&tftp[i]); -- -- if (ret) { -- printk("ip_nat_tftp: unable to register for port %d\n", -- ports[i]); -- fini(); -- return ret; -- } -- ports_c++; -- } -- return ret; --} -- --module_init(init); --module_exit(fini); -diff -Nurb linux/net/ipv4/netfilter/ip_pool.c linux.stock/net/ipv4/netfilter/ip_pool.c ---- linux/net/ipv4/netfilter/ip_pool.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_pool.c 1969-12-31 19:00:00.000000000 -0500 -@@ -1,328 +0,0 @@ --/* Kernel module for IP pool management */ -- --#include <linux/module.h> --#include <linux/ip.h> --#include <linux/skbuff.h> --#include <linux/netfilter_ipv4/ip_tables.h> --#include <linux/netfilter_ipv4/ip_pool.h> --#include <linux/errno.h> --#include <asm/uaccess.h> --#include <asm/bitops.h> --#include <linux/interrupt.h> --#include <linux/spinlock.h> -- --#define DP(format, args...) -- --MODULE_LICENSE("GPL"); -- --#define NR_POOL 16 --static int nr_pool = NR_POOL;/* overwrite this when loading module */ -- --struct ip_pool { -- u_int32_t first_ip; /* host byte order, included in range */ -- u_int32_t last_ip; /* host byte order, included in range */ -- void *members; /* the bitmap proper */ -- int nr_use; /* total nr. of tests through this */ -- int nr_match; /* total nr. of matches through this */ -- rwlock_t lock; --}; -- --static struct ip_pool *POOL; -- --static inline struct ip_pool *lookup(ip_pool_t index) --{ -- if (index < 0 || index >= nr_pool) { -- DP("ip_pool:lookup: bad index %d\n", index); -- return 0; -- } -- return POOL+index; --} -- --int ip_pool_match(ip_pool_t index, u_int32_t addr) --{ -- struct ip_pool *pool = lookup(index); -- int res = 0; -- -- if (!pool || !pool->members) -- return 0; -- read_lock_bh(&pool->lock); -- if (pool->members) { -- if (addr >= pool->first_ip && addr <= pool->last_ip) { -- addr -= pool->first_ip; -- if (test_bit(addr, pool->members)) { -- res = 1; --#ifdef CONFIG_IP_POOL_STATISTICS -- pool->nr_match++; --#endif -- } -- } --#ifdef CONFIG_IP_POOL_STATISTICS -- pool->nr_use++; --#endif -- } -- read_unlock_bh(&pool->lock); -- return res; --} -- --static int pool_change(ip_pool_t index, u_int32_t addr, int isdel) --{ -- struct ip_pool *pool; -- int res = -1; -- -- pool = lookup(index); -- if ( !pool || !pool->members -- || addr < pool->first_ip || addr > pool->last_ip) -- return -1; -- read_lock_bh(&pool->lock); -- if (pool->members && addr >= pool->first_ip && addr <= pool->last_ip) { -- addr -= pool->first_ip; -- res = isdel -- ? (0 != test_and_clear_bit(addr, pool->members)) -- : (0 != test_and_set_bit(addr, pool->members)); -- } -- read_unlock_bh(&pool->lock); -- return res; --} -- --int ip_pool_mod(ip_pool_t index, u_int32_t addr, int isdel) --{ -- int res = pool_change(index,addr,isdel); -- -- if (!isdel) res = !res; -- return res; --} -- --static inline int bitmap_bytes(u_int32_t a, u_int32_t b) --{ -- return 4*((((b-a+8)/8)+3)/4); --} -- --static inline int poolbytes(ip_pool_t index) --{ -- struct ip_pool *pool = lookup(index); -- -- return pool ? bitmap_bytes(pool->first_ip, pool->last_ip) : 0; --} -- --static int setpool( -- struct sock *sk, -- int optval, -- void *user, -- unsigned int len --) { -- struct ip_pool_request req; -- -- DP("ip_pool:setpool: optval=%d, user=%p, len=%d\n", optval, user, len); -- if (!capable(CAP_NET_ADMIN)) -- return -EPERM; -- if (optval != SO_IP_POOL) -- return -EBADF; -- if (len != sizeof(req)) -- return -EINVAL; -- if (copy_from_user(&req, user, sizeof(req)) != 0) -- return -EFAULT; -- printk("obsolete op - upgrade your ippool(8) utility.\n"); -- return -EINVAL; --} -- --static int getpool( -- struct sock *sk, -- int optval, -- void *user, -- int *len --) { -- struct ip_pool_request req; -- struct ip_pool *pool; -- ip_pool_t i; -- int newbytes; -- void *newmembers; -- int res; -- -- DP("ip_pool:getpool: optval=%d, user=%p\n", optval, user); -- if (!capable(CAP_NET_ADMIN)) -- return -EINVAL; -- if (optval != SO_IP_POOL) -- return -EINVAL; -- if (*len != sizeof(req)) { -- return -EFAULT; -- } -- if (copy_from_user(&req, user, sizeof(req)) != 0) -- return -EFAULT; -- DP("ip_pool:getpool op=%d, index=%d\n", req.op, req.index); -- if (req.op < IP_POOL_BAD001) { -- printk("obsolete op - upgrade your ippool(8) utility.\n"); -- return -EFAULT; -- } -- switch(req.op) { -- case IP_POOL_HIGH_NR: -- DP("ip_pool HIGH_NR\n"); -- req.index = IP_POOL_NONE; -- for (i=0; i<nr_pool; i++) -- if (POOL[i].members) -- req.index = i; -- return copy_to_user(user, &req, sizeof(req)); -- case IP_POOL_LOOKUP: -- DP("ip_pool LOOKUP\n"); -- pool = lookup(req.index); -- if (!pool) -- return -EINVAL; -- if (!pool->members) -- return -EBADF; -- req.addr = htonl(pool->first_ip); -- req.addr2 = htonl(pool->last_ip); -- return copy_to_user(user, &req, sizeof(req)); -- case IP_POOL_USAGE: -- DP("ip_pool USE\n"); -- pool = lookup(req.index); -- if (!pool) -- return -EINVAL; -- if (!pool->members) -- return -EBADF; -- req.addr = pool->nr_use; -- req.addr2 = pool->nr_match; -- return copy_to_user(user, &req, sizeof(req)); -- case IP_POOL_TEST_ADDR: -- DP("ip_pool TEST 0x%08x\n", req.addr); -- pool = lookup(req.index); -- if (!pool) -- return -EINVAL; -- res = 0; -- read_lock_bh(&pool->lock); -- if (!pool->members) { -- DP("ip_pool TEST_ADDR no members in pool\n"); -- res = -EBADF; -- goto unlock_and_return_res; -- } -- req.addr = ntohl(req.addr); -- if (req.addr < pool->first_ip) { -- DP("ip_pool TEST_ADDR address < pool bounds\n"); -- res = -ERANGE; -- goto unlock_and_return_res; -- } -- if (req.addr > pool->last_ip) { -- DP("ip_pool TEST_ADDR address > pool bounds\n"); -- res = -ERANGE; -- goto unlock_and_return_res; -- } -- req.addr = (0 != test_bit((req.addr - pool->first_ip), -- pool->members)); -- read_unlock_bh(&pool->lock); -- return copy_to_user(user, &req, sizeof(req)); -- case IP_POOL_FLUSH: -- DP("ip_pool FLUSH not yet implemented.\n"); -- return -EBUSY; -- case IP_POOL_DESTROY: -- DP("ip_pool DESTROY not yet implemented.\n"); -- return -EBUSY; -- case IP_POOL_INIT: -- DP("ip_pool INIT 0x%08x-0x%08x\n", req.addr, req.addr2); -- pool = lookup(req.index); -- if (!pool) -- return -EINVAL; -- req.addr = ntohl(req.addr); -- req.addr2 = ntohl(req.addr2); -- if (req.addr > req.addr2) { -- DP("ip_pool INIT bad ip range\n"); -- return -EINVAL; -- } -- newbytes = bitmap_bytes(req.addr, req.addr2); -- newmembers = kmalloc(newbytes, GFP_KERNEL); -- if (!newmembers) { -- DP("ip_pool INIT out of mem for %d bytes\n", newbytes); -- return -ENOMEM; -- } -- memset(newmembers, 0, newbytes); -- write_lock_bh(&pool->lock); -- if (pool->members) { -- DP("ip_pool INIT pool %d exists\n", req.index); -- kfree(newmembers); -- res = -EBUSY; -- goto unlock_and_return_res; -- } -- pool->first_ip = req.addr; -- pool->last_ip = req.addr2; -- pool->nr_use = 0; -- pool->nr_match = 0; -- pool->members = newmembers; -- write_unlock_bh(&pool->lock); -- return 0; -- case IP_POOL_ADD_ADDR: -- DP("ip_pool ADD_ADDR 0x%08x\n", req.addr); -- req.addr = pool_change(req.index, ntohl(req.addr), 0); -- return copy_to_user(user, &req, sizeof(req)); -- case IP_POOL_DEL_ADDR: -- DP("ip_pool DEL_ADDR 0x%08x\n", req.addr); -- req.addr = pool_change(req.index, ntohl(req.addr), 1); -- return copy_to_user(user, &req, sizeof(req)); -- default: -- DP("ip_pool:getpool bad op %d\n", req.op); -- return -EINVAL; -- } -- return -EINVAL; -- --unlock_and_return_res: -- if (pool) -- read_unlock_bh(&pool->lock); -- return res; --} -- --static struct nf_sockopt_ops so_pool --= { { NULL, NULL }, PF_INET, -- SO_IP_POOL, SO_IP_POOL+1, &setpool, -- SO_IP_POOL, SO_IP_POOL+1, &getpool, -- 0, NULL }; -- --MODULE_PARM(nr_pool, "i"); -- --static int __init init(void) --{ -- ip_pool_t i; -- int res; -- -- if (nr_pool < 1) { -- printk("ip_pool module init: bad nr_pool %d\n", nr_pool); -- return -EINVAL; -- } -- POOL = kmalloc(nr_pool * sizeof(*POOL), GFP_KERNEL); -- if (!POOL) { -- printk("ip_pool module init: out of memory for nr_pool %d\n", -- nr_pool); -- return -ENOMEM; -- } -- for (i=0; i<nr_pool; i++) { -- POOL[i].first_ip = 0; -- POOL[i].last_ip = 0; -- POOL[i].members = 0; -- POOL[i].nr_use = 0; -- POOL[i].nr_match = 0; -- POOL[i].lock = RW_LOCK_UNLOCKED; -- } -- res = nf_register_sockopt(&so_pool); -- DP("ip_pool:init %d pools, result %d\n", nr_pool, res); -- if (res != 0) { -- kfree(POOL); -- POOL = 0; -- } -- return res; --} -- --static void __exit fini(void) --{ -- ip_pool_t i; -- -- DP("ip_pool:fini BYEBYE\n"); -- nf_unregister_sockopt(&so_pool); -- for (i=0; i<nr_pool; i++) { -- if (POOL[i].members) { -- kfree(POOL[i].members); -- POOL[i].members = 0; -- } -- } -- kfree(POOL); -- POOL = 0; -- DP("ip_pool:fini these are the famous last words\n"); -- return; --} -- --module_init(init); --module_exit(fini); -diff -Nurb linux/net/ipv4/netfilter/ip_tables.c linux.stock/net/ipv4/netfilter/ip_tables.c ---- linux/net/ipv4/netfilter/ip_tables.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ip_tables.c 2004-05-09 04:13:03.000000000 -0400 -@@ -62,6 +62,11 @@ - #include <linux/netfilter_ipv4/lockhelp.h> - #include <linux/netfilter_ipv4/listhelp.h> - -+#if 0 -+/* All the better to debug you with... */ -+#define static -+#define inline -+#endif - - /* Locking is simple: we assume at worst case there will be one packet - in user context and one from bottom halves (or soft irq if Alexey's -@@ -83,6 +88,7 @@ - { - /* Size per table */ - unsigned int size; -+ /* Number of entries: FIXME. --RR */ - unsigned int number; - /* Initial number of entries. Needed for module usage count */ - unsigned int initial_entries; -@@ -106,6 +112,11 @@ - #define TABLE_OFFSET(t,p) 0 - #endif - -+#if 0 -+#define down(x) do { printk("DOWN:%u:" #x "\n", __LINE__); down(x); } while(0) -+#define down_interruptible(x) ({ int __r; printk("DOWNi:%u:" #x "\n", __LINE__); __r = down_interruptible(x); if (__r != 0) printk("ABORT-DOWNi:%u\n", __LINE__); __r; }) -+#define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0) -+#endif - - /* Returns whether matches rule or not. */ - static inline int -@@ -408,6 +419,12 @@ - { - void *ret; - -+#if 0 -+ duprintf("find_inlist: searching for `%s' in %s.\n", -+ name, head == &ipt_target ? "ipt_target" -+ : head == &ipt_match ? "ipt_match" -+ : head == &ipt_tables ? "ipt_tables" : "UNKNOWN"); -+#endif - - *error = down_interruptible(mutex); - if (*error != 0) -@@ -745,6 +762,8 @@ - newinfo->underflow[h] = underflows[h]; - } - -+ /* FIXME: underflows must be unconditional, standard verdicts -+ < 0 (not IPT_RETURN). --RR */ - - /* Clear counters and comefrom */ - e->counters = ((struct ipt_counters) { 0, 0 }); -@@ -957,6 +976,7 @@ - goto free_counters; - } - -+ /* FIXME: use iterator macros --RR */ - /* ... then go back and fix counters and names */ - for (off = 0, num = 0; off < total_size; off += e->next_offset, num++){ - unsigned int i; -@@ -1134,6 +1154,14 @@ - const struct ipt_counters addme[], - unsigned int *i) - { -+#if 0 -+ duprintf("add_counter: Entry %u %lu/%lu + %lu/%lu\n", -+ *i, -+ (long unsigned int)e->counters.pcnt, -+ (long unsigned int)e->counters.bcnt, -+ (long unsigned int)addme[*i].pcnt, -+ (long unsigned int)addme[*i].bcnt); -+#endif - - ADD_COUNTER(e->counters, addme[*i].bcnt, addme[*i].pcnt); - -@@ -1495,6 +1523,7 @@ - return 0; - } - -+ /* FIXME: Try tcp doff >> packet len against various stacks --RR */ - - #define FWINVTCP(bool,invflg) ((bool) ^ !!(tcpinfo->invflags & invflg)) - -@@ -1670,15 +1699,14 @@ - = { { NULL, NULL }, "icmp", &icmp_match, &icmp_checkentry, NULL }; - - #ifdef CONFIG_PROC_FS --static inline int print_name(const char *i, -+static inline int print_name(const struct ipt_table *t, - off_t start_offset, char *buffer, int length, - off_t *pos, unsigned int *count) - { - if ((*count)++ >= start_offset) { - unsigned int namelen; - -- namelen = sprintf(buffer + *pos, "%s\n", -- i + sizeof(struct list_head)); -+ namelen = sprintf(buffer + *pos, "%s\n", t->name); - if (*pos + namelen > length) { - /* Stop iterating */ - return 1; -@@ -1696,7 +1724,7 @@ - if (down_interruptible(&ipt_mutex) != 0) - return 0; - -- LIST_FIND(&ipt_tables, print_name, void *, -+ LIST_FIND(&ipt_tables, print_name, struct ipt_table *, - offset, buffer, length, &pos, &count); - - up(&ipt_mutex); -@@ -1705,46 +1733,6 @@ - *start=(char *)((unsigned long)count-offset); - return pos; - } -- --static int ipt_get_targets(char *buffer, char **start, off_t offset, int length) --{ -- off_t pos = 0; -- unsigned int count = 0; -- -- if (down_interruptible(&ipt_mutex) != 0) -- return 0; -- -- LIST_FIND(&ipt_target, print_name, void *, -- offset, buffer, length, &pos, &count); -- -- up(&ipt_mutex); -- -- *start = (char *)((unsigned long)count - offset); -- return pos; --} -- --static int ipt_get_matches(char *buffer, char **start, off_t offset, int length) --{ -- off_t pos = 0; -- unsigned int count = 0; -- -- if (down_interruptible(&ipt_mutex) != 0) -- return 0; -- -- LIST_FIND(&ipt_match, print_name, void *, -- offset, buffer, length, &pos, &count); -- -- up(&ipt_mutex); -- -- *start = (char *)((unsigned long)count - offset); -- return pos; --} -- --static struct { char *name; get_info_t *get_info; } ipt_proc_entry[] = --{ { "ip_tables_names", ipt_get_tables }, -- { "ip_tables_targets", ipt_get_targets }, -- { "ip_tables_matches", ipt_get_matches }, -- { NULL, NULL} }; - #endif /*CONFIG_PROC_FS*/ - - static int __init init(void) -@@ -1770,20 +1758,14 @@ - #ifdef CONFIG_PROC_FS - { - struct proc_dir_entry *proc; -- int i; - -- for (i = 0; ipt_proc_entry[i].name; i++) { -- proc = proc_net_create(ipt_proc_entry[i].name, 0, -- ipt_proc_entry[i].get_info); -+ proc = proc_net_create("ip_tables_names", 0, ipt_get_tables); - if (!proc) { -- while (--i >= 0) -- proc_net_remove(ipt_proc_entry[i].name); - nf_unregister_sockopt(&ipt_sockopts); - return -ENOMEM; - } - proc->owner = THIS_MODULE; - } -- } - #endif - - printk("ip_tables: (C) 2000-2002 Netfilter core team\n"); -@@ -1794,11 +1776,7 @@ - { - nf_unregister_sockopt(&ipt_sockopts); - #ifdef CONFIG_PROC_FS -- { -- int i; -- for (i = 0; ipt_proc_entry[i].name; i++) -- proc_net_remove(ipt_proc_entry[i].name); -- } -+ proc_net_remove("ip_tables_names"); - #endif - } - -diff -Nurb linux/net/ipv4/netfilter/ipchains_core.c linux.stock/net/ipv4/netfilter/ipchains_core.c ---- linux/net/ipv4/netfilter/ipchains_core.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ipchains_core.c 2004-05-09 04:13:03.000000000 -0400 -@@ -977,10 +977,17 @@ - || ftmp->ipfw.fw_dst.s_addr!=frwl->ipfw.fw_dst.s_addr - || ftmp->ipfw.fw_smsk.s_addr!=frwl->ipfw.fw_smsk.s_addr - || ftmp->ipfw.fw_dmsk.s_addr!=frwl->ipfw.fw_dmsk.s_addr -+#if 0 -+ || ftmp->ipfw.fw_flg!=frwl->ipfw.fw_flg -+#else - || ((ftmp->ipfw.fw_flg & ~IP_FW_F_MARKABS) - != (frwl->ipfw.fw_flg & ~IP_FW_F_MARKABS)) -+#endif - || ftmp->ipfw.fw_invflg!=frwl->ipfw.fw_invflg - || ftmp->ipfw.fw_proto!=frwl->ipfw.fw_proto -+#if 0 -+ || ftmp->ipfw.fw_mark!=frwl->ipfw.fw_mark -+#endif - || ftmp->ipfw.fw_redirpt!=frwl->ipfw.fw_redirpt - || ftmp->ipfw.fw_spts[0]!=frwl->ipfw.fw_spts[0] - || ftmp->ipfw.fw_spts[1]!=frwl->ipfw.fw_spts[1] -@@ -1566,6 +1573,7 @@ - ) - { - #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,29) -+ /* FIXME: No more `atomic' read and reset. Wonderful 8-( --RR */ - int reset = 0; - #endif - struct ip_chain *i; -diff -Nurb linux/net/ipv4/netfilter/ipfwadm_core.c linux.stock/net/ipv4/netfilter/ipfwadm_core.c ---- linux/net/ipv4/netfilter/ipfwadm_core.c 2003-10-14 04:09:33.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ipfwadm_core.c 2004-05-09 04:13:03.000000000 -0400 -@@ -20,7 +20,7 @@ - * license in recognition of the original copyright. - * -- Alan Cox. - * -- * $Id: ipfwadm_core.c,v 1.1.1.4 2003/10/14 08:09:33 sparq Exp $ -+ * $Id: ipfwadm_core.c,v 1.9.2.2 2002/01/24 15:50:42 davem Exp $ - * - * Ported from BSD to Linux, - * Alan Cox 22/Nov/1994. -@@ -1205,6 +1205,7 @@ - ) - { - #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,29) -+ /* FIXME: No more `atomic' read and reset. Wonderful 8-( --RR */ - int reset = 0; - #endif - return ip_chain_procinfo(IP_FW_ACCT, buffer,start, offset,length, -@@ -1223,6 +1224,7 @@ - ) - { - #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,29) -+ /* FIXME: No more `atomic' read and reset. Wonderful 8-( --RR */ - int reset = 0; - #endif - return ip_chain_procinfo(IP_FW_IN, buffer,start,offset,length, -@@ -1237,6 +1239,7 @@ - ) - { - #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,29) -+ /* FIXME: No more `atomic' read and reset. Wonderful 8-( --RR */ - int reset = 0; - #endif - return ip_chain_procinfo(IP_FW_OUT, buffer,start,offset,length, -@@ -1251,6 +1254,7 @@ - ) - { - #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,3,29) -+ /* FIXME: No more `atomic' read and reset. Wonderful 8-( --RR */ - int reset = 0; - #endif - return ip_chain_procinfo(IP_FW_FWD, buffer,start,offset,length, -diff -Nurb linux/net/ipv4/netfilter/ipt_ECN.c linux.stock/net/ipv4/netfilter/ipt_ECN.c ---- linux/net/ipv4/netfilter/ipt_ECN.c 2003-10-14 04:02:57.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ipt_ECN.c 2004-05-09 04:13:03.000000000 -0400 -@@ -87,8 +87,8 @@ - } - - if (diffs[0] != *tcpflags) { -- diffs[0] = diffs[0] ^ 0xFFFF; -- diffs[1] = *tcpflags; -+ diffs[0] = htons(diffs[0]) ^ 0xFFFF; -+ diffs[1] = htons(*tcpflags); - tcph->check = csum_fold(csum_partial((char *)diffs, - sizeof(diffs), - tcph->check^0xFFFF)); -diff -Nurb linux/net/ipv4/netfilter/ipt_LOG.c linux.stock/net/ipv4/netfilter/ipt_LOG.c ---- linux/net/ipv4/netfilter/ipt_LOG.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ipt_LOG.c 2004-05-09 04:13:03.000000000 -0400 -@@ -14,11 +14,15 @@ - #include <net/route.h> - #include <linux/netfilter_ipv4/ipt_LOG.h> - -+#if 0 -+#define DEBUGP printk -+#else - #define DEBUGP(format, args...) -+#endif - - struct esphdr { - __u32 spi; --}; -+}; /* FIXME evil kludge */ - - /* Use lock to serialize, so printks don't overlap */ - static spinlock_t log_lock = SPIN_LOCK_UNLOCKED; -diff -Nurb linux/net/ipv4/netfilter/ipt_REJECT.c linux.stock/net/ipv4/netfilter/ipt_REJECT.c ---- linux/net/ipv4/netfilter/ipt_REJECT.c 2003-07-04 04:12:31.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ipt_REJECT.c 2004-05-09 04:13:03.000000000 -0400 -@@ -6,8 +6,6 @@ - #include <linux/module.h> - #include <linux/skbuff.h> - #include <linux/ip.h> --#include <linux/udp.h> --#include <linux/icmp.h> - #include <net/icmp.h> - #include <net/ip.h> - #include <net/tcp.h> -@@ -16,7 +14,11 @@ - #include <linux/netfilter_ipv4/ip_tables.h> - #include <linux/netfilter_ipv4/ipt_REJECT.h> - -+#if 0 -+#define DEBUGP printk -+#else - #define DEBUGP(format, args...) -+#endif - - /* If the original packet is part of a connection, but the connection - is not confirmed, our manufactured reply will not be associated -@@ -155,7 +157,6 @@ - static void send_unreach(struct sk_buff *skb_in, int code) - { - struct iphdr *iph; -- struct udphdr *udph; - struct icmphdr *icmph; - struct sk_buff *nskb; - u32 saddr; -@@ -167,6 +168,7 @@ - if (!rt) - return; - -+ /* FIXME: Use sysctl number. --RR */ - if (!xrlim_allow(&rt->u.dst, 1*HZ)) - return; - -@@ -184,19 +186,6 @@ - if (iph->frag_off&htons(IP_OFFSET)) - return; - -- /* if UDP checksum is set, verify it's correct */ -- if (iph->protocol == IPPROTO_UDP -- && skb_in->tail-(u8*)iph >= sizeof(struct udphdr)) { -- int datalen = skb_in->len - (iph->ihl<<2); -- udph = (struct udphdr *)((char *)iph + (iph->ihl<<2)); -- if (udph->check -- && csum_tcpudp_magic(iph->saddr, iph->daddr, -- datalen, IPPROTO_UDP, -- csum_partial((char *)udph, datalen, -- 0)) != 0) -- return; -- } -- - /* If we send an ICMP error to an ICMP error a mess would result.. */ - if (iph->protocol == IPPROTO_ICMP - && skb_in->tail-(u8*)iph >= sizeof(struct icmphdr)) { -@@ -271,6 +260,7 @@ - /* Copy as much of original packet as will fit */ - data = skb_put(nskb, - length - sizeof(struct iphdr) - sizeof(struct icmphdr)); -+ /* FIXME: won't work with nonlinear skbs --RR */ - memcpy(data, skb_in->nh.iph, - length - sizeof(struct iphdr) - sizeof(struct icmphdr)); - icmph->checksum = ip_compute_csum((unsigned char *)icmph, -diff -Nurb linux/net/ipv4/netfilter/ipt_ULOG.c linux.stock/net/ipv4/netfilter/ipt_ULOG.c ---- linux/net/ipv4/netfilter/ipt_ULOG.c 2003-07-04 04:12:32.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ipt_ULOG.c 2004-05-09 04:13:03.000000000 -0400 -@@ -12,7 +12,6 @@ - * module loadtime -HW - * 2002/07/07 remove broken nflog_rcv() function -HW - * 2002/08/29 fix shifted/unshifted nlgroup bug -HW -- * 2002/10/30 fix uninitialized mac_len field - <Anders K. Pedersen> - * - * Released under the terms of the GPL - * -@@ -32,7 +31,7 @@ - * Specify, after how many clock ticks (intel: 100 per second) the queue - * should be flushed even if it is not full yet. - * -- * ipt_ULOG.c,v 1.22 2002/10/30 09:07:31 laforge Exp -+ * ipt_ULOG.c,v 1.21 2002/08/29 10:54:34 laforge Exp - */ - - #include <linux/module.h> -@@ -60,7 +59,12 @@ - #define ULOG_NL_EVENT 111 /* Harald's favorite number */ - #define ULOG_MAXNLGROUPS 32 /* numer of nlgroups */ - -+#if 0 -+#define DEBUGP(format, args...) printk(__FILE__ ":" __FUNCTION__ ":" \ -+ format, ## args) -+#else - #define DEBUGP(format, args...) -+#endif - - #define PRINTR(format, args...) do { if (net_ratelimit()) printk(format, ## args); } while (0) - -@@ -220,8 +224,7 @@ - && in->hard_header_len <= ULOG_MAC_LEN) { - memcpy(pm->mac, (*pskb)->mac.raw, in->hard_header_len); - pm->mac_len = in->hard_header_len; -- } else -- pm->mac_len = 0; -+ } - - if (in) - strncpy(pm->indev_name, in->name, sizeof(pm->indev_name)); -diff -Nurb linux/net/ipv4/netfilter/ipt_multiport.c linux.stock/net/ipv4/netfilter/ipt_multiport.c ---- linux/net/ipv4/netfilter/ipt_multiport.c 2003-07-04 04:12:32.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ipt_multiport.c 2004-05-09 04:13:03.000000000 -0400 -@@ -8,7 +8,11 @@ - #include <linux/netfilter_ipv4/ipt_multiport.h> - #include <linux/netfilter_ipv4/ip_tables.h> - -+#if 0 -+#define duprintf(format, args...) printk(format , ## args) -+#else - #define duprintf(format, args...) -+#endif - - /* Returns 1 if the port is matched by the test, 0 otherwise. */ - static inline int -@@ -74,7 +78,7 @@ - - /* Must specify proto == TCP/UDP, no unknown flags or bad count */ - return (ip->proto == IPPROTO_TCP || ip->proto == IPPROTO_UDP) -- && !(ip->invflags & IPT_INV_PROTO) -+ && !(ip->flags & IPT_INV_PROTO) - && matchsize == IPT_ALIGN(sizeof(struct ipt_multiport)) - && (multiinfo->flags == IPT_MULTIPORT_SOURCE - || multiinfo->flags == IPT_MULTIPORT_DESTINATION -diff -Nurb linux/net/ipv4/netfilter/ipt_pool.c linux.stock/net/ipv4/netfilter/ipt_pool.c ---- linux/net/ipv4/netfilter/ipt_pool.c 2003-07-04 04:12:32.000000000 -0400 -+++ linux.stock/net/ipv4/netfilter/ipt_pool.c 1969-12-31 19:00:00.000000000 -0500 -@@ -1,71 +0,0 @@ --/* Kernel module to match an IP address pool. */ -- --#include <linux/module.h> --#include <linux/ip.h> --#include <linux/skbuff.h> -- --#include <linux/netfilter_ipv4/ip_tables.h> --#include <linux/netfilter_ipv4/ip_pool.h> --#include <linux/netfilter_ipv4/ipt_pool.h> -- --static inline int match_pool( -- ip_pool_t index, -- __u32 addr, -- int inv --) { -- if (ip_pool_match(index, ntohl(addr))) -- inv = !inv; -- return inv; --} -- --static int match( -- const struct sk_buff *skb, -- const struct net_device *in, -- const struct net_device *out, -- const void *matchinfo, -- int offset, -- const void *hdr, -- u_int16_t datalen, -- int *hotdrop --) { -- const struct ipt_pool_info *info = matchinfo; -- const struct iphdr *iph = skb->nh.iph; -- -- if (info->src != IP_POOL_NONE && !match_pool(info->src, iph->saddr, -- info->flags&IPT_POOL_INV_SRC)) -- return 0; -- -- if (info->dst != IP_POOL_NONE && !match_pool(info->dst, iph->daddr, -- info->flags&IPT_POOL_INV_DST)) -- return 0; -- -- return 1; --} -- --static int checkentry( -- const char *tablename, -- const struct ipt_ip *ip, -- void *matchinfo, -- unsigned int matchsize, -- unsigned int hook_mask --) { -- if (matchsize != IPT_ALIGN(sizeof(struct ipt_pool_info))) -- return 0; -- return 1; --} -- --static struct ipt_match pool_match --= { { NULL, NULL }, "pool", &match, &checkentry, NULL, THIS_MODULE }; -- --static int __init init(void) --{ -- return ipt_register_match(&pool_match); --} -- --static void __exit fini(void) --{ -- ipt_unregister_match(&pool_match); --} -- --module_init(init); --module_exit(fini); -diff -Nurb linux/net/ipv6/mcast.c linux.stock/net/ipv6/mcast.c ---- linux/net/ipv6/mcast.c 2003-10-14 04:09:34.000000000 -0400 -+++ linux.stock/net/ipv6/mcast.c 2004-05-09 04:13:22.000000000 -0400 -@@ -5,7 +5,7 @@ - * Authors: - * Pedro Roque <roque@di.fc.ul.pt> - * -- * $Id: mcast.c,v 1.1.1.4 2003/10/14 08:09:34 sparq Exp $ -+ * $Id: mcast.c,v 1.38 2001/08/15 07:36:31 davem Exp $ - * - * Based on linux/ipv4/igmp.c and linux/ipv4/ip_sockglue.c - * ---- linux/include/linux/ppp-comp.h 2004-08-16 20:58:32.089851872 -0400 -+++ linux.stock/include/linux/ppp-comp.h 2004-08-16 20:59:48.217278744 -0400 -@@ -24,7 +24,7 @@ - * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, - * OR MODIFICATIONS. - * -- * $Id: ppp-comp.h,v 1.1.1.4 2003/10/14 08:09:26 sparq Exp $ -+ * $Id: ppp-comp.h,v 1.6 1997/11/27 06:04:44 paulus Exp $ - */ - - /* diff --git a/obsolete-buildroot/sources/openwrt/kernel/netfilter/patches/110-conntrack_setting.patch b/obsolete-buildroot/sources/openwrt/kernel/netfilter/patches/110-conntrack_setting.patch deleted file mode 100644 index 87be89d..0000000 --- a/obsolete-buildroot/sources/openwrt/kernel/netfilter/patches/110-conntrack_setting.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- ../../buildroot-unpacked/build_mipsel/linux/net/ipv4/netfilter/ip_conntrack_core.c 2004-11-28 22:59:36.000000000 -0500 -+++ linux/net/ipv4/netfilter/ip_conntrack_core.c 2004-11-30 05:05:32.000000000 -0500 -@@ -1386,7 +1386,7 @@ - nf_unregister_sockopt(&so_getorigdst); - } - --static int hashsize = 0; -+static int hashsize = 5953 - MODULE_PARM(hashsize, "i"); - - int __init ip_conntrack_init(void) -@@ -1407,7 +1407,7 @@ - if (ip_conntrack_htable_size < 16) - ip_conntrack_htable_size = 16; - } -- ip_conntrack_max = 8 * ip_conntrack_htable_size; -+ ip_conntrack_max = ip_conntrack_htable_size; - - printk("ip_conntrack version %s (%u buckets, %d max)" - " - %Zd bytes per conntrack\n", IP_CONNTRACK_VERSION, diff --git a/obsolete-buildroot/sources/openwrt/kernel/patches/110-sch_htb.patch b/obsolete-buildroot/sources/openwrt/kernel/patches/110-sch_htb.patch deleted file mode 100644 index 3c9a50e..0000000 --- a/obsolete-buildroot/sources/openwrt/kernel/patches/110-sch_htb.patch +++ /dev/null @@ -1,570 +0,0 @@ ---- linux/net/sched/sch_htb.c 2003-10-14 01:09:35.000000000 -0700 -+++ linux.2.4.26/net/sched/sch_htb.c 2004-05-10 00:05:51.000000000 -0700 -@@ -9,6 +9,8 @@ - * Authors: Martin Devera, <devik@cdi.cz> - * - * Credits (in time order) for older HTB versions: -+ * Stef Coene <stef.coene@docum.org> -+ * HTB support at LARTC mailing list - * Ondrej Kraus, <krauso@barr.cz> - * found missing INIT_QDISC(htb) - * Vladimir Smelhaus, Aamer Akhter, Bert Hubert -@@ -17,9 +19,13 @@ - * code review and helpful comments on shaping - * Tomasz Wrona, <tw@eter.tym.pl> - * created test case so that I was able to fix nasty bug -+ * Wilfried Weissmann -+ * spotted bug in dequeue code and helped with fix -+ * Jiri Fojtasek -+ * fixed requeue routine - * and many others. thanks. - * -- * $Id: sch_htb.c,v 1.1.1.4 2003/10/14 08:09:35 sparq Exp $ -+ * $Id: sch_htb.c,v 1.25 2003/12/07 11:08:25 devik Exp devik $ - */ - #include <linux/config.h> - #include <linux/module.h> -@@ -71,16 +77,12 @@ - #define HTB_HYSTERESIS 1/* whether to use mode hysteresis for speedup */ - #define HTB_QLOCK(S) spin_lock_bh(&(S)->dev->queue_lock) - #define HTB_QUNLOCK(S) spin_unlock_bh(&(S)->dev->queue_lock) --#define HTB_VER 0x30007 /* major must be matched with number suplied by TC as version */ -+#define HTB_VER 0x30010 /* major must be matched with number suplied by TC as version */ - - #if HTB_VER >> 16 != TC_HTB_PROTOVER - #error "Mismatched sch_htb.c and pkt_sch.h" - #endif - --/* temporary debug defines to be removed after beta stage */ --#define DEVIK_MEND(N) --#define DEVIK_MSTART(N) -- - /* debugging support; S is subsystem, these are defined: - 0 - netlink messages - 1 - enqueue -@@ -100,13 +102,16 @@ - from LSB - */ - #ifdef HTB_DEBUG --#define HTB_DBG(S,L,FMT,ARG...) if (((q->debug>>(2*S))&3) >= L) \ -+#define HTB_DBG_COND(S,L) (((q->debug>>(2*S))&3) >= L) -+#define HTB_DBG(S,L,FMT,ARG...) if (HTB_DBG_COND(S,L)) \ - printk(KERN_DEBUG FMT,##ARG) - #define HTB_CHCL(cl) BUG_TRAP((cl)->magic == HTB_CMAGIC) - #define HTB_PASSQ q, - #define HTB_ARGQ struct htb_sched *q, - #define static -+#undef __inline__ - #define __inline__ -+#undef inline - #define inline - #define HTB_CMAGIC 0xFEFAFEF1 - #define htb_safe_rb_erase(N,R) do { BUG_TRAP((N)->rb_color != -1); \ -@@ -114,6 +119,7 @@ - rb_erase(N,R); \ - (N)->rb_color = -1; } while (0) - #else -+#define HTB_DBG_COND(S,L) (0) - #define HTB_DBG(S,L,FMT,ARG...) - #define HTB_PASSQ - #define HTB_ARGQ -@@ -219,6 +225,9 @@ - /* time of nearest event per level (row) */ - unsigned long near_ev_cache[TC_HTB_MAXDEPTH]; - -+ /* cached value of jiffies in dequeue */ -+ unsigned long jiffies; -+ - /* whether we hit non-work conserving class during this dequeue; we use */ - int nwc_hit; /* this to disable mindelay complaint in dequeue */ - -@@ -297,7 +306,7 @@ - rules in it */ - if (skb->priority == sch->handle) - return HTB_DIRECT; /* X:0 (direct flow) selected */ -- if ((cl = htb_find(skb->priority,sch)) != NULL) -+ if ((cl = htb_find(skb->priority,sch)) != NULL && cl->level == 0) - return cl; - - tcf = q->filter_list; -@@ -338,7 +347,7 @@ - static void htb_debug_dump (struct htb_sched *q) - { - int i,p; -- printk(KERN_DEBUG "htb*g j=%lu\n",jiffies); -+ printk(KERN_DEBUG "htb*g j=%lu lj=%lu\n",jiffies,q->jiffies); - /* rows */ - for (i=TC_HTB_MAXDEPTH-1;i>=0;i--) { - printk(KERN_DEBUG "htb*r%d m=%x",i,q->row_mask[i]); -@@ -421,26 +430,24 @@ - if ((delay <= 0 || delay > cl->mbuffer) && net_ratelimit()) - printk(KERN_ERR "HTB: suspicious delay in wait_tree d=%ld cl=%X h=%d\n",delay,cl->classid,debug_hint); - #endif -- DEVIK_MSTART(9); -- cl->pq_key = jiffies + PSCHED_US2JIFFIE(delay); -- if (cl->pq_key == jiffies) -+ cl->pq_key = q->jiffies + PSCHED_US2JIFFIE(delay); -+ if (cl->pq_key == q->jiffies) - cl->pq_key++; - - /* update the nearest event cache */ -- if (q->near_ev_cache[cl->level] - cl->pq_key < 0x80000000) -+ if (time_after(q->near_ev_cache[cl->level], cl->pq_key)) - q->near_ev_cache[cl->level] = cl->pq_key; - - while (*p) { - struct htb_class *c; parent = *p; - c = rb_entry(parent, struct htb_class, pq_node); -- if (cl->pq_key - c->pq_key < 0x80000000) -+ if (time_after_eq(cl->pq_key, c->pq_key)) - p = &parent->rb_right; - else - p = &parent->rb_left; - } - rb_link_node(&cl->pq_node, parent, p); - rb_insert_color(&cl->pq_node, &q->wait_pq[cl->level]); -- DEVIK_MEND(9); - } - - /** -@@ -453,12 +460,14 @@ - { - rb_node_t *p; - if ((*n)->rb_right) { -+ /* child at right. use it or its leftmost ancestor */ - *n = (*n)->rb_right; - while ((*n)->rb_left) - *n = (*n)->rb_left; - return; - } - while ((p = (*n)->rb_parent) != NULL) { -+ /* if we've arrived from left child then we have next node */ - if (p->rb_left == *n) break; - *n = p; - } -@@ -602,7 +611,7 @@ - long toks; - - if ((toks = (cl->ctokens + *diff)) < ( --#ifdef HTB_HYSTERESIS -+#if HTB_HYSTERESIS - cl->cmode != HTB_CANT_SEND ? -cl->cbuffer : - #endif - 0)) { -@@ -610,7 +619,7 @@ - return HTB_CANT_SEND; - } - if ((toks = (cl->tokens + *diff)) >= ( --#ifdef HTB_HYSTERESIS -+#if HTB_HYSTERESIS - cl->cmode == HTB_CAN_SEND ? -cl->buffer : - #endif - 0)) -@@ -689,7 +698,6 @@ - struct htb_sched *q = (struct htb_sched *)sch->data; - struct htb_class *cl = htb_classify(skb,sch); - -- DEVIK_MSTART(0); - if (cl == HTB_DIRECT || !cl) { - /* enqueue to helper queue */ - if (q->direct_queue.qlen < q->direct_qlen && cl) { -@@ -698,25 +706,20 @@ - } else { - kfree_skb (skb); - sch->stats.drops++; -- DEVIK_MEND(0); - return NET_XMIT_DROP; - } - } else if (cl->un.leaf.q->enqueue(skb, cl->un.leaf.q) != NET_XMIT_SUCCESS) { - sch->stats.drops++; - cl->stats.drops++; -- DEVIK_MEND(0); - return NET_XMIT_DROP; - } else { - cl->stats.packets++; cl->stats.bytes += skb->len; -- DEVIK_MSTART(1); - htb_activate (q,cl); -- DEVIK_MEND(1); - } - - sch->q.qlen++; - sch->stats.packets++; sch->stats.bytes += skb->len; -- HTB_DBG(1,1,"htb_enq_ok cl=%X skb=%p\n",cl?cl->classid:0,skb); -- DEVIK_MEND(0); -+ HTB_DBG(1,1,"htb_enq_ok cl=%X skb=%p\n",(cl && cl != HTB_DIRECT)?cl->classid:0,skb); - return NET_XMIT_SUCCESS; - } - -@@ -725,16 +728,18 @@ - { - struct htb_sched *q = (struct htb_sched *)sch->data; - struct htb_class *cl = htb_classify(skb,sch); -+ struct sk_buff *tskb; - - if (cl == HTB_DIRECT || !cl) { - /* enqueue to helper queue */ - if (q->direct_queue.qlen < q->direct_qlen && cl) { -- __skb_queue_tail(&q->direct_queue, skb); -- q->direct_pkts++; -+ __skb_queue_head(&q->direct_queue, skb); - } else { -- kfree_skb (skb); -- sch->stats.drops++; -- return NET_XMIT_DROP; -+ __skb_queue_head(&q->direct_queue, skb); -+ tskb = __skb_dequeue_tail(&q->direct_queue); -+ kfree_skb (tskb); -+ sch->stats.drops++; -+ return NET_XMIT_CN; - } - } else if (cl->un.leaf.q->ops->requeue(skb, cl->un.leaf.q) != NET_XMIT_SUCCESS) { - sch->stats.drops++; -@@ -744,7 +749,7 @@ - htb_activate (q,cl); - - sch->q.qlen++; -- HTB_DBG(1,1,"htb_req_ok cl=%X skb=%p\n",cl?cl->classid:0,skb); -+ HTB_DBG(1,1,"htb_req_ok cl=%X skb=%p\n",(cl && cl != HTB_DIRECT)?cl->classid:0,skb); - return NET_XMIT_SUCCESS; - } - -@@ -819,7 +824,7 @@ - cl->classid, diff, - (unsigned long long) q->now, - (unsigned long long) cl->t_c, -- jiffies); -+ q->jiffies); - diff = 1000; - } - #endif -@@ -862,6 +867,7 @@ - * - * Scans event queue for pending events and applies them. Returns jiffies to - * next pending event (0 for no event in pq). -+ * Note: Aplied are events whose have cl->pq_key <= jiffies. - */ - static long htb_do_events(struct htb_sched *q,int level) - { -@@ -876,9 +882,9 @@ - while (p->rb_left) p = p->rb_left; - - cl = rb_entry(p, struct htb_class, pq_node); -- if (cl->pq_key - (jiffies+1) < 0x80000000) { -- HTB_DBG(8,3,"htb_do_ev_ret delay=%ld\n",cl->pq_key - jiffies); -- return cl->pq_key - jiffies; -+ if (time_after(cl->pq_key, q->jiffies)) { -+ HTB_DBG(8,3,"htb_do_ev_ret delay=%ld\n",cl->pq_key - q->jiffies); -+ return cl->pq_key - q->jiffies; - } - htb_safe_rb_erase(p,q->wait_pq+level); - diff = PSCHED_TDIFF_SAFE(q->now, cl->t_c, (u32)cl->mbuffer, 0); -@@ -889,7 +895,7 @@ - cl->classid, diff, - (unsigned long long) q->now, - (unsigned long long) cl->t_c, -- jiffies); -+ q->jiffies); - diff = 1000; - } - #endif -@@ -916,6 +922,7 @@ - rb_node_t **pptr; - } stk[TC_HTB_MAXDEPTH],*sp = stk; - -+ BUG_TRAP(tree->rb_node); - sp->root = tree->rb_node; - sp->pptr = pptr; - -@@ -949,16 +956,36 @@ - htb_dequeue_tree(struct htb_sched *q,int prio,int level) - { - struct sk_buff *skb = NULL; -- //struct htb_sched *q = (struct htb_sched *)sch->data; - struct htb_class *cl,*start; - /* look initial class up in the row */ -- DEVIK_MSTART(6); - start = cl = htb_lookup_leaf (q->row[level]+prio,prio,q->ptr[level]+prio); - - do { -- BUG_TRAP(cl && cl->un.leaf.q->q.qlen); if (!cl) return NULL; -+next: -+ BUG_TRAP(cl); -+ if (!cl) return NULL; - HTB_DBG(4,1,"htb_deq_tr prio=%d lev=%d cl=%X defic=%d\n", - prio,level,cl->classid,cl->un.leaf.deficit[level]); -+ -+ /* class can be empty - it is unlikely but can be true if leaf -+ qdisc drops packets in enqueue routine or if someone used -+ graft operation on the leaf since last dequeue; -+ simply deactivate and skip such class */ -+ if (unlikely(cl->un.leaf.q->q.qlen == 0)) { -+ struct htb_class *next; -+ htb_deactivate(q,cl); -+ -+ /* row/level might become empty */ -+ if ((q->row_mask[level] & (1 << prio)) == 0) -+ return NULL; -+ -+ next = htb_lookup_leaf (q->row[level]+prio, -+ prio,q->ptr[level]+prio); -+ if (cl == start) /* fix start if we just deleted it */ -+ start = next; -+ cl = next; -+ goto next; -+ } - - if (likely((skb = cl->un.leaf.q->dequeue(cl->un.leaf.q)) != NULL)) - break; -@@ -971,8 +998,6 @@ - cl = htb_lookup_leaf (q->row[level]+prio,prio,q->ptr[level]+prio); - } while (cl != start); - -- DEVIK_MEND(6); -- DEVIK_MSTART(7); - if (likely(skb != NULL)) { - if ((cl->un.leaf.deficit[level] -= skb->len) < 0) { - HTB_DBG(4,2,"htb_next_cl oldptr=%p quant_add=%d\n", -@@ -984,11 +1009,8 @@ - gives us slightly better performance */ - if (!cl->un.leaf.q->q.qlen) - htb_deactivate (q,cl); -- DEVIK_MSTART(8); - htb_charge_class (q,cl,level,skb->len); -- DEVIK_MEND(8); - } -- DEVIK_MEND(7); - return skb; - } - -@@ -1002,9 +1024,8 @@ - printk(KERN_INFO "HTB delay %ld > 5sec\n", delay); - delay = 5*HZ; - } -- del_timer(&q->timer); -- q->timer.expires = jiffies + delay; -- add_timer(&q->timer); -+ /* why don't use jiffies here ? because expires can be in past */ -+ mod_timer(&q->timer, q->jiffies + delay); - sch->flags |= TCQ_F_THROTTLED; - sch->stats.overlimits++; - HTB_DBG(3,1,"htb_deq t_delay=%ld\n",delay); -@@ -1016,7 +1037,11 @@ - struct htb_sched *q = (struct htb_sched *)sch->data; - int level; - long min_delay; -+#ifdef HTB_DEBUG -+ int evs_used = 0; -+#endif - -+ q->jiffies = jiffies; - HTB_DBG(3,1,"htb_deq dircnt=%d qlen=%d\n",skb_queue_len(&q->direct_queue), - sch->q.qlen); - -@@ -1027,27 +1052,26 @@ - return skb; - } - -- DEVIK_MSTART(2); - if (!sch->q.qlen) goto fin; - PSCHED_GET_TIME(q->now); - -- min_delay = HZ*5; -+ min_delay = LONG_MAX; - q->nwc_hit = 0; - for (level = 0; level < TC_HTB_MAXDEPTH; level++) { - /* common case optimization - skip event handler quickly */ - int m; - long delay; -- DEVIK_MSTART(3); -- if (jiffies - q->near_ev_cache[level] < 0x80000000 || 0) { -+ if (time_after_eq(q->jiffies, q->near_ev_cache[level])) { - delay = htb_do_events(q,level); -- q->near_ev_cache[level] += delay ? delay : HZ; -+ q->near_ev_cache[level] = q->jiffies + (delay ? delay : HZ); -+#ifdef HTB_DEBUG -+ evs_used++; -+#endif - } else -- delay = q->near_ev_cache[level] - jiffies; -+ delay = q->near_ev_cache[level] - q->jiffies; - - if (delay && min_delay > delay) - min_delay = delay; -- DEVIK_MEND(3); -- DEVIK_MSTART(5); - m = ~q->row_mask[level]; - while (m != (int)(-1)) { - int prio = ffz (m); -@@ -1056,29 +1080,29 @@ - if (likely(skb != NULL)) { - sch->q.qlen--; - sch->flags &= ~TCQ_F_THROTTLED; -- DEVIK_MEND(5); - goto fin; - } - } -- DEVIK_MEND(5); - } -- DEVIK_MSTART(4); - #ifdef HTB_DEBUG -- if (!q->nwc_hit && min_delay >= 5*HZ && net_ratelimit()) { -- printk(KERN_ERR "HTB: mindelay=%ld, report it please !\n",min_delay); -- htb_debug_dump(q); -+ if (!q->nwc_hit && min_delay >= 10*HZ && net_ratelimit()) { -+ if (min_delay == LONG_MAX) { -+ printk(KERN_ERR "HTB: dequeue bug (%d,%lu,%lu), report it please !\n", -+ evs_used,q->jiffies,jiffies); -+ htb_debug_dump(q); -+ } else -+ printk(KERN_WARNING "HTB: mindelay=%ld, some class has " -+ "too small rate\n",min_delay); - } - #endif -- htb_delay_by (sch,min_delay); -- DEVIK_MEND(4); -+ htb_delay_by (sch,min_delay > 5*HZ ? 5*HZ : min_delay); - fin: -- HTB_DBG(3,1,"htb_deq_end %s j=%lu skb=%p\n",sch->dev->name,jiffies,skb); -- DEVIK_MEND(2); -+ HTB_DBG(3,1,"htb_deq_end %s j=%lu skb=%p\n",sch->dev->name,q->jiffies,skb); - return skb; - } - - /* try to drop from each class (by prio) until one succeed */ --static int htb_drop(struct Qdisc* sch) -+static unsigned int htb_drop(struct Qdisc* sch) - { - struct htb_sched *q = (struct htb_sched *)sch->data; - int prio; -@@ -1086,14 +1110,15 @@ - for (prio = TC_HTB_NUMPRIO - 1; prio >= 0; prio--) { - struct list_head *p; - list_for_each (p,q->drops+prio) { -- struct htb_class *cl = list_entry(p,struct htb_class, -- un.leaf.drop_list); -+ struct htb_class *cl = list_entry(p, struct htb_class, -+ un.leaf.drop_list); -+ unsigned int len; - if (cl->un.leaf.q->ops->drop && -- cl->un.leaf.q->ops->drop(cl->un.leaf.q)) { -+ (len = cl->un.leaf.q->ops->drop(cl->un.leaf.q))) { - sch->q.qlen--; - if (!cl->un.leaf.q->q.qlen) - htb_deactivate (q,cl); -- return 1; -+ return len; - } - } - } -@@ -1208,7 +1233,8 @@ - gopt.direct_pkts = q->direct_pkts; - - #ifdef HTB_DEBUG -- htb_debug_dump(q); -+ if (HTB_DBG_COND(0,2)) -+ htb_debug_dump(q); - #endif - gopt.version = HTB_VER; - gopt.rate2quantum = q->rate2quantum; -@@ -1289,6 +1315,9 @@ - return -ENOBUFS; - sch_tree_lock(sch); - if ((*old = xchg(&cl->un.leaf.q, new)) != NULL) { -+ if (cl->prio_activity) -+ htb_deactivate ((struct htb_sched*)sch->data,cl); -+ - /* TODO: is it correct ? Why CBQ doesn't do it ? */ - sch->q.qlen -= (*old)->q.qlen; - qdisc_reset(*old); -@@ -1323,7 +1352,7 @@ - - while ((tp = *fl) != NULL) { - *fl = tp->next; -- tp->ops->destroy(tp); -+ tcf_destroy(tp); - } - } - -@@ -1371,11 +1400,16 @@ - #ifdef HTB_RATECM - del_timer_sync (&q->rttim); - #endif -+ /* This line used to be after htb_destroy_class call below -+ and surprisingly it worked in 2.4. But it must precede it -+ because filter need its target class alive to be able to call -+ unbind_filter on it (without Oops). */ -+ htb_destroy_filters(&q->filter_list); -+ - while (!list_empty(&q->root)) - htb_destroy_class (sch,list_entry(q->root.next, - struct htb_class,sibling)); - -- htb_destroy_filters(&q->filter_list); - __skb_queue_purge(&q->direct_queue); - MOD_DEC_USE_COUNT; - } -@@ -1438,12 +1472,13 @@ - parent = parentid == TC_H_ROOT ? NULL : htb_find (parentid,sch); - - hopt = RTA_DATA(tb[TCA_HTB_PARMS-1]); -- HTB_DBG(0,1,"htb_chg cl=%p, clid=%X, opt/prio=%d, rate=%u, buff=%d, quant=%d\n", cl,cl?cl->classid:0,(int)hopt->prio,hopt->rate.rate,hopt->buffer,hopt->quantum); -+ HTB_DBG(0,1,"htb_chg cl=%p(%X), clid=%X, parid=%X, opt/prio=%d, rate=%u, buff=%d, quant=%d\n", cl,cl?cl->classid:0,classid,parentid,(int)hopt->prio,hopt->rate.rate,hopt->buffer,hopt->quantum); - rtab = qdisc_get_rtab(&hopt->rate, tb[TCA_HTB_RTAB-1]); - ctab = qdisc_get_rtab(&hopt->ceil, tb[TCA_HTB_CTAB-1]); - if (!rtab || !ctab) goto failure; - - if (!cl) { /* new class */ -+ struct Qdisc *new_q; - /* check for valid classid */ - if (!classid || TC_H_MAJ(classid^sch->handle) || htb_find(classid,sch)) - goto failure; -@@ -1467,6 +1502,10 @@ - cl->magic = HTB_CMAGIC; - #endif - -+ /* create leaf qdisc early because it uses kmalloc(GFP_KERNEL) -+ so that can't be used inside of sch_tree_lock -+ -- thanks to Karlis Peisenieks */ -+ new_q = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops); - sch_tree_lock(sch); - if (parent && !parent->level) { - /* turn parent into inner node */ -@@ -1485,8 +1524,7 @@ - memset (&parent->un.inner,0,sizeof(parent->un.inner)); - } - /* leaf (we) needs elementary qdisc */ -- if (!(cl->un.leaf.q = qdisc_create_dflt(sch->dev, &pfifo_qdisc_ops))) -- cl->un.leaf.q = &noop_qdisc; -+ cl->un.leaf.q = new_q ? new_q : &noop_qdisc; - - cl->classid = classid; cl->parent = parent; - -@@ -1514,11 +1552,11 @@ - if (!cl->level) { - cl->un.leaf.quantum = rtab->rate.rate / q->rate2quantum; - if (!hopt->quantum && cl->un.leaf.quantum < 1000) { -- printk(KERN_WARNING "HTB: quantum of class %X is small. Consider r2q change.", cl->classid); -+ printk(KERN_WARNING "HTB: quantum of class %X is small. Consider r2q change.\n", cl->classid); - cl->un.leaf.quantum = 1000; - } - if (!hopt->quantum && cl->un.leaf.quantum > 200000) { -- printk(KERN_WARNING "HTB: quantum of class %X is big. Consider r2q change.", cl->classid); -+ printk(KERN_WARNING "HTB: quantum of class %X is big. Consider r2q change.\n", cl->classid); - cl->un.leaf.quantum = 200000; - } - if (hopt->quantum) ---- linux/include/net/pkt_cls.h 2003-07-04 01:12:28.000000000 -0700 -+++ linux.2.4.26/include/net/pkt_cls.h 2004-05-10 22:21:40.000000000 -0700 -@@ -77,7 +77,11 @@ - return -1; - } - -- -+static inline void tcf_destroy(struct tcf_proto *tp) -+{ -+ tp->ops->destroy(tp); -+ kfree(tp); -+} - - extern int register_tcf_proto_ops(struct tcf_proto_ops *ops); - extern int unregister_tcf_proto_ops(struct tcf_proto_ops *ops); diff --git a/obsolete-buildroot/sources/openwrt/kernel/patches/120-openwrt.patch b/obsolete-buildroot/sources/openwrt/kernel/patches/120-openwrt.patch deleted file mode 100644 index 4e543de..0000000 --- a/obsolete-buildroot/sources/openwrt/kernel/patches/120-openwrt.patch +++ /dev/null @@ -1,2521 +0,0 @@ -diff -Nurb linux.orig/Makefile linux/Makefile ---- linux.orig/Makefile 2003-10-14 04:00:10.000000000 -0400 -+++ linux/Makefile 2004-05-25 21:12:24.000000000 -0400 -@@ -17,7 +17,7 @@ - FINDHPATH = $(HPATH)/asm $(HPATH)/linux $(HPATH)/scsi $(HPATH)/net $(HPATH)/math-emu - - HOSTCC = gcc --HOSTCFLAGS = -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -+HOSTCFLAGS = -Wall -Wstrict-prototypes -Os -fomit-frame-pointer - - CROSS_COMPILE = - -@@ -88,7 +88,7 @@ - - CPPFLAGS := -D__KERNEL__ -I$(HPATH) - --CFLAGS := $(CPPFLAGS) -Wall -Wstrict-prototypes -Wno-trigraphs -O2 \ -+CFLAGS := $(CPPFLAGS) -Wall -Wstrict-prototypes -Wno-trigraphs -Os \ - -fno-strict-aliasing -fno-common - - # Turn on -pg to instrument the kernel with calls to mcount(). -diff -Nurb linux.orig/arch/mips/brcm-boards/bcm947xx/setup.c linux/arch/mips/brcm-boards/bcm947xx/setup.c ---- linux.orig/arch/mips/brcm-boards/bcm947xx/setup.c 2003-11-11 09:08:46.000000000 -0500 -+++ linux/arch/mips/brcm-boards/bcm947xx/setup.c 2004-05-25 21:12:24.000000000 -0400 -@@ -27,6 +27,7 @@ - #include <linux/ext2_fs.h> - #include <linux/romfs_fs.h> - #include <linux/cramfs_fs.h> -+#include <linux/squashfs_fs.h> - #endif - - #include <typedefs.h> -@@ -160,37 +161,38 @@ - #ifdef CONFIG_MTD_PARTITIONS - - static struct mtd_partition bcm947xx_parts[] = { -- { name: "pmon", offset: 0, size: 0, /*mask_flags: MTD_WRITEABLE,*/ }, -+ { name: "pmon", offset: 0, size: 0, mask_flags: MTD_WRITEABLE, }, - { name: "linux", offset: 0, size: 0, }, - { name: "rootfs", offset: 0, size: 0, /*mask_flags: MTD_WRITEABLE,*/ }, - { name: "nvram", offset: 0, size: 0, }, -+ { name: "OpenWrt", offset: 0, size: 0, }, - { name: NULL, }, - }; - --struct mtd_partition * __init --init_mtd_partitions(struct mtd_info *mtd, size_t size) -+ -+static int __init -+find_root(struct mtd_info *mtd, size_t size, struct mtd_partition *part) - { -- struct minix_super_block *minixsb; -- struct ext2_super_block *ext2sb; -- struct romfs_super_block *romfsb; - struct cramfs_super *cramfsb; -+ struct squashfs_super_block *squashfsb; - struct trx_header *trx; -+ - unsigned char buf[512]; - int off; - size_t len; - -- minixsb = (struct minix_super_block *) buf; -- ext2sb = (struct ext2_super_block *) buf; -- romfsb = (struct romfs_super_block *) buf; - cramfsb = (struct cramfs_super *) buf; -+ squashfsb = (struct squashfs_super_block *) buf; - trx = (struct trx_header *) buf; - -- /* Look at every 64 KB boundary */ -- for (off = 0; off < size; off += (64 * 1024)) { -+ part->offset = 0; -+ part->size = 0; -+ -+ for (off = 0; off < size; off += mtd->erasesize) { - memset(buf, 0xe5, sizeof(buf)); - - /* -- * Read block 0 to test for romfs and cramfs superblock -+ * Read block 0 to test for cramfs superblock - */ - if (MTD_READ(mtd, off, sizeof(buf), &len, buf) || - len != sizeof(buf)) -@@ -198,75 +200,105 @@ - - /* Try looking at TRX header for rootfs offset */ - if (le32_to_cpu(trx->magic) == TRX_MAGIC) { -- bcm947xx_parts[1].offset = off; - if (le32_to_cpu(trx->offsets[1]) > off) - off = le32_to_cpu(trx->offsets[1]); - continue; - } - -- /* romfs is at block zero too */ -- if (romfsb->word0 == ROMSB_WORD0 && -- romfsb->word1 == ROMSB_WORD1) { -- printk(KERN_NOTICE -- "%s: romfs filesystem found at block %d\n", -- mtd->name, off / BLOCK_SIZE); -- goto done; -- } -- -- /* so is cramfs */ -+ /* need to find cramfs */ - if (cramfsb->magic == CRAMFS_MAGIC) { - printk(KERN_NOTICE - "%s: cramfs filesystem found at block %d\n", - mtd->name, off / BLOCK_SIZE); -- goto done; -- } - -- /* -- * Read block 1 to test for minix and ext2 superblock -- */ -- if (MTD_READ(mtd, off + BLOCK_SIZE, sizeof(buf), &len, buf) || -- len != sizeof(buf)) -- continue; -- -- /* Try minix */ -- if (minixsb->s_magic == MINIX_SUPER_MAGIC || -- minixsb->s_magic == MINIX_SUPER_MAGIC2) { -- printk(KERN_NOTICE -- "%s: Minix filesystem found at block %d\n", -- mtd->name, off / BLOCK_SIZE); -+ part->size = cramfsb->size; - goto done; - } - -- /* Try ext2 */ -- if (ext2sb->s_magic == cpu_to_le16(EXT2_SUPER_MAGIC)) { -+ /* or squashfs */ -+ if (squashfsb->s_magic == SQUASHFS_MAGIC) { - printk(KERN_NOTICE -- "%s: ext2 filesystem found at block %d\n", -+ "%s: squashfs filesystem found at block %d\n", - mtd->name, off / BLOCK_SIZE); -+ part->size = squashfsb->bytes_used+2048; - goto done; - } -- } - -+ } - printk(KERN_NOTICE -- "%s: Couldn't find valid ROM disk image\n", -+ "%s: Couldn't find valid cramfs image\n", - mtd->name); -+ return -1; -+ -+done: -+ part->offset = off; -+ return 0; -+} -+ -+ -+struct mtd_partition * __init -+init_mtd_partitions(struct mtd_info *mtd, size_t size) -+{ -+ -+ bcm947xx_parts[0].offset=0; -+ bcm947xx_parts[0].size=256*1024; - -- done: - /* Find and size nvram */ - bcm947xx_parts[3].offset = size - ROUNDUP(NVRAM_SPACE, mtd->erasesize); - bcm947xx_parts[3].size = size - bcm947xx_parts[3].offset; - - /* Find and size rootfs */ -- if (off < size) { -- bcm947xx_parts[2].offset = off; -- bcm947xx_parts[2].size = bcm947xx_parts[3].offset - bcm947xx_parts[2].offset; -- } -+ //if (off < size) { -+ // bcm947xx_parts[2].offset = off; -+ // bcm947xx_parts[2].size = bcm947xx_parts[3].offset - bcm947xx_parts[2].offset; -+ //} -+ -+ /* Find and size rootfs */ -+ find_root(mtd,size,&bcm947xx_parts[2]); -+ -+ - - /* Size linux (kernel and rootfs) */ -+ bcm947xx_parts[1].offset = bcm947xx_parts[0].size; - bcm947xx_parts[1].size = bcm947xx_parts[3].offset - bcm947xx_parts[1].offset; - -+ -+ -+ /* calculate leftover flash, and assign it to the jffs partition */ -+ size_t spot; -+ size_t len; -+ size_t mask; -+ // get the offset to the end of the root_fs -+ spot=bcm947xx_parts[2].offset+bcm947xx_parts[2].size; -+ // round it up to an erase size boundary -+ spot+=mtd->erasesize-1; -+ // mask the number to the boundary -+ mask=mtd->erasesize; -+ mask=mask-1; -+ mask=mask^0xffffffff; -+ spot&=mask; -+ // length = flashsize - start position - nvram size -+ len=size-spot; -+ len=len-bcm947xx_parts[3].size; -+ -+ -+ bcm947xx_parts[4].offset = spot; -+ bcm947xx_parts[4].size = len; -+ -+ -+ -+ - /* Size pmon */ - bcm947xx_parts[0].size = bcm947xx_parts[1].offset - bcm947xx_parts[0].offset; - -+ //int x; -+ //for(x=0; x<5; x++) { -+ // printk(KERN_NOTICE -+ // "Partition %d mask_flags %08x\n", -+ // x,bcm947xx_parts[x].mask_flags); -+ //} -+ -+ - return bcm947xx_parts; - } - -diff -Nurb linux.orig/drivers/mtd/maps/bcm947xx-flash.c linux/drivers/mtd/maps/bcm947xx-flash.c ---- linux.orig/drivers/mtd/maps/bcm947xx-flash.c 2003-11-08 04:35:52.000000000 -0500 -+++ linux/drivers/mtd/maps/bcm947xx-flash.c 2004-05-25 21:12:24.000000000 -0400 -@@ -82,7 +82,21 @@ - - void bcm947xx_map_copy_from(struct map_info *map, void *to, unsigned long from, ssize_t len) - { -+ //memcpy_fromio(to, map->map_priv_1 + from, len); -+ if (len==1) { - memcpy_fromio(to, map->map_priv_1 + from, len); -+ } else { -+ int i; -+ u16 *dest = (u16 *) to; -+ u16 *src = (u16 *) (map->map_priv_1 + from); -+ -+ for (i = 0; i < (len / 2); i++) { -+ dest[i] = src[i]; -+ } -+ -+ if (len & 1) -+ *((u8 *)dest+len-1) = src[i] & 0xff; -+ } - } - - void bcm947xx_map_write8(struct map_info *map, __u8 d, unsigned long adr) -diff -Nurb linux.orig/drivers/net/Makefile linux/drivers/net/Makefile ---- linux.orig/drivers/net/Makefile 2004-02-12 21:35:15.000000000 -0500 -+++ linux/drivers/net/Makefile 2004-05-25 21:12:24.000000000 -0400 -@@ -25,7 +25,7 @@ - list-multi := rcpci.o - rcpci-objs := rcpci45.o rclanmtl.o - --subdir-m += mac -+# subdir-m += mac - subdir-m += diag - - ifeq ($(CONFIG_HW_QOS),y) -diff -Nurb linux.orig/fs/Config.in linux/fs/Config.in ---- linux.orig/fs/Config.in 2003-07-04 04:12:05.000000000 -0400 -+++ linux/fs/Config.in 2004-05-25 21:13:03.000000000 -0400 -@@ -47,6 +47,7 @@ - int 'JFFS2 debugging verbosity (0 = quiet, 2 = noisy)' CONFIG_JFFS2_FS_DEBUG 0 - fi - tristate 'Compressed ROM file system support' CONFIG_CRAMFS -+tristate 'Squashed file system support' CONFIG_SQUASHFS - bool 'Virtual memory file system support (former shm fs)' CONFIG_TMPFS - define_bool CONFIG_RAMFS y - -diff -Nurb linux.orig/fs/Makefile linux/fs/Makefile ---- linux.orig/fs/Makefile 2003-07-04 04:12:05.000000000 -0400 -+++ linux/fs/Makefile 2004-05-25 21:13:03.000000000 -0400 -@@ -68,6 +68,7 @@ - subdir-$(CONFIG_SUN_OPENPROMFS) += openpromfs - subdir-$(CONFIG_BEFS_FS) += befs - subdir-$(CONFIG_JFS_FS) += jfs -+subdir-$(CONFIG_SQUASHFS) += squashfs - - - obj-$(CONFIG_BINFMT_AOUT) += binfmt_aout.o -diff -Nurb linux.orig/fs/squashfs/Makefile linux/fs/squashfs/Makefile ---- linux.orig/fs/squashfs/Makefile 1969-12-31 19:00:00.000000000 -0500 -+++ linux/fs/squashfs/Makefile 2004-05-25 21:13:03.000000000 -0400 -@@ -0,0 +1,11 @@ -+# -+# Makefile for the linux squashfs routines. -+# -+ -+O_TARGET := squashfs.o -+ -+obj-y := inode.o -+ -+obj-m := $(O_TARGET) -+ -+include $(TOPDIR)/Rules.make -diff -Nurb linux.orig/fs/squashfs/inode.c linux/fs/squashfs/inode.c ---- linux.orig/fs/squashfs/inode.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux/fs/squashfs/inode.c 2004-05-25 21:13:03.000000000 -0400 -@@ -0,0 +1,1515 @@ -+/* -+ * Squashfs - a compressed read only filesystem for Linux -+ * -+ * Copyright (c) 2002, 2003, 2004 Phillip Lougher <plougher@users.sourceforge.net> -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version 2, -+ * or (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+ * Squashfs - a compressed read only filesystem for Linux -+ * -+ * inode.c -+ */ -+ -+#define SQUASHFS_1_0_COMPATIBILITY -+ -+#include <linux/types.h> -+#include <linux/squashfs_fs.h> -+#include <linux/module.h> -+#include <linux/errno.h> -+#include <linux/slab.h> -+#include <linux/fs.h> -+#include <linux/locks.h> -+#include <linux/init.h> -+#include <linux/dcache.h> -+#include <asm/uaccess.h> -+#include <linux/wait.h> -+#include <asm/semaphore.h> -+#include <linux/zlib.h> -+#include <linux/blkdev.h> -+#include <linux/vmalloc.h> -+ -+#ifdef SQUASHFS_TRACE -+#define TRACE(s, args...) printk(KERN_NOTICE "SQUASHFS: "s, ## args) -+#else -+#define TRACE(s, args...) {} -+#endif -+ -+#define ERROR(s, args...) printk(KERN_ERR "SQUASHFS error: "s, ## args) -+ -+#define SERROR(s, args...) if(!silent) printk(KERN_ERR "SQUASHFS error: "s, ## args) -+#define WARNING(s, args...) printk(KERN_WARNING "SQUASHFS: "s, ## args) -+ -+static struct super_block *squashfs_read_super(struct super_block *, void *, int); -+static void squashfs_put_super(struct super_block *); -+static int squashfs_statfs(struct super_block *, struct statfs *); -+static int squashfs_symlink_readpage(struct file *file, struct page *page); -+static int squashfs_readpage(struct file *file, struct page *page); -+static int squashfs_readpage4K(struct file *file, struct page *page); -+static int squashfs_readdir(struct file *, void *, filldir_t); -+static struct dentry *squashfs_lookup(struct inode *, struct dentry *); -+static unsigned int read_data(struct super_block *s, char *buffer, -+ unsigned int index, unsigned int length, int, unsigned int *next_index); -+static int squashfs_get_cached_block(struct super_block *s, char *buffer, -+ unsigned int block, unsigned int offset, int length, -+ unsigned int *next_block, unsigned int *next_offset); -+static struct inode *squashfs_iget(struct super_block *s, squashfs_inode inode); -+static unsigned int read_blocklist(struct inode *inode, int index, int readahead_blks, -+ char *block_list, char **block_p, unsigned int *bsize); -+static void squashfs_put_super(struct super_block *s); -+ -+#ifdef SQUASHFS_1_0_COMPATIBILITY -+static int squashfs_readpage_lessthan4K(struct file *file, struct page *page); -+static struct inode *squashfs_iget_1(struct super_block *s, squashfs_inode inode); -+static unsigned int read_blocklist_1(struct inode *inode, int index, int readahead_blks, -+ char *block_list, char **block_p, unsigned int *bsize); -+#endif -+ -+DECLARE_MUTEX(read_data_mutex); -+ -+static z_stream stream; -+ -+static DECLARE_FSTYPE_DEV(squashfs_fs_type, "squashfs", squashfs_read_super); -+ -+static unsigned char squashfs_filetype_table[] = { -+ DT_UNKNOWN, DT_DIR, DT_REG, DT_LNK, DT_BLK, DT_CHR, DT_FIFO, DT_SOCK -+}; -+ -+static struct super_operations squashfs_ops = { -+ statfs: squashfs_statfs, -+ put_super: squashfs_put_super, -+}; -+ -+static struct address_space_operations squashfs_symlink_aops = { -+ readpage: squashfs_symlink_readpage -+}; -+ -+static struct address_space_operations squashfs_aops = { -+ readpage: squashfs_readpage -+}; -+ -+static struct address_space_operations squashfs_aops_4K = { -+ readpage: squashfs_readpage4K -+}; -+ -+#ifdef SQUASHFS_1_0_COMPATIBILITY -+static struct address_space_operations squashfs_aops_lessthan4K = { -+ readpage: squashfs_readpage_lessthan4K -+}; -+#endif -+ -+static struct file_operations squashfs_dir_ops = { -+ read: generic_read_dir, -+ readdir: squashfs_readdir -+}; -+ -+static struct inode_operations squashfs_dir_inode_ops = { -+ lookup: squashfs_lookup -+}; -+ -+ -+static unsigned int read_data(struct super_block *s, char *buffer, -+ unsigned int index, unsigned int length, int datablock, unsigned int *next_index) -+{ -+ squashfs_sb_info *msBlk = &s->u.squashfs_sb; -+ struct buffer_head *bh[((SQUASHFS_FILE_MAX_SIZE - 1) >> msBlk->devblksize_log2) + 2]; -+ unsigned int offset = index & ((1 << msBlk->devblksize_log2) - 1); -+ unsigned int cur_index = index >> msBlk->devblksize_log2; -+ int bytes, avail_bytes, b, k; -+ char *c_buffer; -+ unsigned int compressed; -+ unsigned int c_byte = length; -+ -+ if(c_byte) { -+ bytes = msBlk->devblksize - offset; -+ if(datablock) { -+ c_buffer = (compressed = SQUASHFS_COMPRESSED_BLOCK(c_byte)) ? msBlk->read_data : buffer; -+ c_byte = SQUASHFS_COMPRESSED_SIZE_BLOCK(c_byte); -+ } else { -+ c_buffer = (compressed = SQUASHFS_COMPRESSED(c_byte)) ? msBlk->read_data : buffer; -+ c_byte = SQUASHFS_COMPRESSED_SIZE(c_byte); -+ } -+ -+ TRACE("Block @ 0x%x, %scompressed size %d\n", index, compressed ? "" : "un", (unsigned int) c_byte); -+ -+ if(!(bh[0] = sb_getblk(s, cur_index))) -+ goto block_release; -+ for(b = 1; bytes < c_byte; b++) { -+ if(!(bh[b] = sb_getblk(s, ++cur_index))) -+ goto block_release; -+ bytes += msBlk->devblksize; -+ } -+ ll_rw_block(READ, b, bh); -+ } else { -+ unsigned short temp; -+ if(!(bh[0] = sb_bread(s, cur_index))) -+ goto read_failure; -+ -+ if(msBlk->devblksize - offset == 1) { -+ if(msBlk->swap) -+ ((unsigned char *) &temp)[1] = *((unsigned char *) (bh[0]->b_data + offset)); -+ else -+ ((unsigned char *) &temp)[0] = *((unsigned char *) (bh[0]->b_data + offset)); -+ brelse(bh[0]); -+ if(!(bh[0] = sb_bread(s, ++cur_index))) -+ goto read_failure; -+ if(msBlk->swap) -+ ((unsigned char *) &temp)[0] = *((unsigned char *) bh[0]->b_data); -+ else -+ ((unsigned char *) &temp)[1] = *((unsigned char *) bh[0]->b_data); -+ c_byte = temp; -+ offset = 1; -+ } -+ else { -+ if(msBlk->swap) { -+ unsigned short temp; -+ ((unsigned char *) &temp)[1] = *((unsigned char *) (bh[0]->b_data + offset)); -+ ((unsigned char *) &temp)[0] = *((unsigned char *) (bh[0]->b_data + offset + 1)); -+ c_byte = temp; -+ } else -+ c_byte = *((unsigned short *) (bh[0]->b_data + offset)); -+ offset += 2; -+ } -+ if(SQUASHFS_CHECK_DATA(msBlk->sBlk.flags)) { -+ if(offset == msBlk->devblksize) { -+ brelse(bh[0]); -+ if(!(bh[0] = sb_bread(s, ++cur_index))) -+ goto read_failure; -+ offset = 0; -+ } -+ if(*((unsigned char *) (bh[0]->b_data + offset)) != SQUASHFS_MARKER_BYTE) { -+ ERROR("Metadata block marker corrupt @ %x\n", index); -+ brelse(bh[0]); -+ return 0; -+ } -+ offset ++; -+ } -+ -+ bytes = msBlk->devblksize - offset; -+ if(datablock) { -+ c_buffer = (compressed = SQUASHFS_COMPRESSED_BLOCK(c_byte)) ? msBlk->read_data : buffer; -+ c_byte = SQUASHFS_COMPRESSED_SIZE_BLOCK(c_byte); -+ } else { -+ c_buffer = (compressed = SQUASHFS_COMPRESSED(c_byte)) ? msBlk->read_data : buffer; -+ c_byte = SQUASHFS_COMPRESSED_SIZE(c_byte); -+ } -+ -+ TRACE("Block @ 0x%x, %scompressed size %d\n", index, compressed ? "" : "un", (unsigned int) c_byte); -+ -+ for(b = 1; bytes < c_byte; b++) { -+ if(!(bh[b] = sb_getblk(s, ++cur_index))) -+ goto block_release; -+ bytes += msBlk->devblksize; -+ } -+ ll_rw_block(READ, b - 1, bh + 1); -+ } -+ -+ if(compressed) -+ down(&read_data_mutex); -+ -+ for(bytes = 0, k = 0; k < b; k++) { -+ avail_bytes = (c_byte - bytes) > (msBlk->devblksize - offset) ? msBlk->devblksize - offset : c_byte - bytes; -+ wait_on_buffer(bh[k]); -+ memcpy(c_buffer + bytes, bh[k]->b_data + offset, avail_bytes); -+ bytes += avail_bytes; -+ offset = 0; -+ brelse(bh[k]); -+ } -+ -+ /* -+ * uncompress block -+ */ -+ if(compressed) { -+ int zlib_err; -+ -+ stream.next_in = c_buffer; -+ stream.avail_in = c_byte; -+ stream.next_out = buffer; -+ stream.avail_out = msBlk->read_size; -+ if(((zlib_err = zlib_inflateInit(&stream)) != Z_OK) || -+ ((zlib_err = zlib_inflate(&stream, Z_FINISH)) != Z_STREAM_END) || -+ ((zlib_err = zlib_inflateEnd(&stream)) != Z_OK)) { -+ ERROR("zlib_fs returned unexpected result 0x%x\n", zlib_err); -+ bytes = 0; -+ } else -+ bytes = stream.total_out; -+ up(&read_data_mutex); -+ } -+ -+ if(next_index) -+ *next_index = index + c_byte + (length ? 0 : (SQUASHFS_CHECK_DATA(msBlk->sBlk.flags) ? 3 : 2)); -+ -+ return bytes; -+ -+block_release: -+ while(--b >= 0) brelse(bh[b]); -+ -+read_failure: -+ ERROR("sb_bread failed reading block 0x%x\n", cur_index); -+ return 0; -+} -+ -+ -+static int squashfs_get_cached_block(struct super_block *s, char *buffer, -+ unsigned int block, unsigned int offset, int length, -+ unsigned int *next_block, unsigned int *next_offset) -+{ -+ squashfs_sb_info *msBlk = &s->u.squashfs_sb; -+ int n, i, bytes, return_length = length; -+ unsigned int next_index; -+ -+ TRACE("Entered squashfs_get_cached_block [%x:%x]\n", block, offset); -+ -+ for(;;) { -+ for(i = 0; i < SQUASHFS_CACHED_BLKS; i++) -+ if(msBlk->block_cache[i].block == block) -+ break; -+ -+ down(&msBlk->block_cache_mutex); -+ if(i == SQUASHFS_CACHED_BLKS) { -+ /* read inode header block */ -+ for(i = msBlk->next_cache, n = SQUASHFS_CACHED_BLKS; n ; n --, i = (i + 1) % SQUASHFS_CACHED_BLKS) -+ if(msBlk->block_cache[i].block != SQUASHFS_USED_BLK) -+ break; -+ if(n == 0) { -+ up(&msBlk->block_cache_mutex); -+ sleep_on(&msBlk->waitq); -+ continue; -+ } -+ msBlk->next_cache = (i + 1) % SQUASHFS_CACHED_BLKS; -+ -+ if(msBlk->block_cache[i].block == SQUASHFS_INVALID_BLK) { -+ if(!(msBlk->block_cache[i].data = (unsigned char *) -+ kmalloc(SQUASHFS_METADATA_SIZE, GFP_KERNEL))) { -+ ERROR("Failed to allocate cache block\n"); -+ up(&msBlk->block_cache_mutex); -+ return 0; -+ } -+ } -+ -+ msBlk->block_cache[i].block = SQUASHFS_USED_BLK; -+ up(&msBlk->block_cache_mutex); -+ if(!(msBlk->block_cache[i].length = read_data(s, msBlk->block_cache[i].data, block, 0, 0, -+ &next_index))) { -+ ERROR("Unable to read cache block [%x:%x]\n", block, offset); -+ return 0; -+ } -+ down(&msBlk->block_cache_mutex); -+ wake_up(&msBlk->waitq); -+ msBlk->block_cache[i].block = block; -+ msBlk->block_cache[i].next_index = next_index; -+ TRACE("Read cache block [%x:%x]\n", block, offset); -+ } -+ -+ if(msBlk->block_cache[i].block != block) { -+ up(&msBlk->block_cache_mutex); -+ continue; -+ } -+ -+ if((bytes = msBlk->block_cache[i].length - offset) >= length) { -+ if(buffer) -+ memcpy(buffer, msBlk->block_cache[i].data + offset, length); -+ if(msBlk->block_cache[i].length - offset == length) { -+ *next_block = msBlk->block_cache[i].next_index; -+ *next_offset = 0; -+ } else { -+ *next_block = block; -+ *next_offset = offset + length; -+ } -+ -+ up(&msBlk->block_cache_mutex); -+ return return_length; -+ } else { -+ if(buffer) { -+ memcpy(buffer, msBlk->block_cache[i].data + offset, bytes); -+ buffer += bytes; -+ } -+ block = msBlk->block_cache[i].next_index; -+ up(&msBlk->block_cache_mutex); -+ length -= bytes; -+ offset = 0; -+ } -+ } -+} -+ -+ -+static int get_fragment_location(struct super_block *s, unsigned int fragment, unsigned int *fragment_start_block, unsigned int *fragment_size) -+{ -+ squashfs_sb_info *msBlk = &s->u.squashfs_sb; -+ unsigned int start_block = msBlk->fragment_index[SQUASHFS_FRAGMENT_INDEX(fragment)]; -+ int offset = SQUASHFS_FRAGMENT_INDEX_OFFSET(fragment); -+ squashfs_fragment_entry fragment_entry; -+ -+ if(msBlk->swap) { -+ squashfs_fragment_entry sfragment_entry; -+ -+ if(!squashfs_get_cached_block(s, (char *) &sfragment_entry, start_block, offset, -+ sizeof(sfragment_entry), &start_block, &offset)) -+ return 0; -+ SQUASHFS_SWAP_FRAGMENT_ENTRY(&fragment_entry, &sfragment_entry); -+ } else -+ if(!squashfs_get_cached_block(s, (char *) &fragment_entry, start_block, offset, -+ sizeof(fragment_entry), &start_block, &offset)) -+ return 0; -+ -+ *fragment_start_block = fragment_entry.start_block; -+ *fragment_size = fragment_entry.size; -+ -+ return 1; -+} -+ -+ -+void release_cached_fragment(squashfs_sb_info *msBlk, struct squashfs_fragment_cache *fragment) -+{ -+ down(&msBlk->fragment_mutex); -+ fragment->locked --; -+ wake_up(&msBlk->fragment_wait_queue); -+ up(&msBlk->fragment_mutex); -+} -+ -+ -+struct squashfs_fragment_cache *get_cached_fragment(struct super_block *s, unsigned int start_block, int length) -+{ -+ int i, n; -+ squashfs_sb_info *msBlk = &s->u.squashfs_sb; -+ -+ for(;;) { -+ down(&msBlk->fragment_mutex); -+ for(i = 0; i < SQUASHFS_CACHED_FRAGMENTS && msBlk->fragment[i].block != start_block; i++); -+ if(i == SQUASHFS_CACHED_FRAGMENTS) { -+ for(i = msBlk->next_fragment, n = SQUASHFS_CACHED_FRAGMENTS; -+ n && msBlk->fragment[i].locked; n--, i = (i + 1) % SQUASHFS_CACHED_FRAGMENTS); -+ -+ if(n == 0) { -+ up(&msBlk->fragment_mutex); -+ sleep_on(&msBlk->fragment_wait_queue); -+ continue; -+ } -+ msBlk->next_fragment = (msBlk->next_fragment + 1) % SQUASHFS_CACHED_FRAGMENTS; -+ -+ if(msBlk->fragment[i].data == NULL) -+ if(!(msBlk->fragment[i].data = (unsigned char *) -+ kmalloc(SQUASHFS_FILE_MAX_SIZE, GFP_KERNEL))) { -+ ERROR("Failed to allocate fragment cache block\n"); -+ up(&msBlk->fragment_mutex); -+ return NULL; -+ } -+ -+ msBlk->fragment[i].block = SQUASHFS_INVALID_BLK; -+ msBlk->fragment[i].locked = 1; -+ up(&msBlk->fragment_mutex); -+ if(!(msBlk->fragment[i].length = read_data(s, msBlk->fragment[i].data, start_block, length, -+ 1, NULL))) { -+ ERROR("Unable to read fragment cache block [%x]\n", start_block); -+ msBlk->fragment[i].locked = 0; -+ return NULL; -+ } -+ msBlk->fragment[i].block = start_block; -+ TRACE("New fragment %d, start block %d, locked %d\n", i, msBlk->fragment[i].block, msBlk->fragment[i].locked); -+ return &msBlk->fragment[i]; -+ } -+ -+ msBlk->fragment[i].locked ++; -+ up(&msBlk->fragment_mutex); -+ -+ TRACE("Got fragment %d, start block %d, locked %d\n", i, msBlk->fragment[i].block, msBlk->fragment[i].locked); -+ return &msBlk->fragment[i]; -+ } -+} -+ -+ -+#ifdef SQUASHFS_1_0_COMPATIBILITY -+static struct inode *squashfs_iget_1(struct super_block *s, squashfs_inode inode) -+{ -+ struct inode *i = new_inode(s); -+ squashfs_sb_info *msBlk = &s->u.squashfs_sb; -+ squashfs_super_block *sBlk = &msBlk->sBlk; -+ unsigned int block = SQUASHFS_INODE_BLK(inode) + sBlk->inode_table_start; -+ unsigned int offset = SQUASHFS_INODE_OFFSET(inode); -+ unsigned int next_block, next_offset; -+ squashfs_base_inode_header_1 inodeb; -+ -+ TRACE("Entered squashfs_iget_1\n"); -+ -+ if(msBlk->swap) { -+ squashfs_base_inode_header_1 sinodeb; -+ -+ if(!squashfs_get_cached_block(s, (char *) &sinodeb, block, offset, -+ sizeof(sinodeb), &next_block, &next_offset)) -+ goto failed_read; -+ SQUASHFS_SWAP_BASE_INODE_HEADER_1(&inodeb, &sinodeb, sizeof(sinodeb)); -+ } else -+ if(!squashfs_get_cached_block(s, (char *) &inodeb, block, offset, -+ sizeof(inodeb), &next_block, &next_offset)) -+ goto failed_read; -+ -+ i->i_nlink = 1; -+ -+ i->i_mtime = sBlk->mkfs_time; -+ i->i_atime = sBlk->mkfs_time; -+ i->i_ctime = sBlk->mkfs_time; -+ -+ if(inodeb.inode_type != SQUASHFS_IPC_TYPE) -+ i->i_uid = msBlk->uid[((inodeb.inode_type - 1) / SQUASHFS_TYPES) * 16 + inodeb.uid]; -+ i->i_ino = SQUASHFS_MK_VFS_INODE(block - sBlk->inode_table_start, offset); -+ -+ i->i_mode = inodeb.mode; -+ -+ switch(inodeb.inode_type == SQUASHFS_IPC_TYPE ? SQUASHFS_IPC_TYPE : (inodeb.inode_type - 1) % SQUASHFS_TYPES + 1) { -+ case SQUASHFS_FILE_TYPE: { -+ squashfs_reg_inode_header_1 inodep; -+ -+ if(msBlk->swap) { -+ squashfs_reg_inode_header_1 sinodep; -+ -+ if(!squashfs_get_cached_block(s, (char *) &sinodep, block, offset, sizeof(sinodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ SQUASHFS_SWAP_REG_INODE_HEADER_1(&inodep, &sinodep); -+ } else -+ if(!squashfs_get_cached_block(s, (char *) &inodep, block, offset, sizeof(inodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ -+ i->i_size = inodep.file_size; -+ i->i_fop = &generic_ro_fops; -+ if(sBlk->block_size > 4096) -+ i->i_data.a_ops = &squashfs_aops; -+ else if(sBlk->block_size == 4096) -+ i->i_data.a_ops = &squashfs_aops_4K; -+ else -+ i->i_data.a_ops = &squashfs_aops_lessthan4K; -+ i->i_mode |= S_IFREG; -+ i->i_mtime = inodep.mtime; -+ i->i_atime = inodep.mtime; -+ i->i_ctime = inodep.mtime; -+ i->i_blocks = ((i->i_size - 1) >> 9) + 1; -+ i->i_blksize = PAGE_CACHE_SIZE; -+ i->u.squashfs_i.fragment_start_block = SQUASHFS_INVALID_BLK; -+ i->u.squashfs_i.fragment_offset = 0; -+ i->u.squashfs_i.start_block = inodep.start_block; -+ i->u.squashfs_i.block_list_start = next_block; -+ i->u.squashfs_i.offset = next_offset; -+ TRACE("File inode %x:%x, start_block %x, block_list_start %x, offset %x\n", -+ SQUASHFS_INODE_BLK(inode), offset, inodep.start_block, next_block, next_offset); -+ break; -+ } -+ case SQUASHFS_DIR_TYPE: { -+ squashfs_dir_inode_header_1 inodep; -+ -+ if(msBlk->swap) { -+ squashfs_dir_inode_header_1 sinodep; -+ -+ if(!squashfs_get_cached_block(s, (char *) &sinodep, block, offset, sizeof(sinodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ SQUASHFS_SWAP_DIR_INODE_HEADER_1(&inodep, &sinodep); -+ } else -+ if(!squashfs_get_cached_block(s, (char *) &inodep, block, offset, sizeof(inodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ -+ i->i_size = inodep.file_size; -+ i->i_op = &squashfs_dir_inode_ops; -+ i->i_fop = &squashfs_dir_ops; -+ i->i_mode |= S_IFDIR; -+ i->i_mtime = inodep.mtime; -+ i->i_atime = inodep.mtime; -+ i->i_ctime = inodep.mtime; -+ i->u.squashfs_i.start_block = inodep.start_block; -+ i->u.squashfs_i.offset = inodep.offset; -+ TRACE("Directory inode %x:%x, start_block %x, offset %x\n", SQUASHFS_INODE_BLK(inode), offset, -+ inodep.start_block, inodep.offset); -+ break; -+ } -+ case SQUASHFS_SYMLINK_TYPE: { -+ squashfs_symlink_inode_header_1 inodep; -+ -+ if(msBlk->swap) { -+ squashfs_symlink_inode_header_1 sinodep; -+ -+ if(!squashfs_get_cached_block(s, (char *) &sinodep, block, offset, sizeof(sinodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ SQUASHFS_SWAP_SYMLINK_INODE_HEADER_1(&inodep, &sinodep); -+ } else -+ if(!squashfs_get_cached_block(s, (char *) &inodep, block, offset, sizeof(inodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ -+ i->i_size = inodep.symlink_size; -+ i->i_op = &page_symlink_inode_operations; -+ i->i_data.a_ops = &squashfs_symlink_aops; -+ i->i_mode |= S_IFLNK; -+ i->u.squashfs_i.start_block = next_block; -+ i->u.squashfs_i.offset = next_offset; -+ TRACE("Symbolic link inode %x:%x, start_block %x, offset %x\n", -+ SQUASHFS_INODE_BLK(inode), offset, next_block, next_offset); -+ break; -+ } -+ case SQUASHFS_BLKDEV_TYPE: -+ case SQUASHFS_CHRDEV_TYPE: { -+ squashfs_dev_inode_header_1 inodep; -+ -+ if(msBlk->swap) { -+ squashfs_dev_inode_header_1 sinodep; -+ -+ if(!squashfs_get_cached_block(s, (char *) &sinodep, block, offset, sizeof(sinodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ SQUASHFS_SWAP_DEV_INODE_HEADER_1(&inodep, &sinodep); -+ } else -+ if(!squashfs_get_cached_block(s, (char *) &inodep, block, offset, sizeof(inodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ -+ i->i_size = 0; -+ i->i_mode |= (inodeb.inode_type == SQUASHFS_CHRDEV_TYPE) ? S_IFCHR : S_IFBLK; -+ init_special_inode(i, i->i_mode, inodep.rdev); -+ TRACE("Device inode %x:%x, rdev %x\n", SQUASHFS_INODE_BLK(inode), offset, inodep.rdev); -+ break; -+ } -+ case SQUASHFS_IPC_TYPE: { -+ squashfs_ipc_inode_header_1 inodep; -+ -+ if(msBlk->swap) { -+ squashfs_ipc_inode_header_1 sinodep; -+ -+ if(!squashfs_get_cached_block(s, (char *) &sinodep, block, offset, sizeof(sinodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ SQUASHFS_SWAP_IPC_INODE_HEADER_1(&inodep, &sinodep); -+ } else -+ if(!squashfs_get_cached_block(s, (char *) &inodep, block, offset, sizeof(inodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ -+ i->i_size = 0; -+ i->i_mode |= (inodep.type == SQUASHFS_FIFO_TYPE) ? S_IFIFO : S_IFSOCK; -+ i->i_uid = msBlk->uid[inodep.offset * 16 + inodeb.uid]; -+ init_special_inode(i, i->i_mode, 0); -+ break; -+ } -+ default: -+ ERROR("Unknown inode type %d in squashfs_iget!\n", inodeb.inode_type); -+ goto failed_read1; -+ } -+ -+ if(inodeb.guid == SQUASHFS_GUIDS) -+ i->i_gid = i->i_uid; -+ else -+ i->i_gid = msBlk->guid[inodeb.guid]; -+ -+ return i; -+ -+failed_read: -+ ERROR("Unable to read inode [%x:%x]\n", block, offset); -+ -+failed_read1: -+ return NULL; -+} -+#endif -+ -+ -+static struct inode *squashfs_iget(struct super_block *s, squashfs_inode inode) -+{ -+ struct inode *i = new_inode(s); -+ squashfs_sb_info *msBlk = &s->u.squashfs_sb; -+ squashfs_super_block *sBlk = &msBlk->sBlk; -+ unsigned int block = SQUASHFS_INODE_BLK(inode) + sBlk->inode_table_start; -+ unsigned int offset = SQUASHFS_INODE_OFFSET(inode); -+ unsigned int next_block, next_offset; -+ squashfs_base_inode_header inodeb; -+ -+ TRACE("Entered squashfs_iget\n"); -+ -+ if(msBlk->swap) { -+ squashfs_base_inode_header sinodeb; -+ -+ if(!squashfs_get_cached_block(s, (char *) &sinodeb, block, offset, -+ sizeof(sinodeb), &next_block, &next_offset)) -+ goto failed_read; -+ SQUASHFS_SWAP_BASE_INODE_HEADER(&inodeb, &sinodeb, sizeof(sinodeb)); -+ } else -+ if(!squashfs_get_cached_block(s, (char *) &inodeb, block, offset, -+ sizeof(inodeb), &next_block, &next_offset)) -+ goto failed_read; -+ -+ i->i_nlink = 1; -+ -+ i->i_mtime = sBlk->mkfs_time; -+ i->i_atime = sBlk->mkfs_time; -+ i->i_ctime = sBlk->mkfs_time; -+ -+ if(inodeb.inode_type != SQUASHFS_IPC_TYPE) -+ i->i_uid = msBlk->uid[((inodeb.inode_type - 1) / SQUASHFS_TYPES) * 16 + inodeb.uid]; -+ i->i_ino = SQUASHFS_MK_VFS_INODE(block - sBlk->inode_table_start, offset); -+ -+ i->i_mode = inodeb.mode; -+ -+ switch(inodeb.inode_type) { -+ case SQUASHFS_FILE_TYPE: { -+ squashfs_reg_inode_header inodep; -+ -+ if(msBlk->swap) { -+ squashfs_reg_inode_header sinodep; -+ -+ if(!squashfs_get_cached_block(s, (char *) &sinodep, block, offset, sizeof(sinodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ SQUASHFS_SWAP_REG_INODE_HEADER(&inodep, &sinodep); -+ } else -+ if(!squashfs_get_cached_block(s, (char *) &inodep, block, offset, sizeof(inodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ -+ i->u.squashfs_i.fragment_start_block = SQUASHFS_INVALID_BLK; -+ if(inodep.fragment != SQUASHFS_INVALID_BLK && !get_fragment_location(s, inodep.fragment, -+ &i->u.squashfs_i.fragment_start_block, &i->u.squashfs_i.fragment_size)) -+ goto failed_read; -+ -+ i->u.squashfs_i.fragment_offset = inodep.offset; -+ i->i_size = inodep.file_size; -+ i->i_fop = &generic_ro_fops; -+ if(sBlk->block_size > 4096) -+ i->i_data.a_ops = &squashfs_aops; -+ else -+ i->i_data.a_ops = &squashfs_aops_4K; -+ i->i_mode |= S_IFREG; -+ i->i_mtime = inodep.mtime; -+ i->i_atime = inodep.mtime; -+ i->i_ctime = inodep.mtime; -+ i->i_blocks = ((i->i_size - 1) >> 9) + 1; -+ i->i_blksize = PAGE_CACHE_SIZE; -+ i->u.squashfs_i.start_block = inodep.start_block; -+ i->u.squashfs_i.block_list_start = next_block; -+ i->u.squashfs_i.offset = next_offset; -+ TRACE("File inode %x:%x, start_block %x, block_list_start %x, offset %x fragment_index %x fragment_offset %x\n", -+ SQUASHFS_INODE_BLK(inode), offset, inodep.start_block, next_block, next_offset, inodep.fragment, inodep.offset); -+ break; -+ } -+ case SQUASHFS_DIR_TYPE: { -+ squashfs_dir_inode_header inodep; -+ -+ if(msBlk->swap) { -+ squashfs_dir_inode_header sinodep; -+ -+ if(!squashfs_get_cached_block(s, (char *) &sinodep, block, offset, sizeof(sinodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ SQUASHFS_SWAP_DIR_INODE_HEADER(&inodep, &sinodep); -+ } else -+ if(!squashfs_get_cached_block(s, (char *) &inodep, block, offset, sizeof(inodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ -+ i->i_size = inodep.file_size; -+ i->i_op = &squashfs_dir_inode_ops; -+ i->i_fop = &squashfs_dir_ops; -+ i->i_mode |= S_IFDIR; -+ i->i_mtime = inodep.mtime; -+ i->i_atime = inodep.mtime; -+ i->i_ctime = inodep.mtime; -+ i->u.squashfs_i.start_block = inodep.start_block; -+ i->u.squashfs_i.offset = inodep.offset; -+ TRACE("Directory inode %x:%x, start_block %x, offset %x\n", SQUASHFS_INODE_BLK(inode), offset, -+ inodep.start_block, inodep.offset); -+ break; -+ } -+ case SQUASHFS_SYMLINK_TYPE: { -+ squashfs_symlink_inode_header inodep; -+ -+ if(msBlk->swap) { -+ squashfs_symlink_inode_header sinodep; -+ -+ if(!squashfs_get_cached_block(s, (char *) &sinodep, block, offset, sizeof(sinodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ SQUASHFS_SWAP_SYMLINK_INODE_HEADER(&inodep, &sinodep); -+ } else -+ if(!squashfs_get_cached_block(s, (char *) &inodep, block, offset, sizeof(inodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ -+ i->i_size = inodep.symlink_size; -+ i->i_op = &page_symlink_inode_operations; -+ i->i_data.a_ops = &squashfs_symlink_aops; -+ i->i_mode |= S_IFLNK; -+ i->u.squashfs_i.start_block = next_block; -+ i->u.squashfs_i.offset = next_offset; -+ TRACE("Symbolic link inode %x:%x, start_block %x, offset %x\n", -+ SQUASHFS_INODE_BLK(inode), offset, next_block, next_offset); -+ break; -+ } -+ case SQUASHFS_BLKDEV_TYPE: -+ case SQUASHFS_CHRDEV_TYPE: { -+ squashfs_dev_inode_header inodep; -+ -+ if(msBlk->swap) { -+ squashfs_dev_inode_header sinodep; -+ -+ if(!squashfs_get_cached_block(s, (char *) &sinodep, block, offset, sizeof(sinodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ SQUASHFS_SWAP_DEV_INODE_HEADER(&inodep, &sinodep); -+ } else -+ if(!squashfs_get_cached_block(s, (char *) &inodep, block, offset, sizeof(inodep), -+ &next_block, &next_offset)) -+ goto failed_read; -+ -+ i->i_size = 0; -+ i->i_mode |= (inodeb.inode_type == SQUASHFS_CHRDEV_TYPE) ? S_IFCHR : S_IFBLK; -+ init_special_inode(i, i->i_mode, inodep.rdev); -+ TRACE("Device inode %x:%x, rdev %x\n", SQUASHFS_INODE_BLK(inode), offset, inodep.rdev); -+ break; -+ } -+ case SQUASHFS_FIFO_TYPE: -+ case SQUASHFS_SOCKET_TYPE: { -+ i->i_size = 0; -+ i->i_mode |= (inodeb.inode_type == SQUASHFS_FIFO_TYPE) ? S_IFIFO : S_IFSOCK; -+ init_special_inode(i, i->i_mode, 0); -+ break; -+ } -+ default: -+ ERROR("Unknown inode type %d in squashfs_iget!\n", inodeb.inode_type); -+ goto failed_read1; -+ } -+ -+ if(inodeb.guid == SQUASHFS_GUIDS) -+ i->i_gid = i->i_uid; -+ else -+ i->i_gid = msBlk->guid[inodeb.guid]; -+ -+ return i; -+ -+failed_read: -+ ERROR("Unable to read inode [%x:%x]\n", block, offset); -+ -+failed_read1: -+ return NULL; -+} -+ -+ -+static struct super_block *squashfs_read_super(struct super_block *s, -+ void *data, int silent) -+{ -+ kdev_t dev = s->s_dev; -+ squashfs_sb_info *msBlk = &s->u.squashfs_sb; -+ squashfs_super_block *sBlk = &msBlk->sBlk; -+ int i; -+ -+ TRACE("Entered squashfs_read_superblock\n"); -+ -+ msBlk->devblksize = get_hardsect_size(dev); -+ if(msBlk->devblksize < BLOCK_SIZE) -+ msBlk->devblksize = BLOCK_SIZE; -+ msBlk->devblksize_log2 = ffz(~msBlk->devblksize); -+ set_blocksize(dev, msBlk->devblksize); -+ s->s_blocksize = msBlk->devblksize; -+ s->s_blocksize_bits = msBlk->devblksize_log2; -+ -+ init_MUTEX(&msBlk->read_page_mutex); -+ init_MUTEX(&msBlk->block_cache_mutex); -+ init_MUTEX(&msBlk->fragment_mutex); -+ -+ init_waitqueue_head(&msBlk->waitq); -+ init_waitqueue_head(&msBlk->fragment_wait_queue); -+ -+ if(!read_data(s, (char *) sBlk, SQUASHFS_START, sizeof(squashfs_super_block) | SQUASHFS_COMPRESSED_BIT, 0, NULL)) { -+ SERROR("unable to read superblock\n"); -+ goto failed_mount; -+ } -+ -+ /* Check it is a SQUASHFS superblock */ -+ msBlk->swap = 0; -+ if((s->s_magic = sBlk->s_magic) != SQUASHFS_MAGIC) { -+ if(sBlk->s_magic == SQUASHFS_MAGIC_SWAP) { -+ squashfs_super_block sblk; -+ WARNING("Mounting a different endian SQUASHFS filesystem on %s\n", bdevname(dev)); -+ SQUASHFS_SWAP_SUPER_BLOCK(&sblk, sBlk); -+ memcpy(sBlk, &sblk, sizeof(squashfs_super_block)); -+ msBlk->swap = 1; -+ } else { -+ SERROR("Can't find a SQUASHFS superblock on %s\n", bdevname(dev)); -+ goto failed_mount; -+ } -+ } -+ -+ /* Check the MAJOR & MINOR versions */ -+#ifdef SQUASHFS_1_0_COMPATIBILITY -+ if((sBlk->s_major != 1) && (sBlk->s_major != 2 || sBlk->s_minor > SQUASHFS_MINOR)) { -+ SERROR("Major/Minor mismatch, filesystem is (%d:%d), I support (1 : x) or (2 : <= %d)\n", -+ sBlk->s_major, sBlk->s_minor, SQUASHFS_MINOR); -+ goto failed_mount; -+ } -+ if(sBlk->s_major == 1) -+ sBlk->block_size = sBlk->block_size_1; -+#else -+ if(sBlk->s_major != SQUASHFS_MAJOR || sBlk->s_minor > SQUASHFS_MINOR) { -+ SERROR("Major/Minor mismatch, filesystem is (%d:%d), I support (%d: <= %d)\n", -+ sBlk->s_major, sBlk->s_minor, SQUASHFS_MAJOR, SQUASHFS_MINOR); -+ goto failed_mount; -+ } -+#endif -+ -+ TRACE("Found valid superblock on %s\n", bdevname(dev)); -+ TRACE("Inodes are %scompressed\n", SQUASHFS_UNCOMPRESSED_INODES(sBlk->flags) ? "un" : ""); -+ TRACE("Data is %scompressed\n", SQUASHFS_UNCOMPRESSED_DATA(sBlk->flags) ? "un" : ""); -+ TRACE("Check data is %s present in the filesystem\n", SQUASHFS_CHECK_DATA(sBlk->flags) ? "" : "not"); -+ TRACE("Filesystem size %d bytes\n", sBlk->bytes_used); -+ TRACE("Block size %d\n", sBlk->block_size); -+ TRACE("Number of inodes %d\n", sBlk->inodes); -+ if(sBlk->s_major > 1) -+ TRACE("Number of fragments %d\n", sBlk->fragments); -+ TRACE("Number of uids %d\n", sBlk->no_uids); -+ TRACE("Number of gids %d\n", sBlk->no_guids); -+ TRACE("sBlk->inode_table_start %x\n", sBlk->inode_table_start); -+ TRACE("sBlk->directory_table_start %x\n", sBlk->directory_table_start); -+ if(sBlk->s_major > 1) -+ TRACE("sBlk->fragment_table_start %x\n", sBlk->fragment_table_start); -+ TRACE("sBlk->uid_start %x\n", sBlk->uid_start); -+ -+ s->s_flags |= MS_RDONLY; -+ s->s_op = &squashfs_ops; -+ -+ /* Init inode_table block pointer array */ -+ if(!(msBlk->block_cache = (squashfs_cache *) kmalloc(sizeof(squashfs_cache) * SQUASHFS_CACHED_BLKS, GFP_KERNEL))) { -+ ERROR("Failed to allocate block cache\n"); -+ goto failed_mount; -+ } -+ -+ for(i = 0; i < SQUASHFS_CACHED_BLKS; i++) -+ msBlk->block_cache[i].block = SQUASHFS_INVALID_BLK; -+ -+ msBlk->next_cache = 0; -+ -+ /* Allocate read_data block */ -+ msBlk->read_size = (sBlk->block_size < SQUASHFS_METADATA_SIZE) ? SQUASHFS_METADATA_SIZE : sBlk->block_size; -+ if(!(msBlk->read_data = (char *) kmalloc(msBlk->read_size, GFP_KERNEL))) { -+ ERROR("Failed to allocate read_data block\n"); -+ goto failed_mount1; -+ } -+ -+ /* Allocate read_page block */ -+ if(sBlk->block_size > PAGE_CACHE_SIZE && -+ !(msBlk->read_page = (char *) kmalloc(sBlk->block_size, GFP_KERNEL))) { -+ ERROR("Failed to allocate read_page block\n"); -+ goto failed_mount2; -+ } -+ -+ /* Allocate uid and gid tables */ -+ if(!(msBlk->uid = (squashfs_uid *) kmalloc((sBlk->no_uids + -+ sBlk->no_guids) * sizeof(squashfs_uid), GFP_KERNEL))) { -+ ERROR("Failed to allocate uid/gid table\n"); -+ goto failed_mount3; -+ } -+ msBlk->guid = msBlk->uid + sBlk->no_uids; -+ -+ if(msBlk->swap) { -+ squashfs_uid suid[sBlk->no_uids + sBlk->no_guids]; -+ -+ if(!read_data(s, (char *) &suid, sBlk->uid_start, ((sBlk->no_uids + sBlk->no_guids) * -+ sizeof(squashfs_uid)) | SQUASHFS_COMPRESSED_BIT, 0, NULL)) { -+ SERROR("unable to read uid/gid table\n"); -+ goto failed_mount4; -+ } -+ SQUASHFS_SWAP_DATA(msBlk->uid, suid, (sBlk->no_uids + sBlk->no_guids), (sizeof(squashfs_uid) * 8)); -+ } else -+ if(!read_data(s, (char *) msBlk->uid, sBlk->uid_start, ((sBlk->no_uids + sBlk->no_guids) * -+ sizeof(squashfs_uid)) | SQUASHFS_COMPRESSED_BIT, 0, NULL)) { -+ SERROR("unable to read uid/gid table\n"); -+ goto failed_mount4; -+ } -+ -+ -+#ifdef SQUASHFS_1_0_COMPATIBILITY -+ if(sBlk->s_major == 1) { -+ msBlk->iget = squashfs_iget_1; -+ msBlk->read_blocklist = read_blocklist_1; -+ msBlk->fragment = (struct squashfs_fragment_cache *) msBlk->fragment_index = NULL; -+ goto allocate_root; -+ } -+#endif -+ msBlk->iget = squashfs_iget; -+ msBlk->read_blocklist = read_blocklist; -+ -+ if(!(msBlk->fragment = (struct squashfs_fragment_cache *) kmalloc(sizeof(struct squashfs_fragment_cache) * SQUASHFS_CACHED_FRAGMENTS, GFP_KERNEL))) { -+ ERROR("Failed to allocate fragment block cache\n"); -+ goto failed_mount4; -+ } -+ -+ for(i = 0; i < SQUASHFS_CACHED_FRAGMENTS; i++) { -+ msBlk->fragment[i].locked = 0; -+ msBlk->fragment[i].block = SQUASHFS_INVALID_BLK; -+ msBlk->fragment[i].data = NULL; -+ } -+ -+ msBlk->next_fragment = 0; -+ -+ /* Allocate fragment index table */ -+ if(!(msBlk->fragment_index = (squashfs_fragment_index *) kmalloc(SQUASHFS_FRAGMENT_INDEX_BYTES(sBlk->fragments), GFP_KERNEL))) { -+ ERROR("Failed to allocate uid/gid table\n"); -+ goto failed_mount5; -+ } -+ -+ if(SQUASHFS_FRAGMENT_INDEX_BYTES(sBlk->fragments) && -+ !read_data(s, (char *) msBlk->fragment_index, sBlk->fragment_table_start, -+ SQUASHFS_FRAGMENT_INDEX_BYTES(sBlk->fragments) | SQUASHFS_COMPRESSED_BIT, 0, NULL)) { -+ SERROR("unable to read fragment index table\n"); -+ goto failed_mount6; -+ } -+ -+ if(msBlk->swap) { -+ int i; -+ squashfs_fragment_index fragment; -+ -+ for(i = 0; i < SQUASHFS_FRAGMENT_INDEXES(sBlk->fragments); i++) { -+ SQUASHFS_SWAP_FRAGMENT_INDEXES((&fragment), &msBlk->fragment_index[i], 1); -+ msBlk->fragment_index[i] = fragment; -+ } -+ } -+ -+#ifdef SQUASHFS_1_0_COMPATIBILITY -+allocate_root: -+#endif -+ if(!(s->s_root = d_alloc_root((msBlk->iget)(s, sBlk->root_inode)))) { -+ ERROR("Root inode create failed\n"); -+ goto failed_mount5; -+ } -+ -+ TRACE("Leaving squashfs_read_super\n"); -+ return s; -+ -+failed_mount6: -+ kfree(msBlk->fragment_index); -+failed_mount5: -+ kfree(msBlk->fragment); -+failed_mount4: -+ kfree(msBlk->uid); -+failed_mount3: -+ kfree(msBlk->read_page); -+failed_mount2: -+ kfree(msBlk->read_data); -+failed_mount1: -+ kfree(msBlk->block_cache); -+failed_mount: -+ return NULL; -+} -+ -+ -+static int squashfs_statfs(struct super_block *s, struct statfs *buf) -+{ -+ squashfs_super_block *sBlk = &s->u.squashfs_sb.sBlk; -+ -+ TRACE("Entered squashfs_statfs\n"); -+ buf->f_type = SQUASHFS_MAGIC; -+ buf->f_bsize = sBlk->block_size; -+ buf->f_blocks = ((sBlk->bytes_used - 1) >> sBlk->block_log) + 1; -+ buf->f_bfree = buf->f_bavail = 0; -+ buf->f_files = sBlk->inodes; -+ buf->f_ffree = 0; -+ buf->f_namelen = SQUASHFS_NAME_LEN; -+ return 0; -+} -+ -+ -+static int squashfs_symlink_readpage(struct file *file, struct page *page) -+{ -+ struct inode *inode = page->mapping->host; -+ int index = page->index << PAGE_CACHE_SHIFT, length, bytes; -+ int block = inode->u.squashfs_i.start_block; -+ int offset = inode->u.squashfs_i.offset; -+ void *pageaddr = kmap(page); -+ -+ TRACE("Entered squashfs_symlink_readpage, page index %x, start block %x, offset %x\n", -+ (unsigned int) page->index, inode->u.squashfs_i.start_block, inode->u.squashfs_i.offset); -+ -+ for(length = 0; length < index; length += bytes) { -+ if(!(bytes = squashfs_get_cached_block(inode->i_sb, NULL, block, offset, -+ PAGE_CACHE_SIZE, &block, &offset))) { -+ ERROR("Unable to read symbolic link [%x:%x]\n", block, offset); -+ goto skip_read; -+ } -+ } -+ -+ if(length != index) { -+ ERROR("(squashfs_symlink_readpage) length != index\n"); -+ bytes = 0; -+ goto skip_read; -+ } -+ -+ bytes = (inode->i_size - length) > PAGE_CACHE_SIZE ? PAGE_CACHE_SIZE : inode->i_size - length; -+ if(!(bytes = squashfs_get_cached_block(inode->i_sb, pageaddr, block, offset, bytes, &block, &offset))) -+ ERROR("Unable to read symbolic link [%x:%x]\n", block, offset); -+ -+skip_read: -+ memset(pageaddr + bytes, 0, PAGE_CACHE_SIZE - bytes); -+ kunmap(page); -+ flush_dcache_page(page); -+ SetPageUptodate(page); -+ UnlockPage(page); -+ -+ return 0; -+} -+ -+ -+#define SIZE 256 -+ -+#ifdef SQUASHFS_1_0_COMPATIBILITY -+static unsigned int read_blocklist_1(struct inode *inode, int index, int readahead_blks, -+ char *block_list, char **block_p, unsigned int *bsize) -+{ -+ squashfs_sb_info *msBlk = &inode->i_sb->u.squashfs_sb; -+ unsigned short *block_listp; -+ int i = 0; -+ int block_ptr = inode->u.squashfs_i.block_list_start; -+ int offset = inode->u.squashfs_i.offset; -+ int block = inode->u.squashfs_i.start_block; -+ -+ for(;;) { -+ int blocks = (index + readahead_blks - i); -+ if(blocks > (SIZE >> 1)) { -+ if((index - i) <= (SIZE >> 1)) -+ blocks = index - i; -+ else -+ blocks = SIZE >> 1; -+ } -+ -+ if(msBlk->swap) { -+ unsigned char sblock_list[SIZE]; -+ if(!squashfs_get_cached_block(inode->i_sb, (char *) sblock_list, block_ptr, offset, blocks << 1, &block_ptr, &offset)) { -+ ERROR("Unable to read block list [%d:%x]\n", block_ptr, offset); -+ return 0; -+ } -+ SQUASHFS_SWAP_SHORTS(((unsigned short *)block_list), ((unsigned short *)sblock_list), blocks); -+ } else -+ if(!squashfs_get_cached_block(inode->i_sb, (char *) block_list, block_ptr, offset, blocks << 1, &block_ptr, &offset)) { -+ ERROR("Unable to read block list [%d:%x]\n", block_ptr, offset); -+ return 0; -+ } -+ for(block_listp = (unsigned short *) block_list; i < index && blocks; i ++, block_listp ++, blocks --) -+ block += SQUASHFS_COMPRESSED_SIZE(*block_listp); -+ if(blocks >= readahead_blks) -+ break; -+ } -+ -+ if(bsize) -+ *bsize = SQUASHFS_COMPRESSED_SIZE(*block_listp) | (!SQUASHFS_COMPRESSED(*block_listp) ? SQUASHFS_COMPRESSED_BIT_BLOCK : 0); -+ else -+ (unsigned short *) *block_p = block_listp; -+ return block; -+} -+#endif -+ -+ -+ -+static unsigned int read_blocklist(struct inode *inode, int index, int readahead_blks, -+ char *block_list, char **block_p, unsigned int *bsize) -+{ -+ squashfs_sb_info *msBlk = &inode->i_sb->u.squashfs_sb; -+ unsigned int *block_listp; -+ int i = 0; -+ int block_ptr = inode->u.squashfs_i.block_list_start; -+ int offset = inode->u.squashfs_i.offset; -+ int block = inode->u.squashfs_i.start_block; -+ -+ for(;;) { -+ int blocks = (index + readahead_blks - i); -+ if(blocks > (SIZE >> 2)) { -+ if((index - i) <= (SIZE >> 2)) -+ blocks = index - i; -+ else -+ blocks = SIZE >> 2; -+ } -+ -+ if(msBlk->swap) { -+ unsigned char sblock_list[SIZE]; -+ if(!squashfs_get_cached_block(inode->i_sb, (char *) sblock_list, block_ptr, offset, blocks << 2, &block_ptr, &offset)) { -+ ERROR("Unable to read block list [%d:%x]\n", block_ptr, offset); -+ return 0; -+ } -+ SQUASHFS_SWAP_INTS(((unsigned int *)block_list), ((unsigned int *)sblock_list), blocks); -+ } else -+ if(!squashfs_get_cached_block(inode->i_sb, (char *) block_list, block_ptr, offset, blocks << 2, &block_ptr, &offset)) { -+ ERROR("Unable to read block list [%d:%x]\n", block_ptr, offset); -+ return 0; -+ } -+ for(block_listp = (unsigned int *) block_list; i < index && blocks; i ++, block_listp ++, blocks --) -+ block += SQUASHFS_COMPRESSED_SIZE_BLOCK(*block_listp); -+ if(blocks >= readahead_blks) -+ break; -+ } -+ -+ *bsize = *block_listp; -+ return block; -+} -+ -+ -+static int squashfs_readpage(struct file *file, struct page *page) -+{ -+ struct inode *inode = page->mapping->host; -+ squashfs_sb_info *msBlk = &inode->i_sb->u.squashfs_sb; -+ squashfs_super_block *sBlk = &msBlk->sBlk; -+ unsigned char block_list[SIZE]; -+ unsigned int bsize, block, i = 0, bytes = 0, byte_offset = 0; -+ int index = page->index >> (sBlk->block_log - PAGE_CACHE_SHIFT); -+ void *pageaddr = kmap(page); -+ struct squashfs_fragment_cache *fragment; -+ char *data_ptr = msBlk->read_page; -+ -+ int mask = (1 << (sBlk->block_log - PAGE_CACHE_SHIFT)) - 1; -+ int start_index = page->index & ~mask; -+ int end_index = start_index | mask; -+ -+ TRACE("Entered squashfs_readpage, page index %x, start block %x\n", (unsigned int) page->index, -+ inode->u.squashfs_i.start_block); -+ -+ if(inode->u.squashfs_i.fragment_start_block == SQUASHFS_INVALID_BLK || index < (inode->i_size >> sBlk->block_log)) { -+ if((block = (msBlk->read_blocklist)(inode, index, 1, block_list, NULL, &bsize)) == 0) -+ goto skip_read; -+ -+ down(&msBlk->read_page_mutex); -+ if(!(bytes = read_data(inode->i_sb, msBlk->read_page, block, bsize, 1, NULL))) { -+ ERROR("Unable to read page, block %x, size %x\n", block, bsize); -+ up(&msBlk->read_page_mutex); -+ goto skip_read; -+ } -+ } else { -+ if((fragment = get_cached_fragment(inode->i_sb, inode->u.squashfs_i.fragment_start_block, inode->u.squashfs_i.fragment_size)) == NULL) { -+ ERROR("Unable to read page, block %x, size %x\n", inode->u.squashfs_i.fragment_start_block, (int) inode->u.squashfs_i.fragment_size); -+ goto skip_read; -+ } -+ bytes = inode->u.squashfs_i.fragment_offset + (inode->i_size & (sBlk->block_size - 1)); -+ byte_offset = inode->u.squashfs_i.fragment_offset; -+ data_ptr = fragment->data; -+ } -+ -+ for(i = start_index; i <= end_index && byte_offset < bytes; i++, byte_offset += PAGE_CACHE_SIZE) { -+ struct page *push_page; -+ int available_bytes = (bytes - byte_offset) > PAGE_CACHE_SIZE ? PAGE_CACHE_SIZE : bytes - byte_offset; -+ -+ TRACE("bytes %d, i %d, byte_offset %d, available_bytes %d\n", bytes, i, byte_offset, available_bytes); -+ -+ if(i == page->index) { -+ memcpy(pageaddr, data_ptr + byte_offset, available_bytes); -+ memset(pageaddr + available_bytes, 0, PAGE_CACHE_SIZE - available_bytes); -+ kunmap(page); -+ flush_dcache_page(page); -+ SetPageUptodate(page); -+ UnlockPage(page); -+ } else if((push_page = grab_cache_page_nowait(page->mapping, i))) { -+ void *pageaddr = kmap(push_page); -+ memcpy(pageaddr, data_ptr + byte_offset, available_bytes); -+ memset(pageaddr + available_bytes, 0, PAGE_CACHE_SIZE - available_bytes); -+ kunmap(push_page); -+ flush_dcache_page(push_page); -+ SetPageUptodate(push_page); -+ UnlockPage(push_page); -+ page_cache_release(push_page); -+ } -+ } -+ -+ if(inode->u.squashfs_i.fragment_start_block == SQUASHFS_INVALID_BLK || index < (inode->i_size >> sBlk->block_log)) -+ up(&msBlk->read_page_mutex); -+ else -+ release_cached_fragment(msBlk, fragment); -+ -+ return 0; -+ -+skip_read: -+ memset(pageaddr + bytes, 0, PAGE_CACHE_SIZE - bytes); -+ kunmap(page); -+ flush_dcache_page(page); -+ SetPageUptodate(page); -+ UnlockPage(page); -+ -+ return 0; -+} -+ -+ -+static int squashfs_readpage4K(struct file *file, struct page *page) -+{ -+ struct inode *inode = page->mapping->host; -+ squashfs_sb_info *msBlk = &inode->i_sb->u.squashfs_sb; -+ squashfs_super_block *sBlk = &msBlk->sBlk; -+ unsigned char block_list[SIZE]; -+ unsigned int bsize, block, bytes = 0; -+ void *pageaddr = kmap(page); -+ -+ TRACE("Entered squashfs_readpage4K, page index %x, start block %x\n", (unsigned int) page->index, -+ inode->u.squashfs_i.start_block); -+ -+ if(page->index < (inode->i_size >> sBlk->block_log)) { -+ block = (msBlk->read_blocklist)(inode, page->index, 1, block_list, NULL, &bsize); -+ -+ if(!(bytes = read_data(inode->i_sb, pageaddr, block, bsize, 1, NULL))) -+ ERROR("Unable to read page, block %x, size %x\n", block, bsize); -+ } else { -+ struct squashfs_fragment_cache *fragment; -+ -+ if((fragment = get_cached_fragment(inode->i_sb, inode->u.squashfs_i.fragment_start_block, inode->u.squashfs_i.fragment_size)) == NULL) -+ ERROR("Unable to read page, block %x, size %x\n", inode->u.squashfs_i.fragment_start_block, (int) inode->u.squashfs_i.fragment_size); -+ else { -+ bytes = inode->i_size & (sBlk->block_size - 1); -+ memcpy(pageaddr, fragment->data + inode->u.squashfs_i.fragment_offset, bytes); -+ release_cached_fragment(msBlk, fragment); -+ } -+ } -+ -+ memset(pageaddr + bytes, 0, PAGE_CACHE_SIZE - bytes); -+ kunmap(page); -+ flush_dcache_page(page); -+ SetPageUptodate(page); -+ UnlockPage(page); -+ -+ return 0; -+} -+ -+ -+#ifdef SQUASHFS_1_0_COMPATIBILITY -+static int squashfs_readpage_lessthan4K(struct file *file, struct page *page) -+{ -+ struct inode *inode = page->mapping->host; -+ squashfs_sb_info *msBlk = &inode->i_sb->u.squashfs_sb; -+ squashfs_super_block *sBlk = &msBlk->sBlk; -+ unsigned char block_list[SIZE]; -+ unsigned short *block_listp, block, bytes = 0; -+ int index = page->index << (PAGE_CACHE_SHIFT - sBlk->block_log); -+ int file_blocks = ((inode->i_size - 1) >> sBlk->block_log) + 1; -+ int readahead_blks = 1 << (PAGE_CACHE_SHIFT - sBlk->block_log); -+ void *pageaddr = kmap(page); -+ -+ int i_end = index + (1 << (PAGE_CACHE_SHIFT - sBlk->block_log)); -+ int byte; -+ -+ TRACE("Entered squashfs_readpage_lessthan4K, page index %x, start block %x\n", (unsigned int) page->index, -+ inode->u.squashfs_i.start_block); -+ -+ block = read_blocklist_1(inode, index, readahead_blks, block_list, (char **) &block_listp, NULL); -+ -+ if(i_end > file_blocks) -+ i_end = file_blocks; -+ -+ while(index < i_end) { -+ if(!(byte = read_data(inode->i_sb, pageaddr, block, *block_listp, 0, NULL))) { -+ ERROR("Unable to read page, block %x, size %x\n", block, *block_listp); -+ goto skip_read; -+ } -+ block += SQUASHFS_COMPRESSED_SIZE(*block_listp); -+ pageaddr += byte; -+ bytes += byte; -+ index ++; -+ block_listp ++; -+ } -+ -+skip_read: -+ memset(pageaddr, 0, PAGE_CACHE_SIZE - bytes); -+ kunmap(page); -+ flush_dcache_page(page); -+ SetPageUptodate(page); -+ UnlockPage(page); -+ -+ return 0; -+} -+#endif -+ -+ -+static int squashfs_readdir(struct file *file, void *dirent, filldir_t filldir) -+{ -+ struct inode *i = file->f_dentry->d_inode; -+ squashfs_sb_info *msBlk = &i->i_sb->u.squashfs_sb; -+ squashfs_super_block *sBlk = &msBlk->sBlk; -+ int next_block = i->u.squashfs_i.start_block + sBlk->directory_table_start, next_offset = -+ i->u.squashfs_i.offset, length = 0, dirs_read = 0, dir_count; -+ squashfs_dir_header dirh; -+ char buffer[sizeof(squashfs_dir_entry) + SQUASHFS_NAME_LEN + 1]; -+ squashfs_dir_entry *dire = (squashfs_dir_entry *) buffer; -+ -+ TRACE("Entered squashfs_readdir [%x:%x]\n", next_block, next_offset); -+ -+ while(length < i->i_size) { -+ /* read directory header */ -+ if(msBlk->swap) { -+ squashfs_dir_header sdirh; -+ if(!squashfs_get_cached_block(i->i_sb, (char *) &sdirh, next_block, -+ next_offset, sizeof(sdirh), &next_block, &next_offset)) -+ goto failed_read; -+ length += sizeof(sdirh); -+ SQUASHFS_SWAP_DIR_HEADER(&dirh, &sdirh); -+ } else { -+ if(!squashfs_get_cached_block(i->i_sb, (char *) &dirh, next_block, -+ next_offset, sizeof(dirh), &next_block, &next_offset)) -+ goto failed_read; -+ length += sizeof(dirh); -+ } -+ -+ dir_count = dirh.count + 1; -+ while(dir_count--) { -+ if(msBlk->swap) { -+ squashfs_dir_entry sdire; -+ if(!squashfs_get_cached_block(i->i_sb, (char *) &sdire, next_block, -+ next_offset, sizeof(sdire), &next_block, &next_offset)) -+ goto failed_read; -+ length += sizeof(sdire); -+ SQUASHFS_SWAP_DIR_ENTRY(dire, &sdire); -+ } else { -+ if(!squashfs_get_cached_block(i->i_sb, (char *) dire, next_block, -+ next_offset, sizeof(*dire), &next_block, &next_offset)) -+ goto failed_read; -+ length += sizeof(*dire); -+ } -+ -+ if(!squashfs_get_cached_block(i->i_sb, dire->name, next_block, -+ next_offset, dire->size + 1, &next_block, &next_offset)) -+ goto failed_read; -+ length += dire->size + 1; -+ -+ if(file->f_pos >= length) -+ continue; -+ -+ dire->name[dire->size + 1] = '\0'; -+ -+ TRACE("Calling filldir(%x, %s, %d, %d, %x:%x, %d)\n", (unsigned int) dirent, -+ dire->name, dire->size + 1, (int) file->f_pos, -+ dirh.start_block, dire->offset, squashfs_filetype_table[dire->type]); -+ -+ if(filldir(dirent, dire->name, dire->size + 1, file->f_pos, SQUASHFS_MK_VFS_INODE(dirh.start_block, -+ dire->offset), squashfs_filetype_table[dire->type]) < 0) { -+ TRACE("Filldir returned less than 0\n"); -+ return dirs_read; -+ } -+ -+ file->f_pos = length; -+ dirs_read ++; -+ } -+ } -+ -+ return dirs_read; -+ -+failed_read: -+ ERROR("Unable to read directory block [%x:%x]\n", next_block, next_offset); -+ return 0; -+} -+ -+ -+static struct dentry *squashfs_lookup(struct inode *i, struct dentry *dentry) -+{ -+ const char *name =dentry->d_name.name; -+ int len = dentry->d_name.len; -+ struct inode *inode = NULL; -+ squashfs_sb_info *msBlk = &i->i_sb->u.squashfs_sb; -+ squashfs_super_block *sBlk = &msBlk->sBlk; -+ int next_block = i->u.squashfs_i.start_block + sBlk->directory_table_start, next_offset = -+ i->u.squashfs_i.offset, length = 0, dir_count; -+ squashfs_dir_header dirh; -+ char buffer[sizeof(squashfs_dir_entry) + SQUASHFS_NAME_LEN]; -+ squashfs_dir_entry *dire = (squashfs_dir_entry *) buffer; -+ -+ TRACE("Entered squashfs_lookup [%x:%x]\n", next_block, next_offset); -+ -+ while(length < i->i_size) { -+ /* read directory header */ -+ if(msBlk->swap) { -+ squashfs_dir_header sdirh; -+ if(!squashfs_get_cached_block(i->i_sb, (char *) &sdirh, next_block, next_offset, -+ sizeof(sdirh), &next_block, &next_offset)) -+ goto failed_read; -+ length += sizeof(sdirh); -+ SQUASHFS_SWAP_DIR_HEADER(&dirh, &sdirh); -+ } else { -+ if(!squashfs_get_cached_block(i->i_sb, (char *) &dirh, next_block, next_offset, -+ sizeof(dirh), &next_block, &next_offset)) -+ goto failed_read; -+ length += sizeof(dirh); -+ } -+ -+ dir_count = dirh.count + 1; -+ while(dir_count--) { -+ if(msBlk->swap) { -+ squashfs_dir_entry sdire; -+ if(!squashfs_get_cached_block(i->i_sb, (char *) &sdire, -+ next_block,next_offset, sizeof(sdire), &next_block, &next_offset)) -+ goto failed_read; -+ length += sizeof(sdire); -+ SQUASHFS_SWAP_DIR_ENTRY(dire, &sdire); -+ } else { -+ if(!squashfs_get_cached_block(i->i_sb, (char *) dire, -+ next_block,next_offset, sizeof(*dire), &next_block, &next_offset)) -+ goto failed_read; -+ length += sizeof(*dire); -+ } -+ -+ if(!squashfs_get_cached_block(i->i_sb, dire->name, -+ next_block, next_offset, dire->size + 1, &next_block, &next_offset)) -+ goto failed_read; -+ length += dire->size + 1; -+ -+ if((len == dire->size + 1) && !strncmp(name, dire->name, len)) { -+ squashfs_inode ino = SQUASHFS_MKINODE(dirh.start_block, dire->offset); -+ -+ TRACE("calling squashfs_iget for directory entry %s, inode %x:%x\n", -+ name, dirh.start_block, dire->offset); -+ -+ inode = (msBlk->iget)(i->i_sb, ino); -+ -+ goto exit_loop; -+ } -+ } -+ } -+ -+exit_loop: -+ d_add(dentry, inode); -+ return ERR_PTR(0); -+ -+failed_read: -+ ERROR("Unable to read directory block [%x:%x]\n", next_block, next_offset); -+ goto exit_loop; -+} -+ -+ -+static void squashfs_put_super(struct super_block *s) -+{ -+ if(s->u.squashfs_sb.block_cache) kfree(s->u.squashfs_sb.block_cache); -+ if(s->u.squashfs_sb.read_data) kfree(s->u.squashfs_sb.read_data); -+ if(s->u.squashfs_sb.read_page) kfree(s->u.squashfs_sb.read_page); -+ if(s->u.squashfs_sb.uid) kfree(s->u.squashfs_sb.uid); -+ s->u.squashfs_sb.block_cache = (void *) s->u.squashfs_sb.uid = -+ s->u.squashfs_sb.read_data = s->u.squashfs_sb.read_page = NULL; -+} -+ -+ -+static int __init init_squashfs_fs(void) -+{ -+ -+ if(!(stream.workspace = (char *) vmalloc(zlib_inflate_workspacesize()))) { -+ ERROR("Failed to allocate zlib workspace\n"); -+ return -ENOMEM; -+ } -+ return register_filesystem(&squashfs_fs_type); -+} -+ -+ -+static void __exit exit_squashfs_fs(void) -+{ -+ vfree(stream.workspace); -+ unregister_filesystem(&squashfs_fs_type); -+} -+ -+ -+EXPORT_NO_SYMBOLS; -+ -+module_init(init_squashfs_fs); -+module_exit(exit_squashfs_fs); -+MODULE_DESCRIPTION("squashfs, a compressed read-only filesystem"); -+MODULE_AUTHOR("Phillip Lougher <plougher@users.sourceforge.net>"); -+MODULE_LICENSE("GPL"); -diff -Nurb linux.orig/include/linux/fs.h linux/include/linux/fs.h ---- linux.orig/include/linux/fs.h 2003-07-04 04:12:25.000000000 -0400 -+++ linux/include/linux/fs.h 2004-05-25 21:13:03.000000000 -0400 -@@ -313,6 +313,7 @@ - #include <linux/usbdev_fs_i.h> - #include <linux/jffs2_fs_i.h> - #include <linux/cramfs_fs_sb.h> -+#include <linux/squashfs_fs_i.h> - - /* - * Attribute flags. These should be or-ed together to figure out what -@@ -503,6 +504,7 @@ - struct socket socket_i; - struct usbdev_inode_info usbdev_i; - struct jffs2_inode_info jffs2_i; -+ struct squashfs_inode_info squashfs_i; - void *generic_ip; - } u; - }; -@@ -697,6 +699,7 @@ - #include <linux/usbdev_fs_sb.h> - #include <linux/cramfs_fs_sb.h> - #include <linux/jffs2_fs_sb.h> -+#include <linux/squashfs_fs_sb.h> - - extern struct list_head super_blocks; - extern spinlock_t sb_lock; -@@ -755,6 +758,7 @@ - struct usbdev_sb_info usbdevfs_sb; - struct jffs2_sb_info jffs2_sb; - struct cramfs_sb_info cramfs_sb; -+ struct squashfs_sb_info squashfs_sb; - void *generic_sbp; - } u; - /* -diff -Nurb linux.orig/include/linux/squashfs_fs.h linux/include/linux/squashfs_fs.h ---- linux.orig/include/linux/squashfs_fs.h 1969-12-31 19:00:00.000000000 -0500 -+++ linux/include/linux/squashfs_fs.h 2004-05-25 21:13:03.000000000 -0400 -@@ -0,0 +1,474 @@ -+#ifndef SQUASHFS_FS -+#define SQUASHFS_FS -+/* -+ * Squashfs -+ * -+ * Copyright (c) 2002, 2003, 2004 Phillip Lougher <plougher@users.sourceforge.net> -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version 2, -+ * or (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+ * -+ * squashfs_fs.h -+ */ -+ -+#define SQUASHFS_MAJOR 2 -+#define SQUASHFS_MINOR 0 -+#define SQUASHFS_MAGIC 0x73717368 -+#define SQUASHFS_MAGIC_SWAP 0x68737173 -+#define SQUASHFS_START 0 -+ -+/* size of metadata (inode and directory) blocks */ -+#define SQUASHFS_METADATA_SIZE 8192 -+#define SQUASHFS_METADATA_LOG 13 -+ -+/* default size of data blocks */ -+#define SQUASHFS_FILE_SIZE 65536 -+#define SQUASHFS_FILE_LOG 16 -+ -+#define SQUASHFS_FILE_MAX_SIZE 65536 -+ -+/* Max number of uids and gids */ -+#define SQUASHFS_UIDS 256 -+#define SQUASHFS_GUIDS 255 -+ -+/* Max length of filename (not 255) */ -+#define SQUASHFS_NAME_LEN 256 -+ -+#define SQUASHFS_INVALID ((long long) 0xffffffffffff) -+#define SQUASHFS_INVALID_BLK ((long long) 0xffffffff) -+#define SQUASHFS_USED_BLK ((long long) 0xfffffffe) -+ -+/* Filesystem flags */ -+#define SQUASHFS_NOI 0 -+#define SQUASHFS_NOD 1 -+#define SQUASHFS_CHECK 2 -+#define SQUASHFS_NOF 3 -+#define SQUASHFS_NO_FRAG 4 -+#define SQUASHFS_ALWAYS_FRAG 5 -+#define SQUASHFS_DUPLICATE 6 -+#define SQUASHFS_BIT(flag, bit) ((flag >> bit) & 1) -+#define SQUASHFS_UNCOMPRESSED_INODES(flags) SQUASHFS_BIT(flags, SQUASHFS_NOI) -+#define SQUASHFS_UNCOMPRESSED_DATA(flags) SQUASHFS_BIT(flags, SQUASHFS_NOD) -+#define SQUASHFS_UNCOMPRESSED_FRAGMENTS(flags) SQUASHFS_BIT(flags, SQUASHFS_NOF) -+#define SQUASHFS_NO_FRAGMENTS(flags) SQUASHFS_BIT(flags, SQUASHFS_NO_FRAG) -+#define SQUASHFS_ALWAYS_FRAGMENTS(flags) SQUASHFS_BIT(flags, SQUASHFS_ALWAYS_FRAG) -+#define SQUASHFS_DUPLICATES(flags) SQUASHFS_BIT(flags, SQUASHFS_DUPLICATE) -+#define SQUASHFS_CHECK_DATA(flags) SQUASHFS_BIT(flags, SQUASHFS_CHECK) -+#define SQUASHFS_MKFLAGS(noi, nod, check_data, nof, no_frag, always_frag, duplicate_checking) (noi | (nod << 1) | (check_data << 2) | (nof << 3) | (no_frag << 4) | (always_frag << 5) | (duplicate_checking << 6)) -+ -+/* Max number of types and file types */ -+#define SQUASHFS_DIR_TYPE 1 -+#define SQUASHFS_FILE_TYPE 2 -+#define SQUASHFS_SYMLINK_TYPE 3 -+#define SQUASHFS_BLKDEV_TYPE 4 -+#define SQUASHFS_CHRDEV_TYPE 5 -+#define SQUASHFS_FIFO_TYPE 6 -+#define SQUASHFS_SOCKET_TYPE 7 -+ -+/* 1.0 filesystem type definitions */ -+#define SQUASHFS_TYPES 5 -+#define SQUASHFS_IPC_TYPE 0 -+ -+/* Flag whether block is compressed or uncompressed, bit is set if block is uncompressed */ -+#define SQUASHFS_COMPRESSED_BIT (1 << 15) -+#define SQUASHFS_COMPRESSED_SIZE(B) (((B) & ~SQUASHFS_COMPRESSED_BIT) ? \ -+ (B) & ~SQUASHFS_COMPRESSED_BIT : SQUASHFS_COMPRESSED_BIT) -+ -+#define SQUASHFS_COMPRESSED(B) (!((B) & SQUASHFS_COMPRESSED_BIT)) -+ -+#define SQUASHFS_COMPRESSED_BIT_BLOCK (1 << 24) -+#define SQUASHFS_COMPRESSED_SIZE_BLOCK(B) (((B) & ~SQUASHFS_COMPRESSED_BIT_BLOCK) ? \ -+ (B) & ~SQUASHFS_COMPRESSED_BIT_BLOCK : SQUASHFS_COMPRESSED_BIT_BLOCK) -+ -+#define SQUASHFS_COMPRESSED_BLOCK(B) (!((B) & SQUASHFS_COMPRESSED_BIT_BLOCK)) -+ -+/* -+ * Inode number ops. Inodes consist of a compressed block number, and an uncompressed -+ * offset within that block -+ */ -+#define SQUASHFS_INODE_BLK(a) ((unsigned int) ((a) >> 16)) -+#define SQUASHFS_INODE_OFFSET(a) ((unsigned int) ((a) & 0xffff)) -+#define SQUASHFS_MKINODE(A, B) ((squashfs_inode)(((squashfs_inode) (A) << 16)\ -+ + (B))) -+ -+/* Compute 32 bit VFS inode number from squashfs inode number */ -+#define SQUASHFS_MK_VFS_INODE(a, b) ((unsigned int) (((a) << 8) + ((b) >> 2) + 1)) -+ -+/* Translate between VFS mode and squashfs mode */ -+#define SQUASHFS_MODE(a) ((a) & 0xfff) -+ -+/* fragment and fragment table defines */ -+typedef unsigned int squashfs_fragment_index; -+#define SQUASHFS_FRAGMENT_BYTES(A) (A * sizeof(squashfs_fragment_entry)) -+#define SQUASHFS_FRAGMENT_INDEX(A) (SQUASHFS_FRAGMENT_BYTES(A) / SQUASHFS_METADATA_SIZE) -+#define SQUASHFS_FRAGMENT_INDEX_OFFSET(A) (SQUASHFS_FRAGMENT_BYTES(A) % SQUASHFS_METADATA_SIZE) -+#define SQUASHFS_FRAGMENT_INDEXES(A) ((SQUASHFS_FRAGMENT_BYTES(A) + SQUASHFS_METADATA_SIZE - 1) / SQUASHFS_METADATA_SIZE) -+#define SQUASHFS_FRAGMENT_INDEX_BYTES(A) (SQUASHFS_FRAGMENT_INDEXES(A) * sizeof(squashfs_fragment_index)) -+#define SQUASHFS_CACHED_FRAGMENTS 3 -+ -+/* cached data constants for filesystem */ -+#define SQUASHFS_CACHED_BLKS 8 -+ -+#define SQUASHFS_MAX_FILE_SIZE_LOG 32 -+#define SQUASHFS_MAX_FILE_SIZE ((long long) 1 << (SQUASHFS_MAX_FILE_SIZE_LOG - 1)) -+ -+#define SQUASHFS_MARKER_BYTE 0xff -+ -+/* -+ * definitions for structures on disk -+ */ -+ -+typedef unsigned int squashfs_block; -+typedef long long squashfs_inode; -+ -+typedef unsigned int squashfs_uid; -+ -+typedef struct squashfs_super_block { -+ unsigned int s_magic; -+ unsigned int inodes; -+ unsigned int bytes_used; -+ unsigned int uid_start; -+ unsigned int guid_start; -+ unsigned int inode_table_start; -+ unsigned int directory_table_start; -+ unsigned int s_major:16; -+ unsigned int s_minor:16; -+ unsigned int block_size_1:16; -+ unsigned int block_log:16; -+ unsigned int flags:8; -+ unsigned int no_uids:8; -+ unsigned int no_guids:8; -+ time_t mkfs_time /* time of filesystem creation */; -+ squashfs_inode root_inode; -+ unsigned int block_size; -+ unsigned int fragments; -+ unsigned int fragment_table_start; -+} __attribute__ ((packed)) squashfs_super_block; -+ -+typedef struct { -+ unsigned int inode_type:4; -+ unsigned int mode:12; /* protection */ -+ unsigned int uid:8; /* index into uid table */ -+ unsigned int guid:8; /* index into guid table */ -+} __attribute__ ((packed)) squashfs_base_inode_header; -+ -+typedef squashfs_base_inode_header squashfs_ipc_inode_header; -+ -+typedef struct { -+ unsigned int inode_type:4; -+ unsigned int mode:12; /* protection */ -+ unsigned int uid:8; /* index into uid table */ -+ unsigned int guid:8; /* index into guid table */ -+ unsigned short rdev; -+} __attribute__ ((packed)) squashfs_dev_inode_header; -+ -+typedef struct { -+ unsigned int inode_type:4; -+ unsigned int mode:12; /* protection */ -+ unsigned int uid:8; /* index into uid table */ -+ unsigned int guid:8; /* index into guid table */ -+ unsigned short symlink_size; -+ char symlink[0]; -+} __attribute__ ((packed)) squashfs_symlink_inode_header; -+ -+typedef struct { -+ unsigned int inode_type:4; -+ unsigned int mode:12; /* protection */ -+ unsigned int uid:8; /* index into uid table */ -+ unsigned int guid:8; /* index into guid table */ -+ time_t mtime; -+ squashfs_block start_block; -+ unsigned int fragment; -+ unsigned int offset; -+ unsigned int file_size:SQUASHFS_MAX_FILE_SIZE_LOG; -+ unsigned short block_list[0]; -+} __attribute__ ((packed)) squashfs_reg_inode_header; -+ -+typedef struct { -+ unsigned int inode_type:4; -+ unsigned int mode:12; /* protection */ -+ unsigned int uid:8; /* index into uid table */ -+ unsigned int guid:8; /* index into guid table */ -+ unsigned int file_size:19; -+ unsigned int offset:13; -+ time_t mtime; -+ unsigned int start_block:24; -+} __attribute__ ((packed)) squashfs_dir_inode_header; -+ -+typedef union { -+ squashfs_base_inode_header base; -+ squashfs_dev_inode_header dev; -+ squashfs_symlink_inode_header symlink; -+ squashfs_reg_inode_header reg; -+ squashfs_dir_inode_header dir; -+ squashfs_ipc_inode_header ipc; -+} squashfs_inode_header; -+ -+typedef struct { -+ unsigned int offset:13; -+ unsigned int type:3; -+ unsigned int size:8; -+ char name[0]; -+} __attribute__ ((packed)) squashfs_dir_entry; -+ -+typedef struct { -+ unsigned int count:8; -+ unsigned int start_block:24; -+} __attribute__ ((packed)) squashfs_dir_header; -+ -+ -+typedef struct { -+ unsigned int start_block; -+ unsigned int size; -+} __attribute__ ((packed)) squashfs_fragment_entry; -+ -+extern int squashfs_uncompress_block(void *d, int dstlen, void *s, int srclen); -+extern int squashfs_uncompress_init(void); -+extern int squashfs_uncompress_exit(void); -+ -+/* -+ * macros to convert each packed bitfield structure from little endian to big -+ * endian and vice versa. These are needed when creating or using a filesystem on a -+ * machine with different byte ordering to the target architecture. -+ * -+ */ -+ -+#define SQUASHFS_SWAP_SUPER_BLOCK(s, d) {\ -+ SQUASHFS_MEMSET(s, d, sizeof(squashfs_super_block));\ -+ SQUASHFS_SWAP((s)->s_magic, d, 0, 32);\ -+ SQUASHFS_SWAP((s)->inodes, d, 32, 32);\ -+ SQUASHFS_SWAP((s)->bytes_used, d, 64, 32);\ -+ SQUASHFS_SWAP((s)->uid_start, d, 96, 32);\ -+ SQUASHFS_SWAP((s)->guid_start, d, 128, 32);\ -+ SQUASHFS_SWAP((s)->inode_table_start, d, 160, 32);\ -+ SQUASHFS_SWAP((s)->directory_table_start, d, 192, 32);\ -+ SQUASHFS_SWAP((s)->s_major, d, 224, 16);\ -+ SQUASHFS_SWAP((s)->s_minor, d, 240, 16);\ -+ SQUASHFS_SWAP((s)->block_size_1, d, 256, 16);\ -+ SQUASHFS_SWAP((s)->block_log, d, 272, 16);\ -+ SQUASHFS_SWAP((s)->flags, d, 288, 8);\ -+ SQUASHFS_SWAP((s)->no_uids, d, 296, 8);\ -+ SQUASHFS_SWAP((s)->no_guids, d, 304, 8);\ -+ SQUASHFS_SWAP((s)->mkfs_time, d, 312, 32);\ -+ SQUASHFS_SWAP((s)->root_inode, d, 344, 64);\ -+ SQUASHFS_SWAP((s)->block_size, d, 408, 32);\ -+ SQUASHFS_SWAP((s)->fragments, d, 440, 32);\ -+ SQUASHFS_SWAP((s)->fragment_table_start, d, 472, 32);\ -+} -+ -+#define SQUASHFS_SWAP_BASE_INODE_HEADER(s, d, n) {\ -+ SQUASHFS_MEMSET(s, d, n);\ -+ SQUASHFS_SWAP((s)->inode_type, d, 0, 4);\ -+ SQUASHFS_SWAP((s)->mode, d, 4, 12);\ -+ SQUASHFS_SWAP((s)->uid, d, 16, 8);\ -+ SQUASHFS_SWAP((s)->guid, d, 24, 8);\ -+} -+ -+#define SQUASHFS_SWAP_IPC_INODE_HEADER(s, d) SQUASHFS_SWAP_BASE_INODE_HEADER(s, d, sizeof(squashfs_ipc_inode_header)) -+ -+#define SQUASHFS_SWAP_DEV_INODE_HEADER(s, d) {\ -+ SQUASHFS_SWAP_BASE_INODE_HEADER(s, d, sizeof(squashfs_dev_inode_header));\ -+ SQUASHFS_SWAP((s)->rdev, d, 32, 16);\ -+} -+ -+#define SQUASHFS_SWAP_SYMLINK_INODE_HEADER(s, d) {\ -+ SQUASHFS_SWAP_BASE_INODE_HEADER(s, d, sizeof(squashfs_symlink_inode_header));\ -+ SQUASHFS_SWAP((s)->symlink_size, d, 32, 16);\ -+} -+ -+#define SQUASHFS_SWAP_REG_INODE_HEADER(s, d) {\ -+ SQUASHFS_SWAP_BASE_INODE_HEADER(s, d, sizeof(squashfs_reg_inode_header));\ -+ SQUASHFS_SWAP((s)->mtime, d, 32, 32);\ -+ SQUASHFS_SWAP((s)->start_block, d, 64, 32);\ -+ SQUASHFS_SWAP((s)->fragment, d, 96, 32);\ -+ SQUASHFS_SWAP((s)->offset, d, 128, 32);\ -+ SQUASHFS_SWAP((s)->file_size, d, 160, SQUASHFS_MAX_FILE_SIZE_LOG);\ -+} -+ -+#define SQUASHFS_SWAP_DIR_INODE_HEADER(s, d) {\ -+ SQUASHFS_SWAP_BASE_INODE_HEADER(s, d, sizeof(squashfs_dir_inode_header));\ -+ SQUASHFS_SWAP((s)->file_size, d, 32, 19);\ -+ SQUASHFS_SWAP((s)->offset, d, 51, 13);\ -+ SQUASHFS_SWAP((s)->mtime, d, 64, 32);\ -+ SQUASHFS_SWAP((s)->start_block, d, 96, 24);\ -+} -+ -+#define SQUASHFS_SWAP_DIR_HEADER(s, d) {\ -+ SQUASHFS_MEMSET(s, d, sizeof(squashfs_dir_header));\ -+ SQUASHFS_SWAP((s)->count, d, 0, 8);\ -+ SQUASHFS_SWAP((s)->start_block, d, 8, 24);\ -+} -+ -+#define SQUASHFS_SWAP_DIR_ENTRY(s, d) {\ -+ SQUASHFS_MEMSET(s, d, sizeof(squashfs_dir_entry));\ -+ SQUASHFS_SWAP((s)->offset, d, 0, 13);\ -+ SQUASHFS_SWAP((s)->type, d, 13, 3);\ -+ SQUASHFS_SWAP((s)->size, d, 16, 8);\ -+} -+ -+#define SQUASHFS_SWAP_FRAGMENT_ENTRY(s, d) {\ -+ SQUASHFS_MEMSET(s, d, sizeof(squashfs_fragment_entry));\ -+ SQUASHFS_SWAP((s)->start_block, d, 0, 32);\ -+ SQUASHFS_SWAP((s)->size, d, 32, 32);\ -+} -+ -+#define SQUASHFS_SWAP_SHORTS(s, d, n) {\ -+ int entry;\ -+ int bit_position;\ -+ SQUASHFS_MEMSET(s, d, n * 2);\ -+ for(entry = 0, bit_position = 0; entry < n; entry++, bit_position += 16)\ -+ SQUASHFS_SWAP(s[entry], d, bit_position, 16);\ -+} -+ -+#define SQUASHFS_SWAP_INTS(s, d, n) {\ -+ int entry;\ -+ int bit_position;\ -+ SQUASHFS_MEMSET(s, d, n * 4);\ -+ for(entry = 0, bit_position = 0; entry < n; entry++, bit_position += 32)\ -+ SQUASHFS_SWAP(s[entry], d, bit_position, 32);\ -+} -+ -+#define SQUASHFS_SWAP_DATA(s, d, n, bits) {\ -+ int entry;\ -+ int bit_position;\ -+ SQUASHFS_MEMSET(s, d, n * bits / 8);\ -+ for(entry = 0, bit_position = 0; entry < n; entry++, bit_position += bits)\ -+ SQUASHFS_SWAP(s[entry], d, bit_position, bits);\ -+} -+ -+#define SQUASHFS_SWAP_FRAGMENT_INDEXES(s, d, n) SQUASHFS_SWAP_INTS(s, d, n) -+ -+#ifdef SQUASHFS_1_0_COMPATIBILITY -+typedef struct { -+ unsigned int inode_type:4; -+ unsigned int mode:12; /* protection */ -+ unsigned int uid:4; /* index into uid table */ -+ unsigned int guid:4; /* index into guid table */ -+} __attribute__ ((packed)) squashfs_base_inode_header_1; -+ -+typedef struct { -+ unsigned int inode_type:4; -+ unsigned int mode:12; /* protection */ -+ unsigned int uid:4; /* index into uid table */ -+ unsigned int guid:4; /* index into guid table */ -+ unsigned int type:4; -+ unsigned int offset:4; -+} __attribute__ ((packed)) squashfs_ipc_inode_header_1; -+ -+typedef struct { -+ unsigned int inode_type:4; -+ unsigned int mode:12; /* protection */ -+ unsigned int uid:4; /* index into uid table */ -+ unsigned int guid:4; /* index into guid table */ -+ unsigned short rdev; -+} __attribute__ ((packed)) squashfs_dev_inode_header_1; -+ -+typedef struct { -+ unsigned int inode_type:4; -+ unsigned int mode:12; /* protection */ -+ unsigned int uid:4; /* index into uid table */ -+ unsigned int guid:4; /* index into guid table */ -+ unsigned short symlink_size; -+ char symlink[0]; -+} __attribute__ ((packed)) squashfs_symlink_inode_header_1; -+ -+typedef struct { -+ unsigned int inode_type:4; -+ unsigned int mode:12; /* protection */ -+ unsigned int uid:4; /* index into uid table */ -+ unsigned int guid:4; /* index into guid table */ -+ time_t mtime; -+ squashfs_block start_block; -+ unsigned int file_size:SQUASHFS_MAX_FILE_SIZE_LOG; -+ unsigned short block_list[0]; -+} __attribute__ ((packed)) squashfs_reg_inode_header_1; -+ -+typedef struct { -+ unsigned int inode_type:4; -+ unsigned int mode:12; /* protection */ -+ unsigned int uid:4; /* index into uid table */ -+ unsigned int guid:4; /* index into guid table */ -+ unsigned int file_size:19; -+ unsigned int offset:13; -+ time_t mtime; -+ unsigned int start_block:24; -+} __attribute__ ((packed)) squashfs_dir_inode_header_1; -+ -+#define SQUASHFS_SWAP_BASE_INODE_HEADER_1(s, d, n) {\ -+ SQUASHFS_MEMSET(s, d, n);\ -+ SQUASHFS_SWAP((s)->inode_type, d, 0, 4);\ -+ SQUASHFS_SWAP((s)->mode, d, 4, 12);\ -+ SQUASHFS_SWAP((s)->uid, d, 16, 4);\ -+ SQUASHFS_SWAP((s)->guid, d, 20, 4);\ -+} -+ -+#define SQUASHFS_SWAP_IPC_INODE_HEADER_1(s, d) {\ -+ SQUASHFS_SWAP_BASE_INODE_HEADER_1(s, d, sizeof(squashfs_ipc_inode_header_1));\ -+ SQUASHFS_SWAP((s)->type, d, 24, 4);\ -+ SQUASHFS_SWAP((s)->offset, d, 28, 4);\ -+} -+ -+#define SQUASHFS_SWAP_DEV_INODE_HEADER_1(s, d) {\ -+ SQUASHFS_SWAP_BASE_INODE_HEADER_1(s, d, sizeof(squashfs_dev_inode_header_1));\ -+ SQUASHFS_SWAP((s)->rdev, d, 24, 16);\ -+} -+ -+#define SQUASHFS_SWAP_SYMLINK_INODE_HEADER_1(s, d) {\ -+ SQUASHFS_SWAP_BASE_INODE_HEADER(s, d, sizeof(squashfs_symlink_inode_header_1));\ -+ SQUASHFS_SWAP((s)->symlink_size, d, 24, 16);\ -+} -+ -+#define SQUASHFS_SWAP_REG_INODE_HEADER_1(s, d) {\ -+ SQUASHFS_SWAP_BASE_INODE_HEADER(s, d, sizeof(squashfs_reg_inode_header_1));\ -+ SQUASHFS_SWAP((s)->mtime, d, 24, 32);\ -+ SQUASHFS_SWAP((s)->start_block, d, 56, 32);\ -+ SQUASHFS_SWAP((s)->file_size, d, 88, SQUASHFS_MAX_FILE_SIZE_LOG);\ -+} -+ -+#define SQUASHFS_SWAP_DIR_INODE_HEADER_1(s, d) {\ -+ SQUASHFS_SWAP_BASE_INODE_HEADER(s, d, sizeof(squashfs_dir_inode_header_1));\ -+ SQUASHFS_SWAP((s)->file_size, d, 24, 19);\ -+ SQUASHFS_SWAP((s)->offset, d, 43, 13);\ -+ SQUASHFS_SWAP((s)->mtime, d, 56, 32);\ -+ SQUASHFS_SWAP((s)->start_block, d, 88, 24);\ -+} -+#endif -+ -+#ifdef __KERNEL__ -+/* -+ * macros used to swap each structure entry, taking into account -+ * bitfields and different bitfield placing conventions on differing architectures -+ */ -+#include <asm/byteorder.h> -+#ifdef __BIG_ENDIAN -+ /* convert from little endian to big endian */ -+#define SQUASHFS_SWAP(value, p, pos, tbits) _SQUASHFS_SWAP(value, p, pos, tbits, b_pos) -+#else -+ /* convert from big endian to little endian */ -+#define SQUASHFS_SWAP(value, p, pos, tbits) _SQUASHFS_SWAP(value, p, pos, tbits, 64 - tbits - b_pos) -+#endif -+ -+#define _SQUASHFS_SWAP(value, p, pos, tbits, SHIFT) {\ -+ int bits;\ -+ int b_pos = pos % 8;\ -+ unsigned long long val = 0;\ -+ unsigned char *s = (unsigned char *)p + (pos / 8);\ -+ unsigned char *d = ((unsigned char *) &val) + 7;\ -+ for(bits = 0; bits < (tbits + b_pos); bits += 8) \ -+ *d-- = *s++;\ -+ value = (val >> (SHIFT))/* & ((1 << tbits) - 1)*/;\ -+} -+#define SQUASHFS_MEMSET(s, d, n) memset(s, 0, n); -+#endif -+#endif -diff -Nurb linux.orig/include/linux/squashfs_fs_i.h linux/include/linux/squashfs_fs_i.h ---- linux.orig/include/linux/squashfs_fs_i.h 1969-12-31 19:00:00.000000000 -0500 -+++ linux/include/linux/squashfs_fs_i.h 2004-05-25 21:13:03.000000000 -0400 -@@ -0,0 +1,33 @@ -+#ifndef SQUASHFS_FS_I -+#define SQUASHFS_FS_I -+/* -+ * Squashfs -+ * -+ * Copyright (c) 2002, 2003, 2004 Phillip Lougher <plougher@users.sourceforge.net> -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version 2, -+ * or (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+ * -+ * squashfs_fs_i.h -+ */ -+ -+typedef struct squashfs_inode_info { -+ unsigned int start_block; -+ unsigned int block_list_start; -+ unsigned int offset; -+ unsigned int fragment_start_block; -+ unsigned int fragment_size; -+ unsigned int fragment_offset; -+ } squashfs_inode_info; -+#endif -diff -Nurb linux.orig/include/linux/squashfs_fs_sb.h linux/include/linux/squashfs_fs_sb.h ---- linux.orig/include/linux/squashfs_fs_sb.h 1969-12-31 19:00:00.000000000 -0500 -+++ linux/include/linux/squashfs_fs_sb.h 2004-05-25 21:13:03.000000000 -0400 -@@ -0,0 +1,65 @@ -+#ifndef SQUASHFS_FS_SB -+#define SQUASHFS_FS_SB -+/* -+ * Squashfs -+ * -+ * Copyright (c) 2002, 2003, 2004 Phillip Lougher <plougher@users.sourceforge.net> -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version 2, -+ * or (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -+ * -+ * squashfs_fs_sb.h -+ */ -+ -+#include <linux/squashfs_fs.h> -+ -+typedef struct { -+ unsigned int block; -+ int length; -+ unsigned int next_index; -+ char *data; -+ } squashfs_cache; -+ -+struct squashfs_fragment_cache { -+ unsigned int block; -+ int length; -+ unsigned int locked; -+ char *data; -+ }; -+ -+typedef struct squashfs_sb_info { -+ squashfs_super_block sBlk; -+ int devblksize; -+ int devblksize_log2; -+ int swap; -+ squashfs_cache *block_cache; -+ struct squashfs_fragment_cache *fragment; -+ int next_cache; -+ int next_fragment; -+ squashfs_uid *uid; -+ squashfs_uid *guid; -+ squashfs_fragment_index *fragment_index; -+ unsigned int read_size; -+ char *read_data; -+ char *read_page; -+ struct semaphore read_page_mutex; -+ struct semaphore block_cache_mutex; -+ struct semaphore fragment_mutex; -+ wait_queue_head_t waitq; -+ wait_queue_head_t fragment_wait_queue; -+ struct inode *(*iget)(struct super_block *s, squashfs_inode inode); -+ unsigned int (*read_blocklist)(struct inode *inode, int index, int readahead_blks, -+ char *block_list, char **block_p, unsigned int *bsize); -+ } squashfs_sb_info; -+#endif -diff -Nurb linux.orig/init/do_mounts.c linux/init/do_mounts.c ---- linux.orig/init/do_mounts.c 2003-11-08 03:13:20.000000000 -0500 -+++ linux/init/do_mounts.c 2004-05-25 21:13:03.000000000 -0400 -@@ -16,6 +16,7 @@ - #include <linux/ext2_fs.h> - #include <linux/romfs_fs.h> - #include <linux/cramfs_fs.h> -+#include <linux/squashfs_fs.h> - - #undef BUILD_CRAMDISK - -@@ -470,6 +471,7 @@ - * ext2 - * romfs - * gzip -+ * squashfs - */ - static int __init - identify_ramdisk_image(int fd, int start_block) -@@ -479,6 +481,7 @@ - struct ext2_super_block *ext2sb; - struct romfs_super_block *romfsb; - struct cramfs_super *cramfsb; -+ struct squashfs_super_block *squashfsb; - int nblocks = -1; - unsigned char *buf; - -@@ -490,6 +493,7 @@ - ext2sb = (struct ext2_super_block *) buf; - romfsb = (struct romfs_super_block *) buf; - cramfsb = (struct cramfs_super *) buf; -+ squashfsb = (struct squashfs_super_block *) buf; - memset(buf, 0xe5, size); - - /* -@@ -536,6 +540,15 @@ - goto done; - } - -+ /* squashfs is at block zero too */ -+ if (squashfsb->s_magic == SQUASHFS_MAGIC) { -+ printk(KERN_NOTICE -+ "RAMDISK: squashfs filesystem found at block %d\n", -+ start_block); -+ nblocks = (squashfsb->bytes_used+BLOCK_SIZE-1)>>BLOCK_SIZE_BITS; -+ goto done; -+ } -+ - /* - * Read block 1 to test for minix and ext2 superblock - */ -diff -Nurb linux.orig/kernel/ksyms.c linux/kernel/ksyms.c ---- linux.orig/kernel/ksyms.c 2003-07-04 04:12:28.000000000 -0400 -+++ linux/kernel/ksyms.c 2004-05-25 21:12:24.000000000 -0400 -@@ -482,9 +482,9 @@ - EXPORT_SYMBOL(simple_strtoull); - EXPORT_SYMBOL(system_utsname); /* UTS data */ - EXPORT_SYMBOL(uts_sem); /* UTS semaphore */ --#ifndef __mips__ -+//#ifndef __mips__ //bite me. -mbm. - EXPORT_SYMBOL(sys_call_table); --#endif -+//#endif - EXPORT_SYMBOL(machine_restart); - EXPORT_SYMBOL(machine_halt); - EXPORT_SYMBOL(machine_power_off); -diff -Nurb linux.orig/lib/Config.in linux/lib/Config.in ---- linux.orig/lib/Config.in 2003-07-04 04:12:29.000000000 -0400 -+++ linux/lib/Config.in 2004-05-25 21:13:03.000000000 -0400 -@@ -8,12 +8,14 @@ - # Do we need the compression support? - # - if [ "$CONFIG_CRAMFS" = "y" -o \ -+ "$CONFIG_SQUASHFS" = "y" -o \ - "$CONFIG_PPP_DEFLATE" = "y" -o \ - "$CONFIG_JFFS2_FS" = "y" -o \ - "$CONFIG_ZISOFS_FS" = "y" ]; then - define_tristate CONFIG_ZLIB_INFLATE y - else - if [ "$CONFIG_CRAMFS" = "m" -o \ -+ "$CONFIG_SQUASHFS" = "m" -o \ - "$CONFIG_PPP_DEFLATE" = "m" -o \ - "$CONFIG_JFFS2_FS" = "m" -o \ - "$CONFIG_ZISOFS_FS" = "m" ]; then diff --git a/obsolete-buildroot/sources/openwrt/kernel/patches/130-nfsswap.patch b/obsolete-buildroot/sources/openwrt/kernel/patches/130-nfsswap.patch deleted file mode 100644 index d2f8e7a..0000000 --- a/obsolete-buildroot/sources/openwrt/kernel/patches/130-nfsswap.patch +++ /dev/null @@ -1,2362 +0,0 @@ -diff -Nurb linux.orig/Documentation/netswap.txt linux/Documentation/netswap.txt ---- linux.orig/Documentation/netswap.txt 1969-12-31 19:00:00.000000000 -0500 -+++ linux/Documentation/netswap.txt 2004-05-31 02:18:03.000000000 -0400 -@@ -0,0 +1,51 @@ -+ Swapping over network -+ -+Support for this is enabled via the CONFIG_NETSWAP option, which is -+automatically enabled when enabling swap files located on NFS volumes -+(CONFIG_SWAP_VIA_NFS). -+ -+When swapping to files located on a network file system like NFS or -+CODA or others or to nbd (network block device, see `nbd.txt') -+partitions there is the problem that this requires additional memory, -+besides the page which is currently swapped in or out, probably at -+least two more pages for each page in question. -+ -+This means that not only there needs to be free space left in the swap -+file or the swap partition, but in addition there must be enough free -+memory left in the system to perform the swap out of pages. -+ -+This is particularly painful as receiving data over the network itself -+consumes memory, and this memory is allocated from an interrupt -+context (i.e. in the interrupt handler of the network card). That -+means that on a congested network there are chances that the machine -+runs out of memory, simply because the network device's interrupt -+routines allocate memory faster that it is freed by swapping via -+network. -+ -+To cope with this problem, there is a new socket option `SO_SWAPPING' -+which has to be set on the `SOL_SOCKET' level with setsockopt() (see -+setsockopt(2)). When this option is set on any network socket, then -+the system will start to drop network packets it receives on any other -+socket when the number of free pages falls below a certain threshold. -+ -+This threshold initially is 4 pages less than `freepages.min' (see -+`Documentation/sysctl/vm.txt') but can be tuned using the sysctl -+interface by writing to the file `/proc/sys/net/swapping/threshold' -+ -+There are two other files: -+ -+`/proc/sys/net/swapping/dropped': -+ how many network packets have been dropped so far. This file is -+ writable, writing to it simply sets the counter to the given value -+ (useful for resetting the counter). -+ -+`/proc/sys/net/swapping/sock_count': -+ How many network sockets have the `SO_SWAPPING' option set (read -+ only, of course). -+ -+When using swap-files on NFS volumes, then the `SO_SWAPPING' option is -+set or cleared by swapon/swapoff system calls, so the user need not -+care about it. -+ -+Swapping over the network is insecure unless the data would be -+encrypted, which is not the case with NFS. It is also very slow. -diff -Nurb linux.orig/Documentation/nfsswap.txt linux/Documentation/nfsswap.txt ---- linux.orig/Documentation/nfsswap.txt 1969-12-31 19:00:00.000000000 -0500 -+++ linux/Documentation/nfsswap.txt 2004-05-31 02:18:03.000000000 -0400 -@@ -0,0 +1,41 @@ -+ Swapping to files on NFS volumes -+ -+To do this you have to say `Y' or `M' to the CONFIG_SWAP_VIA_NFS -+configuration option. When compling support for this as a module you -+should read `Documentation/modules.txt'. For auto-loading of the -+module during the `swapon' system call you have to place a line like -+ -+alias swapfile-mod nfsswap -+ -+in `/etc/modules.conf' (or `/etc/conf.modules', depending on your -+setup). NFS volumes holding swapfile should be mounted with `rsize' -+and `wsize' set to something less than the size of a page, otherwise -+deadlocks caused by memory fragmentation can happen, i.e. mount the -+volume which is to hold the swapfiles with -+ -+mount -t nfs -o rsize=2048,wsize=2048 NFS_SERVER_IP:/server_volume /mount_point -+ -+or set the option in `/etc/fstab'. Read `Documentation/nfsroot.txt' to -+learn how to set mount options for the root file system, if your swap -+files are to be located on the root file system. -+ -+Setting the `rsize' and `wsize' to anything less than PAGE_SIZE is a -+performance hit, so you probably want to have at least two volumes -+mounted, one for the swapfiles, one for the rest. -+ -+You may want to read `Documentation/netswap.txt' as well. -+ -+Swapfiles on NFS volumes can be treated like any other swapfile, -+i.e. -+ -+dd if=/dev/zero of=/swapfiles/SWAPFILE bs=1k count=20480 -+mkswap /swapfiles/SWAPFILE -+swapon /swapfiles/SWAPFILE -+ -+will create a 20M swapfile and tell the system to use it. Actually, -+one could use lseek(2) to create an empty swapfile. This is different -+from swapfiles located on local harddisk. -+ -+Swapping over the network is insecure unless the data would be -+encrypted, which is not the case with NFS. It is also very slow. -+ -diff -Nurb linux.orig/drivers/block/blkpg.c linux/drivers/block/blkpg.c ---- linux.orig/drivers/block/blkpg.c 2003-07-04 04:11:31.000000000 -0400 -+++ linux/drivers/block/blkpg.c 2004-05-31 02:18:03.000000000 -0400 -@@ -34,7 +34,7 @@ - #include <linux/blk.h> /* for set_device_ro() */ - #include <linux/blkpg.h> - #include <linux/genhd.h> --#include <linux/swap.h> /* for is_swap_partition() */ -+#include <linux/swap.h> /* for swap_run_test() */ - #include <linux/module.h> /* for EXPORT_SYMBOL */ - - #include <asm/uaccess.h> -@@ -114,6 +114,29 @@ - return 0; - } - -+/* swap_run_test() applies this hook to all swapfiles until it returns -+ * "1". If it never returns "1", the result of swap_run_test() is "0", -+ * otherwise "1". -+ */ -+static int is_swap_partition_hook(unsigned int flags, struct file *swap_file, -+ void *testdata) -+{ -+ kdev_t swap_dev = S_ISBLK(swap_file->f_dentry->d_inode->i_mode) -+ ? swap_file->f_dentry->d_inode->i_rdev : 0; -+ kdev_t dev = *((kdev_t *)testdata); -+ -+ if (flags & SWP_USED && dev == swap_dev) { -+ return 1; -+ } else { -+ return 0; -+ } -+} -+ -+static inline int is_swap_partition(kdev_t dev) -+{ -+ return swap_run_test(is_swap_partition_hook, &dev); -+} -+ - /* - * Delete a partition given by partition number - * -diff -Nurb linux.orig/fs/Config.in linux/fs/Config.in ---- linux.orig/fs/Config.in 2004-05-31 02:02:43.000000000 -0400 -+++ linux/fs/Config.in 2004-05-31 02:18:03.000000000 -0400 -@@ -4,6 +4,12 @@ - mainmenu_option next_comment - comment 'File systems' - -+if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then -+ tristate 'Swapping to block devices' CONFIG_BLKDEV_SWAP -+else -+ define_bool CONFIG_BLKDEV_SWAP y -+fi -+ - bool 'Quota support' CONFIG_QUOTA - tristate 'Kernel automounter support' CONFIG_AUTOFS_FS - tristate 'Kernel automounter version 4 support (also supports v3)' CONFIG_AUTOFS4_FS -@@ -110,6 +116,12 @@ - dep_tristate 'NFS file system support' CONFIG_NFS_FS $CONFIG_INET - dep_mbool ' Provide NFSv3 client support' CONFIG_NFS_V3 $CONFIG_NFS_FS - dep_bool ' Root file system on NFS' CONFIG_ROOT_NFS $CONFIG_NFS_FS $CONFIG_IP_PNP -+ if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then -+ dep_tristate ' Swapping via NFS (EXPERIMENTAL)' CONFIG_SWAP_VIA_NFS $CONFIG_NFS_FS -+ if [ "$CONFIG_SWAP_VIA_NFS" = "y" -o "$CONFIG_SWAP_VIA_NFS" = "m" ]; then -+ define_bool CONFIG_NETSWAP y -+ fi -+ fi - - dep_tristate 'NFS server support' CONFIG_NFSD $CONFIG_INET - dep_mbool ' Provide NFSv3 server support' CONFIG_NFSD_V3 $CONFIG_NFSD -diff -Nurb linux.orig/fs/Makefile linux/fs/Makefile ---- linux.orig/fs/Makefile 2004-05-31 02:02:42.000000000 -0400 -+++ linux/fs/Makefile 2004-05-31 02:18:03.000000000 -0400 -@@ -8,7 +8,7 @@ - O_TARGET := fs.o - - export-objs := filesystems.o open.o dcache.o buffer.o --mod-subdirs := nls -+mod-subdirs := nls nfs - - obj-y := open.o read_write.o devices.o file_table.o buffer.o \ - super.o block_dev.o char_dev.o stat.o exec.o pipe.o namei.o \ -@@ -70,6 +70,7 @@ - subdir-$(CONFIG_JFS_FS) += jfs - subdir-$(CONFIG_SQUASHFS) += squashfs - -+obj-$(CONFIG_BLKDEV_SWAP) += blkdev_swap.o - - obj-$(CONFIG_BINFMT_AOUT) += binfmt_aout.o - obj-$(CONFIG_BINFMT_EM86) += binfmt_em86.o -diff -Nurb linux.orig/fs/blkdev_swap.c linux/fs/blkdev_swap.c ---- linux.orig/fs/blkdev_swap.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux/fs/blkdev_swap.c 2004-05-31 02:18:03.000000000 -0400 -@@ -0,0 +1,309 @@ -+/* -+ * Swapping to partitions or files located on partitions. -+ */ -+ -+#include <linux/config.h> -+#include <linux/module.h> -+#include <linux/init.h> -+#include <linux/slab.h> -+#include <linux/locks.h> -+#include <linux/blkdev.h> -+#include <linux/pagemap.h> -+#include <linux/swap.h> -+#include <linux/fs.h> -+ -+#ifdef DEBUG_BLKDEV_SWAP -+# define dprintk(fmt...) printk(##fmt) -+#else -+# define dprintk(fmt...) do { /* */ } while (0) -+#endif -+ -+#define BLKDEV_SWAP_ID "blkdev" -+#define BLKDEV_FILE_SWAP_ID "blkdev file" -+ -+/* -+ * Helper function, copied here from buffer.c -+ */ -+ -+/* -+ * Start I/O on a page. -+ * This function expects the page to be locked and may return -+ * before I/O is complete. You then have to check page->locked -+ * and page->uptodate. -+ * -+ * brw_page() is SMP-safe, although it's being called with the -+ * kernel lock held - but the code is ready. -+ * -+ * FIXME: we need a swapper_inode->get_block function to remove -+ * some of the bmap kludges and interface ugliness here. -+ */ -+int brw_page(int rw, struct page *page, kdev_t dev, int b[], int size) -+{ -+ struct buffer_head *head, *bh; -+ -+ if (!PageLocked(page)) -+ panic("brw_page: page not locked for I/O"); -+ -+ if (!page->buffers) -+ create_empty_buffers(page, dev, size); -+ head = bh = page->buffers; -+ -+ /* Stage 1: lock all the buffers */ -+ do { -+ lock_buffer(bh); -+ bh->b_blocknr = *(b++); -+ set_bit(BH_Mapped, &bh->b_state); -+ set_buffer_async_io(bh); -+ bh = bh->b_this_page; -+ } while (bh != head); -+ -+ /* Stage 2: start the IO */ -+ do { -+ struct buffer_head *next = bh->b_this_page; -+ submit_bh(rw, bh); -+ bh = next; -+ } while (bh != head); -+ return 0; -+} -+ -+/* -+ * We implement to methods: swapping to partitions, and swapping to files -+ * located on partitions. -+ */ -+ -+struct blkdev_swap_data { -+ kdev_t dev; -+}; -+ -+struct test_data { -+ struct file * filp; -+ kdev_t dev; -+}; -+ -+static int is_blkdev_swapping(unsigned int flags, -+ struct file * swapf, -+ void *data) -+{ -+ struct test_data *testdata = (struct test_data *) data; -+ struct file * filp = testdata->filp; -+ kdev_t dev = testdata->dev; -+ -+ /* Only check filp's that don't match the one already opened -+ * for us by sys_swapon(). Otherwise, we will always flag a -+ * busy swap file. -+ */ -+ -+ if (swapf != filp) { -+ if (dev == swapf->f_dentry->d_inode->i_rdev) -+ return 1; -+ } -+ return 0; -+} -+ -+static int blkdev_swap_open(struct file * filp, void **dptr) -+{ -+ int swapfilesize; -+ kdev_t dev; -+ struct blkdev_swap_data *data; -+ int error; -+ struct test_data testdata; -+ -+ MOD_INC_USE_COUNT; -+ -+ if (!S_ISBLK(filp->f_dentry->d_inode->i_mode)) { -+ dprintk(__FUNCTION__": can't handle this swap file: %s\n", -+ swapf->d_name.name); -+ error = 0; /* not for us */ -+ goto bad_swap; -+ } -+ -+ dev = filp->f_dentry->d_inode->i_rdev; -+ set_blocksize(dev, PAGE_SIZE); -+ error = -ENODEV; -+ if (!dev || -+ (blk_size[MAJOR(dev)] && !blk_size[MAJOR(dev)][MINOR(dev)])) { -+ printk("blkdev_swap_open: blkdev weirdness for %s\n", -+ filp->f_dentry->d_name.name); -+ goto bad_swap; -+ } -+ -+ /* Check to make sure that we aren't already swapping. */ -+ error = -EBUSY; -+ testdata.filp = filp; -+ testdata.dev = dev; -+ if (swap_run_test(is_blkdev_swapping, &testdata)) { -+ printk("blkdev_swap_open: already swapping to %s\n", -+ filp->f_dentry->d_name.name); -+ goto bad_swap; -+ } -+ -+ swapfilesize = 0; -+ if (blk_size[MAJOR(dev)]) -+ swapfilesize = blk_size[MAJOR(dev)][MINOR(dev)] -+ >> (PAGE_SHIFT - 10); -+ -+ if ((data = kmalloc(sizeof(*data), GFP_KERNEL)) == NULL) { -+ printk("blkdev_swap_open: can't allocate data for %s\n", -+ filp->f_dentry->d_name.name); -+ error = -ENOMEM; -+ goto bad_swap; -+ } -+ data->dev = dev; -+ *dptr = data; -+ -+ dprintk("blkdev_swap_open: returning %d\n", swapfilesize); -+ return swapfilesize; -+ -+ bad_swap: -+ MOD_DEC_USE_COUNT; -+ return error; /* this swap thing is not for us */ -+} -+ -+static int blkdev_swap_release(struct file * filp, void *data) -+{ -+ dprintk("blkdev_swap_release: releasing swap device %s\n", -+ filp->f_dentry->d_name.name); -+ kfree(data); -+ MOD_DEC_USE_COUNT; -+ return 0; -+} -+ -+static int blkdev_rw_page(int rw, struct page *page, unsigned long offset, -+ void *ptr) -+{ -+ struct blkdev_swap_data *data = (struct blkdev_swap_data *)ptr; -+ brw_page(rw, page, data->dev, (int *)&offset, PAGE_SIZE); -+ return 1; -+} -+ -+static struct swap_ops blkdev_swap_ops = { -+ blkdev_swap_open, -+ blkdev_swap_release, -+ blkdev_rw_page -+}; -+ -+struct blkdevfile_swap_data { -+ struct inode *swapf; -+}; -+ -+static int is_blkdevfile_swapping(unsigned int flags, -+ struct file * swapf, -+ void * data) -+{ -+ struct file * filp = (struct file *) data; -+ -+ /* Only check filp's that don't match the one already opened -+ * for us by sys_swapon(). Otherwise, we will always flag a -+ * busy swap file. -+ */ -+ -+ if (swapf != filp) { -+ if (filp->f_dentry->d_inode == swapf->f_dentry->d_inode) -+ return 1; -+ } -+ return 0; -+} -+ -+static int blkdevfile_swap_open(struct file *swapf, void **dptr) -+{ -+ int error = 0; -+ int swapfilesize; -+ struct blkdevfile_swap_data *data; -+ -+ MOD_INC_USE_COUNT; -+ -+ /* first check whether this is a regular file located on a local -+ * hard disk -+ */ -+ if (!S_ISREG(swapf->f_dentry->d_inode->i_mode)) { -+ dprintk("blkdevfile_swap_open: " -+ "can't handle this swap file: %s\n", -+ swapf->d_name.name); -+ error = 0; /* not for us */ -+ goto bad_swap; -+ } -+ if (!swapf->f_dentry->d_inode->i_mapping->a_ops->bmap) { -+ dprintk("blkdevfile_swap_open: no bmap for file: %s\n", -+ swapf->d_name.name); -+ error = 0; /* not for us */ -+ goto bad_swap; -+ } -+ -+ if (swap_run_test(is_blkdevfile_swapping, swapf)) { -+ dprintk("blkdevfile_swap_open: already swapping to %s\n", -+ swapf->d_name.name); -+ error = -EBUSY; -+ goto bad_swap; -+ } -+ swapfilesize = swapf->f_dentry->d_inode->i_size >> PAGE_SHIFT; -+ if ((data = kmalloc(sizeof(*data), GFP_KERNEL)) == NULL) { -+ error = -ENOMEM; -+ goto bad_swap; -+ } -+ data->swapf = swapf->f_dentry->d_inode; -+ *dptr = data; -+ return swapfilesize; -+ -+ bad_swap: -+ MOD_DEC_USE_COUNT; -+ return error; -+} -+ -+static int blkdevfile_swap_release(struct file *swapf, void *data) -+{ -+ kfree(data); -+ MOD_DEC_USE_COUNT; -+ return 0; -+} -+ -+static int blkdevfile_rw_page(int rw, struct page *page, unsigned long offset, -+ void *ptr) -+{ -+ struct blkdevfile_swap_data *data = (struct blkdevfile_swap_data *)ptr; -+ struct inode * swapf = data->swapf; -+ int i, j; -+ unsigned int block = offset -+ << (PAGE_SHIFT - swapf->i_sb->s_blocksize_bits); -+ kdev_t dev = swapf->i_dev; -+ int block_size; -+ int zones[PAGE_SIZE/512]; -+ int zones_used; -+ -+ block_size = swapf->i_sb->s_blocksize; -+ for (i=0, j=0; j< PAGE_SIZE ; i++, j += block_size) -+ if (!(zones[i] = bmap(swapf,block++))) { -+ printk("blkdevfile_rw_page: bad swap file\n"); -+ return 0; -+ } -+ zones_used = i; -+ -+ /* block_size == PAGE_SIZE/zones_used */ -+ brw_page(rw, page, dev, zones, block_size); -+ return 1; -+} -+ -+static struct swap_ops blkdevfile_swap_ops = { -+ blkdevfile_swap_open, -+ blkdevfile_swap_release, -+ blkdevfile_rw_page -+ }; -+ -+int __init blkdev_swap_init(void) -+{ -+ (void)register_swap_method(BLKDEV_SWAP_ID, &blkdev_swap_ops); -+ (void)register_swap_method(BLKDEV_FILE_SWAP_ID, &blkdevfile_swap_ops); -+ return 0; -+} -+ -+void __exit blkdev_swap_exit(void) -+{ -+ unregister_swap_method(BLKDEV_SWAP_ID); -+ unregister_swap_method(BLKDEV_FILE_SWAP_ID); -+} -+ -+module_init(blkdev_swap_init) -+module_exit(blkdev_swap_exit) -+ -+MODULE_LICENSE("GPL"); -+MODULE_AUTHOR("Many. Stuffed into a module by cH (Claus-Justus Heine)"); -+MODULE_DESCRIPTION("Swapping to partitions and files on local hard-disks"); -diff -Nurb linux.orig/fs/buffer.c linux/fs/buffer.c ---- linux.orig/fs/buffer.c 2003-07-04 04:12:05.000000000 -0400 -+++ linux/fs/buffer.c 2004-05-31 02:21:05.000000000 -0400 -@@ -743,7 +743,7 @@ - bh->b_private = private; - } - --static void end_buffer_io_async(struct buffer_head * bh, int uptodate) -+void end_buffer_io_async(struct buffer_head * bh, int uptodate) - { - static spinlock_t page_uptodate_lock = SPIN_LOCK_UNLOCKED; - unsigned long flags; -@@ -2344,35 +2344,6 @@ - return err; - } - --int brw_page(int rw, struct page *page, kdev_t dev, int b[], int size) --{ -- struct buffer_head *head, *bh; -- -- if (!PageLocked(page)) -- panic("brw_page: page not locked for I/O"); -- -- if (!page->buffers) -- create_empty_buffers(page, dev, size); -- head = bh = page->buffers; -- -- /* Stage 1: lock all the buffers */ -- do { -- lock_buffer(bh); -- bh->b_blocknr = *(b++); -- set_bit(BH_Mapped, &bh->b_state); -- set_buffer_async_io(bh); -- bh = bh->b_this_page; -- } while (bh != head); -- -- /* Stage 2: start the IO */ -- do { -- struct buffer_head *next = bh->b_this_page; -- submit_bh(rw, bh); -- bh = next; -- } while (bh != head); -- return 0; --} -- - int block_symlink(struct inode *inode, const char *symname, int len) - { - struct address_space *mapping = inode->i_mapping; -diff -Nurb linux.orig/fs/nfs/Makefile linux/fs/nfs/Makefile ---- linux.orig/fs/nfs/Makefile 2003-07-04 04:12:07.000000000 -0400 -+++ linux/fs/nfs/Makefile 2004-05-31 02:18:03.000000000 -0400 -@@ -15,6 +15,14 @@ - obj-$(CONFIG_ROOT_NFS) += nfsroot.o mount_clnt.o - obj-$(CONFIG_NFS_V3) += nfs3proc.o nfs3xdr.o - --obj-m := $(O_TARGET) -+obj-$(CONFIG_SWAP_VIA_NFS) += nfsswap.o -+ifeq ($(CONFIG_SWAP_VIA_NFS),m) -+export-objs := nfs_syms.o -+obj-y += nfs_syms.o -+endif -+ -+ifeq ($(CONFIG_NFS_FS),m) -+obj-m += $(O_TARGET) -+endif - - include $(TOPDIR)/Rules.make -diff -Nurb linux.orig/fs/nfs/file.c linux/fs/nfs/file.c ---- linux.orig/fs/nfs/file.c 2003-07-04 04:12:07.000000000 -0400 -+++ linux/fs/nfs/file.c 2004-05-31 02:18:03.000000000 -0400 -@@ -58,11 +58,6 @@ - setattr: nfs_notify_change, - }; - --/* Hack for future NFS swap support */ --#ifndef IS_SWAPFILE --# define IS_SWAPFILE(inode) (0) --#endif -- - /* - * Flush all dirty pages, and check for write errors. - * -@@ -217,8 +212,6 @@ - inode->i_ino, (unsigned long) count, (unsigned long) *ppos); - - result = -EBUSY; -- if (IS_SWAPFILE(inode)) -- goto out_swapfile; - result = nfs_revalidate_inode(NFS_SERVER(inode), inode); - if (result) - goto out; -@@ -230,10 +223,6 @@ - result = generic_file_write(file, buf, count, ppos); - out: - return result; -- --out_swapfile: -- printk(KERN_INFO "NFS: attempt to write to active swap file!\n"); -- goto out; - } - - /* -diff -Nurb linux.orig/fs/nfs/nfs_syms.c linux/fs/nfs/nfs_syms.c ---- linux.orig/fs/nfs/nfs_syms.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux/fs/nfs/nfs_syms.c 2004-05-31 02:18:03.000000000 -0400 -@@ -0,0 +1,10 @@ -+#include <linux/config.h> -+#define __NO_VERSION__ -+#include <linux/module.h> -+#include <linux/types.h> -+#include <linux/sunrpc/clnt.h> -+#include <linux/nfs_fs.h> -+ -+EXPORT_SYMBOL(__nfs_refresh_inode); -+EXPORT_SYMBOL(nfs_write_attributes); -+ -diff -Nurb linux.orig/fs/nfs/nfsswap.c linux/fs/nfs/nfsswap.c ---- linux.orig/fs/nfs/nfsswap.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux/fs/nfs/nfsswap.c 2004-05-31 02:18:03.000000000 -0400 -@@ -0,0 +1,350 @@ -+/* -+ * Swapping to files located on NFS mounted volumes -+ * Copyright (c) 2000 Claus-Justus Heine -+ * -+ */ -+ -+#include <linux/config.h> -+#include <linux/module.h> -+#include <linux/init.h> -+#include <linux/types.h> -+#include <linux/slab.h> -+#include <linux/swap.h> -+#include <linux/pagemap.h> -+#include <linux/file.h> -+#include <linux/fs.h> -+#include <linux/socket.h> -+#include <linux/smp_lock.h> -+#include <net/netswapping.h> -+#include <net/sock.h> -+ -+#include <linux/sunrpc/clnt.h> -+#include <linux/nfs_fs.h> -+#include <linux/nfs_fs_sb.h> -+#include <asm/uaccess.h> -+ -+#define NFSDBG_FACILITY NFSDBG_SWAP -+ -+#define NFS_SWAP_ID "nfs file" -+ -+/* we cache some values here. In principle, we only need the file. -+ */ -+struct nfs_swap_data { -+ struct file *file; -+ struct inode *inode; -+ struct nfs_server *server; -+ struct socket *socket; -+}; -+ -+/* Nearly a clone of nfs_readpage_sync() in read.c, but "struct page" does not -+ * contain information about the file offset when swapping. So. -+ */ -+static int nfs_read_swap_page(struct page *page, -+ struct nfs_server *server, -+ struct inode *inode, -+ struct file *file) -+{ -+ unsigned int rsize = server->rsize; -+ unsigned int count = PAGE_SIZE; -+ unsigned int offset = 0; /* always at start of page */ -+ int result, eof; -+ struct rpc_cred *cred; -+ struct nfs_fattr fattr; -+ -+ cred = nfs_file_cred(file); -+ -+ do { -+ if (count < rsize) -+ rsize = count; -+ -+ lock_kernel(); -+ result = NFS_PROTO(inode)->read(inode, cred, -+ &fattr, -+ NFS_RPC_SWAPFLAGS, -+ offset, rsize, page, &eof); -+ nfs_refresh_inode(inode, &fattr); -+ unlock_kernel(); -+ -+ /* -+ * Even if we had a partial success we can't mark the page -+ * cache valid. -+ */ -+ if (result < 0) { -+ if (result == -EISDIR) -+ result = -EINVAL; -+ goto io_error; -+ } -+ count -= result; -+ offset += result; -+ if (result < rsize) /* NFSv2ism */ -+ break; -+ } while (count); -+ -+ if (count) { -+ char *kaddr = kmap(page); -+ memset(kaddr + offset, 0, count); -+ kunmap(page); -+ } -+ flush_dcache_page(page); -+ result = 0; -+ -+io_error: -+ return result; -+} -+ -+/* Like nfs_writepage_sync(), but when swapping page->index does not encode -+ * the offset in the swap file alone. -+ * -+ */ -+static int nfs_write_swap_page(struct page *page, -+ struct nfs_server *server, -+ struct inode *inode, -+ struct file *file) -+{ -+ struct rpc_cred *cred; -+ unsigned int wsize = server->wsize; -+ unsigned int count = PAGE_SIZE; -+ unsigned int offset = 0; -+ int result; -+ struct nfs_writeverf verf; -+ struct nfs_fattr fattr; -+ -+ cred = nfs_file_cred(file); -+ -+ do { -+ if (count < wsize) -+ wsize = count; -+ -+ lock_kernel(); -+ result = NFS_PROTO(inode)->write(inode, cred, &fattr, -+ NFS_RW_SWAP|NFS_RW_SYNC, -+ offset, wsize, page, &verf); -+ nfs_write_attributes(inode, &fattr); -+ unlock_kernel(); -+ -+ if (result < 0) { -+ goto io_error; -+ } -+ if (result != wsize) -+ printk("NFS: short write, wsize=%u, result=%d\n", -+ wsize, result); -+ offset += wsize; -+ count -= wsize; -+ /* -+ * If we've extended the file, update the inode -+ * now so we don't invalidate the cache. -+ */ -+ if (offset > inode->i_size) -+ inode->i_size = offset; -+ } while (count); -+ -+ result = 0; -+ -+io_error: -+ -+ return result; -+} -+ -+/* Unluckily (for us) form 2.4.19 -> 2.4.20 the nfs-proc's where -+ * changed and expect now a proper file-mapping page, where index -+ * encodes the offset alone. -+ * -+ * What we do: we save the original value of page->index, initialize -+ * page->index to what the NFS/sun-rpc subsystem expects and restore -+ * the index later. -+ */ -+static int nfs_rw_swap_page(int rw, struct page *page, -+ unsigned long offset, void *dptr) -+{ -+ int error; -+ struct nfs_swap_data *data = dptr; -+ unsigned long alloc_flag = current->flags & PF_MEMALLOC; -+ unsigned long page_index; -+ -+ if (!PageLocked(page)) -+ panic("nfs_rw_swap_page: page not locked for I/O"); -+ -+ /* prevent memory deadlocks */ -+ if (!(current->flags & PF_MEMALLOC)) { -+ dprintk("nfs_rw_swap_page: Setting PF_MEMALLOC\n"); -+ } -+ current->flags |= PF_MEMALLOC; -+ -+ /* now tweak the page->index field ... */ -+ page_index = page->index; -+ page->index = ((loff_t)offset*(loff_t)PAGE_SIZE) >> PAGE_CACHE_SHIFT; -+ -+ if (rw == WRITE) { -+ error = nfs_write_swap_page(page, -+ data->server, -+ data->inode, -+ data->file); -+ } else { -+ error = nfs_read_swap_page(page, -+ data->server, -+ data->inode, -+ data->file); -+ } -+ -+ if (!alloc_flag) { -+ current->flags &= ~PF_MEMALLOC; -+ } -+ -+ /* now restore the page->index field ... */ -+ page->index = page_index; -+ -+ if (error) { -+ /* Must mark the page invalid after I/O error */ -+ SetPageError(page); -+ ClearPageUptodate(page); -+ } else { -+ ClearPageError(page); -+ SetPageUptodate(page); -+ } -+ -+ if (!error) { /* in case of an error rw_swap_page() likes to unlock -+ * itself. -+ */ -+ UnlockPage(page); -+ } -+ -+ return error < 0 ? 0 : 1; -+} -+ -+static int is_nfsfile_swapping(unsigned int flags, -+ struct file * swapf, -+ void * data) -+{ -+ struct file * filp = (struct file *) data; -+ -+ /* Only check filp's that don't match the one already opened -+ * for us by sys_swapon(). Otherwise, we will always flag a -+ * busy swap file. -+ */ -+ -+ if (swapf != filp) { -+ if (filp->f_dentry->d_inode == swapf->f_dentry->d_inode) -+ return 1; -+ } -+ return 0; -+} -+ -+static int nfs_swap_open(struct file *swapf, void **dptr) -+{ -+ int error = 0; -+ int swapfilesize; -+ struct nfs_swap_data *data; -+ int on = 1; -+ mm_segment_t fs; -+ struct inode *inode = swapf->f_dentry->d_inode; -+ -+ MOD_INC_USE_COUNT; -+ -+ if (!S_ISREG(inode->i_mode)) { -+ dprintk("nfs_swap_open: can't handle this swap file: %s\n", -+ swapf->f_dentry->d_name.name); -+ error = 0; /* not for us */ -+ goto bad_swap; -+ } -+ /* determine whether this file really is located on an NFS mounted -+ * volume -+ */ -+ if (!inode->i_sb || inode->i_sb->s_magic != NFS_SUPER_MAGIC) { -+ dprintk("nfs_swap_open: %s is not an NFS file.\n", -+ swapf->f_dentry->d_name.name); -+ error = 0; /* not for us */ -+ goto bad_swap; -+ } -+ -+ if (swap_run_test(is_nfsfile_swapping, swapf)) { -+ dprintk("nfs_swap_open: already swapping to %s\n", -+ swapf->f_dentry->d_name.name); -+ error = -EBUSY; -+ goto bad_swap; -+ } -+ swapfilesize = inode->i_size >> PAGE_SHIFT; -+ if ((data = kmalloc(sizeof(*data), GFP_KERNEL)) == NULL) { -+ error = -ENOMEM; -+ goto bad_swap; -+ } -+ data->file = swapf; -+ data->inode = inode; -+ data->server = NFS_SERVER(inode); -+ data->socket = data->server->client->cl_xprt->sock; -+ -+ /* set socket option SO_SWAPPING */ -+ fs = get_fs(); -+ set_fs(KERNEL_DS); -+ error = sock_setsockopt(data->socket, SOL_SOCKET, SO_SWAPPING, -+ (char *)&on, sizeof(on)); -+ set_fs(fs); -+ if (error) { -+ dprintk("nfs_swap_open: error setting SO_SWAPPING\n"); -+ goto bad_swap_2; -+ } -+ -+ *dptr = data; -+ return swapfilesize; -+ -+ bad_swap_2: -+ kfree(data); -+ bad_swap: -+ MOD_DEC_USE_COUNT; -+ return error; -+} -+ -+static int nfs_swap_release(struct file *swapf, void *dptr) -+{ -+ struct nfs_swap_data *data = (struct nfs_swap_data *)dptr; -+ int off = 0; -+ mm_segment_t fs; -+ int error; -+ -+#if 1 -+ if (swapf != data->file || -+ swapf->f_dentry->d_inode != data->inode || -+ !swapf->f_dentry->d_inode->i_sb || -+ swapf->f_dentry->d_inode->i_sb->s_magic != NFS_SUPER_MAGIC || -+ NFS_SERVER(swapf->f_dentry->d_inode) != data->server || -+ data->socket != data->server->client->cl_xprt->sock) { -+ panic("nfs_swap_release: nfs swap data messed up"); -+ } -+#endif -+ -+ /* remove socket option SO_SWAPPING */ -+ fs = get_fs(); -+ set_fs(KERNEL_DS); -+ error = sock_setsockopt(data->socket, SOL_SOCKET, SO_SWAPPING, -+ (char *)&off, sizeof(off)); -+ set_fs(fs); -+ if (error) { -+ dprintk("nfs_swap_open: error clearing SO_SWAPPING\n"); -+ } -+ kfree(data); -+ MOD_DEC_USE_COUNT; -+ return error; -+} -+ -+static struct swap_ops nfs_swap_ops = { -+ open: nfs_swap_open, -+ release: nfs_swap_release, -+ rw_page: nfs_rw_swap_page -+}; -+ -+int __init nfs_swap_init(void) -+{ -+ (void)register_swap_method(NFS_SWAP_ID, &nfs_swap_ops); -+ return 0; -+} -+ -+void __exit nfs_swap_exit(void) -+{ -+ unregister_swap_method(NFS_SWAP_ID); -+} -+ -+module_init(nfs_swap_init) -+module_exit(nfs_swap_exit) -+ -+MODULE_LICENSE("GPL"); -+MODULE_AUTHOR("(c) 1996-2002 cH (Claus-Justus Heine)"); -+MODULE_DESCRIPTION("Swapping to files located on volumes mounted via NFS"); -diff -Nurb linux.orig/fs/nfs/read.c linux/fs/nfs/read.c ---- linux.orig/fs/nfs/read.c 2003-07-04 04:12:08.000000000 -0400 -+++ linux/fs/nfs/read.c 2004-05-31 02:18:03.000000000 -0400 -@@ -50,11 +50,6 @@ - */ - static void nfs_readpage_result(struct rpc_task *task); - --/* Hack for future NFS swap support */ --#ifndef IS_SWAPFILE --# define IS_SWAPFILE(inode) (0) --#endif -- - static kmem_cache_t *nfs_rdata_cachep; - - static __inline__ struct nfs_read_data *nfs_readdata_alloc(void) -@@ -92,7 +87,6 @@ - int rsize = NFS_SERVER(inode)->rsize; - int result; - int count = PAGE_CACHE_SIZE; -- int flags = IS_SWAPFILE(inode)? NFS_RPC_SWAPFLAGS : 0; - int eof; - - dprintk("NFS: nfs_readpage_sync(%p)\n", page); -@@ -114,7 +108,7 @@ - offset, rsize, page); - - lock_kernel(); -- result = NFS_PROTO(inode)->read(inode, cred, &fattr, flags, -+ result = NFS_PROTO(inode)->read(inode, cred, &fattr, 0, - offset, rsize, page, &eof); - nfs_refresh_inode(inode, &fattr); - unlock_kernel(); -@@ -246,7 +240,7 @@ - task = &data->task; - - /* N.B. Do we need to test? Never called for swapfile inode */ -- flags = RPC_TASK_ASYNC | (IS_SWAPFILE(inode)? NFS_RPC_SWAPFLAGS : 0); -+ flags = RPC_TASK_ASYNC; - - nfs_read_rpcsetup(head, data); - -@@ -476,8 +470,6 @@ - } - - error = nfs_readpage_sync(file, inode, page); -- if (error < 0 && IS_SWAPFILE(inode)) -- printk("Aiee.. nfs swap-in of page failed!\n"); - out: - return error; - -diff -Nurb linux.orig/fs/nfs/write.c linux/fs/nfs/write.c ---- linux.orig/fs/nfs/write.c 2003-07-04 04:12:08.000000000 -0400 -+++ linux/fs/nfs/write.c 2004-05-31 02:20:47.000000000 -0400 -@@ -3,7 +3,6 @@ - #include <linux/config.h> - #include <linux/types.h> - #include <linux/slab.h> --#include <linux/swap.h> - #include <linux/pagemap.h> - #include <linux/file.h> - -@@ -46,11 +45,6 @@ - static void nfs_commit_done(struct rpc_task *); - #endif - --/* Hack for future NFS swap support */ --#ifndef IS_SWAPFILE --# define IS_SWAPFILE(inode) (0) --#endif -- - static kmem_cache_t *nfs_wdata_cachep; - - static __inline__ struct nfs_write_data *nfs_writedata_alloc(void) -@@ -82,7 +76,7 @@ - * For the moment, we just call nfs_refresh_inode(). - */ - static __inline__ int --nfs_write_attributes(struct inode *inode, struct nfs_fattr *fattr) -+__nfs_write_attributes(struct inode *inode, struct nfs_fattr *fattr) - { - if ((fattr->valid & NFS_ATTR_FATTR) && !(fattr->valid & NFS_ATTR_WCC)) { - fattr->pre_size = NFS_CACHE_ISIZE(inode); -@@ -93,6 +87,11 @@ - return nfs_refresh_inode(inode, fattr); - } - -+int nfs_write_attributes(struct inode *inode, struct nfs_fattr *fattr) -+{ -+ return __nfs_write_attributes(inode, fattr); -+} -+ - /* - * Write a page synchronously. - * Offset is the data offset within the page. -@@ -104,8 +103,7 @@ - struct rpc_cred *cred = NULL; - loff_t base; - unsigned int wsize = NFS_SERVER(inode)->wsize; -- int result, refresh = 0, written = 0, flags; -- u8 *buffer; -+ int result, refresh = 0, written = 0; - struct nfs_fattr fattr; - struct nfs_writeverf verf; - -@@ -121,15 +119,14 @@ - - base = page_offset(page) + offset; - -- flags = ((IS_SWAPFILE(inode)) ? NFS_RW_SWAP : 0) | NFS_RW_SYNC; -- - do { -- if (count < wsize && !IS_SWAPFILE(inode)) -+ if (count < wsize) - wsize = count; - -- result = NFS_PROTO(inode)->write(inode, cred, &fattr, flags, -+ result = NFS_PROTO(inode)->write(inode, cred, &fattr, -+ NFS_RW_SYNC, - offset, wsize, page, &verf); -- nfs_write_attributes(inode, &fattr); -+ __nfs_write_attributes(inode, &fattr); - - if (result < 0) { - /* Must mark the page invalid after I/O error */ -@@ -140,7 +137,6 @@ - printk("NFS: short write, wsize=%u, result=%d\n", - wsize, result); - refresh = 1; -- buffer += wsize; - base += wsize; - offset += wsize; - written += wsize; -@@ -979,7 +975,7 @@ - } - #endif - -- nfs_write_attributes(inode, resp->fattr); -+ __nfs_write_attributes(inode, resp->fattr); - while (!list_empty(&data->pages)) { - req = nfs_list_entry(data->pages.next); - nfs_list_remove_request(req); -@@ -1133,7 +1129,7 @@ - if (nfs_async_handle_jukebox(task)) - return; - -- nfs_write_attributes(inode, resp->fattr); -+ __nfs_write_attributes(inode, resp->fattr); - while (!list_empty(&data->pages)) { - req = nfs_list_entry(data->pages.next); - nfs_list_remove_request(req); -diff -Nurb linux.orig/include/linux/fs.h linux/include/linux/fs.h ---- linux.orig/include/linux/fs.h 2004-05-31 02:06:19.000000000 -0400 -+++ linux/include/linux/fs.h 2004-05-31 02:18:03.000000000 -0400 -@@ -1500,6 +1500,10 @@ - extern int inode_change_ok(struct inode *, struct iattr *); - extern int inode_setattr(struct inode *, struct iattr *); - -+/* for swapping to block devices */ -+void create_empty_buffers(struct page *page, kdev_t dev, unsigned long blocksize); -+void end_buffer_io_async(struct buffer_head * bh, int uptodate); -+ - /* - * Common dentry functions for inclusion in the VFS - * or in other stackable file systems. Some of these -diff -Nurb linux.orig/include/linux/nfs_fs.h linux/include/linux/nfs_fs.h ---- linux.orig/include/linux/nfs_fs.h 2004-05-31 02:06:28.000000000 -0400 -+++ linux/include/linux/nfs_fs.h 2004-05-31 02:18:03.000000000 -0400 -@@ -40,8 +40,8 @@ - */ - #define NFS_MAX_DIRCACHE 16 - --#define NFS_MAX_FILE_IO_BUFFER_SIZE 32768 --#define NFS_DEF_FILE_IO_BUFFER_SIZE 4096 -+#define NFS_MAX_FILE_IO_BUFFER_SIZE (8*PAGE_SIZE) -+#define NFS_DEF_FILE_IO_BUFFER_SIZE PAGE_SIZE - - /* - * The upper limit on timeouts for the exponential backoff algorithm. -@@ -205,6 +205,8 @@ - extern int nfs_writepage(struct page *); - extern int nfs_flush_incompatible(struct file *file, struct page *page); - extern int nfs_updatepage(struct file *, struct page *, unsigned int, unsigned int); -+extern int nfs_write_attributes(struct inode *inode, struct nfs_fattr *fattr); -+ - /* - * Try to write back everything synchronously (but check the - * return value!) -@@ -375,6 +377,7 @@ - #define NFSDBG_XDR 0x0020 - #define NFSDBG_FILE 0x0040 - #define NFSDBG_ROOT 0x0080 -+#define NFSDBG_SWAP 0x0100 - #define NFSDBG_ALL 0xFFFF - - #ifdef __KERNEL__ -diff -Nurb linux.orig/include/linux/slab.h linux/include/linux/slab.h ---- linux.orig/include/linux/slab.h 2004-05-31 02:06:19.000000000 -0400 -+++ linux/include/linux/slab.h 2004-05-31 02:18:03.000000000 -0400 -@@ -39,6 +39,7 @@ - #define SLAB_HWCACHE_ALIGN 0x00002000UL /* align objs on a h/w cache lines */ - #define SLAB_CACHE_DMA 0x00004000UL /* use GFP_DMA memory */ - #define SLAB_MUST_HWCACHE_ALIGN 0x00008000UL /* force alignment */ -+#define SLAB_LOW_GFP_ORDER 0x00010000UL /* use as low a gfp order as possible */ - - /* flags passed to a constructor func */ - #define SLAB_CTOR_CONSTRUCTOR 0x001UL /* if not set, then deconstructor */ -diff -Nurb linux.orig/include/linux/swap.h linux/include/linux/swap.h ---- linux.orig/include/linux/swap.h 2004-05-31 02:06:19.000000000 -0400 -+++ linux/include/linux/swap.h 2004-05-31 02:18:03.000000000 -0400 -@@ -58,15 +58,29 @@ - #define SWAP_MAP_MAX 0x7fff - #define SWAP_MAP_BAD 0x8000 - -+struct swap_ops { -+ int (*open)(struct file *swapf, void **data); -+ int (*release)(struct file *swapf, void *data); -+ int (*rw_page)(int rw, -+ struct page *page, unsigned long offset, void *data); -+}; -+ -+struct swap_method { -+ struct swap_method *next; -+ char * name; -+ struct swap_ops *ops; -+ int use_count; -+}; -+ - /* - * The in-memory structure used to track swap areas. - */ - struct swap_info_struct { - unsigned int flags; -- kdev_t swap_device; -+ struct file *swap_file; -+ struct swap_method *method; -+ void *data; - spinlock_t sdev_lock; -- struct dentry * swap_file; -- struct vfsmount *swap_vfsmnt; - unsigned short * swap_map; - unsigned int lowest_bit; - unsigned int highest_bit; -@@ -141,11 +155,15 @@ - extern int total_swap_pages; - extern unsigned int nr_swapfiles; - extern struct swap_info_struct swap_info[]; --extern int is_swap_partition(kdev_t); -+extern int register_swap_method(char *name, struct swap_ops *ops); -+extern int unregister_swap_method(char *name); -+extern int swap_run_test(int (*test_fct)(unsigned int flags, -+ struct file *swap_file, -+ void *testdata), void *testdata); - extern void si_swapinfo(struct sysinfo *); - extern swp_entry_t get_swap_page(void); --extern void get_swaphandle_info(swp_entry_t, unsigned long *, kdev_t *, -- struct inode **); -+struct swap_method *get_swaphandle_info(swp_entry_t entry, -+ unsigned long *offset, void **data); - extern int swap_duplicate(swp_entry_t); - extern int swap_count(struct page *); - extern int valid_swaphandles(swp_entry_t, unsigned long *); -diff -Nurb linux.orig/include/net/netswapping.h linux/include/net/netswapping.h ---- linux.orig/include/net/netswapping.h 1969-12-31 19:00:00.000000000 -0500 -+++ linux/include/net/netswapping.h 2004-05-31 02:18:03.000000000 -0400 -@@ -0,0 +1,47 @@ -+#ifndef _LINUX_NETSWAPPING_H -+#define _LINUX_NETSWAPPING_H -+ -+#include <linux/swap.h> -+#include <linux/init.h> -+ -+/* It is a mess. Socket options are defined in asm-ARCH/socket.h */ -+ -+#define SO_SWAPPING 0x00100000 /* hopefully not used by anybody else */ -+ -+#ifdef __KERNEL__ -+ -+#define CTL_NETSWAP 0x00100000 -+ -+enum { -+ NET_SWAP_DROPPED = 1, -+ NET_SWAP_DROP_THRESHOLD = 2, -+ NET_SWAP_SOCK_COUNT = 3 -+}; -+ -+extern unsigned int netswap_free_pages_min; -+extern int netswap_sock_count; -+extern unsigned int netswap_dropped; -+ -+/* this is "#defined" and not inline because sock.h includes us, but we need -+ * the "struct sock" definition. -+ */ -+#define netswap_low_memory(sk, skb) \ -+({ \ -+ int _ret = 0; \ -+ \ -+ if (netswap_sock_count > 0 && /* anybody swapping via network? */ \ -+ !(sk)->swapping && /* but we are not needed for swapping */ \ -+ nr_free_pages() < netswap_free_pages_min) { /* so drop us */ \ -+ printk("netswap_low_memory: " \ -+ "dropping skb 0x%p@0x%p\n", skb, sk); \ -+ netswap_dropped ++; \ -+ _ret = 1; \ -+ } \ -+ _ret; \ -+}) -+ -+extern int __init netswap_init(void); -+ -+#endif -+ -+#endif -diff -Nurb linux.orig/include/net/sock.h linux/include/net/sock.h ---- linux.orig/include/net/sock.h 2004-05-31 02:07:17.000000000 -0400 -+++ linux/include/net/sock.h 2004-05-31 02:18:03.000000000 -0400 -@@ -103,6 +103,10 @@ - #include <linux/filter.h> - #endif - -+#ifdef CONFIG_NETSWAP -+#include <net/netswapping.h> -+#endif -+ - #include <asm/atomic.h> - #include <net/dst.h> - -@@ -536,6 +540,12 @@ - no_check, - broadcast, - bsdism; -+#ifdef CONFIG_NETSWAP -+ /* Increased by SO_SWAPPING with arg != 0, decreased by -+ * SO_SWAPPING with arg 0 -+ */ -+ int swapping; -+#endif - unsigned char debug; - unsigned char rcvtstamp; - unsigned char use_write_queue; -@@ -1165,6 +1175,11 @@ - return err; /* Toss packet */ - } - #endif /* CONFIG_FILTER */ -+#ifdef CONFIG_NETSWAP -+ /* an inline function defined in net/netswapping.h */ -+ if (netswap_low_memory(sk, skb)) -+ return -ENOMEM; -+#endif /* CONFIG_NETSWAP */ - - skb->dev = NULL; - skb_set_owner_r(skb, sk); -diff -Nurb linux.orig/kernel/ksyms.c linux/kernel/ksyms.c ---- linux.orig/kernel/ksyms.c 2004-05-31 02:02:43.000000000 -0400 -+++ linux/kernel/ksyms.c 2004-05-31 02:18:03.000000000 -0400 -@@ -41,6 +41,7 @@ - #include <linux/mm.h> - #include <linux/capability.h> - #include <linux/highuid.h> -+#include <linux/swapctl.h> - #include <linux/brlock.h> - #include <linux/fs.h> - #include <linux/tty.h> -@@ -127,6 +128,11 @@ - EXPORT_SYMBOL(kmap_prot); - EXPORT_SYMBOL(kmap_pte); - #endif -+EXPORT_SYMBOL(nr_free_pages); -+/* EXPORT_SYMBOL(freepages); */ -+EXPORT_SYMBOL(register_swap_method); -+EXPORT_SYMBOL(unregister_swap_method); -+EXPORT_SYMBOL(swap_run_test); - - /* filesystem internal functions */ - EXPORT_SYMBOL(def_blk_fops); -@@ -531,7 +537,7 @@ - EXPORT_SYMBOL(make_bad_inode); - EXPORT_SYMBOL(is_bad_inode); - EXPORT_SYMBOL(event); --EXPORT_SYMBOL(brw_page); -+EXPORT_SYMBOL(end_buffer_io_async); - EXPORT_SYMBOL(__inode_dir_notify); - - #ifdef CONFIG_UID16 -diff -Nurb linux.orig/mm/page_io.c linux/mm/page_io.c ---- linux.orig/mm/page_io.c 2003-07-04 04:12:29.000000000 -0400 -+++ linux/mm/page_io.c 2004-05-31 02:18:03.000000000 -0400 -@@ -36,11 +36,8 @@ - static int rw_swap_page_base(int rw, swp_entry_t entry, struct page *page) - { - unsigned long offset; -- int zones[PAGE_SIZE/512]; -- int zones_used; -- kdev_t dev = 0; -- int block_size; -- struct inode *swapf = 0; -+ struct swap_method *method; -+ void *data; - - if (rw == READ) { - ClearPageUptodate(page); -@@ -48,30 +45,11 @@ - } else - kstat.pswpout++; - -- get_swaphandle_info(entry, &offset, &dev, &swapf); -- if (dev) { -- zones[0] = offset; -- zones_used = 1; -- block_size = PAGE_SIZE; -- } else if (swapf) { -- int i, j; -- unsigned int block = offset -- << (PAGE_SHIFT - swapf->i_sb->s_blocksize_bits); -- -- block_size = swapf->i_sb->s_blocksize; -- for (i=0, j=0; j< PAGE_SIZE ; i++, j += block_size) -- if (!(zones[i] = bmap(swapf,block++))) { -- printk("rw_swap_page: bad swap file\n"); -- return 0; -- } -- zones_used = i; -- dev = swapf->i_dev; -- } else { -+ method = get_swaphandle_info(entry, &offset, &data); -+ if (!method || !method->ops->rw_page(rw, page, offset, data)) { - return 0; - } - -- /* block_size == PAGE_SIZE/zones_used */ -- brw_page(rw, page, dev, zones, block_size); - return 1; - } - -diff -Nurb linux.orig/mm/slab.c linux/mm/slab.c ---- linux.orig/mm/slab.c 2003-07-04 04:12:29.000000000 -0400 -+++ linux/mm/slab.c 2004-05-31 02:18:03.000000000 -0400 -@@ -111,10 +111,12 @@ - # define CREATE_MASK (SLAB_DEBUG_INITIAL | SLAB_RED_ZONE | \ - SLAB_POISON | SLAB_HWCACHE_ALIGN | \ - SLAB_NO_REAP | SLAB_CACHE_DMA | \ -- SLAB_MUST_HWCACHE_ALIGN) -+ SLAB_MUST_HWCACHE_ALIGN | \ -+ SLAB_LOW_GFP_ORDER) - #else - # define CREATE_MASK (SLAB_HWCACHE_ALIGN | SLAB_NO_REAP | \ -- SLAB_CACHE_DMA | SLAB_MUST_HWCACHE_ALIGN) -+ SLAB_CACHE_DMA | SLAB_MUST_HWCACHE_ALIGN | \ -+ SLAB_LOW_GFP_ORDER) - #endif - - /* -@@ -247,8 +249,13 @@ - }; - - /* internal c_flags */ --#define CFLGS_OFF_SLAB 0x010000UL /* slab management in own cache */ --#define CFLGS_OPTIMIZE 0x020000UL /* optimized slab lookup */ -+#define CFLGS_OFF_SLAB 0x020000UL /* slab management in own cache */ -+#define CFLGS_OPTIMIZE 0x040000UL /* optimized slab lookup */ -+#define CFLGS_MASK (CFLGS_OFF_SLAB | CFLGS_OPTIMIZE) -+ -+#if (CFLGS_MASK & CREATE_MASK) -+# error BUG: internal and external SLAB flags overlap -+#endif - - /* c_dflags (dynamic flags). Need to hold the spinlock to access this member */ - #define DFLGS_GROWN 0x000001UL /* don't reap a recently grown */ -@@ -452,7 +459,12 @@ - snprintf(name, sizeof(name), "size-%Zd",sizes->cs_size); - if (!(sizes->cs_cachep = - kmem_cache_create(name, sizes->cs_size, -- 0, SLAB_HWCACHE_ALIGN, NULL, NULL))) { -+ 0, -+#if CONFIG_NETSWAP -+ SLAB_LOW_GFP_ORDER| /* sorry */ -+#endif -+ SLAB_HWCACHE_ALIGN, -+ NULL, NULL))) { - BUG(); - } - -@@ -731,6 +743,8 @@ - break; - if (!cachep->num) - goto next; -+ if (cachep->gfporder == 0 && (flags & SLAB_LOW_GFP_ORDER)) -+ break; - if (flags & CFLGS_OFF_SLAB && cachep->num > offslab_limit) { - /* Oops, this num of objs will cause problems. */ - cachep->gfporder--; -diff -Nurb linux.orig/mm/swapfile.c linux/mm/swapfile.c ---- linux.orig/mm/swapfile.c 2003-07-04 04:12:29.000000000 -0400 -+++ linux/mm/swapfile.c 2004-05-31 02:18:03.000000000 -0400 -@@ -11,12 +11,17 @@ - #include <linux/swap.h> - #include <linux/swapctl.h> - #include <linux/blkdev.h> /* for blk_size */ -+#include <linux/file.h> - #include <linux/vmalloc.h> - #include <linux/pagemap.h> - #include <linux/shm.h> - - #include <asm/pgtable.h> - -+#ifdef CONFIG_KMOD -+#include <linux/kmod.h> -+#endif -+ - spinlock_t swaplock = SPIN_LOCK_UNLOCKED; - unsigned int nr_swapfiles; - int total_swap_pages; -@@ -31,8 +36,78 @@ - - struct swap_info_struct swap_info[MAX_SWAPFILES]; - -+static struct swap_method *swap_methods = NULL; -+ - #define SWAPFILE_CLUSTER 256 - -+int register_swap_method(char *name, struct swap_ops *ops) -+{ -+ struct swap_method *pos; -+ struct swap_method *new; -+ int result = 0; -+ -+ lock_kernel(); -+ -+ for (pos = swap_methods; pos; pos = pos->next) { -+ if (strcmp(pos->name, name) == 0) { -+ printk(KERN_ERR "register_swap_method: " -+ "method %s already registered\n", name); -+ result = -EBUSY; -+ goto out; -+ } -+ } -+ -+ if (!(new = kmalloc(sizeof(*new), GFP_KERNEL))) { -+ printk(KERN_ERR "register_swap_method: " -+ "no memory for new method \"%s\"\n", name); -+ result = -ENOMEM; -+ goto out; -+ } -+ -+ new->name = name; -+ new->ops = ops; -+ new->use_count = 0; -+ -+ /* ok, insert at top of list */ -+ printk("register_swap_method: method %s\n", name); -+ new->next = swap_methods; -+ swap_methods = new; -+ out: -+ unlock_kernel(); -+ return result; -+} -+ -+int unregister_swap_method(char *name) -+{ -+ struct swap_method **method, *next; -+ int result = 0; -+ -+ lock_kernel(); -+ -+ for (method = &swap_methods; *method; method = &(*method)->next) { -+ if (strcmp((*method)->name, name) == 0) { -+ if ((*method)->use_count > 0) { -+ printk(KERN_ERR "unregister_swap_method: " -+ "method \"%s\" is in use\n", name); -+ result = -EBUSY; -+ goto out; -+ } -+ -+ next = (*method)->next; -+ kfree(*method); -+ *method = next; -+ printk("unregister_swap_method: method %s\n", name); -+ goto out; -+ } -+ } -+ /* not found */ -+ printk("unregister_swap_method: no such method %s\n", name); -+ result = -ENOENT; -+ out: -+ unlock_kernel(); -+ return result; -+} -+ - static inline int scan_swap_map(struct swap_info_struct *si) - { - unsigned long offset; -@@ -711,13 +786,14 @@ - struct nameidata nd; - int i, type, prev; - int err; -+ struct file *swap_file; - - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; - - err = user_path_walk(specialfile, &nd); - if (err) -- goto out; -+ return err; - - lock_kernel(); - prev = -1; -@@ -725,15 +801,20 @@ - for (type = swap_list.head; type >= 0; type = swap_info[type].next) { - p = swap_info + type; - if ((p->flags & SWP_WRITEOK) == SWP_WRITEOK) { -- if (p->swap_file == nd.dentry) -+ if (p->swap_file && -+ p->swap_file->f_dentry == nd.dentry) - break; - } - prev = type; - } - err = -EINVAL; -+ /* p->swap_file contains all needed info, no need to keep nd, so -+ * release it now. -+ */ -+ path_release(&nd); - if (type < 0) { - swap_list_unlock(); -- goto out_dput; -+ goto out; - } - - if (prev < 0) { -@@ -767,32 +848,30 @@ - total_swap_pages += p->pages; - p->flags = SWP_WRITEOK; - swap_list_unlock(); -- goto out_dput; -+ goto out; - } -- if (p->swap_device) -- blkdev_put(p->swap_file->d_inode->i_bdev, BDEV_SWAP); -- path_release(&nd); - -+ if (p->method->ops->release) -+ p->method->ops->release(p->swap_file, p->data); - swap_list_lock(); - swap_device_lock(p); -- nd.mnt = p->swap_vfsmnt; -- nd.dentry = p->swap_file; -- p->swap_vfsmnt = NULL; -+ p->method->use_count --; -+ p->method = NULL; -+ p->data = NULL; -+ swap_file = p->swap_file; - p->swap_file = NULL; -- p->swap_device = 0; - p->max = 0; - swap_map = p->swap_map; - p->swap_map = NULL; - p->flags = 0; - swap_device_unlock(p); - swap_list_unlock(); -+ filp_close(swap_file, NULL); - vfree(swap_map); - err = 0; - --out_dput: -- unlock_kernel(); -- path_release(&nd); - out: -+ unlock_kernel(); - return err; - } - -@@ -805,18 +884,17 @@ - if (!page) - return -ENOMEM; - -- len += sprintf(buf, "Filename\t\t\tType\t\tSize\tUsed\tPriority\n"); -+ len += sprintf(buf, "%-32s%-16s%-8s%-8sPriority\n", -+ "Filename", "Type", "Size", "Used"); - for (i = 0 ; i < nr_swapfiles ; i++, ptr++) { - if ((ptr->flags & SWP_USED) && ptr->swap_map) { -- char * path = d_path(ptr->swap_file, ptr->swap_vfsmnt, -+ char * path = d_path(ptr->swap_file->f_dentry, -+ ptr->swap_file->f_vfsmnt, - page, PAGE_SIZE); - - len += sprintf(buf + len, "%-31s ", path); - -- if (!ptr->swap_device) -- len += sprintf(buf + len, "file\t\t"); -- else -- len += sprintf(buf + len, "partition\t"); -+ len += sprintf(buf + len, "%-15s ", ptr->method->name); - - usedswap = 0; - for (j = 0; j < ptr->max; ++j) -@@ -827,7 +905,7 @@ - default: - usedswap++; - } -- len += sprintf(buf + len, "%d\t%d\t%d\n", ptr->pages << (PAGE_SHIFT - 10), -+ len += sprintf(buf + len, "%-8d%-8d%d\n", ptr->pages << (PAGE_SHIFT - 10), - usedswap << (PAGE_SHIFT - 10), ptr->prio); - } - } -@@ -835,18 +913,55 @@ - return len; - } - --int is_swap_partition(kdev_t dev) { -+/* apply a test function to all active swap objects. E.g. for checking -+ * whether a partition is used for swapping -+ */ -+int swap_run_test(int (*test_fct)(unsigned int flags, -+ struct file * swap_file, -+ void *testdata), void *testdata) -+{ - struct swap_info_struct *ptr = swap_info; - int i; - - for (i = 0 ; i < nr_swapfiles ; i++, ptr++) { -- if (ptr->flags & SWP_USED) -- if (ptr->swap_device == dev) -+ if (ptr->swap_file && -+ test_fct(ptr->flags, ptr->swap_file, testdata)) - return 1; - } - return 0; - } - -+/* Walk through the list of known swap method until somebody wants to -+ * handle this file. Pick the first one which claims to be able to -+ * swap to this kind of file. -+ * -+ * return value: < 0: error, 0: not found, > 0: swapfilesize -+ */ -+int find_swap_method(struct file *swap_file, -+ struct swap_info_struct *p) -+{ -+ int swapfilesize = 0; -+ struct swap_method *method; -+ -+ p->method = NULL; -+ for (method = swap_methods; method; method = method->next) { -+ swapfilesize = method->ops->open(swap_file, &p->data); -+ if (swapfilesize == 0) { -+ continue; -+ } -+ if (swapfilesize > 0) { -+ p->method = method; -+ p->method->use_count ++; -+ p->swap_file = swap_file; -+ break; -+ } -+ if (swapfilesize < 0) { -+ break; -+ } -+ } -+ return swapfilesize; -+} -+ - /* - * Written 01/25/92 by Simmule Turner, heavily changed by Linus. - * -@@ -855,8 +970,6 @@ - asmlinkage long sys_swapon(const char * specialfile, int swap_flags) - { - struct swap_info_struct * p; -- struct nameidata nd; -- struct inode * swap_inode; - unsigned int type; - int i, j, prev; - int error; -@@ -866,8 +979,9 @@ - int nr_good_pages = 0; - unsigned long maxpages = 1; - int swapfilesize; -- struct block_device *bdev = NULL; - unsigned short *swap_map; -+ char * tmp_specialfile; -+ struct file *swap_file; - - if (!capable(CAP_SYS_ADMIN)) - return -EPERM; -@@ -886,8 +1000,7 @@ - nr_swapfiles = type+1; - p->flags = SWP_USED; - p->swap_file = NULL; -- p->swap_vfsmnt = NULL; -- p->swap_device = 0; -+ p->method = NULL; - p->swap_map = NULL; - p->lowest_bit = 0; - p->highest_bit = 0; -@@ -901,53 +1014,56 @@ - p->prio = --least_priority; - } - swap_list_unlock(); -- error = user_path_walk(specialfile, &nd); -- if (error) -+ -+ /* Open the swap using filp_open. Bail out on any errors. */ -+ tmp_specialfile = getname(specialfile); -+ if (IS_ERR(tmp_specialfile)) { -+ error = PTR_ERR(tmp_specialfile); - goto bad_swap_2; -+ } -+ p->swap_file = filp_open(tmp_specialfile, O_RDWR, 0600); -+ putname(tmp_specialfile); -+ if (IS_ERR(p->swap_file)) { -+ error = PTR_ERR(p->swap_file); -+ goto bad_swap_1; -+ } - -- p->swap_file = nd.dentry; -- p->swap_vfsmnt = nd.mnt; -- swap_inode = nd.dentry->d_inode; - error = -EINVAL; - -- if (S_ISBLK(swap_inode->i_mode)) { -- kdev_t dev = swap_inode->i_rdev; -- struct block_device_operations *bdops; -- devfs_handle_t de; -- -- p->swap_device = dev; -- set_blocksize(dev, PAGE_SIZE); -- -- bd_acquire(swap_inode); -- bdev = swap_inode->i_bdev; -- de = devfs_get_handle_from_inode(swap_inode); -- bdops = devfs_get_ops(de); /* Increments module use count */ -- if (bdops) bdev->bd_op = bdops; -- -- error = blkdev_get(bdev, FMODE_READ|FMODE_WRITE, 0, BDEV_SWAP); -- devfs_put_ops(de);/*Decrement module use count now we're safe*/ -- if (error) -- goto bad_swap_2; -- set_blocksize(dev, PAGE_SIZE); -- error = -ENODEV; -- if (!dev || (blk_size[MAJOR(dev)] && -- !blk_size[MAJOR(dev)][MINOR(dev)])) -- goto bad_swap; -- swapfilesize = 0; -- if (blk_size[MAJOR(dev)]) -- swapfilesize = blk_size[MAJOR(dev)][MINOR(dev)] -- >> (PAGE_SHIFT - 10); -- } else if (S_ISREG(swap_inode->i_mode)) -- swapfilesize = swap_inode->i_size >> PAGE_SHIFT; -- else -- goto bad_swap; -+ swapfilesize = find_swap_method(p->swap_file, p); -+ if (swapfilesize < 0) { -+ error = swapfilesize; -+ goto bad_swap_1; -+ } -+#ifdef CONFIG_KMOD -+ if (swapfilesize == 0) { -+ (void)request_module("swapfile-mod"); -+ -+ swapfilesize = find_swap_method(p->swap_file, p); -+ if (swapfilesize < 0) { -+ error = swapfilesize; -+ goto bad_swap_1; -+ } -+ } -+#endif -+ if (swapfilesize == 0) { -+ printk("Don't know how to swap to this kind of file\n"); -+ goto bad_swap_1; /* free swap map */ -+ } -+ -+ /* After this point, the swap-file has been opened by the swap -+ * method. We must make sure to use the bad_swap label for any -+ * errors. -+ */ - - error = -EBUSY; - for (i = 0 ; i < nr_swapfiles ; i++) { - struct swap_info_struct *q = &swap_info[i]; - if (i == type || !q->swap_file) - continue; -- if (swap_inode->i_mapping == q->swap_file->d_inode->i_mapping) -+ if (p->swap_file->f_dentry->d_inode->i_mapping -+ == -+ q->swap_file->f_dentry->d_inode->i_mapping) - goto bad_swap; - } - -@@ -1083,17 +1199,27 @@ - swap_list_unlock(); - error = 0; - goto out; -+ - bad_swap: -- if (bdev) -- blkdev_put(bdev, BDEV_SWAP); -+ if (p->method->ops->release) -+ p->method->ops->release(p->swap_file, p->data); -+ swap_list_lock(); -+ p->method->use_count --; -+ p->method = NULL; -+ p->data = NULL; -+ swap_list_unlock(); -+ -+bad_swap_1: -+ swap_list_lock(); -+ swap_file = p->swap_file; -+ p->swap_file = NULL; -+ swap_list_unlock(); -+ filp_close(swap_file, NULL); -+ - bad_swap_2: -+ - swap_list_lock(); - swap_map = p->swap_map; -- nd.mnt = p->swap_vfsmnt; -- nd.dentry = p->swap_file; -- p->swap_device = 0; -- p->swap_file = NULL; -- p->swap_vfsmnt = NULL; - p->swap_map = NULL; - p->flags = 0; - if (!(swap_flags & SWAP_FLAG_PREFER)) -@@ -1101,7 +1227,7 @@ - swap_list_unlock(); - if (swap_map) - vfree(swap_map); -- path_release(&nd); -+ - out: - if (swap_header) - free_page((long) swap_header); -@@ -1217,8 +1343,8 @@ - /* - * Prior swap_duplicate protects against swap device deletion. - */ --void get_swaphandle_info(swp_entry_t entry, unsigned long *offset, -- kdev_t *dev, struct inode **swapf) -+struct swap_method *get_swaphandle_info(swp_entry_t entry, -+ unsigned long *offset, void **data) - { - unsigned long type; - struct swap_info_struct *p; -@@ -1226,32 +1352,26 @@ - type = SWP_TYPE(entry); - if (type >= nr_swapfiles) { - printk(KERN_ERR "rw_swap_page: %s%08lx\n", Bad_file, entry.val); -- return; -+ return NULL; - } - - p = &swap_info[type]; - *offset = SWP_OFFSET(entry); - if (*offset >= p->max && *offset != 0) { - printk(KERN_ERR "rw_swap_page: %s%08lx\n", Bad_offset, entry.val); -- return; -+ return NULL; - } - if (p->swap_map && !p->swap_map[*offset]) { - printk(KERN_ERR "rw_swap_page: %s%08lx\n", Unused_offset, entry.val); -- return; -+ return NULL; - } - if (!(p->flags & SWP_USED)) { - printk(KERN_ERR "rw_swap_page: %s%08lx\n", Unused_file, entry.val); -- return; -+ return NULL; - } - -- if (p->swap_device) { -- *dev = p->swap_device; -- } else if (p->swap_file) { -- *swapf = p->swap_file->d_inode; -- } else { -- printk(KERN_ERR "rw_swap_page: no swap file or device\n"); -- } -- return; -+ *data = p->data; -+ return p->method; - } - - /* -diff -Nurb linux.orig/net/Config.in linux/net/Config.in ---- linux.orig/net/Config.in 2003-07-04 04:12:29.000000000 -0400 -+++ linux/net/Config.in 2004-05-31 02:18:03.000000000 -0400 -@@ -16,6 +16,9 @@ - fi - bool 'Socket Filtering' CONFIG_FILTER - tristate 'Unix domain sockets' CONFIG_UNIX -+if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then -+ bool 'Swapping via network sockets (EXPERIMENTAL)' CONFIG_NETSWAP -+fi - bool 'TCP/IP networking' CONFIG_INET - if [ "$CONFIG_INET" = "y" ]; then - source net/ipv4/Config.in -diff -Nurb linux.orig/net/Makefile linux/net/Makefile ---- linux.orig/net/Makefile 2003-07-04 04:12:29.000000000 -0400 -+++ linux/net/Makefile 2004-05-31 02:18:03.000000000 -0400 -@@ -51,6 +51,7 @@ - ifeq ($(CONFIG_NET),y) - obj-$(CONFIG_MODULES) += netsyms.o - obj-$(CONFIG_SYSCTL) += sysctl_net.o -+obj-$(CONFIG_NETSWAP) += netswapping.o - endif - - include $(TOPDIR)/Rules.make -diff -Nurb linux.orig/net/core/sock.c linux/net/core/sock.c ---- linux.orig/net/core/sock.c 2003-10-14 04:09:32.000000000 -0400 -+++ linux/net/core/sock.c 2004-05-31 02:18:03.000000000 -0400 -@@ -402,6 +402,21 @@ - ret = -ENONET; - break; - #endif -+#ifdef CONFIG_NETSWAP -+ case SO_SWAPPING: -+ if (valbool) { -+ if (!sk->swapping) { -+ netswap_sock_count ++; -+ } -+ sk->swapping ++; -+ } else if (sk->swapping > 0) { -+ sk->swapping --; -+ if (!sk->swapping) { -+ netswap_sock_count --; -+ } -+ } -+ break; -+#endif - /* We implement the SO_SNDLOWAT etc to - not be settable (1003.1g 5.3) */ - default: -@@ -552,6 +567,12 @@ - goto lenout; - } - -+#ifdef CONFIG_NETSWAP -+ case SO_SWAPPING: -+ v.val = sk->swapping; -+ break; -+#endif -+ - /* Dubious BSD thing... Probably nobody even uses it, but - * the UNIX standard wants it for whatever reason... -DaveM - */ -diff -Nurb linux.orig/net/ipv4/tcp_ipv4.c linux/net/ipv4/tcp_ipv4.c ---- linux.orig/net/ipv4/tcp_ipv4.c 2003-10-14 04:09:33.000000000 -0400 -+++ linux/net/ipv4/tcp_ipv4.c 2004-05-31 02:18:03.000000000 -0400 -@@ -1657,6 +1657,12 @@ - if (filter && sk_filter(skb, filter)) - goto discard; - #endif /* CONFIG_FILTER */ -+#ifdef CONFIG_NETSWAP -+ /* tcp doesn't use sock_queue_rcv_skb() ... */ -+ /* an inline function defined in net/netswapping.h */ -+ if (netswap_low_memory(sk, skb)) -+ goto discard; -+#endif /* CONFIG_NETSWAP */ - - IP_INC_STATS_BH(IpInDelivers); - -diff -Nurb linux.orig/net/ipv6/tcp_ipv6.c linux/net/ipv6/tcp_ipv6.c ---- linux.orig/net/ipv6/tcp_ipv6.c 2003-10-14 04:09:34.000000000 -0400 -+++ linux/net/ipv6/tcp_ipv6.c 2004-05-31 02:18:03.000000000 -0400 -@@ -1424,6 +1424,12 @@ - if (filter && sk_filter(skb, filter)) - goto discard; - #endif /* CONFIG_FILTER */ -+#ifdef CONFIG_NETSWAP -+ /* tcp doesn't use sock_queue_rcv_skb() ... */ -+ /* an inline function defined in net/netswapping.h */ -+ if (netswap_low_memory(sk, skb)) -+ goto discard; -+#endif /* CONFIG_NETSWAP */ - - /* - * socket locking is here for SMP purposes as backlog rcv -diff -Nurb linux.orig/net/netswapping.c linux/net/netswapping.c ---- linux.orig/net/netswapping.c 1969-12-31 19:00:00.000000000 -0500 -+++ linux/net/netswapping.c 2004-05-31 02:18:03.000000000 -0400 -@@ -0,0 +1,76 @@ -+/* -+ * linux/net/swapping.c -+ * -+ * Support paging over network connections (inet only) -+ * -+ * (c) 2000 Claus-Justus Heine <heine@instmath.rwth-aachen.de> -+ */ -+ -+#include <linux/slab.h> -+#include <linux/swap.h> -+#include <linux/swapctl.h> -+#include <linux/skbuff.h> -+#include <linux/module.h> -+#include <linux/sysctl.h> -+#include <linux/init.h> -+#include <net/netswapping.h> -+#include <net/sock.h> -+#include <asm/uaccess.h> -+ -+unsigned int netswap_dropped; /* statistics */ -+unsigned int netswap_free_pages_min; -+int netswap_sock_count; /* how many sockets have swapping option set */ -+ -+#ifdef CONFIG_SYSCTL -+ -+static ctl_table netswap_table[] = { -+ {NET_SWAP_DROPPED, "dropped", -+ &netswap_dropped, sizeof(int), 0644, NULL, &proc_dointvec }, -+ {NET_SWAP_DROP_THRESHOLD, "threshold", -+ &netswap_free_pages_min, sizeof(int), 0644, NULL, &proc_dointvec }, -+ {NET_SWAP_SOCK_COUNT, "sock_count", -+ &netswap_sock_count, sizeof(int), 0444, NULL, &proc_dointvec }, -+ {0}, -+}; -+ -+static struct ctl_table_header *netswap_sysctl_header; -+ -+static ctl_table netswap_net_table[] = { -+ {CTL_NETSWAP, "swapping", NULL, 0, 0555, netswap_table}, -+ {0} -+}; -+ -+static ctl_table netswap_root_table[] = { -+ {CTL_NET, "net", NULL, 0, 0555, netswap_net_table}, -+ {0} -+}; -+ -+#endif -+ -+int __init netswap_init(void) -+{ -+ /* drop packets when below this threshold */ -+ netswap_free_pages_min = 32 /* freepages.min */; -+#ifdef CONFIG_SYSCTL -+ netswap_sysctl_header = register_sysctl_table(netswap_root_table, 0); -+#endif -+ return 0; -+} -+ -+void __exit netswap_exit(void) -+{ -+#ifdef CONFIG_SYSCTL -+ unregister_sysctl_table(netswap_sysctl_header); -+#endif -+} -+ -+/* linux/init.h -- VERY nice :-) -+ * -+ * On the other hand, we have no control over the order the initcalls -+ * are performed ... -+ * -+ * Actually, we are not compiled as module ... -+ */ -+ -+module_init(netswap_init) -+module_exit(netswap_exit) -diff -Nurb linux.orig/net/netsyms.c linux/net/netsyms.c ---- linux.orig/net/netsyms.c 2004-05-31 02:02:49.000000000 -0400 -+++ linux/net/netsyms.c 2004-05-31 02:18:03.000000000 -0400 -@@ -601,4 +601,10 @@ - EXPORT_SYMBOL(wireless_send_event); - #endif /* CONFIG_NET_RADIO || CONFIG_NET_PCMCIA_RADIO */ - -+#ifdef CONFIG_NETSWAP -+EXPORT_SYMBOL(netswap_sock_count); -+EXPORT_SYMBOL(netswap_free_pages_min); -+EXPORT_SYMBOL(netswap_dropped); -+#endif -+ - #endif /* CONFIG_NET */ -diff -Nurb linux.orig/net/packet/af_packet.c linux/net/packet/af_packet.c ---- linux.orig/net/packet/af_packet.c 2003-10-14 04:09:35.000000000 -0400 -+++ linux/net/packet/af_packet.c 2004-05-31 02:18:03.000000000 -0400 -@@ -449,6 +449,12 @@ - snaplen = res; - } - #endif /* CONFIG_FILTER */ -+#ifdef CONFIG_NETSWAP -+ /* packet doesn't use sock_queue_rcv_skb() ... */ -+ /* an inline function defined in net/netswapping.h */ -+ if (netswap_low_memory(sk, skb)) -+ goto drop_n_restore; -+#endif /* CONFIG_NETSWAP */ - - if (atomic_read(&sk->rmem_alloc) + skb->truesize >= (unsigned)sk->rcvbuf) - goto drop_n_acct; -@@ -496,7 +502,7 @@ - po->stats.tp_drops++; - spin_unlock(&sk->receive_queue.lock); - --#ifdef CONFIG_FILTER -+#if defined(CONFIG_FILTER) || defined(CONFIG_NETSWAP) - drop_n_restore: - #endif - if (skb_head != skb->data && skb_shared(skb)) { -@@ -557,6 +563,12 @@ - snaplen = res; - } - #endif -+#ifdef CONFIG_NETSWAP -+ /* packet doesn't use sock_queue_rcv_skb() ... */ -+ /* an inline function defined in net/netswapping.h */ -+ if (netswap_low_memory(sk, skb)) -+ goto drop_n_restore; -+#endif /* CONFIG_NETSWAP */ - - if (sk->type == SOCK_DGRAM) { - macoff = netoff = TPACKET_ALIGN(TPACKET_HDRLEN) + 16; -diff -Nurb linux.orig/net/sunrpc/sched.c linux/net/sunrpc/sched.c ---- linux.orig/net/sunrpc/sched.c 2003-07-04 04:12:33.000000000 -0400 -+++ linux/net/sunrpc/sched.c 2004-05-31 02:18:03.000000000 -0400 -@@ -79,10 +79,11 @@ - */ - static spinlock_t rpc_sched_lock = SPIN_LOCK_UNLOCKED; - -+#if CONFIG_SWAP_VIA_NFS || CONFIG_SWAP_VIA_NFS_MODULE - /* - * This is the last-ditch buffer for NFS swap requests - */ --static u32 swap_buffer[PAGE_SIZE >> 2]; -+static u32 swap_buffer[2*PAGE_SIZE >> 2]; - static long swap_buffer_used; - - /* -@@ -96,6 +97,7 @@ - { - clear_bit(1, &swap_buffer_used); - } -+#endif - - /* - * Disable the timer for a given RPC task. Should be called with -@@ -501,6 +503,7 @@ - __rpc_execute(struct rpc_task *task) - { - int status = 0; -+ unsigned long alloc_flag = current->flags & PF_MEMALLOC; - - dprintk("RPC: %4d rpc_execute flgs %x\n", - task->tk_pid, task->tk_flags); -@@ -510,6 +513,13 @@ - return 0; - } - -+ if (task->tk_flags & RPC_TASK_SWAPPER) { -+ if (!current->flags & PF_MEMALLOC) { -+ dprintk("__rpc_execute: Setting PF_MEMALLOC\n"); -+ } -+ current->flags |= PF_MEMALLOC; -+ } -+ - restarted: - while (1) { - /* -@@ -554,7 +564,8 @@ - rpc_set_sleeping(task); - if (RPC_IS_ASYNC(task)) { - spin_unlock_bh(&rpc_queue_lock); -- return 0; -+ status = 0; -+ goto out; - } - } - spin_unlock_bh(&rpc_queue_lock); -@@ -563,7 +574,12 @@ - /* sync task: sleep here */ - dprintk("RPC: %4d sync task going to sleep\n", - task->tk_pid); -- if (current->pid == rpciod_pid) -+ /* it's ok to wait for rpciod when swapping, -+ * because this means it needed memory and is -+ * doing the swap-out itself. -+ */ -+ if (current->pid == rpciod_pid && -+ !(task->tk_flags & RPC_TASK_SWAPPER)) - printk(KERN_ERR "RPC: rpciod waiting on sync task!\n"); - - __wait_event(task->tk_wait, !RPC_IS_SLEEPING(task)); -@@ -608,6 +624,10 @@ - /* Release all resources associated with the task */ - rpc_release_task(task); - -+ out: -+ if (!alloc_flag) { -+ current->flags &= ~PF_MEMALLOC; -+ } - return status; - } - -@@ -699,10 +719,16 @@ - { - u32 *buffer; - int gfp; -+ unsigned long alloc_flag = current->flags & PF_MEMALLOC; -+ void *ret = NULL; - -- if (flags & RPC_TASK_SWAPPER) -+ if (flags & RPC_TASK_SWAPPER) { - gfp = GFP_ATOMIC; -- else if (flags & RPC_TASK_ASYNC) -+ if (!(current->flags & PF_MEMALLOC)) { -+ dprintk("rpc_allocate: Setting PF_MEMALLOC\n"); -+ } -+ current->flags |= PF_MEMALLOC; -+ } else if (flags & RPC_TASK_ASYNC) - gfp = GFP_RPC; - else - gfp = GFP_KERNEL; -@@ -710,29 +736,44 @@ - do { - if ((buffer = (u32 *) kmalloc(size, gfp)) != NULL) { - dprintk("RPC: allocated buffer %p\n", buffer); -- return buffer; -+ ret = buffer; -+ goto out; - } -+#if CONFIG_SWAP_VIA_NFS || CONFIG_SWAP_VIA_NFS_MODULE - if ((flags & RPC_TASK_SWAPPER) && size <= sizeof(swap_buffer) - && rpc_lock_swapbuf()) { - dprintk("RPC: used last-ditch swap buffer\n"); -- return swap_buffer; -+ ret = swap_buffer; -+ goto out; -+#endif -+ } -+ if (flags & RPC_TASK_ASYNC) { -+ ret = NULL; -+ goto out; - } -- if (flags & RPC_TASK_ASYNC) -- return NULL; - yield(); - } while (!signalled()); - -- return NULL; -+ out: -+ if (!alloc_flag) { -+ current->flags &= ~PF_MEMALLOC; -+ } -+ return ret; - } - - void - rpc_free(void *buffer) - { -+#if CONFIG_SWAP_VIA_NFS || CONFIG_SWAP_VIA_NFS_MODULE - if (buffer != swap_buffer) { -+#endif - kfree(buffer); - return; -+#if CONFIG_SWAP_VIA_NFS || CONFIG_SWAP_VIA_NFS_MODULE - } - rpc_unlock_swapbuf(); -+ printk("RPC: Released swap buffer\n"); -+#endif - } - - /* -diff -Nurb linux.orig/net/sunrpc/xprt.c linux/net/sunrpc/xprt.c ---- linux.orig/net/sunrpc/xprt.c 2003-07-04 04:12:33.000000000 -0400 -+++ linux/net/sunrpc/xprt.c 2004-05-31 02:18:03.000000000 -0400 -@@ -139,7 +139,7 @@ - __xprt_lock_write(struct rpc_xprt *xprt, struct rpc_task *task) - { - if (!xprt->snd_task) { -- if (xprt->nocong || __xprt_get_cong(xprt, task)) -+ if (__xprt_get_cong(xprt, task)) - xprt->snd_task = task; - } - if (xprt->snd_task != task) { -@@ -179,7 +179,7 @@ - if (!task) - return; - } -- if (xprt->nocong || __xprt_get_cong(xprt, task)) -+ if (__xprt_get_cong(xprt, task)) - xprt->snd_task = task; - } - -@@ -276,6 +276,9 @@ - { - struct rpc_rqst *req = task->tk_rqstp; - -+ if (xprt->nocong || RPC_IS_SWAPPER(task)) -+ return 1; -+ - if (req->rq_cong) - return 1; - dprintk("RPC: %4d xprt_cwnd_limited cong = %ld cwnd = %ld\n", diff --git a/obsolete-buildroot/sources/openwrt/kernel/patches/140-ebtables-brnf-5.patch b/obsolete-buildroot/sources/openwrt/kernel/patches/140-ebtables-brnf-5.patch deleted file mode 100644 index 60de305..0000000 --- a/obsolete-buildroot/sources/openwrt/kernel/patches/140-ebtables-brnf-5.patch +++ /dev/null @@ -1,5552 +0,0 @@ ---- linux-2.4.21/net/bridge/br_private.h Mon Feb 25 20:38:14 2002 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/br_private.h Fri Aug 8 01:09:06 2003 -@@ -144,8 +144,10 @@ extern void br_fdb_insert(struct net_bri - /* br_forward.c */ - extern void br_deliver(struct net_bridge_port *to, - struct sk_buff *skb); -+extern int br_dev_queue_push_xmit(struct sk_buff *skb); - extern void br_forward(struct net_bridge_port *to, - struct sk_buff *skb); -+extern int br_forward_finish(struct sk_buff *skb); - extern void br_flood_deliver(struct net_bridge *br, - struct sk_buff *skb, - int clone); -@@ -166,7 +168,8 @@ extern void br_get_port_ifindices(struct - int *ifindices); - - /* br_input.c */ --extern void br_handle_frame(struct sk_buff *skb); -+extern int br_handle_frame_finish(struct sk_buff *skb); -+extern int br_handle_frame(struct sk_buff *skb); - - /* br_ioctl.c */ - extern void br_call_ioctl_atomic(void (*fn)(void)); -@@ -176,6 +179,10 @@ extern int br_ioctl(struct net_bridge *b - unsigned long arg1, - unsigned long arg2); - extern int br_ioctl_deviceless_stub(unsigned long arg); -+ -+/* br_netfilter.c */ -+extern int br_netfilter_init(void); -+extern void br_netfilter_fini(void); - - /* br_stp.c */ - extern int br_is_root_bridge(struct net_bridge *br); ---- linux-2.4.21/include/linux/if_bridge.h Thu Nov 22 20:47:12 2001 -+++ linux-2.4.21-ebt-brnf-3/include/linux/if_bridge.h Fri Aug 8 01:09:06 2003 -@@ -102,7 +102,8 @@ struct net_bridge; - struct net_bridge_port; - - extern int (*br_ioctl_hook)(unsigned long arg); --extern void (*br_handle_frame_hook)(struct sk_buff *skb); -+extern int (*br_handle_frame_hook)(struct sk_buff *skb); -+extern int (*br_should_route_hook)(struct sk_buff **pskb); - - #endif - ---- linux-2.4.21/net/core/dev.c Fri Jun 13 16:51:39 2003 -+++ linux-2.4.21-ebt-brnf-3/net/core/dev.c Fri Aug 8 01:10:03 2003 -@@ -1424,7 +1424,7 @@ static void net_tx_action(struct softirq - - - #if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) --void (*br_handle_frame_hook)(struct sk_buff *skb) = NULL; -+int (*br_handle_frame_hook)(struct sk_buff *skb) = NULL; - #endif - - static __inline__ int handle_bridge(struct sk_buff *skb, -@@ -1441,7 +1441,6 @@ static __inline__ int handle_bridge(stru - } - } - -- br_handle_frame_hook(skb); - return ret; - } - -@@ -1497,11 +1496,16 @@ int netif_receive_skb(struct sk_buff *sk - if (skb->dev->divert && skb->dev->divert->divert) - ret = handle_diverter(skb); - #endif /* CONFIG_NET_DIVERT */ -- -+ - #if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) - if (skb->dev->br_port != NULL && -- br_handle_frame_hook != NULL) { -- return handle_bridge(skb, pt_prev); -+ br_handle_frame_hook != NULL) { -+ int ret; -+ -+ ret = handle_bridge(skb, pt_prev); -+ if (br_handle_frame_hook(skb) == 0) -+ return ret; -+ pt_prev = NULL; - } - #endif - -@@ -1897,7 +1901,7 @@ static int dev_proc_stats(char *buffer, - * are adjusted, %RTM_NEWLINK is sent to the routing socket and the - * function returns zero. - */ -- -+ - int netdev_set_master(struct net_device *slave, struct net_device *master) - { - struct net_device *old = slave->master; ---- linux-2.4.21/net/bridge/br_input.c Sat Aug 3 02:39:46 2002 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/br_input.c Fri Aug 8 01:09:06 2003 -@@ -24,6 +24,9 @@ unsigned char bridge_ula[6] = { 0x01, 0x - - static int br_pass_frame_up_finish(struct sk_buff *skb) - { -+#ifdef CONFIG_NETFILTER_DEBUG -+ skb->nf_debug = 0; -+#endif - netif_rx(skb); - - return 0; -@@ -46,7 +49,7 @@ static void br_pass_frame_up(struct net_ - br_pass_frame_up_finish); - } - --static int br_handle_frame_finish(struct sk_buff *skb) -+int br_handle_frame_finish(struct sk_buff *skb) - { - struct net_bridge *br; - unsigned char *dest; -@@ -112,7 +115,7 @@ err_nolock: - return 0; - } - --void br_handle_frame(struct sk_buff *skb) -+int br_handle_frame(struct sk_buff *skb) - { - struct net_bridge *br; - unsigned char *dest; -@@ -146,25 +149,35 @@ void br_handle_frame(struct sk_buff *skb - goto handle_special_frame; - - if (p->state == BR_STATE_FORWARDING) { -+ -+ if (br_should_route_hook && br_should_route_hook(&skb)) { -+ read_unlock(&br->lock); -+ return -1; -+ } -+ -+ if (!memcmp(p->br->dev.dev_addr, dest, ETH_ALEN)) -+ skb->pkt_type = PACKET_HOST; -+ - NF_HOOK(PF_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, - br_handle_frame_finish); - read_unlock(&br->lock); -- return; -+ return 0; - } - - err: - read_unlock(&br->lock); - err_nolock: - kfree_skb(skb); -- return; -+ return 0; - - handle_special_frame: - if (!dest[5]) { - br_stp_handle_bpdu(skb); - read_unlock(&br->lock); -- return; -+ return 0; - } - - read_unlock(&br->lock); - kfree_skb(skb); -+ return 0; - } ---- linux-2.4.21/net/bridge/br_forward.c Sat Aug 3 02:39:46 2002 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/br_forward.c Fri Aug 8 01:09:06 2003 -@@ -30,18 +30,22 @@ static inline int should_deliver(struct - return 1; - } - --static int __dev_queue_push_xmit(struct sk_buff *skb) -+int br_dev_queue_push_xmit(struct sk_buff *skb) - { -+#ifdef CONFIG_NETFILTER -+ if (skb->nf_bridge) -+ memcpy(skb->data - 16, skb->nf_bridge->hh, 16); -+#endif - skb_push(skb, ETH_HLEN); - dev_queue_xmit(skb); - - return 0; - } - --static int __br_forward_finish(struct sk_buff *skb) -+int br_forward_finish(struct sk_buff *skb) - { - NF_HOOK(PF_BRIDGE, NF_BR_POST_ROUTING, skb, NULL, skb->dev, -- __dev_queue_push_xmit); -+ br_dev_queue_push_xmit); - - return 0; - } -@@ -49,8 +53,11 @@ static int __br_forward_finish(struct sk - static void __br_deliver(struct net_bridge_port *to, struct sk_buff *skb) - { - skb->dev = to->dev; -+#ifdef CONFIG_NETFILTER_DEBUG -+ skb->nf_debug = 0; -+#endif - NF_HOOK(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, -- __br_forward_finish); -+ br_forward_finish); - } - - static void __br_forward(struct net_bridge_port *to, struct sk_buff *skb) -@@ -61,7 +68,7 @@ static void __br_forward(struct net_brid - skb->dev = to->dev; - - NF_HOOK(PF_BRIDGE, NF_BR_FORWARD, skb, indev, skb->dev, -- __br_forward_finish); -+ br_forward_finish); - } - - /* called under bridge lock */ ---- linux-2.4.21/net/bridge/br.c Fri Nov 29 00:53:15 2002 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/br.c Fri Aug 8 01:09:06 2003 -@@ -29,6 +29,8 @@ - #include "../atm/lec.h" - #endif - -+int (*br_should_route_hook) (struct sk_buff **pskb) = NULL; -+ - void br_dec_use_count() - { - MOD_DEC_USE_COUNT; -@@ -43,6 +45,10 @@ static int __init br_init(void) - { - printk(KERN_INFO "NET4: Ethernet Bridge 008 for NET4.0\n"); - -+#ifdef CONFIG_NETFILTER -+ if (br_netfilter_init()) -+ return 1; -+#endif - br_handle_frame_hook = br_handle_frame; - br_ioctl_hook = br_ioctl_deviceless_stub; - #if defined(CONFIG_ATM_LANE) || defined(CONFIG_ATM_LANE_MODULE) -@@ -61,6 +67,9 @@ static void __br_clear_ioctl_hook(void) - - static void __exit br_deinit(void) - { -+#ifdef CONFIG_NETFILTER -+ br_netfilter_fini(); -+#endif - unregister_netdevice_notifier(&br_device_notifier); - br_call_ioctl_atomic(__br_clear_ioctl_hook); - -@@ -74,7 +83,7 @@ static void __exit br_deinit(void) - #endif - } - --EXPORT_NO_SYMBOLS; -+EXPORT_SYMBOL(br_should_route_hook); - - module_init(br_init) - module_exit(br_deinit) ---- linux-2.4.21/net/bridge/Makefile Fri Dec 29 23:07:24 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/Makefile Fri Aug 8 01:09:06 2003 -@@ -7,10 +7,17 @@ - # - # Note 2! The CFLAGS definition is now in the main makefile... - -+export-objs := br.o -+ - O_TARGET := bridge.o - obj-y := br.o br_device.o br_fdb.o br_forward.o br_if.o br_input.o \ - br_ioctl.o br_notify.o br_stp.o br_stp_bpdu.o \ - br_stp_if.o br_stp_timer.o -+ -+ifeq ($(CONFIG_NETFILTER),y) -+obj-y += br_netfilter.o -+endif -+ - obj-m := $(O_TARGET) - - include $(TOPDIR)/Rules.make ---- linux-2.4.21/include/linux/netfilter_bridge.h Tue Jun 12 04:15:27 2001 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter_bridge.h Fri Aug 8 01:09:06 2003 -@@ -1,11 +1,14 @@ - #ifndef __LINUX_BRIDGE_NETFILTER_H - #define __LINUX_BRIDGE_NETFILTER_H - --/* bridge-specific defines for netfilter. -+/* bridge-specific defines for netfilter. - */ - - #include <linux/config.h> - #include <linux/netfilter.h> -+#if defined(__KERNEL__) && defined(CONFIG_NETFILTER) -+#include <asm/atomic.h> -+#endif - - /* Bridge Hooks */ - /* After promisc drops, checksum checks. */ -@@ -18,7 +21,49 @@ - #define NF_BR_LOCAL_OUT 3 - /* Packets about to hit the wire. */ - #define NF_BR_POST_ROUTING 4 --#define NF_BR_NUMHOOKS 5 -+/* Not really a hook, but used for the ebtables broute table */ -+#define NF_BR_BROUTING 5 -+#define NF_BR_NUMHOOKS 6 - -+#ifdef __KERNEL__ - -+#define BRNF_PKT_TYPE 0x01 -+#define BRNF_BRIDGED_DNAT 0x02 -+#define BRNF_DONT_TAKE_PARENT 0x04 -+#define BRNF_BRIDGED 0x08 -+ -+enum nf_br_hook_priorities { -+ NF_BR_PRI_FIRST = INT_MIN, -+ NF_BR_PRI_NAT_DST_BRIDGED = -300, -+ NF_BR_PRI_FILTER_BRIDGED = -200, -+ NF_BR_PRI_BRNF = 0, -+ NF_BR_PRI_NAT_DST_OTHER = 100, -+ NF_BR_PRI_FILTER_OTHER = 200, -+ NF_BR_PRI_NAT_SRC = 300, -+ NF_BR_PRI_LAST = INT_MAX, -+}; -+ -+#ifdef CONFIG_NETFILTER -+static inline -+struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb) -+{ -+ struct nf_bridge_info **nf_bridge = &(skb->nf_bridge); -+ -+ if ((*nf_bridge = kmalloc(sizeof(**nf_bridge), GFP_ATOMIC)) != NULL) { -+ atomic_set(&(*nf_bridge)->use, 1); -+ (*nf_bridge)->mask = 0; -+ (*nf_bridge)->physindev = (*nf_bridge)->physoutdev = NULL; -+ } -+ -+ return *nf_bridge; -+} -+ -+struct bridge_skb_cb { -+ union { -+ __u32 ipv4; -+ } daddr; -+}; -+#endif /* CONFIG_NETFILTER */ -+ -+#endif /* __KERNEL__ */ - #endif ---- linux-2.4.21/net/Makefile Sat Aug 3 02:39:46 2002 -+++ linux-2.4.21-ebt-brnf-3/net/Makefile Fri Aug 8 01:09:06 2003 -@@ -7,7 +7,8 @@ - - O_TARGET := network.o - --mod-subdirs := ipv4/netfilter ipv6/netfilter ipx irda bluetooth atm netlink sched core -+mod-subdirs := ipv4/netfilter ipv6/netfilter bridge/netfilter ipx irda \ -+ bluetooth atm netlink sched core - export-objs := netsyms.o - - subdir-y := core ethernet -@@ -23,6 +24,12 @@ subdir-$(CONFIG_IPV6) += ipv6 - ifneq ($(CONFIG_IPV6),n) - ifneq ($(CONFIG_IPV6),) - subdir-$(CONFIG_NETFILTER) += ipv6/netfilter -+endif -+endif -+ -+ifneq ($(CONFIG_BRIDGE),n) -+ifneq ($(CONFIG_BRIDGE),) -+subdir-$(CONFIG_BRIDGE) += bridge/netfilter - endif - endif - ---- linux-2.4.21/net/Config.in Sat Aug 3 02:39:46 2002 -+++ linux-2.4.21-ebt-brnf-3/net/Config.in Fri Aug 8 01:09:06 2003 -@@ -65,6 +65,9 @@ if [ "$CONFIG_DECNET" != "n" ]; then - source net/decnet/Config.in - fi - dep_tristate '802.1d Ethernet Bridging' CONFIG_BRIDGE $CONFIG_INET -+if [ "$CONFIG_BRIDGE" != "n" -a "$CONFIG_NETFILTER" != "n" ]; then -+ source net/bridge/netfilter/Config.in -+fi - if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then - tristate 'CCITT X.25 Packet Layer (EXPERIMENTAL)' CONFIG_X25 - tristate 'LAPB Data Link Driver (EXPERIMENTAL)' CONFIG_LAPB ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/Makefile Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,30 @@ -+# -+# Makefile for the netfilter modules on top of bridging. -+# -+# Note! Dependencies are done automagically by 'make dep', which also -+# removes any old dependencies. DON'T put your own dependencies here -+# unless it's something special (ie not a .c file). -+# -+# Note 2! The CFLAGS definition is now in the main makefile... -+ -+O_TARGET := netfilter.o -+ -+export-objs := ebtables.o -+ -+obj-$(CONFIG_BRIDGE_NF_EBTABLES) += ebtables.o -+obj-$(CONFIG_BRIDGE_EBT_T_FILTER) += ebtable_filter.o -+obj-$(CONFIG_BRIDGE_EBT_T_NAT) += ebtable_nat.o -+obj-$(CONFIG_BRIDGE_EBT_BROUTE) += ebtable_broute.o -+obj-$(CONFIG_BRIDGE_EBT_IPF) += ebt_ip.o -+obj-$(CONFIG_BRIDGE_EBT_ARPF) += ebt_arp.o -+obj-$(CONFIG_BRIDGE_EBT_VLANF) += ebt_vlan.o -+obj-$(CONFIG_BRIDGE_EBT_MARKF) += ebt_mark_m.o -+obj-$(CONFIG_BRIDGE_EBT_802_3) += ebt_802_3.o -+obj-$(CONFIG_BRIDGE_EBT_PKTTYPE) += ebt_pkttype.o -+obj-$(CONFIG_BRIDGE_EBT_PKTTYPE) += ebt_stp.o -+obj-$(CONFIG_BRIDGE_EBT_LOG) += ebt_log.o -+obj-$(CONFIG_BRIDGE_EBT_SNAT) += ebt_snat.o -+obj-$(CONFIG_BRIDGE_EBT_DNAT) += ebt_dnat.o -+obj-$(CONFIG_BRIDGE_EBT_REDIRECT) += ebt_redirect.o -+obj-$(CONFIG_BRIDGE_EBT_MARK_T) += ebt_mark.o -+include $(TOPDIR)/Rules.make ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/Config.in Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,19 @@ -+# -+# Bridge netfilter configuration -+# -+dep_tristate ' Bridge: ebtables' CONFIG_BRIDGE_NF_EBTABLES $CONFIG_BRIDGE -+dep_tristate ' ebt: filter table support' CONFIG_BRIDGE_EBT_T_FILTER $CONFIG_BRIDGE_NF_EBTABLES -+dep_tristate ' ebt: nat table support' CONFIG_BRIDGE_EBT_T_NAT $CONFIG_BRIDGE_NF_EBTABLES -+dep_tristate ' ebt: broute table support' CONFIG_BRIDGE_EBT_BROUTE $CONFIG_BRIDGE_NF_EBTABLES -+dep_tristate ' ebt: log support' CONFIG_BRIDGE_EBT_LOG $CONFIG_BRIDGE_NF_EBTABLES -+dep_tristate ' ebt: IP filter support' CONFIG_BRIDGE_EBT_IPF $CONFIG_BRIDGE_NF_EBTABLES -+dep_tristate ' ebt: ARP filter support' CONFIG_BRIDGE_EBT_ARPF $CONFIG_BRIDGE_NF_EBTABLES -+dep_tristate ' ebt: 802.1Q VLAN filter support' CONFIG_BRIDGE_EBT_VLANF $CONFIG_BRIDGE_NF_EBTABLES -+dep_tristate ' ebt: 802.3 filter support' CONFIG_BRIDGE_EBT_802_3 $CONFIG_BRIDGE_NF_EBTABLES -+dep_tristate ' ebt: packet type filter support' CONFIG_BRIDGE_EBT_PKTTYPE $CONFIG_BRIDGE_NF_EBTABLES -+dep_tristate ' ebt: STP filter support' CONFIG_BRIDGE_EBT_STP $CONFIG_BRIDGE_NF_EBTABLES -+dep_tristate ' ebt: mark filter support' CONFIG_BRIDGE_EBT_MARKF $CONFIG_BRIDGE_NF_EBTABLES -+dep_tristate ' ebt: snat target support' CONFIG_BRIDGE_EBT_SNAT $CONFIG_BRIDGE_NF_EBTABLES -+dep_tristate ' ebt: dnat target support' CONFIG_BRIDGE_EBT_DNAT $CONFIG_BRIDGE_NF_EBTABLES -+dep_tristate ' ebt: redirect target support' CONFIG_BRIDGE_EBT_REDIRECT $CONFIG_BRIDGE_NF_EBTABLES -+dep_tristate ' ebt: mark target support' CONFIG_BRIDGE_EBT_MARK_T $CONFIG_BRIDGE_NF_EBTABLES ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebtable_filter.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,90 @@ -+/* -+ * ebtable_filter -+ * -+ * Authors: -+ * Bart De Schuymer <bart.de.schuymer@pandora.be> -+ * -+ * April, 2002 -+ * -+ */ -+ -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/module.h> -+ -+#define FILTER_VALID_HOOKS ((1 << NF_BR_LOCAL_IN) | (1 << NF_BR_FORWARD) | \ -+ (1 << NF_BR_LOCAL_OUT)) -+ -+static struct ebt_entries initial_chains[] = -+{ -+ {0, "INPUT", 0, EBT_ACCEPT, 0}, -+ {0, "FORWARD", 0, EBT_ACCEPT, 0}, -+ {0, "OUTPUT", 0, EBT_ACCEPT, 0} -+}; -+ -+static struct ebt_replace initial_table = -+{ -+ "filter", FILTER_VALID_HOOKS, 0, 3 * sizeof(struct ebt_entries), -+ { [NF_BR_LOCAL_IN]&initial_chains[0], [NF_BR_FORWARD]&initial_chains[1], -+ [NF_BR_LOCAL_OUT]&initial_chains[2] }, 0, NULL, (char *)initial_chains -+}; -+ -+static int check(const struct ebt_table_info *info, unsigned int valid_hooks) -+{ -+ if (valid_hooks & ~FILTER_VALID_HOOKS) -+ return -EINVAL; -+ return 0; -+} -+ -+static struct ebt_table frame_filter = -+{ -+ {NULL, NULL}, "filter", &initial_table, FILTER_VALID_HOOKS, -+ RW_LOCK_UNLOCKED, check, NULL -+}; -+ -+static unsigned int -+ebt_hook (unsigned int hook, struct sk_buff **pskb, const struct net_device *in, -+ const struct net_device *out, int (*okfn)(struct sk_buff *)) -+{ -+ return ebt_do_table(hook, pskb, in, out, &frame_filter); -+} -+ -+static struct nf_hook_ops ebt_ops_filter[] = { -+ { { NULL, NULL }, ebt_hook, PF_BRIDGE, NF_BR_LOCAL_IN, -+ NF_BR_PRI_FILTER_BRIDGED}, -+ { { NULL, NULL }, ebt_hook, PF_BRIDGE, NF_BR_FORWARD, -+ NF_BR_PRI_FILTER_BRIDGED}, -+ { { NULL, NULL }, ebt_hook, PF_BRIDGE, NF_BR_LOCAL_OUT, -+ NF_BR_PRI_FILTER_OTHER} -+}; -+ -+static int __init init(void) -+{ -+ int i, j, ret; -+ -+ ret = ebt_register_table(&frame_filter); -+ if (ret < 0) -+ return ret; -+ for (i = 0; i < sizeof(ebt_ops_filter) / sizeof(ebt_ops_filter[0]); i++) -+ if ((ret = nf_register_hook(&ebt_ops_filter[i])) < 0) -+ goto cleanup; -+ return ret; -+cleanup: -+ for (j = 0; j < i; j++) -+ nf_unregister_hook(&ebt_ops_filter[j]); -+ ebt_unregister_table(&frame_filter); -+ return ret; -+} -+ -+static void __exit fini(void) -+{ -+ int i; -+ -+ for (i = 0; i < sizeof(ebt_ops_filter) / sizeof(ebt_ops_filter[0]); i++) -+ nf_unregister_hook(&ebt_ops_filter[i]); -+ ebt_unregister_table(&frame_filter); -+} -+ -+module_init(init); -+module_exit(fini); -+EXPORT_NO_SYMBOLS; -+MODULE_LICENSE("GPL"); ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebtable_nat.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,96 @@ -+/* -+ * ebtable_nat -+ * -+ * Authors: -+ * Bart De Schuymer <bart.de.schuymer@pandora.be> -+ * -+ * April, 2002 -+ * -+ */ -+ -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/module.h> -+#define NAT_VALID_HOOKS ((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT) | \ -+ (1 << NF_BR_POST_ROUTING)) -+ -+static struct ebt_entries initial_chains[] = -+{ -+ {0, "PREROUTING", 0, EBT_ACCEPT, 0}, -+ {0, "OUTPUT", 0, EBT_ACCEPT, 0}, -+ {0, "POSTROUTING", 0, EBT_ACCEPT, 0} -+}; -+ -+static struct ebt_replace initial_table = -+{ -+ "nat", NAT_VALID_HOOKS, 0, 3 * sizeof(struct ebt_entries), -+ { [NF_BR_PRE_ROUTING]&initial_chains[0], [NF_BR_LOCAL_OUT]&initial_chains[1], -+ [NF_BR_POST_ROUTING]&initial_chains[2] }, 0, NULL, (char *)initial_chains -+}; -+ -+static int check(const struct ebt_table_info *info, unsigned int valid_hooks) -+{ -+ if (valid_hooks & ~NAT_VALID_HOOKS) -+ return -EINVAL; -+ return 0; -+} -+ -+static struct ebt_table frame_nat = -+{ -+ {NULL, NULL}, "nat", &initial_table, NAT_VALID_HOOKS, -+ RW_LOCK_UNLOCKED, check, NULL -+}; -+ -+static unsigned int -+ebt_nat_dst(unsigned int hook, struct sk_buff **pskb, const struct net_device *in -+ , const struct net_device *out, int (*okfn)(struct sk_buff *)) -+{ -+ return ebt_do_table(hook, pskb, in, out, &frame_nat); -+} -+ -+static unsigned int -+ebt_nat_src(unsigned int hook, struct sk_buff **pskb, const struct net_device *in -+ , const struct net_device *out, int (*okfn)(struct sk_buff *)) -+{ -+ return ebt_do_table(hook, pskb, in, out, &frame_nat); -+} -+ -+static struct nf_hook_ops ebt_ops_nat[] = { -+ { { NULL, NULL }, ebt_nat_dst, PF_BRIDGE, NF_BR_LOCAL_OUT, -+ NF_BR_PRI_NAT_DST_OTHER}, -+ { { NULL, NULL }, ebt_nat_src, PF_BRIDGE, NF_BR_POST_ROUTING, -+ NF_BR_PRI_NAT_SRC}, -+ { { NULL, NULL }, ebt_nat_dst, PF_BRIDGE, NF_BR_PRE_ROUTING, -+ NF_BR_PRI_NAT_DST_BRIDGED}, -+}; -+ -+static int __init init(void) -+{ -+ int i, ret, j; -+ -+ ret = ebt_register_table(&frame_nat); -+ if (ret < 0) -+ return ret; -+ for (i = 0; i < sizeof(ebt_ops_nat) / sizeof(ebt_ops_nat[0]); i++) -+ if ((ret = nf_register_hook(&ebt_ops_nat[i])) < 0) -+ goto cleanup; -+ return ret; -+cleanup: -+ for (j = 0; j < i; j++) -+ nf_unregister_hook(&ebt_ops_nat[j]); -+ ebt_unregister_table(&frame_nat); -+ return ret; -+} -+ -+static void __exit fini(void) -+{ -+ int i; -+ -+ for (i = 0; i < sizeof(ebt_ops_nat) / sizeof(ebt_ops_nat[0]); i++) -+ nf_unregister_hook(&ebt_ops_nat[i]); -+ ebt_unregister_table(&frame_nat); -+} -+ -+module_init(init); -+module_exit(fini); -+EXPORT_NO_SYMBOLS; -+MODULE_LICENSE("GPL"); ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebtable_broute.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,79 @@ -+/* -+ * ebtable_broute -+ * -+ * Authors: -+ * Bart De Schuymer <bart.de.schuymer@pandora.be> -+ * -+ * April, 2002 -+ * -+ * This table lets you choose between routing and bridging for frames -+ * entering on a bridge enslaved nic. This table is traversed before any -+ * other ebtables table. See net/bridge/br_input.c. -+ */ -+ -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/module.h> -+#include <linux/if_bridge.h> -+#include <linux/brlock.h> -+ -+// EBT_ACCEPT means the frame will be bridged -+// EBT_DROP means the frame will be routed -+static struct ebt_entries initial_chain = -+ {0, "BROUTING", 0, EBT_ACCEPT, 0}; -+ -+static struct ebt_replace initial_table = -+{ -+ "broute", 1 << NF_BR_BROUTING, 0, sizeof(struct ebt_entries), -+ { [NF_BR_BROUTING]&initial_chain}, 0, NULL, (char *)&initial_chain -+}; -+ -+static int check(const struct ebt_table_info *info, unsigned int valid_hooks) -+{ -+ if (valid_hooks & ~(1 << NF_BR_BROUTING)) -+ return -EINVAL; -+ return 0; -+} -+ -+static struct ebt_table broute_table = -+{ -+ {NULL, NULL}, "broute", &initial_table, 1 << NF_BR_BROUTING, -+ RW_LOCK_UNLOCKED, check, NULL -+}; -+ -+static int ebt_broute(struct sk_buff **pskb) -+{ -+ int ret; -+ -+ ret = ebt_do_table(NF_BR_BROUTING, pskb, (*pskb)->dev, NULL, -+ &broute_table); -+ if (ret == NF_DROP) -+ return 1; // route it -+ return 0; // bridge it -+} -+ -+static int __init init(void) -+{ -+ int ret; -+ -+ ret = ebt_register_table(&broute_table); -+ if (ret < 0) -+ return ret; -+ br_write_lock_bh(BR_NETPROTO_LOCK); -+ // see br_input.c -+ br_should_route_hook = ebt_broute; -+ br_write_unlock_bh(BR_NETPROTO_LOCK); -+ return ret; -+} -+ -+static void __exit fini(void) -+{ -+ br_write_lock_bh(BR_NETPROTO_LOCK); -+ br_should_route_hook = NULL; -+ br_write_unlock_bh(BR_NETPROTO_LOCK); -+ ebt_unregister_table(&broute_table); -+} -+ -+module_init(init); -+module_exit(fini); -+EXPORT_NO_SYMBOLS; -+MODULE_LICENSE("GPL"); ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebt_802_3.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,74 @@ -+/* -+ * 802_3 -+ * -+ * Author: -+ * Chris Vitale csv@bluetail.com -+ * -+ * May 2003 -+ * -+ */ -+ -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/netfilter_bridge/ebt_802_3.h> -+#include <linux/module.h> -+ -+static int ebt_filter_802_3(const struct sk_buff *skb, const struct net_device *in, -+ const struct net_device *out, const void *data, unsigned int datalen) -+{ -+ struct ebt_802_3_info *info = (struct ebt_802_3_info *)data; -+ struct ebt_802_3_hdr *hdr = (struct ebt_802_3_hdr *)skb->mac.ethernet; -+ uint16_t type = hdr->llc.ui.ctrl & IS_UI ? hdr->llc.ui.type : hdr->llc.ni.type; -+ -+ if (info->bitmask & EBT_802_3_SAP) { -+ if (FWINV(info->sap != hdr->llc.ui.ssap, EBT_802_3_SAP)) -+ return EBT_NOMATCH; -+ if (FWINV(info->sap != hdr->llc.ui.dsap, EBT_802_3_SAP)) -+ return EBT_NOMATCH; -+ } -+ -+ if (info->bitmask & EBT_802_3_TYPE) { -+ if (!(hdr->llc.ui.dsap == CHECK_TYPE && hdr->llc.ui.ssap == CHECK_TYPE)) -+ return EBT_NOMATCH; -+ if (FWINV(info->type != type, EBT_802_3_TYPE)) -+ return EBT_NOMATCH; -+ } -+ -+ return EBT_MATCH; -+} -+ -+static struct ebt_match filter_802_3; -+static int ebt_802_3_check(const char *tablename, unsigned int hookmask, -+ const struct ebt_entry *e, void *data, unsigned int datalen) -+{ -+ struct ebt_802_3_info *info = (struct ebt_802_3_info *)data; -+ -+ if (datalen != EBT_ALIGN(sizeof(struct ebt_802_3_info))) -+ return -EINVAL; -+ if (info->bitmask & ~EBT_802_3_MASK || info->invflags & ~EBT_802_3_MASK) -+ return -EINVAL; -+ -+ return 0; -+} -+ -+static struct ebt_match filter_802_3 = -+{ -+ .name = EBT_802_3_MATCH, -+ .match = ebt_filter_802_3, -+ .check = ebt_802_3_check, -+ .me = THIS_MODULE, -+}; -+ -+static int __init init(void) -+{ -+ return ebt_register_match(&filter_802_3); -+} -+ -+static void __exit fini(void) -+{ -+ ebt_unregister_match(&filter_802_3); -+} -+ -+module_init(init); -+module_exit(fini); -+EXPORT_NO_SYMBOLS; -+MODULE_LICENSE("GPL"); ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebt_mark.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,66 @@ -+/* -+ * ebt_mark -+ * -+ * Authors: -+ * Bart De Schuymer <bart.de.schuymer@pandora.be> -+ * -+ * July, 2002 -+ * -+ */ -+ -+// The mark target can be used in any chain -+// I believe adding a mangle table just for marking is total overkill -+// Marking a frame doesn't really change anything in the frame anyway -+ -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/netfilter_bridge/ebt_mark_t.h> -+#include <linux/module.h> -+ -+static int ebt_target_mark(struct sk_buff **pskb, unsigned int hooknr, -+ const struct net_device *in, const struct net_device *out, -+ const void *data, unsigned int datalen) -+{ -+ struct ebt_mark_t_info *info = (struct ebt_mark_t_info *)data; -+ -+ if ((*pskb)->nfmark != info->mark) { -+ (*pskb)->nfmark = info->mark; -+ (*pskb)->nfcache |= NFC_ALTERED; -+ } -+ return info->target; -+} -+ -+static int ebt_target_mark_check(const char *tablename, unsigned int hookmask, -+ const struct ebt_entry *e, void *data, unsigned int datalen) -+{ -+ struct ebt_mark_t_info *info = (struct ebt_mark_t_info *)data; -+ -+ if (datalen != EBT_ALIGN(sizeof(struct ebt_mark_t_info))) -+ return -EINVAL; -+ if (BASE_CHAIN && info->target == EBT_RETURN) -+ return -EINVAL; -+ CLEAR_BASE_CHAIN_BIT; -+ if (INVALID_TARGET) -+ return -EINVAL; -+ return 0; -+} -+ -+static struct ebt_target mark_target = -+{ -+ {NULL, NULL}, EBT_MARK_TARGET, ebt_target_mark, -+ ebt_target_mark_check, NULL, THIS_MODULE -+}; -+ -+static int __init init(void) -+{ -+ return ebt_register_target(&mark_target); -+} -+ -+static void __exit fini(void) -+{ -+ ebt_unregister_target(&mark_target); -+} -+ -+module_init(init); -+module_exit(fini); -+EXPORT_NO_SYMBOLS; -+MODULE_LICENSE("GPL"); ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebt_mark_m.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,61 @@ -+/* -+ * ebt_mark_m -+ * -+ * Authors: -+ * Bart De Schuymer <bart.de.schuymer@pandora.be> -+ * -+ * July, 2002 -+ * -+ */ -+ -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/netfilter_bridge/ebt_mark_m.h> -+#include <linux/module.h> -+ -+static int ebt_filter_mark(const struct sk_buff *skb, -+ const struct net_device *in, const struct net_device *out, const void *data, -+ unsigned int datalen) -+{ -+ struct ebt_mark_m_info *info = (struct ebt_mark_m_info *) data; -+ -+ if (info->bitmask & EBT_MARK_OR) -+ return !(!!(skb->nfmark & info->mask) ^ info->invert); -+ return !(((skb->nfmark & info->mask) == info->mark) ^ info->invert); -+} -+ -+static int ebt_mark_check(const char *tablename, unsigned int hookmask, -+ const struct ebt_entry *e, void *data, unsigned int datalen) -+{ -+ struct ebt_mark_m_info *info = (struct ebt_mark_m_info *) data; -+ -+ if (datalen != EBT_ALIGN(sizeof(struct ebt_mark_m_info))) -+ return -EINVAL; -+ if (info->bitmask & ~EBT_MARK_MASK) -+ return -EINVAL; -+ if ((info->bitmask & EBT_MARK_OR) && (info->bitmask & EBT_MARK_AND)) -+ return -EINVAL; -+ if (!info->bitmask) -+ return -EINVAL; -+ return 0; -+} -+ -+static struct ebt_match filter_mark = -+{ -+ {NULL, NULL}, EBT_MARK_MATCH, ebt_filter_mark, ebt_mark_check, NULL, -+ THIS_MODULE -+}; -+ -+static int __init init(void) -+{ -+ return ebt_register_match(&filter_mark); -+} -+ -+static void __exit fini(void) -+{ -+ ebt_unregister_match(&filter_mark); -+} -+ -+module_init(init); -+module_exit(fini); -+EXPORT_NO_SYMBOLS; -+MODULE_LICENSE("GPL"); ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebt_pkttype.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,60 @@ -+/* -+ * ebt_pkttype -+ * -+ * Authors: -+ * Bart De Schuymer <bdschuym@pandora.be> -+ * -+ * April, 2003 -+ * -+ */ -+ -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/netfilter_bridge/ebt_pkttype.h> -+#include <linux/module.h> -+ -+static int ebt_filter_pkttype(const struct sk_buff *skb, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *data, -+ unsigned int datalen) -+{ -+ struct ebt_pkttype_info *info = (struct ebt_pkttype_info *)data; -+ -+ return (skb->pkt_type != info->pkt_type) ^ info->invert; -+} -+ -+static int ebt_pkttype_check(const char *tablename, unsigned int hookmask, -+ const struct ebt_entry *e, void *data, unsigned int datalen) -+{ -+ struct ebt_pkttype_info *info = (struct ebt_pkttype_info *)data; -+ -+ if (datalen != EBT_ALIGN(sizeof(struct ebt_pkttype_info))) -+ return -EINVAL; -+ if (info->invert != 0 && info->invert != 1) -+ return -EINVAL; -+ /* Allow any pkt_type value */ -+ return 0; -+} -+ -+static struct ebt_match filter_pkttype = -+{ -+ .name = EBT_PKTTYPE_MATCH, -+ .match = ebt_filter_pkttype, -+ .check = ebt_pkttype_check, -+ .me = THIS_MODULE, -+}; -+ -+static int __init init(void) -+{ -+ return ebt_register_match(&filter_pkttype); -+} -+ -+static void __exit fini(void) -+{ -+ ebt_unregister_match(&filter_pkttype); -+} -+ -+module_init(init); -+module_exit(fini); -+EXPORT_NO_SYMBOLS; -+MODULE_LICENSE("GPL"); ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebt_stp.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,191 @@ -+/* -+ * ebt_stp -+ * -+ * Authors: -+ * Bart De Schuymer <bdschuym@pandora.be> -+ * Stephen Hemminger <shemminger@osdl.org> -+ * -+ * June, 2003 -+ */ -+ -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/netfilter_bridge/ebt_stp.h> -+#include <linux/module.h> -+ -+#define BPDU_TYPE_CONFIG 0 -+#define BPDU_TYPE_TCN 0x80 -+ -+struct stp_header { -+ uint8_t dsap; -+ uint8_t ssap; -+ uint8_t ctrl; -+ uint8_t pid; -+ uint8_t vers; -+ uint8_t type; -+}; -+ -+struct stp_config_pdu { -+ uint8_t flags; -+ uint8_t root[8]; -+ uint8_t root_cost[4]; -+ uint8_t sender[8]; -+ uint8_t port[2]; -+ uint8_t msg_age[2]; -+ uint8_t max_age[2]; -+ uint8_t hello_time[2]; -+ uint8_t forward_delay[2]; -+}; -+ -+#define NR16(p) (p[0] << 8 | p[1]) -+#define NR32(p) ((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]) -+ -+static int ebt_filter_config(struct ebt_stp_info *info, -+ struct stp_config_pdu *stpc) -+{ -+ struct ebt_stp_config_info *c; -+ uint16_t v16; -+ uint32_t v32; -+ int verdict, i; -+ -+ c = &info->config; -+ if ((info->bitmask & EBT_STP_FLAGS) && -+ FWINV(c->flags != stpc->flags, EBT_STP_FLAGS)) -+ return EBT_NOMATCH; -+ if (info->bitmask & EBT_STP_ROOTPRIO) { -+ v16 = NR16(stpc->root); -+ if (FWINV(v16 < c->root_priol || -+ v16 > c->root_priou, EBT_STP_ROOTPRIO)) -+ return EBT_NOMATCH; -+ } -+ if (info->bitmask & EBT_STP_ROOTADDR) { -+ verdict = 0; -+ for (i = 0; i < 6; i++) -+ verdict |= (stpc->root[2+i] ^ c->root_addr[i]) & -+ c->root_addrmsk[i]; -+ if (FWINV(verdict != 0, EBT_STP_ROOTADDR)) -+ return EBT_NOMATCH; -+ } -+ if (info->bitmask & EBT_STP_ROOTCOST) { -+ v32 = NR32(stpc->root_cost); -+ if (FWINV(v32 < c->root_costl || -+ v32 > c->root_costu, EBT_STP_ROOTCOST)) -+ return EBT_NOMATCH; -+ } -+ if (info->bitmask & EBT_STP_SENDERPRIO) { -+ v16 = NR16(stpc->sender); -+ if (FWINV(v16 < c->sender_priol || -+ v16 > c->sender_priou, EBT_STP_SENDERPRIO)) -+ return EBT_NOMATCH; -+ } -+ if (info->bitmask & EBT_STP_SENDERADDR) { -+ verdict = 0; -+ for (i = 0; i < 6; i++) -+ verdict |= (stpc->sender[2+i] ^ c->sender_addr[i]) & -+ c->sender_addrmsk[i]; -+ if (FWINV(verdict != 0, EBT_STP_SENDERADDR)) -+ return EBT_NOMATCH; -+ } -+ if (info->bitmask & EBT_STP_PORT) { -+ v16 = NR16(stpc->port); -+ if (FWINV(v16 < c->portl || -+ v16 > c->portu, EBT_STP_PORT)) -+ return EBT_NOMATCH; -+ } -+ if (info->bitmask & EBT_STP_MSGAGE) { -+ v16 = NR16(stpc->msg_age); -+ if (FWINV(v16 < c->msg_agel || -+ v16 > c->msg_ageu, EBT_STP_MSGAGE)) -+ return EBT_NOMATCH; -+ } -+ if (info->bitmask & EBT_STP_MAXAGE) { -+ v16 = NR16(stpc->max_age); -+ if (FWINV(v16 < c->max_agel || -+ v16 > c->max_ageu, EBT_STP_MAXAGE)) -+ return EBT_NOMATCH; -+ } -+ if (info->bitmask & EBT_STP_HELLOTIME) { -+ v16 = NR16(stpc->hello_time); -+ if (FWINV(v16 < c->hello_timel || -+ v16 > c->hello_timeu, EBT_STP_HELLOTIME)) -+ return EBT_NOMATCH; -+ } -+ if (info->bitmask & EBT_STP_FWDD) { -+ v16 = NR16(stpc->forward_delay); -+ if (FWINV(v16 < c->forward_delayl || -+ v16 > c->forward_delayu, EBT_STP_FWDD)) -+ return EBT_NOMATCH; -+ } -+ return EBT_MATCH; -+} -+ -+static int ebt_filter_stp(const struct sk_buff *skb, const struct net_device *in, -+ const struct net_device *out, const void *data, unsigned int datalen) -+{ -+ struct ebt_stp_info *info = (struct ebt_stp_info *)data; -+ struct stp_header stph; -+ uint8_t header[6] = {0x42, 0x42, 0x03, 0x00, 0x00, 0x00}; -+ if (skb_copy_bits(skb, 0, &stph, sizeof(stph))) -+ return EBT_NOMATCH; -+ -+ /* The stp code only considers these */ -+ if (memcmp(&stph, header, sizeof(header))) -+ return EBT_NOMATCH; -+ -+ if (info->bitmask & EBT_STP_TYPE -+ && FWINV(info->type != stph.type, EBT_STP_TYPE)) -+ return EBT_NOMATCH; -+ -+ if (stph.type == BPDU_TYPE_CONFIG && -+ info->bitmask & EBT_STP_CONFIG_MASK) { -+ struct stp_config_pdu stpc; -+ -+ if (skb_copy_bits(skb, sizeof(stph), &stpc, sizeof(stpc))) -+ return EBT_NOMATCH; -+ return ebt_filter_config(info, &stpc); -+ } -+ return EBT_MATCH; -+} -+ -+static int ebt_stp_check(const char *tablename, unsigned int hookmask, -+ const struct ebt_entry *e, void *data, unsigned int datalen) -+{ -+ struct ebt_stp_info *info = (struct ebt_stp_info *)data; -+ int len = EBT_ALIGN(sizeof(struct ebt_stp_info)); -+ uint8_t bridge_ula[6] = { 0x01, 0x80, 0xc2, 0x00, 0x00, 0x00 }; -+ uint8_t msk[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; -+ -+ if (info->bitmask & ~EBT_STP_MASK || info->invflags & ~EBT_STP_MASK || -+ !(info->bitmask & EBT_STP_MASK)) -+ return -EINVAL; -+ if (datalen != len) -+ return -EINVAL; -+ /* Make sure the match only receives stp frames */ -+ if (memcmp(e->destmac, bridge_ula, ETH_ALEN) || -+ memcmp(e->destmsk, msk, ETH_ALEN) || !(e->bitmask & EBT_DESTMAC)) -+ return -EINVAL; -+ -+ return 0; -+} -+ -+static struct ebt_match filter_stp = -+{ -+ .name = EBT_STP_MATCH, -+ .match = ebt_filter_stp, -+ .check = ebt_stp_check, -+ .me = THIS_MODULE, -+}; -+ -+static int __init init(void) -+{ -+ return ebt_register_match(&filter_stp); -+} -+ -+static void __exit fini(void) -+{ -+ ebt_unregister_match(&filter_stp); -+} -+ -+module_init(init); -+module_exit(fini); -+EXPORT_NO_SYMBOLS; -+MODULE_LICENSE("GPL"); ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebt_redirect.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,71 @@ -+/* -+ * ebt_redirect -+ * -+ * Authors: -+ * Bart De Schuymer <bart.de.schuymer@pandora.be> -+ * -+ * April, 2002 -+ * -+ */ -+ -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/netfilter_bridge/ebt_redirect.h> -+#include <linux/module.h> -+#include <net/sock.h> -+#include "../br_private.h" -+ -+static int ebt_target_redirect(struct sk_buff **pskb, unsigned int hooknr, -+ const struct net_device *in, const struct net_device *out, -+ const void *data, unsigned int datalen) -+{ -+ struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; -+ -+ if (hooknr != NF_BR_BROUTING) -+ memcpy((**pskb).mac.ethernet->h_dest, -+ in->br_port->br->dev.dev_addr, ETH_ALEN); -+ else { -+ memcpy((**pskb).mac.ethernet->h_dest, -+ in->dev_addr, ETH_ALEN); -+ (*pskb)->pkt_type = PACKET_HOST; -+ } -+ return info->target; -+} -+ -+static int ebt_target_redirect_check(const char *tablename, unsigned int hookmask, -+ const struct ebt_entry *e, void *data, unsigned int datalen) -+{ -+ struct ebt_redirect_info *info = (struct ebt_redirect_info *)data; -+ -+ if (datalen != EBT_ALIGN(sizeof(struct ebt_redirect_info))) -+ return -EINVAL; -+ if (BASE_CHAIN && info->target == EBT_RETURN) -+ return -EINVAL; -+ CLEAR_BASE_CHAIN_BIT; -+ if ( (strcmp(tablename, "nat") || hookmask & ~(1 << NF_BR_PRE_ROUTING)) && -+ (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) ) -+ return -EINVAL; -+ if (INVALID_TARGET) -+ return -EINVAL; -+ return 0; -+} -+ -+static struct ebt_target redirect_target = -+{ -+ {NULL, NULL}, EBT_REDIRECT_TARGET, ebt_target_redirect, -+ ebt_target_redirect_check, NULL, THIS_MODULE -+}; -+ -+static int __init init(void) -+{ -+ return ebt_register_target(&redirect_target); -+} -+ -+static void __exit fini(void) -+{ -+ ebt_unregister_target(&redirect_target); -+} -+ -+module_init(init); -+module_exit(fini); -+EXPORT_NO_SYMBOLS; -+MODULE_LICENSE("GPL"); ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebt_arp.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,149 @@ -+/* -+ * ebt_arp -+ * -+ * Authors: -+ * Bart De Schuymer <bart.de.schuymer@pandora.be> -+ * Tim Gardner <timg@tpi.com> -+ * -+ * April, 2002 -+ * -+ */ -+ -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/netfilter_bridge/ebt_arp.h> -+#include <linux/if_arp.h> -+#include <linux/if_ether.h> -+#include <linux/module.h> -+ -+static int ebt_filter_arp(const struct sk_buff *skb, const struct net_device *in, -+ const struct net_device *out, const void *data, unsigned int datalen) -+{ -+ struct ebt_arp_info *info = (struct ebt_arp_info *)data; -+ -+ if (info->bitmask & EBT_ARP_OPCODE && FWINV(info->opcode != -+ ((*skb).nh.arph)->ar_op, EBT_ARP_OPCODE)) -+ return EBT_NOMATCH; -+ if (info->bitmask & EBT_ARP_HTYPE && FWINV(info->htype != -+ ((*skb).nh.arph)->ar_hrd, EBT_ARP_HTYPE)) -+ return EBT_NOMATCH; -+ if (info->bitmask & EBT_ARP_PTYPE && FWINV(info->ptype != -+ ((*skb).nh.arph)->ar_pro, EBT_ARP_PTYPE)) -+ return EBT_NOMATCH; -+ -+ if (info->bitmask & (EBT_ARP_SRC_IP | EBT_ARP_DST_IP)) -+ { -+ uint32_t arp_len = sizeof(struct arphdr) + -+ (2 * (((*skb).nh.arph)->ar_hln)) + -+ (2 * (((*skb).nh.arph)->ar_pln)); -+ uint32_t dst; -+ uint32_t src; -+ -+ // Make sure the packet is long enough. -+ if ((((*skb).nh.raw) + arp_len) > (*skb).tail) -+ return EBT_NOMATCH; -+ // IPv4 addresses are always 4 bytes. -+ if (((*skb).nh.arph)->ar_pln != sizeof(uint32_t)) -+ return EBT_NOMATCH; -+ -+ if (info->bitmask & EBT_ARP_SRC_IP) { -+ memcpy(&src, ((*skb).nh.raw) + sizeof(struct arphdr) + -+ ((*skb).nh.arph)->ar_hln, sizeof(uint32_t)); -+ if (FWINV(info->saddr != (src & info->smsk), -+ EBT_ARP_SRC_IP)) -+ return EBT_NOMATCH; -+ } -+ -+ if (info->bitmask & EBT_ARP_DST_IP) { -+ memcpy(&dst, ((*skb).nh.raw)+sizeof(struct arphdr) + -+ (2*(((*skb).nh.arph)->ar_hln)) + -+ (((*skb).nh.arph)->ar_pln), sizeof(uint32_t)); -+ if (FWINV(info->daddr != (dst & info->dmsk), -+ EBT_ARP_DST_IP)) -+ return EBT_NOMATCH; -+ } -+ } -+ -+ if (info->bitmask & (EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC)) -+ { -+ uint32_t arp_len = sizeof(struct arphdr) + -+ (2 * (((*skb).nh.arph)->ar_hln)) + -+ (2 * (((*skb).nh.arph)->ar_pln)); -+ unsigned char dst[ETH_ALEN]; -+ unsigned char src[ETH_ALEN]; -+ -+ // Make sure the packet is long enough. -+ if ((((*skb).nh.raw) + arp_len) > (*skb).tail) -+ return EBT_NOMATCH; -+ // MAC addresses are 6 bytes. -+ if (((*skb).nh.arph)->ar_hln != ETH_ALEN) -+ return EBT_NOMATCH; -+ if (info->bitmask & EBT_ARP_SRC_MAC) { -+ uint8_t verdict, i; -+ -+ memcpy(&src, ((*skb).nh.raw) + -+ sizeof(struct arphdr), -+ ETH_ALEN); -+ verdict = 0; -+ for (i = 0; i < 6; i++) -+ verdict |= (src[i] ^ info->smaddr[i]) & -+ info->smmsk[i]; -+ if (FWINV(verdict != 0, EBT_ARP_SRC_MAC)) -+ return EBT_NOMATCH; -+ } -+ -+ if (info->bitmask & EBT_ARP_DST_MAC) { -+ uint8_t verdict, i; -+ -+ memcpy(&dst, ((*skb).nh.raw) + -+ sizeof(struct arphdr) + -+ (((*skb).nh.arph)->ar_hln) + -+ (((*skb).nh.arph)->ar_pln), -+ ETH_ALEN); -+ verdict = 0; -+ for (i = 0; i < 6; i++) -+ verdict |= (dst[i] ^ info->dmaddr[i]) & -+ info->dmmsk[i]; -+ if (FWINV(verdict != 0, EBT_ARP_DST_MAC)) -+ return EBT_NOMATCH; -+ } -+ } -+ -+ return EBT_MATCH; -+} -+ -+static int ebt_arp_check(const char *tablename, unsigned int hookmask, -+ const struct ebt_entry *e, void *data, unsigned int datalen) -+{ -+ struct ebt_arp_info *info = (struct ebt_arp_info *)data; -+ -+ if (datalen != EBT_ALIGN(sizeof(struct ebt_arp_info))) -+ return -EINVAL; -+ if ((e->ethproto != __constant_htons(ETH_P_ARP) && -+ e->ethproto != __constant_htons(ETH_P_RARP)) || -+ e->invflags & EBT_IPROTO) -+ return -EINVAL; -+ if (info->bitmask & ~EBT_ARP_MASK || info->invflags & ~EBT_ARP_MASK) -+ return -EINVAL; -+ return 0; -+} -+ -+static struct ebt_match filter_arp = -+{ -+ {NULL, NULL}, EBT_ARP_MATCH, ebt_filter_arp, ebt_arp_check, NULL, -+ THIS_MODULE -+}; -+ -+static int __init init(void) -+{ -+ return ebt_register_match(&filter_arp); -+} -+ -+static void __exit fini(void) -+{ -+ ebt_unregister_match(&filter_arp); -+} -+ -+module_init(init); -+module_exit(fini); -+EXPORT_NO_SYMBOLS; -+MODULE_LICENSE("GPL"); ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebt_ip.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,121 @@ -+/* -+ * ebt_ip -+ * -+ * Authors: -+ * Bart De Schuymer <bart.de.schuymer@pandora.be> -+ * -+ * April, 2002 -+ * -+ * Changes: -+ * added ip-sport and ip-dport -+ * Innominate Security Technologies AG <mhopf@innominate.com> -+ * September, 2002 -+ */ -+ -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/netfilter_bridge/ebt_ip.h> -+#include <linux/ip.h> -+#include <linux/in.h> -+#include <linux/module.h> -+ -+struct tcpudphdr { -+ uint16_t src; -+ uint16_t dst; -+}; -+ -+union h_u { -+ unsigned char *raw; -+ struct tcpudphdr *tuh; -+}; -+ -+static int ebt_filter_ip(const struct sk_buff *skb, const struct net_device *in, -+ const struct net_device *out, const void *data, -+ unsigned int datalen) -+{ -+ struct ebt_ip_info *info = (struct ebt_ip_info *)data; -+ -+ if (info->bitmask & EBT_IP_TOS && -+ FWINV(info->tos != ((*skb).nh.iph)->tos, EBT_IP_TOS)) -+ return EBT_NOMATCH; -+ if (info->bitmask & EBT_IP_PROTO) { -+ if (FWINV(info->protocol != ((*skb).nh.iph)->protocol, -+ EBT_IP_PROTO)) -+ return EBT_NOMATCH; -+ if ( info->protocol == IPPROTO_TCP || -+ info->protocol == IPPROTO_UDP ) -+ { -+ union h_u h; -+ h.raw = skb->data + skb->nh.iph->ihl*4; -+ if (info->bitmask & EBT_IP_DPORT) { -+ uint16_t port = ntohs(h.tuh->dst); -+ if (FWINV(port < info->dport[0] || -+ port > info->dport[1], -+ EBT_IP_DPORT)) -+ return EBT_NOMATCH; -+ } -+ if (info->bitmask & EBT_IP_SPORT) { -+ uint16_t port = ntohs(h.tuh->src); -+ if (FWINV(port < info->sport[0] || -+ port > info->sport[1], -+ EBT_IP_SPORT)) -+ return EBT_NOMATCH; -+ } -+ } -+ } -+ if (info->bitmask & EBT_IP_SOURCE && -+ FWINV((((*skb).nh.iph)->saddr & info->smsk) != -+ info->saddr, EBT_IP_SOURCE)) -+ return EBT_NOMATCH; -+ if ((info->bitmask & EBT_IP_DEST) && -+ FWINV((((*skb).nh.iph)->daddr & info->dmsk) != -+ info->daddr, EBT_IP_DEST)) -+ return EBT_NOMATCH; -+ return EBT_MATCH; -+} -+ -+static int ebt_ip_check(const char *tablename, unsigned int hookmask, -+ const struct ebt_entry *e, void *data, unsigned int datalen) -+{ -+ struct ebt_ip_info *info = (struct ebt_ip_info *)data; -+ -+ if (datalen != EBT_ALIGN(sizeof(struct ebt_ip_info))) -+ return -EINVAL; -+ if (e->ethproto != __constant_htons(ETH_P_IP) || -+ e->invflags & EBT_IPROTO) -+ return -EINVAL; -+ if (info->bitmask & ~EBT_IP_MASK || info->invflags & ~EBT_IP_MASK) -+ return -EINVAL; -+ if (info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT)) { -+ if (!info->bitmask & EBT_IPROTO) -+ return -EINVAL; -+ if (info->protocol != IPPROTO_TCP && -+ info->protocol != IPPROTO_UDP) -+ return -EINVAL; -+ } -+ if (info->bitmask & EBT_IP_DPORT && info->dport[0] > info->dport[1]) -+ return -EINVAL; -+ if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1]) -+ return -EINVAL; -+ return 0; -+} -+ -+static struct ebt_match filter_ip = -+{ -+ {NULL, NULL}, EBT_IP_MATCH, ebt_filter_ip, ebt_ip_check, NULL, -+ THIS_MODULE -+}; -+ -+static int __init init(void) -+{ -+ return ebt_register_match(&filter_ip); -+} -+ -+static void __exit fini(void) -+{ -+ ebt_unregister_match(&filter_ip); -+} -+ -+module_init(init); -+module_exit(fini); -+EXPORT_NO_SYMBOLS; -+MODULE_LICENSE("GPL"); ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebt_vlan.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,259 @@ -+/* -+ * Description: EBTables 802.1Q match extension kernelspace module. -+ * Authors: Nick Fedchik <nick@fedchik.org.ua> -+ * Bart De Schuymer <bart.de.schuymer@pandora.be> -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -+ */ -+ -+#include <linux/if_ether.h> -+#include <linux/if_vlan.h> -+#include <linux/module.h> -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/netfilter_bridge/ebt_vlan.h> -+ -+static unsigned char debug; -+#define MODULE_VERSION "0.6" -+ -+MODULE_PARM(debug, "0-1b"); -+MODULE_PARM_DESC(debug, "debug=1 is turn on debug messages"); -+MODULE_AUTHOR("Nick Fedchik <nick@fedchik.org.ua>"); -+MODULE_DESCRIPTION("802.1Q match module (ebtables extension), v" -+ MODULE_VERSION); -+MODULE_LICENSE("GPL"); -+ -+ -+#define DEBUG_MSG(args...) if (debug) printk (KERN_DEBUG "ebt_vlan: " args) -+#define INV_FLAG(_inv_flag_) (info->invflags & _inv_flag_) ? "!" : "" -+#define GET_BITMASK(_BIT_MASK_) info->bitmask & _BIT_MASK_ -+#define SET_BITMASK(_BIT_MASK_) info->bitmask |= _BIT_MASK_ -+#define EXIT_ON_MISMATCH(_MATCH_,_MASK_) if (!((info->_MATCH_ == _MATCH_)^!!(info->invflags & _MASK_))) return 1; -+ -+/* -+ * Function description: ebt_filter_vlan() is main engine for -+ * checking passed 802.1Q frame according to -+ * the passed extension parameters (in the *data buffer) -+ * ebt_filter_vlan() is called after successfull check the rule params -+ * by ebt_check_vlan() function. -+ * Parameters: -+ * const struct sk_buff *skb - pointer to passed ethernet frame buffer -+ * const void *data - pointer to passed extension parameters -+ * unsigned int datalen - length of passed *data buffer -+ * const struct net_device *in - -+ * const struct net_device *out - -+ * const struct ebt_counter *c - -+ * Returned values: -+ * 0 - ok (all rule params matched) -+ * 1 - miss (rule params not acceptable to the parsed frame) -+ */ -+static int -+ebt_filter_vlan(const struct sk_buff *skb, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *data, unsigned int datalen) -+{ -+ struct ebt_vlan_info *info = (struct ebt_vlan_info *) data; /* userspace data */ -+ struct vlan_ethhdr *frame = (struct vlan_ethhdr *) skb->mac.raw; /* Passed tagged frame */ -+ -+ unsigned short TCI; /* Whole TCI, given from parsed frame */ -+ unsigned short id; /* VLAN ID, given from frame TCI */ -+ unsigned char prio; /* user_priority, given from frame TCI */ -+ unsigned short encap; /* VLAN encapsulated Type/Length field, given from orig frame */ -+ -+ /* -+ * Tag Control Information (TCI) consists of the following elements: -+ * - User_priority. The user_priority field is three bits in length, -+ * interpreted as a binary number. -+ * - Canonical Format Indicator (CFI). The Canonical Format Indicator -+ * (CFI) is a single bit flag value. Currently ignored. -+ * - VLAN Identifier (VID). The VID is encoded as -+ * an unsigned binary number. -+ */ -+ TCI = ntohs(frame->h_vlan_TCI); -+ id = TCI & VLAN_VID_MASK; -+ prio = (TCI >> 13) & 0x7; -+ encap = frame->h_vlan_encapsulated_proto; -+ -+ /* -+ * Checking VLAN Identifier (VID) -+ */ -+ if (GET_BITMASK(EBT_VLAN_ID)) { /* Is VLAN ID parsed? */ -+ EXIT_ON_MISMATCH(id, EBT_VLAN_ID); -+ } -+ /* -+ * Checking user_priority -+ */ -+ if (GET_BITMASK(EBT_VLAN_PRIO)) { /* Is VLAN user_priority parsed? */ -+ EXIT_ON_MISMATCH(prio, EBT_VLAN_PRIO); -+ } -+ /* -+ * Checking Encapsulated Proto (Length/Type) field -+ */ -+ if (GET_BITMASK(EBT_VLAN_ENCAP)) { /* Is VLAN Encap parsed? */ -+ EXIT_ON_MISMATCH(encap, EBT_VLAN_ENCAP); -+ } -+ /* -+ * All possible extension parameters was parsed. -+ * If rule never returned by missmatch, then all ok. -+ */ -+ return 0; -+} -+ -+/* -+ * Function description: ebt_vlan_check() is called when userspace -+ * delivers the table entry to the kernel, -+ * and to check that userspace doesn't give a bad table. -+ * Parameters: -+ * const char *tablename - table name string -+ * unsigned int hooknr - hook number -+ * const struct ebt_entry *e - ebtables entry basic set -+ * const void *data - pointer to passed extension parameters -+ * unsigned int datalen - length of passed *data buffer -+ * Returned values: -+ * 0 - ok (all delivered rule params are correct) -+ * 1 - miss (rule params is out of range, invalid, incompatible, etc.) -+ */ -+static int -+ebt_check_vlan(const char *tablename, -+ unsigned int hooknr, -+ const struct ebt_entry *e, void *data, unsigned int datalen) -+{ -+ struct ebt_vlan_info *info = (struct ebt_vlan_info *) data; -+ -+ /* -+ * Parameters buffer overflow check -+ */ -+ if (datalen != EBT_ALIGN(sizeof(struct ebt_vlan_info))) { -+ DEBUG_MSG -+ ("passed size %d is not eq to ebt_vlan_info (%d)\n", -+ datalen, sizeof(struct ebt_vlan_info)); -+ return -EINVAL; -+ } -+ -+ /* -+ * Is it 802.1Q frame checked? -+ */ -+ if (e->ethproto != __constant_htons(ETH_P_8021Q)) { -+ DEBUG_MSG -+ ("passed entry proto %2.4X is not 802.1Q (8100)\n", -+ (unsigned short) ntohs(e->ethproto)); -+ return -EINVAL; -+ } -+ -+ /* -+ * Check for bitmask range -+ * True if even one bit is out of mask -+ */ -+ if (info->bitmask & ~EBT_VLAN_MASK) { -+ DEBUG_MSG("bitmask %2X is out of mask (%2X)\n", -+ info->bitmask, EBT_VLAN_MASK); -+ return -EINVAL; -+ } -+ -+ /* -+ * Check for inversion flags range -+ */ -+ if (info->invflags & ~EBT_VLAN_MASK) { -+ DEBUG_MSG("inversion flags %2X is out of mask (%2X)\n", -+ info->invflags, EBT_VLAN_MASK); -+ return -EINVAL; -+ } -+ -+ /* -+ * Reserved VLAN ID (VID) values -+ * ----------------------------- -+ * 0 - The null VLAN ID. -+ * 1 - The default Port VID (PVID) -+ * 0x0FFF - Reserved for implementation use. -+ * if_vlan.h: VLAN_GROUP_ARRAY_LEN 4096. -+ */ -+ if (GET_BITMASK(EBT_VLAN_ID)) { /* when vlan-id param was spec-ed */ -+ if (!!info->id) { /* if id!=0 => check vid range */ -+ if (info->id > VLAN_GROUP_ARRAY_LEN) { -+ DEBUG_MSG -+ ("id %d is out of range (1-4096)\n", -+ info->id); -+ return -EINVAL; -+ } -+ /* -+ * Note: This is valid VLAN-tagged frame point. -+ * Any value of user_priority are acceptable, -+ * but should be ignored according to 802.1Q Std. -+ * So we just drop the prio flag. -+ */ -+ info->bitmask &= ~EBT_VLAN_PRIO; -+ } -+ /* -+ * Else, id=0 (null VLAN ID) => user_priority range (any?) -+ */ -+ } -+ -+ if (GET_BITMASK(EBT_VLAN_PRIO)) { -+ if ((unsigned char) info->prio > 7) { -+ DEBUG_MSG -+ ("prio %d is out of range (0-7)\n", -+ info->prio); -+ return -EINVAL; -+ } -+ } -+ /* -+ * Check for encapsulated proto range - it is possible to be -+ * any value for u_short range. -+ * if_ether.h: ETH_ZLEN 60 - Min. octets in frame sans FCS -+ */ -+ if (GET_BITMASK(EBT_VLAN_ENCAP)) { -+ if ((unsigned short) ntohs(info->encap) < ETH_ZLEN) { -+ DEBUG_MSG -+ ("encap frame length %d is less than minimal\n", -+ ntohs(info->encap)); -+ return -EINVAL; -+ } -+ } -+ -+ return 0; -+} -+ -+static struct ebt_match filter_vlan = { -+ {NULL, NULL}, -+ EBT_VLAN_MATCH, -+ ebt_filter_vlan, -+ ebt_check_vlan, -+ NULL, -+ THIS_MODULE -+}; -+ -+/* -+ * Module initialization function. -+ */ -+static int __init init(void) -+{ -+ DEBUG_MSG("ebtables 802.1Q extension module v" -+ MODULE_VERSION "\n"); -+ DEBUG_MSG("module debug=%d\n", !!debug); -+ return ebt_register_match(&filter_vlan); -+} -+ -+/* -+ * Module "finalization" function -+ */ -+static void __exit fini(void) -+{ -+ ebt_unregister_match(&filter_vlan); -+} -+ -+module_init(init); -+module_exit(fini); -+ -+EXPORT_NO_SYMBOLS; ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebt_log.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,152 @@ -+/* -+ * ebt_log -+ * -+ * Authors: -+ * Bart De Schuymer <bart.de.schuymer@pandora.be> -+ * -+ * April, 2002 -+ * -+ */ -+ -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/netfilter_bridge/ebt_log.h> -+#include <linux/module.h> -+#include <linux/ip.h> -+#include <linux/in.h> -+#include <linux/if_arp.h> -+#include <linux/spinlock.h> -+ -+static spinlock_t ebt_log_lock = SPIN_LOCK_UNLOCKED; -+ -+static int ebt_log_check(const char *tablename, unsigned int hookmask, -+ const struct ebt_entry *e, void *data, unsigned int datalen) -+{ -+ struct ebt_log_info *info = (struct ebt_log_info *)data; -+ -+ if (datalen != EBT_ALIGN(sizeof(struct ebt_log_info))) -+ return -EINVAL; -+ if (info->bitmask & ~EBT_LOG_MASK) -+ return -EINVAL; -+ if (info->loglevel >= 8) -+ return -EINVAL; -+ info->prefix[EBT_LOG_PREFIX_SIZE - 1] = '\0'; -+ return 0; -+} -+ -+struct tcpudphdr -+{ -+ uint16_t src; -+ uint16_t dst; -+}; -+ -+struct arppayload -+{ -+ unsigned char mac_src[ETH_ALEN]; -+ unsigned char ip_src[4]; -+ unsigned char mac_dst[ETH_ALEN]; -+ unsigned char ip_dst[4]; -+}; -+ -+static void print_MAC(unsigned char *p) -+{ -+ int i; -+ -+ for (i = 0; i < ETH_ALEN; i++, p++) -+ printk("%02x%c", *p, i == ETH_ALEN - 1 ? ' ':':'); -+} -+ -+#define myNIPQUAD(a) a[0], a[1], a[2], a[3] -+static void ebt_log(const struct sk_buff *skb, const struct net_device *in, -+ const struct net_device *out, const void *data, unsigned int datalen) -+{ -+ struct ebt_log_info *info = (struct ebt_log_info *)data; -+ char level_string[4] = "< >"; -+ level_string[1] = '0' + info->loglevel; -+ -+ spin_lock_bh(&ebt_log_lock); -+ printk(level_string); -+ printk("%s IN=%s OUT=%s ", info->prefix, in ? in->name : "", -+ out ? out->name : ""); -+ -+ printk("MAC source = "); -+ print_MAC((skb->mac.ethernet)->h_source); -+ printk("MAC dest = "); -+ print_MAC((skb->mac.ethernet)->h_dest); -+ -+ printk("proto = 0x%04x", ntohs(((*skb).mac.ethernet)->h_proto)); -+ -+ if ((info->bitmask & EBT_LOG_IP) && skb->mac.ethernet->h_proto == -+ htons(ETH_P_IP)){ -+ struct iphdr *iph = skb->nh.iph; -+ printk(" IP SRC=%u.%u.%u.%u IP DST=%u.%u.%u.%u,", -+ NIPQUAD(iph->saddr), NIPQUAD(iph->daddr)); -+ printk(" IP tos=0x%02X, IP proto=%d", iph->tos, iph->protocol); -+ if (iph->protocol == IPPROTO_TCP || -+ iph->protocol == IPPROTO_UDP) { -+ struct tcpudphdr *ports = (struct tcpudphdr *)(skb->data + iph->ihl*4); -+ -+ if (skb->data + iph->ihl*4 > skb->tail) { -+ printk(" INCOMPLETE TCP/UDP header"); -+ goto out; -+ } -+ printk(" SPT=%u DPT=%u", ntohs(ports->src), -+ ntohs(ports->dst)); -+ } -+ goto out; -+ } -+ -+ if ((info->bitmask & EBT_LOG_ARP) && -+ ((skb->mac.ethernet->h_proto == __constant_htons(ETH_P_ARP)) || -+ (skb->mac.ethernet->h_proto == __constant_htons(ETH_P_RARP)))) { -+ struct arphdr * arph = skb->nh.arph; -+ printk(" ARP HTYPE=%d, PTYPE=0x%04x, OPCODE=%d", -+ ntohs(arph->ar_hrd), ntohs(arph->ar_pro), -+ ntohs(arph->ar_op)); -+ /* If it's for Ethernet and the lengths are OK, -+ * then log the ARP payload */ -+ if (arph->ar_hrd == __constant_htons(1) && -+ arph->ar_hln == ETH_ALEN && -+ arph->ar_pln == sizeof(uint32_t)) { -+ struct arppayload *arpp = (struct arppayload *)(skb->data + sizeof(*arph)); -+ -+ if (skb->data + sizeof(*arph) > skb->tail) { -+ printk(" INCOMPLETE ARP header"); -+ goto out; -+ } -+ -+ printk(" ARP MAC SRC="); -+ print_MAC(arpp->mac_src); -+ printk(" ARP IP SRC=%u.%u.%u.%u", -+ myNIPQUAD(arpp->ip_src)); -+ printk(" ARP MAC DST="); -+ print_MAC(arpp->mac_dst); -+ printk(" ARP IP DST=%u.%u.%u.%u", -+ myNIPQUAD(arpp->ip_dst)); -+ } -+ -+ } -+out: -+ printk("\n"); -+ spin_unlock_bh(&ebt_log_lock); -+} -+ -+static struct ebt_watcher log = -+{ -+ {NULL, NULL}, EBT_LOG_WATCHER, ebt_log, ebt_log_check, NULL, -+ THIS_MODULE -+}; -+ -+static int __init init(void) -+{ -+ return ebt_register_watcher(&log); -+} -+ -+static void __exit fini(void) -+{ -+ ebt_unregister_watcher(&log); -+} -+ -+module_init(init); -+module_exit(fini); -+EXPORT_NO_SYMBOLS; -+MODULE_LICENSE("GPL"); ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebt_snat.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,64 @@ -+/* -+ * ebt_snat -+ * -+ * Authors: -+ * Bart De Schuymer <bart.de.schuymer@pandora.be> -+ * -+ * June, 2002 -+ * -+ */ -+ -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/netfilter_bridge/ebt_nat.h> -+#include <linux/module.h> -+ -+static int ebt_target_snat(struct sk_buff **pskb, unsigned int hooknr, -+ const struct net_device *in, const struct net_device *out, -+ const void *data, unsigned int datalen) -+{ -+ struct ebt_nat_info *info = (struct ebt_nat_info *) data; -+ -+ memcpy(((**pskb).mac.ethernet)->h_source, info->mac, -+ ETH_ALEN * sizeof(unsigned char)); -+ return info->target; -+} -+ -+static int ebt_target_snat_check(const char *tablename, unsigned int hookmask, -+ const struct ebt_entry *e, void *data, unsigned int datalen) -+{ -+ struct ebt_nat_info *info = (struct ebt_nat_info *) data; -+ -+ if (datalen != EBT_ALIGN(sizeof(struct ebt_nat_info))) -+ return -EINVAL; -+ if (BASE_CHAIN && info->target == EBT_RETURN) -+ return -EINVAL; -+ CLEAR_BASE_CHAIN_BIT; -+ if (strcmp(tablename, "nat")) -+ return -EINVAL; -+ if (hookmask & ~(1 << NF_BR_POST_ROUTING)) -+ return -EINVAL; -+ if (INVALID_TARGET) -+ return -EINVAL; -+ return 0; -+} -+ -+static struct ebt_target snat = -+{ -+ {NULL, NULL}, EBT_SNAT_TARGET, ebt_target_snat, ebt_target_snat_check, -+ NULL, THIS_MODULE -+}; -+ -+static int __init init(void) -+{ -+ return ebt_register_target(&snat); -+} -+ -+static void __exit fini(void) -+{ -+ ebt_unregister_target(&snat); -+} -+ -+module_init(init); -+module_exit(fini); -+EXPORT_NO_SYMBOLS; -+MODULE_LICENSE("GPL"); ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebt_dnat.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,65 @@ -+/* -+ * ebt_dnat -+ * -+ * Authors: -+ * Bart De Schuymer <bart.de.schuymer@pandora.be> -+ * -+ * June, 2002 -+ * -+ */ -+ -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/netfilter_bridge/ebt_nat.h> -+#include <linux/module.h> -+#include <net/sock.h> -+ -+static int ebt_target_dnat(struct sk_buff **pskb, unsigned int hooknr, -+ const struct net_device *in, const struct net_device *out, -+ const void *data, unsigned int datalen) -+{ -+ struct ebt_nat_info *info = (struct ebt_nat_info *)data; -+ -+ memcpy(((**pskb).mac.ethernet)->h_dest, info->mac, -+ ETH_ALEN * sizeof(unsigned char)); -+ return info->target; -+} -+ -+static int ebt_target_dnat_check(const char *tablename, unsigned int hookmask, -+ const struct ebt_entry *e, void *data, unsigned int datalen) -+{ -+ struct ebt_nat_info *info = (struct ebt_nat_info *)data; -+ -+ if (BASE_CHAIN && info->target == EBT_RETURN) -+ return -EINVAL; -+ CLEAR_BASE_CHAIN_BIT; -+ if ( (strcmp(tablename, "nat") || -+ (hookmask & ~((1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_LOCAL_OUT)))) && -+ (strcmp(tablename, "broute") || hookmask & ~(1 << NF_BR_BROUTING)) ) -+ return -EINVAL; -+ if (datalen != EBT_ALIGN(sizeof(struct ebt_nat_info))) -+ return -EINVAL; -+ if (INVALID_TARGET) -+ return -EINVAL; -+ return 0; -+} -+ -+static struct ebt_target dnat = -+{ -+ {NULL, NULL}, EBT_DNAT_TARGET, ebt_target_dnat, ebt_target_dnat_check, -+ NULL, THIS_MODULE -+}; -+ -+static int __init init(void) -+{ -+ return ebt_register_target(&dnat); -+} -+ -+static void __exit fini(void) -+{ -+ ebt_unregister_target(&dnat); -+} -+ -+module_init(init); -+module_exit(fini); -+EXPORT_NO_SYMBOLS; -+MODULE_LICENSE("GPL"); ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/netfilter/ebtables.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,1490 @@ -+/* -+ * ebtables -+ * -+ * Author: -+ * Bart De Schuymer <bart.de.schuymer@pandora.be> -+ * -+ * ebtables.c,v 2.0, July, 2002 -+ * -+ * This code is stongly inspired on the iptables code which is -+ * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ */ -+ -+// used for print_string -+#include <linux/sched.h> -+#include <linux/tty.h> -+ -+#include <linux/kmod.h> -+#include <linux/module.h> -+#include <linux/vmalloc.h> -+#include <linux/netfilter_bridge/ebtables.h> -+#include <linux/spinlock.h> -+#include <asm/uaccess.h> -+#include <linux/smp.h> -+#include <net/sock.h> -+// needed for logical [in,out]-dev filtering -+#include "../br_private.h" -+ -+// list_named_find -+#define ASSERT_READ_LOCK(x) -+#define ASSERT_WRITE_LOCK(x) -+#include <linux/netfilter_ipv4/listhelp.h> -+ -+#if 0 // use this for remote debugging -+// Copyright (C) 1998 by Ori Pomerantz -+// Print the string to the appropriate tty, the one -+// the current task uses -+static void print_string(char *str) -+{ -+ struct tty_struct *my_tty; -+ -+ /* The tty for the current task */ -+ my_tty = current->tty; -+ if (my_tty != NULL) { -+ (*(my_tty->driver).write)(my_tty, 0, str, strlen(str)); -+ (*(my_tty->driver).write)(my_tty, 0, "\015\012", 2); -+ } -+} -+ -+#define BUGPRINT(args) print_string(args); -+#else -+#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\ -+ "report to author: "format, ## args) -+// #define BUGPRINT(format, args...) -+#endif -+#define MEMPRINT(format, args...) printk("kernel msg: ebtables "\ -+ ": out of memory: "format, ## args) -+// #define MEMPRINT(format, args...) -+ -+ -+ -+// Each cpu has its own set of counters, so there is no need for write_lock in -+// the softirq -+// For reading or updating the counters, the user context needs to -+// get a write_lock -+ -+// The size of each set of counters is altered to get cache alignment -+#define SMP_ALIGN(x) (((x) + SMP_CACHE_BYTES-1) & ~(SMP_CACHE_BYTES-1)) -+#define COUNTER_OFFSET(n) (SMP_ALIGN(n * sizeof(struct ebt_counter))) -+#define COUNTER_BASE(c, n, cpu) ((struct ebt_counter *)(((char *)c) + \ -+ COUNTER_OFFSET(n) * cpu)) -+ -+ -+ -+static DECLARE_MUTEX(ebt_mutex); -+static LIST_HEAD(ebt_tables); -+static LIST_HEAD(ebt_targets); -+static LIST_HEAD(ebt_matches); -+static LIST_HEAD(ebt_watchers); -+ -+static struct ebt_target ebt_standard_target = -+{ {NULL, NULL}, EBT_STANDARD_TARGET, NULL, NULL, NULL, NULL}; -+ -+static inline int ebt_do_watcher (struct ebt_entry_watcher *w, -+ const struct sk_buff *skb, const struct net_device *in, -+ const struct net_device *out) -+{ -+ w->u.watcher->watcher(skb, in, out, w->data, -+ w->watcher_size); -+ // watchers don't give a verdict -+ return 0; -+} -+ -+static inline int ebt_do_match (struct ebt_entry_match *m, -+ const struct sk_buff *skb, const struct net_device *in, -+ const struct net_device *out) -+{ -+ return m->u.match->match(skb, in, out, m->data, -+ m->match_size); -+} -+ -+static inline int ebt_dev_check(char *entry, const struct net_device *device) -+{ -+ if (*entry == '\0') -+ return 0; -+ if (!device) -+ return 1; -+ return !!strcmp(entry, device->name); -+} -+ -+#define FWINV2(bool,invflg) ((bool) ^ !!(e->invflags & invflg)) -+// process standard matches -+static inline int ebt_basic_match(struct ebt_entry *e, struct ethhdr *h, -+ const struct net_device *in, const struct net_device *out) -+{ -+ int verdict, i; -+ -+ if (e->bitmask & EBT_802_3) { -+ if (FWINV2(ntohs(h->h_proto) >= 1536, EBT_IPROTO)) -+ return 1; -+ } else if (!(e->bitmask & EBT_NOPROTO) && -+ FWINV2(e->ethproto != h->h_proto, EBT_IPROTO)) -+ return 1; -+ -+ if (FWINV2(ebt_dev_check(e->in, in), EBT_IIN)) -+ return 1; -+ if (FWINV2(ebt_dev_check(e->out, out), EBT_IOUT)) -+ return 1; -+ if ((!in || !in->br_port) ? 0 : FWINV2(ebt_dev_check( -+ e->logical_in, &in->br_port->br->dev), EBT_ILOGICALIN)) -+ return 1; -+ if ((!out || !out->br_port) ? 0 : FWINV2(ebt_dev_check( -+ e->logical_out, &out->br_port->br->dev), EBT_ILOGICALOUT)) -+ return 1; -+ -+ if (e->bitmask & EBT_SOURCEMAC) { -+ verdict = 0; -+ for (i = 0; i < 6; i++) -+ verdict |= (h->h_source[i] ^ e->sourcemac[i]) & -+ e->sourcemsk[i]; -+ if (FWINV2(verdict != 0, EBT_ISOURCE) ) -+ return 1; -+ } -+ if (e->bitmask & EBT_DESTMAC) { -+ verdict = 0; -+ for (i = 0; i < 6; i++) -+ verdict |= (h->h_dest[i] ^ e->destmac[i]) & -+ e->destmsk[i]; -+ if (FWINV2(verdict != 0, EBT_IDEST) ) -+ return 1; -+ } -+ return 0; -+} -+ -+// Do some firewalling -+unsigned int ebt_do_table (unsigned int hook, struct sk_buff **pskb, -+ const struct net_device *in, const struct net_device *out, -+ struct ebt_table *table) -+{ -+ int i, nentries; -+ struct ebt_entry *point; -+ struct ebt_counter *counter_base, *cb_base; -+ struct ebt_entry_target *t; -+ int verdict, sp = 0; -+ struct ebt_chainstack *cs; -+ struct ebt_entries *chaininfo; -+ char *base; -+ struct ebt_table_info *private = table->private; -+ -+ read_lock_bh(&table->lock); -+ cb_base = COUNTER_BASE(private->counters, private->nentries, -+ cpu_number_map(smp_processor_id())); -+ if (private->chainstack) -+ cs = private->chainstack[cpu_number_map(smp_processor_id())]; -+ else -+ cs = NULL; -+ chaininfo = private->hook_entry[hook]; -+ nentries = private->hook_entry[hook]->nentries; -+ point = (struct ebt_entry *)(private->hook_entry[hook]->data); -+ counter_base = cb_base + private->hook_entry[hook]->counter_offset; -+ // base for chain jumps -+ base = private->entries; -+ i = 0; -+ while (i < nentries) { -+ if (ebt_basic_match(point, (**pskb).mac.ethernet, in, out)) -+ goto letscontinue; -+ -+ if (EBT_MATCH_ITERATE(point, ebt_do_match, *pskb, in, out) != 0) -+ goto letscontinue; -+ -+ // increase counter -+ (*(counter_base + i)).pcnt++; -+ (*(counter_base + i)).bcnt+=(**pskb).len; -+ -+ // these should only watch: not modify, nor tell us -+ // what to do with the packet -+ EBT_WATCHER_ITERATE(point, ebt_do_watcher, *pskb, in, -+ out); -+ -+ t = (struct ebt_entry_target *) -+ (((char *)point) + point->target_offset); -+ // standard target -+ if (!t->u.target->target) -+ verdict = ((struct ebt_standard_target *)t)->verdict; -+ else -+ verdict = t->u.target->target(pskb, hook, -+ in, out, t->data, t->target_size); -+ if (verdict == EBT_ACCEPT) { -+ read_unlock_bh(&table->lock); -+ return NF_ACCEPT; -+ } -+ if (verdict == EBT_DROP) { -+ read_unlock_bh(&table->lock); -+ return NF_DROP; -+ } -+ if (verdict == EBT_RETURN) { -+letsreturn: -+#ifdef CONFIG_NETFILTER_DEBUG -+ if (sp == 0) { -+ BUGPRINT("RETURN on base chain"); -+ // act like this is EBT_CONTINUE -+ goto letscontinue; -+ } -+#endif -+ sp--; -+ // put all the local variables right -+ i = cs[sp].n; -+ chaininfo = cs[sp].chaininfo; -+ nentries = chaininfo->nentries; -+ point = cs[sp].e; -+ counter_base = cb_base + -+ chaininfo->counter_offset; -+ continue; -+ } -+ if (verdict == EBT_CONTINUE) -+ goto letscontinue; -+#ifdef CONFIG_NETFILTER_DEBUG -+ if (verdict < 0) { -+ BUGPRINT("bogus standard verdict\n"); -+ read_unlock_bh(&table->lock); -+ return NF_DROP; -+ } -+#endif -+ // jump to a udc -+ cs[sp].n = i + 1; -+ cs[sp].chaininfo = chaininfo; -+ cs[sp].e = (struct ebt_entry *) -+ (((char *)point) + point->next_offset); -+ i = 0; -+ chaininfo = (struct ebt_entries *) (base + verdict); -+#ifdef CONFIG_NETFILTER_DEBUG -+ if (chaininfo->distinguisher) { -+ BUGPRINT("jump to non-chain\n"); -+ read_unlock_bh(&table->lock); -+ return NF_DROP; -+ } -+#endif -+ nentries = chaininfo->nentries; -+ point = (struct ebt_entry *)chaininfo->data; -+ counter_base = cb_base + chaininfo->counter_offset; -+ sp++; -+ continue; -+letscontinue: -+ point = (struct ebt_entry *) -+ (((char *)point) + point->next_offset); -+ i++; -+ } -+ -+ // I actually like this :) -+ if (chaininfo->policy == EBT_RETURN) -+ goto letsreturn; -+ if (chaininfo->policy == EBT_ACCEPT) { -+ read_unlock_bh(&table->lock); -+ return NF_ACCEPT; -+ } -+ read_unlock_bh(&table->lock); -+ return NF_DROP; -+} -+ -+// If it succeeds, returns element and locks mutex -+static inline void * -+find_inlist_lock_noload(struct list_head *head, const char *name, int *error, -+ struct semaphore *mutex) -+{ -+ void *ret; -+ -+ *error = down_interruptible(mutex); -+ if (*error != 0) -+ return NULL; -+ -+ ret = list_named_find(head, name); -+ if (!ret) { -+ *error = -ENOENT; -+ up(mutex); -+ } -+ return ret; -+} -+ -+#ifndef CONFIG_KMOD -+#define find_inlist_lock(h,n,p,e,m) find_inlist_lock_noload((h),(n),(e),(m)) -+#else -+static void * -+find_inlist_lock(struct list_head *head, const char *name, const char *prefix, -+ int *error, struct semaphore *mutex) -+{ -+ void *ret; -+ -+ ret = find_inlist_lock_noload(head, name, error, mutex); -+ if (!ret) { -+ char modulename[EBT_FUNCTION_MAXNAMELEN + strlen(prefix) + 1]; -+ strcpy(modulename, prefix); -+ strcat(modulename, name); -+ request_module(modulename); -+ ret = find_inlist_lock_noload(head, name, error, mutex); -+ } -+ return ret; -+} -+#endif -+ -+static inline struct ebt_table * -+find_table_lock(const char *name, int *error, struct semaphore *mutex) -+{ -+ return find_inlist_lock(&ebt_tables, name, "ebtable_", error, mutex); -+} -+ -+static inline struct ebt_match * -+find_match_lock(const char *name, int *error, struct semaphore *mutex) -+{ -+ return find_inlist_lock(&ebt_matches, name, "ebt_", error, mutex); -+} -+ -+static inline struct ebt_watcher * -+find_watcher_lock(const char *name, int *error, struct semaphore *mutex) -+{ -+ return find_inlist_lock(&ebt_watchers, name, "ebt_", error, mutex); -+} -+ -+static inline struct ebt_target * -+find_target_lock(const char *name, int *error, struct semaphore *mutex) -+{ -+ return find_inlist_lock(&ebt_targets, name, "ebt_", error, mutex); -+} -+ -+static inline int -+ebt_check_match(struct ebt_entry_match *m, struct ebt_entry *e, -+ const char *name, unsigned int hookmask, unsigned int *cnt) -+{ -+ struct ebt_match *match; -+ int ret; -+ -+ if (((char *)m) + m->match_size + sizeof(struct ebt_entry_match) > -+ ((char *)e) + e->watchers_offset) -+ return -EINVAL; -+ match = find_match_lock(m->u.name, &ret, &ebt_mutex); -+ if (!match) -+ return ret; -+ m->u.match = match; -+ if (match->me) -+ __MOD_INC_USE_COUNT(match->me); -+ up(&ebt_mutex); -+ if (match->check && -+ match->check(name, hookmask, e, m->data, m->match_size) != 0) { -+ BUGPRINT("match->check failed\n"); -+ if (match->me) -+ __MOD_DEC_USE_COUNT(match->me); -+ return -EINVAL; -+ } -+ (*cnt)++; -+ return 0; -+} -+ -+static inline int -+ebt_check_watcher(struct ebt_entry_watcher *w, struct ebt_entry *e, -+ const char *name, unsigned int hookmask, unsigned int *cnt) -+{ -+ struct ebt_watcher *watcher; -+ int ret; -+ -+ if (((char *)w) + w->watcher_size + sizeof(struct ebt_entry_watcher) > -+ ((char *)e) + e->target_offset) -+ return -EINVAL; -+ watcher = find_watcher_lock(w->u.name, &ret, &ebt_mutex); -+ if (!watcher) -+ return ret; -+ w->u.watcher = watcher; -+ if (watcher->me) -+ __MOD_INC_USE_COUNT(watcher->me); -+ up(&ebt_mutex); -+ if (watcher->check && -+ watcher->check(name, hookmask, e, w->data, w->watcher_size) != 0) { -+ BUGPRINT("watcher->check failed\n"); -+ if (watcher->me) -+ __MOD_DEC_USE_COUNT(watcher->me); -+ return -EINVAL; -+ } -+ (*cnt)++; -+ return 0; -+} -+ -+// this one is very careful, as it is the first function -+// to parse the userspace data -+static inline int -+ebt_check_entry_size_and_hooks(struct ebt_entry *e, -+ struct ebt_table_info *newinfo, char *base, char *limit, -+ struct ebt_entries **hook_entries, unsigned int *n, unsigned int *cnt, -+ unsigned int *totalcnt, unsigned int *udc_cnt, unsigned int valid_hooks) -+{ -+ int i; -+ -+ for (i = 0; i < NF_BR_NUMHOOKS; i++) { -+ if ((valid_hooks & (1 << i)) == 0) -+ continue; -+ if ( (char *)hook_entries[i] - base == -+ (char *)e - newinfo->entries) -+ break; -+ } -+ // beginning of a new chain -+ // if i == NF_BR_NUMHOOKS it must be a user defined chain -+ if (i != NF_BR_NUMHOOKS || !(e->bitmask & EBT_ENTRY_OR_ENTRIES)) { -+ if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) != 0) { -+ // we make userspace set this right, -+ // so there is no misunderstanding -+ BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set " -+ "in distinguisher\n"); -+ return -EINVAL; -+ } -+ // this checks if the previous chain has as many entries -+ // as it said it has -+ if (*n != *cnt) { -+ BUGPRINT("nentries does not equal the nr of entries " -+ "in the chain\n"); -+ return -EINVAL; -+ } -+ // before we look at the struct, be sure it is not too big -+ if ((char *)hook_entries[i] + sizeof(struct ebt_entries) -+ > limit) { -+ BUGPRINT("entries_size too small\n"); -+ return -EINVAL; -+ } -+ if (((struct ebt_entries *)e)->policy != EBT_DROP && -+ ((struct ebt_entries *)e)->policy != EBT_ACCEPT) { -+ // only RETURN from udc -+ if (i != NF_BR_NUMHOOKS || -+ ((struct ebt_entries *)e)->policy != EBT_RETURN) { -+ BUGPRINT("bad policy\n"); -+ return -EINVAL; -+ } -+ } -+ if (i == NF_BR_NUMHOOKS) // it's a user defined chain -+ (*udc_cnt)++; -+ else -+ newinfo->hook_entry[i] = (struct ebt_entries *)e; -+ if (((struct ebt_entries *)e)->counter_offset != *totalcnt) { -+ BUGPRINT("counter_offset != totalcnt"); -+ return -EINVAL; -+ } -+ *n = ((struct ebt_entries *)e)->nentries; -+ *cnt = 0; -+ return 0; -+ } -+ // a plain old entry, heh -+ if (sizeof(struct ebt_entry) > e->watchers_offset || -+ e->watchers_offset > e->target_offset || -+ e->target_offset >= e->next_offset) { -+ BUGPRINT("entry offsets not in right order\n"); -+ return -EINVAL; -+ } -+ // this is not checked anywhere else -+ if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) { -+ BUGPRINT("target size too small\n"); -+ return -EINVAL; -+ } -+ -+ (*cnt)++; -+ (*totalcnt)++; -+ return 0; -+} -+ -+struct ebt_cl_stack -+{ -+ struct ebt_chainstack cs; -+ int from; -+ unsigned int hookmask; -+}; -+ -+// we need these positions to check that the jumps to a different part of the -+// entries is a jump to the beginning of a new chain. -+static inline int -+ebt_get_udc_positions(struct ebt_entry *e, struct ebt_table_info *newinfo, -+ struct ebt_entries **hook_entries, unsigned int *n, unsigned int valid_hooks, -+ struct ebt_cl_stack *udc) -+{ -+ int i; -+ -+ // we're only interested in chain starts -+ if (e->bitmask & EBT_ENTRY_OR_ENTRIES) -+ return 0; -+ for (i = 0; i < NF_BR_NUMHOOKS; i++) { -+ if ((valid_hooks & (1 << i)) == 0) -+ continue; -+ if (newinfo->hook_entry[i] == (struct ebt_entries *)e) -+ break; -+ } -+ // only care about udc -+ if (i != NF_BR_NUMHOOKS) -+ return 0; -+ -+ udc[*n].cs.chaininfo = (struct ebt_entries *)e; -+ // these initialisations are depended on later in check_chainloops() -+ udc[*n].cs.n = 0; -+ udc[*n].hookmask = 0; -+ -+ (*n)++; -+ return 0; -+} -+ -+static inline int -+ebt_cleanup_match(struct ebt_entry_match *m, unsigned int *i) -+{ -+ if (i && (*i)-- == 0) -+ return 1; -+ if (m->u.match->destroy) -+ m->u.match->destroy(m->data, m->match_size); -+ if (m->u.match->me) -+ __MOD_DEC_USE_COUNT(m->u.match->me); -+ -+ return 0; -+} -+ -+static inline int -+ebt_cleanup_watcher(struct ebt_entry_watcher *w, unsigned int *i) -+{ -+ if (i && (*i)-- == 0) -+ return 1; -+ if (w->u.watcher->destroy) -+ w->u.watcher->destroy(w->data, w->watcher_size); -+ if (w->u.watcher->me) -+ __MOD_DEC_USE_COUNT(w->u.watcher->me); -+ -+ return 0; -+} -+ -+static inline int -+ebt_cleanup_entry(struct ebt_entry *e, unsigned int *cnt) -+{ -+ struct ebt_entry_target *t; -+ -+ if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) -+ return 0; -+ // we're done -+ if (cnt && (*cnt)-- == 0) -+ return 1; -+ EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, NULL); -+ EBT_MATCH_ITERATE(e, ebt_cleanup_match, NULL); -+ t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); -+ if (t->u.target->destroy) -+ t->u.target->destroy(t->data, t->target_size); -+ if (t->u.target->me) -+ __MOD_DEC_USE_COUNT(t->u.target->me); -+ -+ return 0; -+} -+ -+static inline int -+ebt_check_entry(struct ebt_entry *e, struct ebt_table_info *newinfo, -+ const char *name, unsigned int *cnt, unsigned int valid_hooks, -+ struct ebt_cl_stack *cl_s, unsigned int udc_cnt) -+{ -+ struct ebt_entry_target *t; -+ struct ebt_target *target; -+ unsigned int i, j, hook = 0, hookmask = 0; -+ int ret; -+ -+ // Don't mess with the struct ebt_entries -+ if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) -+ return 0; -+ -+ if (e->bitmask & ~EBT_F_MASK) { -+ BUGPRINT("Unknown flag for bitmask\n"); -+ return -EINVAL; -+ } -+ if (e->invflags & ~EBT_INV_MASK) { -+ BUGPRINT("Unknown flag for inv bitmask\n"); -+ return -EINVAL; -+ } -+ if ( (e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3) ) { -+ BUGPRINT("NOPROTO & 802_3 not allowed\n"); -+ return -EINVAL; -+ } -+ // what hook do we belong to? -+ for (i = 0; i < NF_BR_NUMHOOKS; i++) { -+ if ((valid_hooks & (1 << i)) == 0) -+ continue; -+ if ((char *)newinfo->hook_entry[i] < (char *)e) -+ hook = i; -+ else -+ break; -+ } -+ // (1 << NF_BR_NUMHOOKS) tells the check functions the rule is on -+ // a base chain -+ if (i < NF_BR_NUMHOOKS) -+ hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); -+ else { -+ for (i = 0; i < udc_cnt; i++) -+ if ((char *)(cl_s[i].cs.chaininfo) > (char *)e) -+ break; -+ if (i == 0) -+ hookmask = (1 << hook) | (1 << NF_BR_NUMHOOKS); -+ else -+ hookmask = cl_s[i - 1].hookmask; -+ } -+ i = 0; -+ ret = EBT_MATCH_ITERATE(e, ebt_check_match, e, name, hookmask, &i); -+ if (ret != 0) -+ goto cleanup_matches; -+ j = 0; -+ ret = EBT_WATCHER_ITERATE(e, ebt_check_watcher, e, name, hookmask, &j); -+ if (ret != 0) -+ goto cleanup_watchers; -+ t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); -+ target = find_target_lock(t->u.name, &ret, &ebt_mutex); -+ if (!target) -+ goto cleanup_watchers; -+ if (target->me) -+ __MOD_INC_USE_COUNT(target->me); -+ up(&ebt_mutex); -+ -+ t->u.target = target; -+ if (t->u.target == &ebt_standard_target) { -+ if (e->target_offset + sizeof(struct ebt_standard_target) > -+ e->next_offset) { -+ BUGPRINT("Standard target size too big\n"); -+ ret = -EFAULT; -+ goto cleanup_watchers; -+ } -+ if (((struct ebt_standard_target *)t)->verdict < -+ -NUM_STANDARD_TARGETS) { -+ BUGPRINT("Invalid standard target\n"); -+ ret = -EFAULT; -+ goto cleanup_watchers; -+ } -+ } else if ((e->target_offset + t->target_size + -+ sizeof(struct ebt_entry_target) > e->next_offset) || -+ (t->u.target->check && -+ t->u.target->check(name, hookmask, e, t->data, t->target_size) != 0)){ -+ if (t->u.target->me) -+ __MOD_DEC_USE_COUNT(t->u.target->me); -+ ret = -EFAULT; -+ goto cleanup_watchers; -+ } -+ (*cnt)++; -+ return 0; -+cleanup_watchers: -+ EBT_WATCHER_ITERATE(e, ebt_cleanup_watcher, &j); -+cleanup_matches: -+ EBT_MATCH_ITERATE(e, ebt_cleanup_match, &i); -+ return ret; -+} -+ -+// checks for loops and sets the hook mask for udc -+// the hook mask for udc tells us from which base chains the udc can be -+// accessed. This mask is a parameter to the check() functions of the extensions -+static int check_chainloops(struct ebt_entries *chain, -+ struct ebt_cl_stack *cl_s, unsigned int udc_cnt, -+ unsigned int hooknr, char *base) -+{ -+ int i, chain_nr = -1, pos = 0, nentries = chain->nentries, verdict; -+ struct ebt_entry *e = (struct ebt_entry *)chain->data; -+ struct ebt_entry_target *t; -+ -+ while (pos < nentries || chain_nr != -1) { -+ // end of udc, go back one 'recursion' step -+ if (pos == nentries) { -+ // put back values of the time when this chain was called -+ e = cl_s[chain_nr].cs.e; -+ if (cl_s[chain_nr].from != -1) -+ nentries = -+ cl_s[cl_s[chain_nr].from].cs.chaininfo->nentries; -+ else -+ nentries = chain->nentries; -+ pos = cl_s[chain_nr].cs.n; -+ // make sure we won't see a loop that isn't one -+ cl_s[chain_nr].cs.n = 0; -+ chain_nr = cl_s[chain_nr].from; -+ if (pos == nentries) -+ continue; -+ } -+ t = (struct ebt_entry_target *) -+ (((char *)e) + e->target_offset); -+ if (strcmp(t->u.name, EBT_STANDARD_TARGET)) -+ goto letscontinue; -+ if (e->target_offset + sizeof(struct ebt_standard_target) > -+ e->next_offset) { -+ BUGPRINT("Standard target size too big\n"); -+ return -1; -+ } -+ verdict = ((struct ebt_standard_target *)t)->verdict; -+ if (verdict >= 0) { // jump to another chain -+ struct ebt_entries *hlp2 = -+ (struct ebt_entries *)(base + verdict); -+ for (i = 0; i < udc_cnt; i++) -+ if (hlp2 == cl_s[i].cs.chaininfo) -+ break; -+ // bad destination or loop -+ if (i == udc_cnt) { -+ BUGPRINT("bad destination\n"); -+ return -1; -+ } -+ if (cl_s[i].cs.n) { -+ BUGPRINT("loop\n"); -+ return -1; -+ } -+ // this can't be 0, so the above test is correct -+ cl_s[i].cs.n = pos + 1; -+ pos = 0; -+ cl_s[i].cs.e = ((void *)e + e->next_offset); -+ e = (struct ebt_entry *)(hlp2->data); -+ nentries = hlp2->nentries; -+ cl_s[i].from = chain_nr; -+ chain_nr = i; -+ // this udc is accessible from the base chain for hooknr -+ cl_s[i].hookmask |= (1 << hooknr); -+ continue; -+ } -+letscontinue: -+ e = (void *)e + e->next_offset; -+ pos++; -+ } -+ return 0; -+} -+ -+// do the parsing of the table/chains/entries/matches/watchers/targets, heh -+static int translate_table(struct ebt_replace *repl, -+ struct ebt_table_info *newinfo) -+{ -+ unsigned int i, j, k, udc_cnt; -+ int ret; -+ struct ebt_cl_stack *cl_s = NULL; // used in the checking for chain loops -+ -+ i = 0; -+ while (i < NF_BR_NUMHOOKS && !(repl->valid_hooks & (1 << i))) -+ i++; -+ if (i == NF_BR_NUMHOOKS) { -+ BUGPRINT("No valid hooks specified\n"); -+ return -EINVAL; -+ } -+ if (repl->hook_entry[i] != (struct ebt_entries *)repl->entries) { -+ BUGPRINT("Chains don't start at beginning\n"); -+ return -EINVAL; -+ } -+ // make sure chains are ordered after each other in same order -+ // as their corresponding hooks -+ for (j = i + 1; j < NF_BR_NUMHOOKS; j++) { -+ if (!(repl->valid_hooks & (1 << j))) -+ continue; -+ if ( repl->hook_entry[j] <= repl->hook_entry[i] ) { -+ BUGPRINT("Hook order must be followed\n"); -+ return -EINVAL; -+ } -+ i = j; -+ } -+ -+ for (i = 0; i < NF_BR_NUMHOOKS; i++) -+ newinfo->hook_entry[i] = NULL; -+ -+ newinfo->entries_size = repl->entries_size; -+ newinfo->nentries = repl->nentries; -+ -+ // do some early checkings and initialize some things -+ i = 0; // holds the expected nr. of entries for the chain -+ j = 0; // holds the up to now counted entries for the chain -+ k = 0; // holds the total nr. of entries, should equal -+ // newinfo->nentries afterwards -+ udc_cnt = 0; // will hold the nr. of user defined chains (udc) -+ ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, -+ ebt_check_entry_size_and_hooks, newinfo, repl->entries, -+ repl->entries + repl->entries_size, repl->hook_entry, &i, &j, &k, -+ &udc_cnt, repl->valid_hooks); -+ -+ if (ret != 0) -+ return ret; -+ -+ if (i != j) { -+ BUGPRINT("nentries does not equal the nr of entries in the " -+ "(last) chain\n"); -+ return -EINVAL; -+ } -+ if (k != newinfo->nentries) { -+ BUGPRINT("Total nentries is wrong\n"); -+ return -EINVAL; -+ } -+ -+ // check if all valid hooks have a chain -+ for (i = 0; i < NF_BR_NUMHOOKS; i++) { -+ if (newinfo->hook_entry[i] == NULL && -+ (repl->valid_hooks & (1 << i))) { -+ BUGPRINT("Valid hook without chain\n"); -+ return -EINVAL; -+ } -+ } -+ -+ // Get the location of the udc, put them in an array -+ // While we're at it, allocate the chainstack -+ if (udc_cnt) { -+ // this will get free'd in do_replace()/ebt_register_table() -+ // if an error occurs -+ newinfo->chainstack = (struct ebt_chainstack **) -+ vmalloc(smp_num_cpus * sizeof(struct ebt_chainstack)); -+ if (!newinfo->chainstack) -+ return -ENOMEM; -+ for (i = 0; i < smp_num_cpus; i++) { -+ newinfo->chainstack[i] = -+ vmalloc(udc_cnt * sizeof(struct ebt_chainstack)); -+ if (!newinfo->chainstack[i]) { -+ while (i) -+ vfree(newinfo->chainstack[--i]); -+ vfree(newinfo->chainstack); -+ newinfo->chainstack = NULL; -+ return -ENOMEM; -+ } -+ } -+ -+ cl_s = (struct ebt_cl_stack *) -+ vmalloc(udc_cnt * sizeof(struct ebt_cl_stack)); -+ if (!cl_s) -+ return -ENOMEM; -+ i = 0; // the i'th udc -+ EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, -+ ebt_get_udc_positions, newinfo, repl->hook_entry, &i, -+ repl->valid_hooks, cl_s); -+ // sanity check -+ if (i != udc_cnt) { -+ BUGPRINT("i != udc_cnt\n"); -+ vfree(cl_s); -+ return -EFAULT; -+ } -+ } -+ -+ // Check for loops -+ for (i = 0; i < NF_BR_NUMHOOKS; i++) -+ if (repl->valid_hooks & (1 << i)) -+ if (check_chainloops(newinfo->hook_entry[i], -+ cl_s, udc_cnt, i, newinfo->entries)) { -+ if (cl_s) -+ vfree(cl_s); -+ return -EINVAL; -+ } -+ -+ // we now know the following (along with E=mc²): -+ // - the nr of entries in each chain is right -+ // - the size of the allocated space is right -+ // - all valid hooks have a corresponding chain -+ // - there are no loops -+ // - wrong data can still be on the level of a single entry -+ // - could be there are jumps to places that are not the -+ // beginning of a chain. This can only occur in chains that -+ // are not accessible from any base chains, so we don't care. -+ -+ // used to know what we need to clean up if something goes wrong -+ i = 0; -+ ret = EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, -+ ebt_check_entry, newinfo, repl->name, &i, repl->valid_hooks, -+ cl_s, udc_cnt); -+ if (ret != 0) { -+ EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, -+ ebt_cleanup_entry, &i); -+ } -+ if (cl_s) -+ vfree(cl_s); -+ return ret; -+} -+ -+// called under write_lock -+static void get_counters(struct ebt_counter *oldcounters, -+ struct ebt_counter *counters, unsigned int nentries) -+{ -+ int i, cpu; -+ struct ebt_counter *counter_base; -+ -+ // counters of cpu 0 -+ memcpy(counters, oldcounters, -+ sizeof(struct ebt_counter) * nentries); -+ // add other counters to those of cpu 0 -+ for (cpu = 1; cpu < smp_num_cpus; cpu++) { -+ counter_base = COUNTER_BASE(oldcounters, nentries, cpu); -+ for (i = 0; i < nentries; i++) { -+ counters[i].pcnt += counter_base[i].pcnt; -+ counters[i].bcnt += counter_base[i].bcnt; -+ } -+ } -+} -+ -+// replace the table -+static int do_replace(void *user, unsigned int len) -+{ -+ int ret, i, countersize; -+ struct ebt_table_info *newinfo; -+ struct ebt_replace tmp; -+ struct ebt_table *t; -+ struct ebt_counter *counterstmp = NULL; -+ // used to be able to unlock earlier -+ struct ebt_table_info *table; -+ -+ if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) -+ return -EFAULT; -+ -+ if (len != sizeof(tmp) + tmp.entries_size) { -+ BUGPRINT("Wrong len argument\n"); -+ return -EINVAL; -+ } -+ -+ if (tmp.entries_size == 0) { -+ BUGPRINT("Entries_size never zero\n"); -+ return -EINVAL; -+ } -+ countersize = COUNTER_OFFSET(tmp.nentries) * smp_num_cpus; -+ newinfo = (struct ebt_table_info *) -+ vmalloc(sizeof(struct ebt_table_info) + countersize); -+ if (!newinfo) -+ return -ENOMEM; -+ -+ if (countersize) -+ memset(newinfo->counters, 0, countersize); -+ -+ newinfo->entries = (char *)vmalloc(tmp.entries_size); -+ if (!newinfo->entries) { -+ ret = -ENOMEM; -+ goto free_newinfo; -+ } -+ if (copy_from_user( -+ newinfo->entries, tmp.entries, tmp.entries_size) != 0) { -+ BUGPRINT("Couldn't copy entries from userspace\n"); -+ ret = -EFAULT; -+ goto free_entries; -+ } -+ -+ // the user wants counters back -+ // the check on the size is done later, when we have the lock -+ if (tmp.num_counters) { -+ counterstmp = (struct ebt_counter *) -+ vmalloc(tmp.num_counters * sizeof(struct ebt_counter)); -+ if (!counterstmp) { -+ ret = -ENOMEM; -+ goto free_entries; -+ } -+ } -+ else -+ counterstmp = NULL; -+ -+ // this can get initialized by translate_table() -+ newinfo->chainstack = NULL; -+ ret = translate_table(&tmp, newinfo); -+ -+ if (ret != 0) -+ goto free_counterstmp; -+ -+ t = find_table_lock(tmp.name, &ret, &ebt_mutex); -+ if (!t) -+ goto free_iterate; -+ -+ // the table doesn't like it -+ if (t->check && (ret = t->check(newinfo, tmp.valid_hooks))) -+ goto free_unlock; -+ -+ if (tmp.num_counters && tmp.num_counters != t->private->nentries) { -+ BUGPRINT("Wrong nr. of counters requested\n"); -+ ret = -EINVAL; -+ goto free_unlock; -+ } -+ -+ // we have the mutex lock, so no danger in reading this pointer -+ table = t->private; -+ // we need an atomic snapshot of the counters -+ write_lock_bh(&t->lock); -+ if (tmp.num_counters) -+ get_counters(t->private->counters, counterstmp, -+ t->private->nentries); -+ -+ t->private = newinfo; -+ write_unlock_bh(&t->lock); -+ up(&ebt_mutex); -+ // So, a user can change the chains while having messed up her counter -+ // allocation. Only reason why this is done is because this way the lock -+ // is held only once, while this doesn't bring the kernel into a -+ // dangerous state. -+ if (tmp.num_counters && -+ copy_to_user(tmp.counters, counterstmp, -+ tmp.num_counters * sizeof(struct ebt_counter))) { -+ BUGPRINT("Couldn't copy counters to userspace\n"); -+ ret = -EFAULT; -+ } -+ else -+ ret = 0; -+ -+ // decrease module count and free resources -+ EBT_ENTRY_ITERATE(table->entries, table->entries_size, -+ ebt_cleanup_entry, NULL); -+ -+ vfree(table->entries); -+ if (table->chainstack) { -+ for (i = 0; i < smp_num_cpus; i++) -+ vfree(table->chainstack[i]); -+ vfree(table->chainstack); -+ } -+ vfree(table); -+ -+ if (counterstmp) -+ vfree(counterstmp); -+ return ret; -+ -+free_unlock: -+ up(&ebt_mutex); -+free_iterate: -+ EBT_ENTRY_ITERATE(newinfo->entries, newinfo->entries_size, -+ ebt_cleanup_entry, NULL); -+free_counterstmp: -+ if (counterstmp) -+ vfree(counterstmp); -+ // can be initialized in translate_table() -+ if (newinfo->chainstack) { -+ for (i = 0; i < smp_num_cpus; i++) -+ vfree(newinfo->chainstack[i]); -+ vfree(newinfo->chainstack); -+ } -+free_entries: -+ if (newinfo->entries) -+ vfree(newinfo->entries); -+free_newinfo: -+ if (newinfo) -+ vfree(newinfo); -+ return ret; -+} -+ -+int ebt_register_target(struct ebt_target *target) -+{ -+ int ret; -+ -+ ret = down_interruptible(&ebt_mutex); -+ if (ret != 0) -+ return ret; -+ if (!list_named_insert(&ebt_targets, target)) { -+ up(&ebt_mutex); -+ return -EEXIST; -+ } -+ up(&ebt_mutex); -+ MOD_INC_USE_COUNT; -+ -+ return 0; -+} -+ -+void ebt_unregister_target(struct ebt_target *target) -+{ -+ down(&ebt_mutex); -+ LIST_DELETE(&ebt_targets, target); -+ up(&ebt_mutex); -+ MOD_DEC_USE_COUNT; -+} -+ -+int ebt_register_match(struct ebt_match *match) -+{ -+ int ret; -+ -+ ret = down_interruptible(&ebt_mutex); -+ if (ret != 0) -+ return ret; -+ if (!list_named_insert(&ebt_matches, match)) { -+ up(&ebt_mutex); -+ return -EEXIST; -+ } -+ up(&ebt_mutex); -+ MOD_INC_USE_COUNT; -+ -+ return 0; -+} -+ -+void ebt_unregister_match(struct ebt_match *match) -+{ -+ down(&ebt_mutex); -+ LIST_DELETE(&ebt_matches, match); -+ up(&ebt_mutex); -+ MOD_DEC_USE_COUNT; -+} -+ -+int ebt_register_watcher(struct ebt_watcher *watcher) -+{ -+ int ret; -+ -+ ret = down_interruptible(&ebt_mutex); -+ if (ret != 0) -+ return ret; -+ if (!list_named_insert(&ebt_watchers, watcher)) { -+ up(&ebt_mutex); -+ return -EEXIST; -+ } -+ up(&ebt_mutex); -+ MOD_INC_USE_COUNT; -+ -+ return 0; -+} -+ -+void ebt_unregister_watcher(struct ebt_watcher *watcher) -+{ -+ down(&ebt_mutex); -+ LIST_DELETE(&ebt_watchers, watcher); -+ up(&ebt_mutex); -+ MOD_DEC_USE_COUNT; -+} -+ -+int ebt_register_table(struct ebt_table *table) -+{ -+ struct ebt_table_info *newinfo; -+ int ret, i, countersize; -+ -+ if (!table || !table->table ||!table->table->entries || -+ table->table->entries_size == 0 || -+ table->table->counters || table->private) { -+ BUGPRINT("Bad table data for ebt_register_table!!!\n"); -+ return -EINVAL; -+ } -+ -+ countersize = COUNTER_OFFSET(table->table->nentries) * smp_num_cpus; -+ newinfo = (struct ebt_table_info *) -+ vmalloc(sizeof(struct ebt_table_info) + countersize); -+ ret = -ENOMEM; -+ if (!newinfo) -+ return -ENOMEM; -+ -+ newinfo->entries = (char *)vmalloc(table->table->entries_size); -+ if (!(newinfo->entries)) -+ goto free_newinfo; -+ -+ memcpy(newinfo->entries, table->table->entries, -+ table->table->entries_size); -+ -+ if (countersize) -+ memset(newinfo->counters, 0, countersize); -+ -+ // fill in newinfo and parse the entries -+ newinfo->chainstack = NULL; -+ ret = translate_table(table->table, newinfo); -+ if (ret != 0) { -+ BUGPRINT("Translate_table failed\n"); -+ goto free_chainstack; -+ } -+ -+ if (table->check && table->check(newinfo, table->valid_hooks)) { -+ BUGPRINT("The table doesn't like its own initial data, lol\n"); -+ return -EINVAL; -+ } -+ -+ table->private = newinfo; -+ table->lock = RW_LOCK_UNLOCKED; -+ ret = down_interruptible(&ebt_mutex); -+ if (ret != 0) -+ goto free_chainstack; -+ -+ if (list_named_find(&ebt_tables, table->name)) { -+ ret = -EEXIST; -+ BUGPRINT("Table name already exists\n"); -+ goto free_unlock; -+ } -+ -+ list_prepend(&ebt_tables, table); -+ up(&ebt_mutex); -+ MOD_INC_USE_COUNT; -+ return 0; -+free_unlock: -+ up(&ebt_mutex); -+free_chainstack: -+ if (newinfo->chainstack) { -+ for (i = 0; i < smp_num_cpus; i++) -+ vfree(newinfo->chainstack[i]); -+ vfree(newinfo->chainstack); -+ } -+ vfree(newinfo->entries); -+free_newinfo: -+ vfree(newinfo); -+ return ret; -+} -+ -+void ebt_unregister_table(struct ebt_table *table) -+{ -+ int i; -+ -+ if (!table) { -+ BUGPRINT("Request to unregister NULL table!!!\n"); -+ return; -+ } -+ down(&ebt_mutex); -+ LIST_DELETE(&ebt_tables, table); -+ up(&ebt_mutex); -+ EBT_ENTRY_ITERATE(table->private->entries, -+ table->private->entries_size, ebt_cleanup_entry, NULL); -+ if (table->private->entries) -+ vfree(table->private->entries); -+ if (table->private->chainstack) { -+ for (i = 0; i < smp_num_cpus; i++) -+ vfree(table->private->chainstack[i]); -+ vfree(table->private->chainstack); -+ } -+ vfree(table->private); -+ MOD_DEC_USE_COUNT; -+} -+ -+// userspace just supplied us with counters -+static int update_counters(void *user, unsigned int len) -+{ -+ int i, ret; -+ struct ebt_counter *tmp; -+ struct ebt_replace hlp; -+ struct ebt_table *t; -+ -+ if (copy_from_user(&hlp, user, sizeof(hlp))) -+ return -EFAULT; -+ -+ if (len != sizeof(hlp) + hlp.num_counters * sizeof(struct ebt_counter)) -+ return -EINVAL; -+ if (hlp.num_counters == 0) -+ return -EINVAL; -+ -+ if ( !(tmp = (struct ebt_counter *) -+ vmalloc(hlp.num_counters * sizeof(struct ebt_counter))) ){ -+ MEMPRINT("Update_counters && nomemory\n"); -+ return -ENOMEM; -+ } -+ -+ t = find_table_lock(hlp.name, &ret, &ebt_mutex); -+ if (!t) -+ goto free_tmp; -+ -+ if (hlp.num_counters != t->private->nentries) { -+ BUGPRINT("Wrong nr of counters\n"); -+ ret = -EINVAL; -+ goto unlock_mutex; -+ } -+ -+ if ( copy_from_user(tmp, hlp.counters, -+ hlp.num_counters * sizeof(struct ebt_counter)) ) { -+ BUGPRINT("Updata_counters && !cfu\n"); -+ ret = -EFAULT; -+ goto unlock_mutex; -+ } -+ -+ // we want an atomic add of the counters -+ write_lock_bh(&t->lock); -+ -+ // we add to the counters of the first cpu -+ for (i = 0; i < hlp.num_counters; i++) { -+ t->private->counters[i].pcnt += tmp[i].pcnt; -+ t->private->counters[i].bcnt += tmp[i].bcnt; -+ } -+ -+ write_unlock_bh(&t->lock); -+ ret = 0; -+unlock_mutex: -+ up(&ebt_mutex); -+free_tmp: -+ vfree(tmp); -+ return ret; -+} -+ -+static inline int ebt_make_matchname(struct ebt_entry_match *m, -+ char *base, char *ubase) -+{ -+ char *hlp = ubase - base + (char *)m; -+ if (copy_to_user(hlp, m->u.match->name, EBT_FUNCTION_MAXNAMELEN)) -+ return -EFAULT; -+ return 0; -+} -+ -+static inline int ebt_make_watchername(struct ebt_entry_watcher *w, -+ char *base, char *ubase) -+{ -+ char *hlp = ubase - base + (char *)w; -+ if (copy_to_user(hlp , w->u.watcher->name, EBT_FUNCTION_MAXNAMELEN)) -+ return -EFAULT; -+ return 0; -+} -+ -+static inline int ebt_make_names(struct ebt_entry *e, char *base, char *ubase) -+{ -+ int ret; -+ char *hlp; -+ struct ebt_entry_target *t; -+ -+ if ((e->bitmask & EBT_ENTRY_OR_ENTRIES) == 0) -+ return 0; -+ -+ hlp = ubase - base + (char *)e + e->target_offset; -+ t = (struct ebt_entry_target *)(((char *)e) + e->target_offset); -+ -+ ret = EBT_MATCH_ITERATE(e, ebt_make_matchname, base, ubase); -+ if (ret != 0) -+ return ret; -+ ret = EBT_WATCHER_ITERATE(e, ebt_make_watchername, base, ubase); -+ if (ret != 0) -+ return ret; -+ if (copy_to_user(hlp, t->u.target->name, EBT_FUNCTION_MAXNAMELEN)) -+ return -EFAULT; -+ return 0; -+} -+ -+// called with ebt_mutex down -+static int copy_everything_to_user(struct ebt_table *t, void *user, -+ int *len, int cmd) -+{ -+ struct ebt_replace tmp; -+ struct ebt_counter *counterstmp, *oldcounters; -+ unsigned int entries_size, nentries; -+ char *entries; -+ -+ if (cmd == EBT_SO_GET_ENTRIES) { -+ entries_size = t->private->entries_size; -+ nentries = t->private->nentries; -+ entries = t->private->entries; -+ oldcounters = t->private->counters; -+ } else { -+ entries_size = t->table->entries_size; -+ nentries = t->table->nentries; -+ entries = t->table->entries; -+ oldcounters = t->table->counters; -+ } -+ -+ if (copy_from_user(&tmp, user, sizeof(tmp))) { -+ BUGPRINT("Cfu didn't work\n"); -+ return -EFAULT; -+ } -+ -+ if (*len != sizeof(struct ebt_replace) + entries_size + -+ (tmp.num_counters? nentries * sizeof(struct ebt_counter): 0)) { -+ BUGPRINT("Wrong size\n"); -+ return -EINVAL; -+ } -+ -+ if (tmp.nentries != nentries) { -+ BUGPRINT("Nentries wrong\n"); -+ return -EINVAL; -+ } -+ -+ if (tmp.entries_size != entries_size) { -+ BUGPRINT("Wrong size\n"); -+ return -EINVAL; -+ } -+ -+ // userspace might not need the counters -+ if (tmp.num_counters) { -+ if (tmp.num_counters != nentries) { -+ BUGPRINT("Num_counters wrong\n"); -+ return -EINVAL; -+ } -+ counterstmp = (struct ebt_counter *) -+ vmalloc(nentries * sizeof(struct ebt_counter)); -+ if (!counterstmp) { -+ MEMPRINT("Couldn't copy counters, out of memory\n"); -+ return -ENOMEM; -+ } -+ write_lock_bh(&t->lock); -+ get_counters(oldcounters, counterstmp, nentries); -+ write_unlock_bh(&t->lock); -+ -+ if (copy_to_user(tmp.counters, counterstmp, -+ nentries * sizeof(struct ebt_counter))) { -+ BUGPRINT("Couldn't copy counters to userspace\n"); -+ vfree(counterstmp); -+ return -EFAULT; -+ } -+ vfree(counterstmp); -+ } -+ -+ if (copy_to_user(tmp.entries, entries, entries_size)) { -+ BUGPRINT("Couldn't copy entries to userspace\n"); -+ return -EFAULT; -+ } -+ // set the match/watcher/target names right -+ return EBT_ENTRY_ITERATE(entries, entries_size, -+ ebt_make_names, entries, tmp.entries); -+} -+ -+static int do_ebt_set_ctl(struct sock *sk, -+ int cmd, void *user, unsigned int len) -+{ -+ int ret; -+ -+ switch(cmd) { -+ case EBT_SO_SET_ENTRIES: -+ ret = do_replace(user, len); -+ break; -+ case EBT_SO_SET_COUNTERS: -+ ret = update_counters(user, len); -+ break; -+ default: -+ ret = -EINVAL; -+ } -+ return ret; -+} -+ -+static int do_ebt_get_ctl(struct sock *sk, int cmd, void *user, int *len) -+{ -+ int ret; -+ struct ebt_replace tmp; -+ struct ebt_table *t; -+ -+ if (copy_from_user(&tmp, user, sizeof(tmp))) -+ return -EFAULT; -+ -+ t = find_table_lock(tmp.name, &ret, &ebt_mutex); -+ if (!t) -+ return ret; -+ -+ switch(cmd) { -+ case EBT_SO_GET_INFO: -+ case EBT_SO_GET_INIT_INFO: -+ if (*len != sizeof(struct ebt_replace)){ -+ ret = -EINVAL; -+ up(&ebt_mutex); -+ break; -+ } -+ if (cmd == EBT_SO_GET_INFO) { -+ tmp.nentries = t->private->nentries; -+ tmp.entries_size = t->private->entries_size; -+ tmp.valid_hooks = t->valid_hooks; -+ } else { -+ tmp.nentries = t->table->nentries; -+ tmp.entries_size = t->table->entries_size; -+ tmp.valid_hooks = t->table->valid_hooks; -+ } -+ up(&ebt_mutex); -+ if (copy_to_user(user, &tmp, *len) != 0){ -+ BUGPRINT("c2u Didn't work\n"); -+ ret = -EFAULT; -+ break; -+ } -+ ret = 0; -+ break; -+ -+ case EBT_SO_GET_ENTRIES: -+ case EBT_SO_GET_INIT_ENTRIES: -+ ret = copy_everything_to_user(t, user, len, cmd); -+ up(&ebt_mutex); -+ break; -+ -+ default: -+ up(&ebt_mutex); -+ ret = -EINVAL; -+ } -+ -+ return ret; -+} -+ -+static struct nf_sockopt_ops ebt_sockopts = -+{ { NULL, NULL }, PF_INET, EBT_BASE_CTL, EBT_SO_SET_MAX + 1, do_ebt_set_ctl, -+ EBT_BASE_CTL, EBT_SO_GET_MAX + 1, do_ebt_get_ctl, 0, NULL -+}; -+ -+static int __init init(void) -+{ -+ int ret; -+ -+ down(&ebt_mutex); -+ list_named_insert(&ebt_targets, &ebt_standard_target); -+ up(&ebt_mutex); -+ if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0) -+ return ret; -+ -+ printk(KERN_NOTICE "Ebtables v2.0 registered\n"); -+ return 0; -+} -+ -+static void __exit fini(void) -+{ -+ nf_unregister_sockopt(&ebt_sockopts); -+ printk(KERN_NOTICE "Ebtables v2.0 unregistered\n"); -+} -+ -+EXPORT_SYMBOL(ebt_register_table); -+EXPORT_SYMBOL(ebt_unregister_table); -+EXPORT_SYMBOL(ebt_register_match); -+EXPORT_SYMBOL(ebt_unregister_match); -+EXPORT_SYMBOL(ebt_register_watcher); -+EXPORT_SYMBOL(ebt_unregister_watcher); -+EXPORT_SYMBOL(ebt_register_target); -+EXPORT_SYMBOL(ebt_unregister_target); -+EXPORT_SYMBOL(ebt_do_table); -+module_init(init); -+module_exit(fini); -+MODULE_LICENSE("GPL"); ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter_bridge/ebtables.h Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,361 @@ -+/* -+ * ebtables -+ * -+ * Authors: -+ * Bart De Schuymer <bart.de.schuymer@pandora.be> -+ * -+ * ebtables.c,v 2.0, September, 2002 -+ * -+ * This code is stongly inspired on the iptables code which is -+ * Copyright (C) 1999 Paul `Rusty' Russell & Michael J. Neuling -+ */ -+ -+#ifndef __LINUX_BRIDGE_EFF_H -+#define __LINUX_BRIDGE_EFF_H -+#include <linux/if.h> -+#include <linux/netfilter_bridge.h> -+#include <linux/if_ether.h> -+ -+#define EBT_TABLE_MAXNAMELEN 32 -+#define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN -+#define EBT_FUNCTION_MAXNAMELEN EBT_TABLE_MAXNAMELEN -+ -+// verdicts >0 are "branches" -+#define EBT_ACCEPT -1 -+#define EBT_DROP -2 -+#define EBT_CONTINUE -3 -+#define EBT_RETURN -4 -+#define NUM_STANDARD_TARGETS 4 -+ -+struct ebt_replace -+{ -+ char name[EBT_TABLE_MAXNAMELEN]; -+ unsigned int valid_hooks; -+ // nr of rules in the table -+ unsigned int nentries; -+ // total size of the entries -+ unsigned int entries_size; -+ // start of the chains -+ struct ebt_entries *hook_entry[NF_BR_NUMHOOKS]; -+ // nr of counters userspace expects back -+ unsigned int num_counters; -+ // where the kernel will put the old counters -+ struct ebt_counter *counters; -+ char *entries; -+}; -+ -+struct ebt_counter -+{ -+ uint64_t pcnt; -+ uint64_t bcnt; -+}; -+ -+struct ebt_entries { -+ // this field is always set to zero -+ // See EBT_ENTRY_OR_ENTRIES. -+ // Must be same size as ebt_entry.bitmask -+ unsigned int distinguisher; -+ // the chain name -+ char name[EBT_CHAIN_MAXNAMELEN]; -+ // counter offset for this chain -+ unsigned int counter_offset; -+ // one standard (accept, drop, return) per hook -+ int policy; -+ // nr. of entries -+ unsigned int nentries; -+ // entry list -+ char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); -+}; -+ -+// used for the bitmask of struct ebt_entry -+ -+// This is a hack to make a difference between an ebt_entry struct and an -+// ebt_entries struct when traversing the entries from start to end. -+// Using this simplifies the code alot, while still being able to use -+// ebt_entries. -+// Contrary, iptables doesn't use something like ebt_entries and therefore uses -+// different techniques for naming the policy and such. So, iptables doesn't -+// need a hack like this. -+#define EBT_ENTRY_OR_ENTRIES 0x01 -+// these are the normal masks -+#define EBT_NOPROTO 0x02 -+#define EBT_802_3 0x04 -+#define EBT_SOURCEMAC 0x08 -+#define EBT_DESTMAC 0x10 -+#define EBT_F_MASK (EBT_NOPROTO | EBT_802_3 | EBT_SOURCEMAC | EBT_DESTMAC \ -+ | EBT_ENTRY_OR_ENTRIES) -+ -+#define EBT_IPROTO 0x01 -+#define EBT_IIN 0x02 -+#define EBT_IOUT 0x04 -+#define EBT_ISOURCE 0x8 -+#define EBT_IDEST 0x10 -+#define EBT_ILOGICALIN 0x20 -+#define EBT_ILOGICALOUT 0x40 -+#define EBT_INV_MASK (EBT_IPROTO | EBT_IIN | EBT_IOUT | EBT_ILOGICALIN \ -+ | EBT_ILOGICALOUT | EBT_ISOURCE | EBT_IDEST) -+ -+struct ebt_entry_match -+{ -+ union { -+ char name[EBT_FUNCTION_MAXNAMELEN]; -+ struct ebt_match *match; -+ } u; -+ // size of data -+ unsigned int match_size; -+ unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); -+}; -+ -+struct ebt_entry_watcher -+{ -+ union { -+ char name[EBT_FUNCTION_MAXNAMELEN]; -+ struct ebt_watcher *watcher; -+ } u; -+ // size of data -+ unsigned int watcher_size; -+ unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); -+}; -+ -+struct ebt_entry_target -+{ -+ union { -+ char name[EBT_FUNCTION_MAXNAMELEN]; -+ struct ebt_target *target; -+ } u; -+ // size of data -+ unsigned int target_size; -+ unsigned char data[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); -+}; -+ -+#define EBT_STANDARD_TARGET "standard" -+struct ebt_standard_target -+{ -+ struct ebt_entry_target target; -+ int verdict; -+}; -+ -+// one entry -+struct ebt_entry { -+ // this needs to be the first field -+ unsigned int bitmask; -+ unsigned int invflags; -+ uint16_t ethproto; -+ // the physical in-dev -+ char in[IFNAMSIZ]; -+ // the logical in-dev -+ char logical_in[IFNAMSIZ]; -+ // the physical out-dev -+ char out[IFNAMSIZ]; -+ // the logical out-dev -+ char logical_out[IFNAMSIZ]; -+ unsigned char sourcemac[ETH_ALEN]; -+ unsigned char sourcemsk[ETH_ALEN]; -+ unsigned char destmac[ETH_ALEN]; -+ unsigned char destmsk[ETH_ALEN]; -+ // sizeof ebt_entry + matches -+ unsigned int watchers_offset; -+ // sizeof ebt_entry + matches + watchers -+ unsigned int target_offset; -+ // sizeof ebt_entry + matches + watchers + target -+ unsigned int next_offset; -+ unsigned char elems[0] __attribute__ ((aligned (__alignof__(struct ebt_replace)))); -+}; -+ -+// [gs]etsockopt numbers -+#define EBT_BASE_CTL 128 -+ -+#define EBT_SO_SET_ENTRIES (EBT_BASE_CTL) -+#define EBT_SO_SET_COUNTERS (EBT_SO_SET_ENTRIES+1) -+#define EBT_SO_SET_MAX (EBT_SO_SET_COUNTERS+1) -+ -+#define EBT_SO_GET_INFO (EBT_BASE_CTL) -+#define EBT_SO_GET_ENTRIES (EBT_SO_GET_INFO+1) -+#define EBT_SO_GET_INIT_INFO (EBT_SO_GET_ENTRIES+1) -+#define EBT_SO_GET_INIT_ENTRIES (EBT_SO_GET_INIT_INFO+1) -+#define EBT_SO_GET_MAX (EBT_SO_GET_INIT_ENTRIES+1) -+ -+#ifdef __KERNEL__ -+ -+// return values for match() functions -+#define EBT_MATCH 0 -+#define EBT_NOMATCH 1 -+ -+struct ebt_match -+{ -+ struct list_head list; -+ const char name[EBT_FUNCTION_MAXNAMELEN]; -+ // 0 == it matches -+ int (*match)(const struct sk_buff *skb, const struct net_device *in, -+ const struct net_device *out, const void *matchdata, -+ unsigned int datalen); -+ // 0 == let it in -+ int (*check)(const char *tablename, unsigned int hookmask, -+ const struct ebt_entry *e, void *matchdata, unsigned int datalen); -+ void (*destroy)(void *matchdata, unsigned int datalen); -+ struct module *me; -+}; -+ -+struct ebt_watcher -+{ -+ struct list_head list; -+ const char name[EBT_FUNCTION_MAXNAMELEN]; -+ void (*watcher)(const struct sk_buff *skb, const struct net_device *in, -+ const struct net_device *out, const void *watcherdata, -+ unsigned int datalen); -+ // 0 == let it in -+ int (*check)(const char *tablename, unsigned int hookmask, -+ const struct ebt_entry *e, void *watcherdata, unsigned int datalen); -+ void (*destroy)(void *watcherdata, unsigned int datalen); -+ struct module *me; -+}; -+ -+struct ebt_target -+{ -+ struct list_head list; -+ const char name[EBT_FUNCTION_MAXNAMELEN]; -+ // returns one of the standard verdicts -+ int (*target)(struct sk_buff **pskb, unsigned int hooknr, -+ const struct net_device *in, const struct net_device *out, -+ const void *targetdata, unsigned int datalen); -+ // 0 == let it in -+ int (*check)(const char *tablename, unsigned int hookmask, -+ const struct ebt_entry *e, void *targetdata, unsigned int datalen); -+ void (*destroy)(void *targetdata, unsigned int datalen); -+ struct module *me; -+}; -+ -+// used for jumping from and into user defined chains (udc) -+struct ebt_chainstack -+{ -+ struct ebt_entries *chaininfo; // pointer to chain data -+ struct ebt_entry *e; // pointer to entry data -+ unsigned int n; // n'th entry -+}; -+ -+struct ebt_table_info -+{ -+ // total size of the entries -+ unsigned int entries_size; -+ unsigned int nentries; -+ // pointers to the start of the chains -+ struct ebt_entries *hook_entry[NF_BR_NUMHOOKS]; -+ // room to maintain the stack used for jumping from and into udc -+ struct ebt_chainstack **chainstack; -+ char *entries; -+ struct ebt_counter counters[0] ____cacheline_aligned; -+}; -+ -+struct ebt_table -+{ -+ struct list_head list; -+ char name[EBT_TABLE_MAXNAMELEN]; -+ struct ebt_replace *table; -+ unsigned int valid_hooks; -+ rwlock_t lock; -+ // e.g. could be the table explicitly only allows certain -+ // matches, targets, ... 0 == let it in -+ int (*check)(const struct ebt_table_info *info, -+ unsigned int valid_hooks); -+ // the data used by the kernel -+ struct ebt_table_info *private; -+}; -+ -+#define EBT_ALIGN(s) (((s) + (__alignof__(struct ebt_replace)-1)) & \ -+ ~(__alignof__(struct ebt_replace)-1)) -+extern int ebt_register_table(struct ebt_table *table); -+extern void ebt_unregister_table(struct ebt_table *table); -+extern int ebt_register_match(struct ebt_match *match); -+extern void ebt_unregister_match(struct ebt_match *match); -+extern int ebt_register_watcher(struct ebt_watcher *watcher); -+extern void ebt_unregister_watcher(struct ebt_watcher *watcher); -+extern int ebt_register_target(struct ebt_target *target); -+extern void ebt_unregister_target(struct ebt_target *target); -+extern unsigned int ebt_do_table(unsigned int hook, struct sk_buff **pskb, -+ const struct net_device *in, const struct net_device *out, -+ struct ebt_table *table); -+ -+ // Used in the kernel match() functions -+#define FWINV(bool,invflg) ((bool) ^ !!(info->invflags & invflg)) -+// True if the hook mask denotes that the rule is in a base chain, -+// used in the check() functions -+#define BASE_CHAIN (hookmask & (1 << NF_BR_NUMHOOKS)) -+// Clear the bit in the hook mask that tells if the rule is on a base chain -+#define CLEAR_BASE_CHAIN_BIT (hookmask &= ~(1 << NF_BR_NUMHOOKS)) -+// True if the target is not a standard target -+#define INVALID_TARGET (info->target < -NUM_STANDARD_TARGETS || info->target >= 0) -+ -+#endif /* __KERNEL__ */ -+ -+// blatently stolen from ip_tables.h -+// fn returns 0 to continue iteration -+#define EBT_MATCH_ITERATE(e, fn, args...) \ -+({ \ -+ unsigned int __i; \ -+ int __ret = 0; \ -+ struct ebt_entry_match *__match; \ -+ \ -+ for (__i = sizeof(struct ebt_entry); \ -+ __i < (e)->watchers_offset; \ -+ __i += __match->match_size + \ -+ sizeof(struct ebt_entry_match)) { \ -+ __match = (void *)(e) + __i; \ -+ \ -+ __ret = fn(__match , ## args); \ -+ if (__ret != 0) \ -+ break; \ -+ } \ -+ if (__ret == 0) { \ -+ if (__i != (e)->watchers_offset) \ -+ __ret = -EINVAL; \ -+ } \ -+ __ret; \ -+}) -+ -+#define EBT_WATCHER_ITERATE(e, fn, args...) \ -+({ \ -+ unsigned int __i; \ -+ int __ret = 0; \ -+ struct ebt_entry_watcher *__watcher; \ -+ \ -+ for (__i = e->watchers_offset; \ -+ __i < (e)->target_offset; \ -+ __i += __watcher->watcher_size + \ -+ sizeof(struct ebt_entry_watcher)) { \ -+ __watcher = (void *)(e) + __i; \ -+ \ -+ __ret = fn(__watcher , ## args); \ -+ if (__ret != 0) \ -+ break; \ -+ } \ -+ if (__ret == 0) { \ -+ if (__i != (e)->target_offset) \ -+ __ret = -EINVAL; \ -+ } \ -+ __ret; \ -+}) -+ -+#define EBT_ENTRY_ITERATE(entries, size, fn, args...) \ -+({ \ -+ unsigned int __i; \ -+ int __ret = 0; \ -+ struct ebt_entry *__entry; \ -+ \ -+ for (__i = 0; __i < (size);) { \ -+ __entry = (void *)(entries) + __i; \ -+ __ret = fn(__entry , ## args); \ -+ if (__ret != 0) \ -+ break; \ -+ if (__entry->bitmask != 0) \ -+ __i += __entry->next_offset; \ -+ else \ -+ __i += sizeof(struct ebt_entries); \ -+ } \ -+ if (__ret == 0) { \ -+ if (__i != (size)) \ -+ __ret = -EINVAL; \ -+ } \ -+ __ret; \ -+}) -+ -+#endif ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter_bridge/ebt_802_3.h Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,60 @@ -+#ifndef __LINUX_BRIDGE_EBT_802_3_H -+#define __LINUX_BRIDGE_EBT_802_3_H -+ -+#define EBT_802_3_SAP 0x01 -+#define EBT_802_3_TYPE 0x02 -+ -+#define EBT_802_3_MATCH "802_3" -+ -+/* -+ * If frame has DSAP/SSAP value 0xaa you must check the SNAP type -+ * to discover what kind of packet we're carrying. -+ */ -+#define CHECK_TYPE 0xaa -+ -+/* -+ * Control field may be one or two bytes. If the first byte has -+ * the value 0x03 then the entire length is one byte, otherwise it is two. -+ * One byte controls are used in Unnumbered Information frames. -+ * Two byte controls are used in Numbered Information frames. -+ */ -+#define IS_UI 0x03 -+ -+#define EBT_802_3_MASK (EBT_802_3_SAP | EBT_802_3_TYPE | EBT_802_3) -+ -+/* ui has one byte ctrl, ni has two */ -+struct hdr_ui { -+ uint8_t dsap; -+ uint8_t ssap; -+ uint8_t ctrl; -+ uint8_t orig[3]; -+ uint16_t type; -+}; -+ -+struct hdr_ni { -+ uint8_t dsap; -+ uint8_t ssap; -+ uint16_t ctrl; -+ uint8_t orig[3]; -+ uint16_t type; -+}; -+ -+struct ebt_802_3_hdr { -+ uint8_t daddr[6]; -+ uint8_t saddr[6]; -+ uint16_t len; -+ union { -+ struct hdr_ui ui; -+ struct hdr_ni ni; -+ } llc; -+}; -+ -+struct ebt_802_3_info -+{ -+ uint8_t sap; -+ uint16_t type; -+ uint8_t bitmask; -+ uint8_t invflags; -+}; -+ -+#endif ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter_bridge/ebt_arp.h Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,32 @@ -+#ifndef __LINUX_BRIDGE_EBT_ARP_H -+#define __LINUX_BRIDGE_EBT_ARP_H -+ -+#define EBT_ARP_OPCODE 0x01 -+#define EBT_ARP_HTYPE 0x02 -+#define EBT_ARP_PTYPE 0x04 -+#define EBT_ARP_SRC_IP 0x08 -+#define EBT_ARP_DST_IP 0x10 -+#define EBT_ARP_SRC_MAC 0x20 -+#define EBT_ARP_DST_MAC 0x40 -+#define EBT_ARP_MASK (EBT_ARP_OPCODE | EBT_ARP_HTYPE | EBT_ARP_PTYPE | \ -+ EBT_ARP_SRC_IP | EBT_ARP_DST_IP | EBT_ARP_SRC_MAC | EBT_ARP_DST_MAC) -+#define EBT_ARP_MATCH "arp" -+ -+struct ebt_arp_info -+{ -+ uint16_t htype; -+ uint16_t ptype; -+ uint16_t opcode; -+ uint32_t saddr; -+ uint32_t smsk; -+ uint32_t daddr; -+ uint32_t dmsk; -+ unsigned char smaddr[ETH_ALEN]; -+ unsigned char smmsk[ETH_ALEN]; -+ unsigned char dmaddr[ETH_ALEN]; -+ unsigned char dmmsk[ETH_ALEN]; -+ uint8_t bitmask; -+ uint8_t invflags; -+}; -+ -+#endif ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter_bridge/ebt_ip.h Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,43 @@ -+/* -+ * ebt_ip -+ * -+ * Authors: -+ * Bart De Schuymer <bart.de.schuymer@pandora.be> -+ * -+ * April, 2002 -+ * -+ * Changes: -+ * added ip-sport and ip-dport -+ * Innominate Security Technologies AG <mhopf@innominate.com> -+ * September, 2002 -+ */ -+ -+#ifndef __LINUX_BRIDGE_EBT_IP_H -+#define __LINUX_BRIDGE_EBT_IP_H -+ -+#define EBT_IP_SOURCE 0x01 -+#define EBT_IP_DEST 0x02 -+#define EBT_IP_TOS 0x04 -+#define EBT_IP_PROTO 0x08 -+#define EBT_IP_SPORT 0x10 -+#define EBT_IP_DPORT 0x20 -+#define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\ -+ EBT_IP_SPORT | EBT_IP_DPORT ) -+#define EBT_IP_MATCH "ip" -+ -+// the same values are used for the invflags -+struct ebt_ip_info -+{ -+ uint32_t saddr; -+ uint32_t daddr; -+ uint32_t smsk; -+ uint32_t dmsk; -+ uint8_t tos; -+ uint8_t protocol; -+ uint8_t bitmask; -+ uint8_t invflags; -+ uint16_t sport[2]; -+ uint16_t dport[2]; -+}; -+ -+#endif ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter_bridge/ebt_pkttype.h Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,11 @@ -+#ifndef __LINUX_BRIDGE_EBT_PKTTYPE_H -+#define __LINUX_BRIDGE_EBT_PKTTYPE_H -+ -+struct ebt_pkttype_info -+{ -+ uint8_t pkt_type; -+ uint8_t invert; -+}; -+#define EBT_PKTTYPE_MATCH "pkttype" -+ -+#endif ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter_bridge/ebt_stp.h Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,46 @@ -+#ifndef __LINUX_BRIDGE_EBT_STP_H -+#define __LINUX_BRIDGE_EBT_STP_H -+ -+#define EBT_STP_TYPE 0x0001 -+ -+#define EBT_STP_FLAGS 0x0002 -+#define EBT_STP_ROOTPRIO 0x0004 -+#define EBT_STP_ROOTADDR 0x0008 -+#define EBT_STP_ROOTCOST 0x0010 -+#define EBT_STP_SENDERPRIO 0x0020 -+#define EBT_STP_SENDERADDR 0x0040 -+#define EBT_STP_PORT 0x0080 -+#define EBT_STP_MSGAGE 0x0100 -+#define EBT_STP_MAXAGE 0x0200 -+#define EBT_STP_HELLOTIME 0x0400 -+#define EBT_STP_FWDD 0x0800 -+ -+#define EBT_STP_MASK 0x0fff -+#define EBT_STP_CONFIG_MASK 0x0ffe -+ -+#define EBT_STP_MATCH "stp" -+ -+struct ebt_stp_config_info -+{ -+ uint8_t flags; -+ uint16_t root_priol, root_priou; -+ char root_addr[6], root_addrmsk[6]; -+ uint32_t root_costl, root_costu; -+ uint16_t sender_priol, sender_priou; -+ char sender_addr[6], sender_addrmsk[6]; -+ uint16_t portl, portu; -+ uint16_t msg_agel, msg_ageu; -+ uint16_t max_agel, max_ageu; -+ uint16_t hello_timel, hello_timeu; -+ uint16_t forward_delayl, forward_delayu; -+}; -+ -+struct ebt_stp_info -+{ -+ uint8_t type; -+ struct ebt_stp_config_info config; -+ uint16_t bitmask; -+ uint16_t invflags; -+}; -+ -+#endif ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter_bridge/ebt_vlan.h Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,20 @@ -+#ifndef __LINUX_BRIDGE_EBT_VLAN_H -+#define __LINUX_BRIDGE_EBT_VLAN_H -+ -+#define EBT_VLAN_ID 0x01 -+#define EBT_VLAN_PRIO 0x02 -+#define EBT_VLAN_ENCAP 0x04 -+#define EBT_VLAN_MASK (EBT_VLAN_ID | EBT_VLAN_PRIO | EBT_VLAN_ENCAP) -+#define EBT_VLAN_MATCH "vlan" -+ -+struct ebt_vlan_info { -+ uint16_t id; /* VLAN ID {1-4095} */ -+ uint8_t prio; /* VLAN User Priority {0-7} */ -+ uint16_t encap; /* VLAN Encapsulated frame code {0-65535} */ -+ uint8_t bitmask; /* Args bitmask bit 1=1 - ID arg, -+ bit 2=1 User-Priority arg, bit 3=1 encap*/ -+ uint8_t invflags; /* Inverse bitmask bit 1=1 - inversed ID arg, -+ bit 2=1 - inversed Pirority arg */ -+}; -+ -+#endif ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter_bridge/ebt_log.h Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,17 @@ -+#ifndef __LINUX_BRIDGE_EBT_LOG_H -+#define __LINUX_BRIDGE_EBT_LOG_H -+ -+#define EBT_LOG_IP 0x01 // if the frame is made by ip, log the ip information -+#define EBT_LOG_ARP 0x02 -+#define EBT_LOG_MASK (EBT_LOG_IP | EBT_LOG_ARP) -+#define EBT_LOG_PREFIX_SIZE 30 -+#define EBT_LOG_WATCHER "log" -+ -+struct ebt_log_info -+{ -+ uint8_t loglevel; -+ uint8_t prefix[EBT_LOG_PREFIX_SIZE]; -+ uint32_t bitmask; -+}; -+ -+#endif ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter_bridge/ebt_nat.h Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,13 @@ -+#ifndef __LINUX_BRIDGE_EBT_NAT_H -+#define __LINUX_BRIDGE_EBT_NAT_H -+ -+struct ebt_nat_info -+{ -+ unsigned char mac[ETH_ALEN]; -+ // EBT_ACCEPT, EBT_DROP, EBT_CONTINUE or EBT_RETURN -+ int target; -+}; -+#define EBT_SNAT_TARGET "snat" -+#define EBT_DNAT_TARGET "dnat" -+ -+#endif ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter_bridge/ebt_redirect.h Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,11 @@ -+#ifndef __LINUX_BRIDGE_EBT_REDIRECT_H -+#define __LINUX_BRIDGE_EBT_REDIRECT_H -+ -+struct ebt_redirect_info -+{ -+ // EBT_ACCEPT, EBT_DROP or EBT_CONTINUE or EBT_RETURN -+ int target; -+}; -+#define EBT_REDIRECT_TARGET "redirect" -+ -+#endif ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter_bridge/ebt_mark_m.h Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,15 @@ -+#ifndef __LINUX_BRIDGE_EBT_MARK_M_H -+#define __LINUX_BRIDGE_EBT_MARK_M_H -+ -+#define EBT_MARK_AND 0x01 -+#define EBT_MARK_OR 0x02 -+#define EBT_MARK_MASK (EBT_MARK_AND | EBT_MARK_OR) -+struct ebt_mark_m_info -+{ -+ unsigned long mark, mask; -+ uint8_t invert; -+ uint8_t bitmask; -+}; -+#define EBT_MARK_MATCH "mark_m" -+ -+#endif ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter_bridge/ebt_mark_t.h Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,12 @@ -+#ifndef __LINUX_BRIDGE_EBT_MARK_T_H -+#define __LINUX_BRIDGE_EBT_MARK_T_H -+ -+struct ebt_mark_t_info -+{ -+ unsigned long mark; -+ // EBT_ACCEPT, EBT_DROP or EBT_CONTINUE or EBT_RETURN -+ int target; -+}; -+#define EBT_MARK_TARGET "mark" -+ -+#endif ---- linux-2.4.21/include/linux/netfilter.h Thu Nov 22 20:47:48 2001 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter.h Fri Aug 8 01:09:06 2003 -@@ -117,28 +117,34 @@ extern struct list_head nf_hooks[NPROTO] - /* This is gross, but inline doesn't cut it for avoiding the function - call in fast path: gcc doesn't inline (needs value tracking?). --RR */ - #ifdef CONFIG_NETFILTER_DEBUG --#define NF_HOOK nf_hook_slow -+#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ -+nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), INT_MIN) -+#define NF_HOOK_THRESH nf_hook_slow - #else - #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \ - (list_empty(&nf_hooks[(pf)][(hook)]) \ - ? (okfn)(skb) \ -- : nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn))) -+ : nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), INT_MIN)) -+#define NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, thresh) \ -+(list_empty(&nf_hooks[(pf)][(hook)]) \ -+ ? (okfn)(skb) \ -+ : nf_hook_slow((pf), (hook), (skb), (indev), (outdev), (okfn), (thresh))) - #endif - - int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb, - struct net_device *indev, struct net_device *outdev, -- int (*okfn)(struct sk_buff *)); -+ int (*okfn)(struct sk_buff *), int thresh); - - /* Call setsockopt() */ --int nf_setsockopt(struct sock *sk, int pf, int optval, char *opt, -+int nf_setsockopt(struct sock *sk, int pf, int optval, char *opt, - int len); - int nf_getsockopt(struct sock *sk, int pf, int optval, char *opt, - int *len); - - /* Packet queuing */ --typedef int (*nf_queue_outfn_t)(struct sk_buff *skb, -+typedef int (*nf_queue_outfn_t)(struct sk_buff *skb, - struct nf_info *info, void *data); --extern int nf_register_queue_handler(int pf, -+extern int nf_register_queue_handler(int pf, - nf_queue_outfn_t outfn, void *data); - extern int nf_unregister_queue_handler(int pf); - extern void nf_reinject(struct sk_buff *skb, ---- linux-2.4.21/include/linux/netfilter_ipv4.h Mon Feb 25 20:38:13 2002 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter_ipv4.h Fri Aug 8 01:09:06 2003 -@@ -52,8 +52,10 @@ - enum nf_ip_hook_priorities { - NF_IP_PRI_FIRST = INT_MIN, - NF_IP_PRI_CONNTRACK = -200, -+ NF_IP_PRI_BRIDGE_SABOTAGE_FORWARD = -175, - NF_IP_PRI_MANGLE = -150, - NF_IP_PRI_NAT_DST = -100, -+ NF_IP_PRI_BRIDGE_SABOTAGE_LOCAL_OUT = -50, - NF_IP_PRI_FILTER = 0, - NF_IP_PRI_NAT_SRC = 100, - NF_IP_PRI_LAST = INT_MAX, ---- linux-2.4.21/include/linux/skbuff.h Fri Jun 13 16:51:39 2003 -+++ linux-2.4.21-ebt-brnf-3/include/linux/skbuff.h Fri Aug 8 01:09:06 2003 -@@ -92,6 +92,17 @@ struct nf_conntrack { - struct nf_ct_info { - struct nf_conntrack *master; - }; -+ -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+struct nf_bridge_info { -+ atomic_t use; -+ struct net_device *physindev; -+ struct net_device *physoutdev; -+ unsigned int mask; -+ unsigned long hh[16 / sizeof(unsigned long)]; -+}; -+#endif -+ - #endif - - struct sk_buff_head { -@@ -204,6 +215,9 @@ struct sk_buff { - #ifdef CONFIG_NETFILTER_DEBUG - unsigned int nf_debug; - #endif -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ struct nf_bridge_info *nf_bridge; /* Saved data about a bridged frame - see br_netfilter.c */ -+#endif - #endif /*CONFIG_NETFILTER*/ - - #if defined(CONFIG_HIPPI) -@@ -278,7 +292,7 @@ static inline struct sk_buff *skb_get(st - * If users==1, we are the only owner and are can avoid redundant - * atomic change. - */ -- -+ - /** - * kfree_skb - free an sk_buff - * @skb: buffer to free -@@ -286,7 +300,7 @@ static inline struct sk_buff *skb_get(st - * Drop a reference to the buffer and free it if the usage count has - * hit zero. - */ -- -+ - static inline void kfree_skb(struct sk_buff *skb) - { - if (atomic_read(&skb->users) == 1 || atomic_dec_and_test(&skb->users)) -@@ -1165,6 +1179,20 @@ nf_conntrack_get(struct nf_ct_info *nfct - if (nfct) - atomic_inc(&nfct->master->use); - } -+ -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+static inline void nf_bridge_put(struct nf_bridge_info *nf_bridge) -+{ -+ if (nf_bridge && atomic_dec_and_test(&nf_bridge->use)) -+ kfree(nf_bridge); -+} -+static inline void nf_bridge_get(struct nf_bridge_info *nf_bridge) -+{ -+ if (nf_bridge) -+ atomic_inc(&nf_bridge->use); -+} -+#endif -+ - #endif - - #endif /* __KERNEL__ */ ---- linux-2.4.21/net/core/netfilter.c Sat Aug 3 02:39:46 2002 -+++ linux-2.4.21-ebt-brnf-3/net/core/netfilter.c Fri Aug 8 01:09:06 2003 -@@ -1,4 +1,4 @@ --/* netfilter.c: look after the filters for various protocols. -+/* netfilter.c: look after the filters for various protocols. - * Heavily influenced by the old firewall.c by David Bonn and Alan Cox. - * - * Thanks to Rob `CmdrTaco' Malda for not influencing this code in any -@@ -342,10 +342,15 @@ static unsigned int nf_iterate(struct li - const struct net_device *indev, - const struct net_device *outdev, - struct list_head **i, -- int (*okfn)(struct sk_buff *)) -+ int (*okfn)(struct sk_buff *), -+ int hook_thresh) - { - for (*i = (*i)->next; *i != head; *i = (*i)->next) { - struct nf_hook_ops *elem = (struct nf_hook_ops *)*i; -+ -+ if (hook_thresh > elem->priority) -+ continue; -+ - switch (elem->hook(hook, skb, indev, outdev, okfn)) { - case NF_QUEUE: - return NF_QUEUE; -@@ -365,7 +370,7 @@ static unsigned int nf_iterate(struct li - break; - - default: -- NFDEBUG("Evil return from %p(%u).\n", -+ NFDEBUG("Evil return from %p(%u).\n", - elem->hook, hook); - #endif - } -@@ -374,7 +379,7 @@ static unsigned int nf_iterate(struct li - } - - int nf_register_queue_handler(int pf, nf_queue_outfn_t outfn, void *data) --{ -+{ - int ret; - - br_write_lock_bh(BR_NETPROTO_LOCK); -@@ -400,12 +405,12 @@ int nf_unregister_queue_handler(int pf) - return 0; - } - --/* -- * Any packet that leaves via this function must come back -+/* -+ * Any packet that leaves via this function must come back - * through nf_reinject(). - */ --static void nf_queue(struct sk_buff *skb, -- struct list_head *elem, -+static void nf_queue(struct sk_buff *skb, -+ struct list_head *elem, - int pf, unsigned int hook, - struct net_device *indev, - struct net_device *outdev, -@@ -413,6 +418,10 @@ static void nf_queue(struct sk_buff *skb - { - int status; - struct nf_info *info; -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ struct net_device *physindev = NULL; -+ struct net_device *physoutdev = NULL; -+#endif - - if (!queue_handler[pf].outfn) { - kfree_skb(skb); -@@ -428,18 +437,31 @@ static void nf_queue(struct sk_buff *skb - return; - } - -- *info = (struct nf_info) { -+ *info = (struct nf_info) { - (struct nf_hook_ops *)elem, pf, hook, indev, outdev, okfn }; - - /* Bump dev refs so they don't vanish while packet is out */ - if (indev) dev_hold(indev); - if (outdev) dev_hold(outdev); - -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ if (skb->nf_bridge) { -+ physindev = skb->nf_bridge->physindev; -+ if (physindev) dev_hold(physindev); -+ physoutdev = skb->nf_bridge->physoutdev; -+ if (physoutdev) dev_hold(physoutdev); -+ } -+#endif -+ - status = queue_handler[pf].outfn(skb, info, queue_handler[pf].data); - if (status < 0) { - /* James M doesn't say fuck enough. */ - if (indev) dev_put(indev); - if (outdev) dev_put(outdev); -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ if (physindev) dev_put(physindev); -+ if (physoutdev) dev_put(physoutdev); -+#endif - kfree(info); - kfree_skb(skb); - return; -@@ -449,7 +471,8 @@ static void nf_queue(struct sk_buff *skb - int nf_hook_slow(int pf, unsigned int hook, struct sk_buff *skb, - struct net_device *indev, - struct net_device *outdev, -- int (*okfn)(struct sk_buff *)) -+ int (*okfn)(struct sk_buff *), -+ int hook_thresh) - { - struct list_head *elem; - unsigned int verdict; -@@ -481,7 +504,7 @@ int nf_hook_slow(int pf, unsigned int ho - - elem = &nf_hooks[pf][hook]; - verdict = nf_iterate(&nf_hooks[pf][hook], &skb, hook, indev, -- outdev, &elem, okfn); -+ outdev, &elem, okfn, hook_thresh); - if (verdict == NF_QUEUE) { - NFDEBUG("nf_hook: Verdict = QUEUE.\n"); - nf_queue(skb, elem, pf, hook, indev, outdev, okfn); -@@ -510,6 +533,14 @@ void nf_reinject(struct sk_buff *skb, st - - /* We don't have BR_NETPROTO_LOCK here */ - br_read_lock_bh(BR_NETPROTO_LOCK); -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ if (skb->nf_bridge) { -+ if (skb->nf_bridge->physindev) -+ dev_put(skb->nf_bridge->physindev); -+ if (skb->nf_bridge->physoutdev) -+ dev_put(skb->nf_bridge->physoutdev); -+ } -+#endif - for (i = nf_hooks[info->pf][info->hook].next; i != elem; i = i->next) { - if (i == &nf_hooks[info->pf][info->hook]) { - /* The module which sent it to userspace is gone. */ -@@ -528,9 +559,9 @@ void nf_reinject(struct sk_buff *skb, st - - if (verdict == NF_ACCEPT) { - verdict = nf_iterate(&nf_hooks[info->pf][info->hook], -- &skb, info->hook, -+ &skb, info->hook, - info->indev, info->outdev, &elem, -- info->okfn); -+ info->okfn, INT_MIN); - } - - switch (verdict) { -@@ -539,20 +570,19 @@ void nf_reinject(struct sk_buff *skb, st - break; - - case NF_QUEUE: -- nf_queue(skb, elem, info->pf, info->hook, -+ nf_queue(skb, elem, info->pf, info->hook, - info->indev, info->outdev, info->okfn); - break; -- -- case NF_DROP: -- kfree_skb(skb); -- break; - } - br_read_unlock_bh(BR_NETPROTO_LOCK); - - /* Release those devices we held, or Alexey will kill me. */ - if (info->indev) dev_put(info->indev); - if (info->outdev) dev_put(info->outdev); -- -+ -+ if (verdict == NF_DROP) -+ kfree_skb(skb); -+ - kfree(info); - return; - } ---- linux-2.4.21/net/core/skbuff.c Fri Jun 13 16:51:39 2003 -+++ linux-2.4.21-ebt-brnf-3/net/core/skbuff.c Fri Aug 8 01:09:06 2003 -@@ -245,6 +245,9 @@ static inline void skb_headerinit(void * - #ifdef CONFIG_NETFILTER_DEBUG - skb->nf_debug = 0; - #endif -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ skb->nf_bridge = NULL; -+#endif - #endif - #ifdef CONFIG_NET_SCHED - skb->tc_index = 0; -@@ -325,6 +328,9 @@ void __kfree_skb(struct sk_buff *skb) - } - #ifdef CONFIG_NETFILTER - nf_conntrack_put(skb->nfct); -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ nf_bridge_put(skb->nf_bridge); -+#endif - #endif - skb_headerinit(skb, NULL, 0); /* clean state */ - kfree_skbmem(skb); -@@ -391,6 +397,9 @@ struct sk_buff *skb_clone(struct sk_buff - #ifdef CONFIG_NETFILTER_DEBUG - C(nf_debug); - #endif -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ C(nf_bridge); -+#endif - #endif /*CONFIG_NETFILTER*/ - #if defined(CONFIG_HIPPI) - C(private); -@@ -403,6 +412,9 @@ struct sk_buff *skb_clone(struct sk_buff - skb->cloned = 1; - #ifdef CONFIG_NETFILTER - nf_conntrack_get(skb->nfct); -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ nf_bridge_get(skb->nf_bridge); -+#endif - #endif - return n; - } -@@ -436,6 +448,10 @@ static void copy_skb_header(struct sk_bu - nf_conntrack_get(new->nfct); - #ifdef CONFIG_NETFILTER_DEBUG - new->nf_debug=old->nf_debug; -+#endif -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ new->nf_bridge=old->nf_bridge; -+ nf_bridge_get(new->nf_bridge); - #endif - #endif - #ifdef CONFIG_NET_SCHED ---- linux-2.4.21/net/ipv4/netfilter/ip_tables.c Fri Jun 13 16:51:39 2003 -+++ linux-2.4.21-ebt-brnf-3/net/ipv4/netfilter/ip_tables.c Fri Aug 8 01:09:06 2003 -@@ -121,12 +121,19 @@ static LIST_HEAD(ipt_tables); - static inline int - ip_packet_match(const struct iphdr *ip, - const char *indev, -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ const char *physindev, -+#endif - const char *outdev, -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ const char *physoutdev, -+#endif - const struct ipt_ip *ipinfo, - int isfrag) - { - size_t i; - unsigned long ret; -+ unsigned long ret2 = 1; - - #define FWINV(bool,invflg) ((bool) ^ !!(ipinfo->invflags & invflg)) - -@@ -156,7 +163,15 @@ ip_packet_match(const struct iphdr *ip, - & ((const unsigned long *)ipinfo->iniface_mask)[i]; - } - -- if (FWINV(ret != 0, IPT_INV_VIA_IN)) { -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ for (i = 0, ret2 = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { -+ ret2 |= (((const unsigned long *)physindev)[i] -+ ^ ((const unsigned long *)ipinfo->iniface)[i]) -+ & ((const unsigned long *)ipinfo->iniface_mask)[i]; -+ } -+#endif -+ -+ if (FWINV(ret != 0 && ret2 != 0, IPT_INV_VIA_IN)) { - dprintf("VIA in mismatch (%s vs %s).%s\n", - indev, ipinfo->iniface, - ipinfo->invflags&IPT_INV_VIA_IN ?" (INV)":""); -@@ -169,7 +184,15 @@ ip_packet_match(const struct iphdr *ip, - & ((const unsigned long *)ipinfo->outiface_mask)[i]; - } - -- if (FWINV(ret != 0, IPT_INV_VIA_OUT)) { -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ for (i = 0, ret2 = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { -+ ret2 |= (((const unsigned long *)physoutdev)[i] -+ ^ ((const unsigned long *)ipinfo->outiface)[i]) -+ & ((const unsigned long *)ipinfo->outiface_mask)[i]; -+ } -+#endif -+ -+ if (FWINV(ret != 0 && ret2 != 0, IPT_INV_VIA_OUT)) { - dprintf("VIA out mismatch (%s vs %s).%s\n", - outdev, ipinfo->outiface, - ipinfo->invflags&IPT_INV_VIA_OUT ?" (INV)":""); -@@ -268,6 +291,9 @@ ipt_do_table(struct sk_buff **pskb, - /* Initializing verdict to NF_DROP keeps gcc happy. */ - unsigned int verdict = NF_DROP; - const char *indev, *outdev; -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ const char *physindev, *physoutdev; -+#endif - void *table_base; - struct ipt_entry *e, *back; - -@@ -277,6 +303,13 @@ ipt_do_table(struct sk_buff **pskb, - datalen = (*pskb)->len - ip->ihl * 4; - indev = in ? in->name : nulldevname; - outdev = out ? out->name : nulldevname; -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ physindev = ((*pskb)->nf_bridge && (*pskb)->nf_bridge->physindev) ? -+ (*pskb)->nf_bridge->physindev->name : nulldevname; -+ physoutdev = ((*pskb)->nf_bridge && (*pskb)->nf_bridge->physoutdev) ? -+ (*pskb)->nf_bridge->physoutdev->name : nulldevname; -+#endif -+ - /* We handle fragments by dealing with the first fragment as - * if it was a normal packet. All other fragments are treated - * normally, except that they will NEVER match rules that ask -@@ -312,7 +345,15 @@ ipt_do_table(struct sk_buff **pskb, - IP_NF_ASSERT(e); - IP_NF_ASSERT(back); - (*pskb)->nfcache |= e->nfcache; -- if (ip_packet_match(ip, indev, outdev, &e->ip, offset)) { -+ if (ip_packet_match(ip, indev, -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ physindev, -+#endif -+ outdev, -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ physoutdev, -+#endif -+ &e->ip, offset)) { - struct ipt_entry_target *t; - - if (IPT_MATCH_ITERATE(e, do_match, ---- linux-2.4.21/net/ipv4/ip_output.c Fri Nov 29 00:53:15 2002 -+++ linux-2.4.21-ebt-brnf-3/net/ipv4/ip_output.c Fri Aug 8 01:09:06 2003 -@@ -879,6 +879,10 @@ int ip_fragment(struct sk_buff *skb, int - /* Connection association is same as pre-frag packet */ - skb2->nfct = skb->nfct; - nf_conntrack_get(skb2->nfct); -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ skb2->nf_bridge = skb->nf_bridge; -+ nf_bridge_get(skb2->nf_bridge); -+#endif - #ifdef CONFIG_NETFILTER_DEBUG - skb2->nf_debug = skb->nf_debug; - #endif ---- linux-2.4.21/net/ipv4/netfilter/ipt_LOG.c Mon Feb 25 20:38:14 2002 -+++ linux-2.4.21-ebt-brnf-3/net/ipv4/netfilter/ipt_LOG.c Fri Aug 8 01:09:06 2003 -@@ -289,6 +289,18 @@ ipt_log_target(struct sk_buff **pskb, - loginfo->prefix, - in ? in->name : "", - out ? out->name : ""); -+#if defined(CONFIG_BRIDGE) || defined(CONFIG_BRIDGE_MODULE) -+ if ((*pskb)->nf_bridge) { -+ struct net_device *physindev = (*pskb)->nf_bridge->physindev; -+ struct net_device *physoutdev = (*pskb)->nf_bridge->physoutdev; -+ -+ if (physindev && in != physindev) -+ printk("PHYSIN=%s ", physindev->name); -+ if (physoutdev && out != physoutdev) -+ printk("PHYSOUT=%s ", physoutdev->name); -+ } -+#endif -+ - if (in && !out) { - /* MAC logging for input chain only. */ - printk("MAC="); ---- linux-2.4.21/net/ipv4/netfilter/Makefile Fri Jun 13 16:51:39 2003 -+++ linux-2.4.21-ebt-brnf-3/net/ipv4/netfilter/Makefile Fri Aug 8 01:09:06 2003 -@@ -84,6 +84,8 @@ obj-$(CONFIG_IP_NF_MATCH_CONNTRACK) += i - obj-$(CONFIG_IP_NF_MATCH_UNCLEAN) += ipt_unclean.o - obj-$(CONFIG_IP_NF_MATCH_TCPMSS) += ipt_tcpmss.o - -+obj-$(CONFIG_IP_NF_MATCH_PHYSDEV) += ipt_physdev.o -+ - # targets - obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o - obj-$(CONFIG_IP_NF_TARGET_MIRROR) += ipt_MIRROR.o ---- linux-2.4.21/net/ipv4/netfilter/Config.in Fri Jun 13 16:51:39 2003 -+++ linux-2.4.21-ebt-brnf-3/net/ipv4/netfilter/Config.in Fri Aug 8 01:09:06 2003 -@@ -43,6 +43,9 @@ if [ "$CONFIG_IP_NF_IPTABLES" != "n" ]; - dep_tristate ' Unclean match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_UNCLEAN $CONFIG_IP_NF_IPTABLES - dep_tristate ' Owner match support (EXPERIMENTAL)' CONFIG_IP_NF_MATCH_OWNER $CONFIG_IP_NF_IPTABLES - fi -+ if [ "$CONFIG_BRIDGE" != "n" ]; then -+ dep_tristate ' Physdev match support' CONFIG_IP_NF_MATCH_PHYSDEV -+ fi - # The targets - dep_tristate ' Packet filtering' CONFIG_IP_NF_FILTER $CONFIG_IP_NF_IPTABLES - if [ "$CONFIG_IP_NF_FILTER" != "n" ]; then ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/bridge/br_netfilter.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,636 @@ -+/* -+ * Handle firewalling -+ * Linux ethernet bridge -+ * -+ * Authors: -+ * Lennert Buytenhek <buytenh@gnu.org> -+ * Bart De Schuymer <bdschuym@pandora.be> -+ * -+ * This program is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU General Public License -+ * as published by the Free Software Foundation; either version -+ * 2 of the License, or (at your option) any later version. -+ * -+ * Lennert dedicates this file to Kerstin Wurdinger. -+ */ -+ -+#include <linux/module.h> -+#include <linux/kernel.h> -+#include <linux/ip.h> -+#include <linux/netdevice.h> -+#include <linux/skbuff.h> -+#include <linux/if_ether.h> -+#include <linux/netfilter_bridge.h> -+#include <linux/netfilter_ipv4.h> -+#include <linux/in_route.h> -+#include <net/ip.h> -+#include <asm/uaccess.h> -+#include <asm/checksum.h> -+#include "br_private.h" -+ -+ -+#define skb_origaddr(skb) (((struct bridge_skb_cb *) \ -+ (skb->cb))->daddr.ipv4) -+#define store_orig_dstaddr(skb) (skb_origaddr(skb) = (skb)->nh.iph->daddr) -+#define dnat_took_place(skb) (skb_origaddr(skb) != (skb)->nh.iph->daddr) -+#define clear_cb(skb) (memset(&skb_origaddr(skb), 0, \ -+ sizeof(struct bridge_skb_cb))) -+ -+#define has_bridge_parent(device) ((device)->br_port != NULL) -+#define bridge_parent(device) (&((device)->br_port->br->dev)) -+ -+/* We need these fake structures to make netfilter happy -- -+ * lots of places assume that skb->dst != NULL, which isn't -+ * all that unreasonable. -+ * -+ * Currently, we fill in the PMTU entry because netfilter -+ * refragmentation needs it, and the rt_flags entry because -+ * ipt_REJECT needs it. Future netfilter modules might -+ * require us to fill additional fields. -+ */ -+static struct net_device __fake_net_device = { -+ .hard_header_len = ETH_HLEN -+}; -+ -+static struct rtable __fake_rtable = { -+ u: { -+ dst: { -+ __refcnt: ATOMIC_INIT(1), -+ dev: &__fake_net_device, -+ pmtu: 1500 -+ } -+ }, -+ -+ rt_flags: 0 -+}; -+ -+ -+/* PF_BRIDGE/PRE_ROUTING *********************************************/ -+static void __br_dnat_complain(void) -+{ -+ static unsigned long last_complaint = 0; -+ -+ if (jiffies - last_complaint >= 5 * HZ) { -+ printk(KERN_WARNING "Performing cross-bridge DNAT requires IP " -+ "forwarding to be enabled\n"); -+ last_complaint = jiffies; -+ } -+} -+ -+ -+/* This requires some explaining. If DNAT has taken place, -+ * we will need to fix up the destination Ethernet address, -+ * and this is a tricky process. -+ * -+ * There are two cases to consider: -+ * 1. The packet was DNAT'ed to a device in the same bridge -+ * port group as it was received on. We can still bridge -+ * the packet. -+ * 2. The packet was DNAT'ed to a different device, either -+ * a non-bridged device or another bridge port group. -+ * The packet will need to be routed. -+ * -+ * The correct way of distinguishing between these two cases is to -+ * call ip_route_input() and to look at skb->dst->dev, which is -+ * changed to the destination device if ip_route_input() succeeds. -+ * -+ * Let us first consider the case that ip_route_input() succeeds: -+ * -+ * If skb->dst->dev equals the logical bridge device the packet -+ * came in on, we can consider this bridging. We then call -+ * skb->dst->output() which will make the packet enter br_nf_local_out() -+ * not much later. In that function it is assured that the iptables -+ * FORWARD chain is traversed for the packet. -+ * -+ * Otherwise, the packet is considered to be routed and we just -+ * change the destination MAC address so that the packet will -+ * later be passed up to the IP stack to be routed. -+ * -+ * Let us now consider the case that ip_route_input() fails: -+ * -+ * After a "echo '0' > /proc/sys/net/ipv4/ip_forward" ip_route_input() -+ * will fail, while __ip_route_output_key() will return success. The source -+ * address for __ip_route_output_key() is set to zero, so __ip_route_output_key -+ * thinks we're handling a locally generated packet and won't care -+ * if IP forwarding is allowed. We send a warning message to the users's -+ * log telling her to put IP forwarding on. -+ * -+ * ip_route_input() will also fail if there is no route available. -+ * In that case we just drop the packet. -+ * -+ * --Lennert, 20020411 -+ * --Bart, 20020416 (updated) -+ * --Bart, 20021007 (updated) -+ */ -+ -+static int br_nf_pre_routing_finish_bridge(struct sk_buff *skb) -+{ -+#ifdef CONFIG_NETFILTER_DEBUG -+ skb->nf_debug |= (1 << NF_BR_PRE_ROUTING) | (1 << NF_BR_FORWARD); -+#endif -+ -+ if (skb->pkt_type == PACKET_OTHERHOST) { -+ skb->pkt_type = PACKET_HOST; -+ skb->nf_bridge->mask |= BRNF_PKT_TYPE; -+ } -+ -+ skb->dev = bridge_parent(skb->dev); -+ skb->dst->output(skb); -+ return 0; -+} -+ -+static int br_nf_pre_routing_finish(struct sk_buff *skb) -+{ -+ struct net_device *dev = skb->dev; -+ struct iphdr *iph = skb->nh.iph; -+ struct nf_bridge_info *nf_bridge = skb->nf_bridge; -+ -+#ifdef CONFIG_NETFILTER_DEBUG -+ skb->nf_debug ^= (1 << NF_BR_PRE_ROUTING); -+#endif -+ -+ if (nf_bridge->mask & BRNF_PKT_TYPE) { -+ skb->pkt_type = PACKET_OTHERHOST; -+ nf_bridge->mask ^= BRNF_PKT_TYPE; -+ } -+ -+ if (dnat_took_place(skb)) { -+ if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos, -+ dev)) { -+ struct rtable *rt; -+ -+ if (!ip_route_output(&rt, iph->daddr, 0, iph->tos, 0)) { -+ /* Bridged-and-DNAT'ed traffic doesn't -+ * require ip_forwarding. -+ */ -+ if (((struct dst_entry *)rt)->dev == dev) { -+ skb->dst = (struct dst_entry *)rt; -+ goto bridged_dnat; -+ } -+ __br_dnat_complain(); -+ dst_release((struct dst_entry *)rt); -+ } -+ kfree_skb(skb); -+ return 0; -+ } else { -+ if (skb->dst->dev == dev) { -+bridged_dnat: -+ /* Tell br_nf_local_out this is a -+ * bridged frame -+ */ -+ nf_bridge->mask |= BRNF_BRIDGED_DNAT; -+ skb->dev = nf_bridge->physindev; -+ clear_cb(skb); -+ NF_HOOK_THRESH(PF_BRIDGE, NF_BR_PRE_ROUTING, -+ skb, skb->dev, NULL, -+ br_nf_pre_routing_finish_bridge, -+ 1); -+ return 0; -+ } -+ memcpy(skb->mac.ethernet->h_dest, dev->dev_addr, -+ ETH_ALEN); -+ } -+ } else { -+ skb->dst = (struct dst_entry *)&__fake_rtable; -+ dst_hold(skb->dst); -+ } -+ -+ clear_cb(skb); -+ skb->dev = nf_bridge->physindev; -+ NF_HOOK_THRESH(PF_BRIDGE, NF_BR_PRE_ROUTING, skb, skb->dev, NULL, -+ br_handle_frame_finish, 1); -+ -+ return 0; -+} -+ -+/* Replicate the checks that IPv4 does on packet reception. -+ * Set skb->dev to the bridge device (i.e. parent of the -+ * receiving device) to make netfilter happy, the REDIRECT -+ * target in particular. Save the original destination IP -+ * address to be able to detect DNAT afterwards. -+ */ -+static unsigned int br_nf_pre_routing(unsigned int hook, struct sk_buff **pskb, -+ const struct net_device *in, const struct net_device *out, -+ int (*okfn)(struct sk_buff *)) -+{ -+ struct iphdr *iph; -+ __u32 len; -+ struct sk_buff *skb; -+ struct nf_bridge_info *nf_bridge; -+ -+ if ((*pskb)->protocol != __constant_htons(ETH_P_IP)) -+ return NF_ACCEPT; -+ -+ if ((skb = skb_share_check(*pskb, GFP_ATOMIC)) == NULL) -+ goto out; -+ -+ if (!pskb_may_pull(skb, sizeof(struct iphdr))) -+ goto inhdr_error; -+ -+ iph = skb->nh.iph; -+ if (iph->ihl < 5 || iph->version != 4) -+ goto inhdr_error; -+ -+ if (!pskb_may_pull(skb, 4*iph->ihl)) -+ goto inhdr_error; -+ -+ iph = skb->nh.iph; -+ if (ip_fast_csum((__u8 *)iph, iph->ihl) != 0) -+ goto inhdr_error; -+ -+ len = ntohs(iph->tot_len); -+ if (skb->len < len || len < 4*iph->ihl) -+ goto inhdr_error; -+ -+ if (skb->len > len) { -+ __pskb_trim(skb, len); -+ if (skb->ip_summed == CHECKSUM_HW) -+ skb->ip_summed = CHECKSUM_NONE; -+ } -+ -+#ifdef CONFIG_NETFILTER_DEBUG -+ skb->nf_debug ^= (1 << NF_IP_PRE_ROUTING); -+#endif -+ if ((nf_bridge = nf_bridge_alloc(skb)) == NULL) -+ return NF_DROP; -+ -+ if (skb->pkt_type == PACKET_OTHERHOST) { -+ skb->pkt_type = PACKET_HOST; -+ nf_bridge->mask |= BRNF_PKT_TYPE; -+ } -+ -+ nf_bridge->physindev = skb->dev; -+ skb->dev = bridge_parent(skb->dev); -+ store_orig_dstaddr(skb); -+ -+ NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL, -+ br_nf_pre_routing_finish); -+ -+ return NF_STOLEN; -+ -+inhdr_error: -+// IP_INC_STATS_BH(IpInHdrErrors); -+out: -+ return NF_DROP; -+} -+ -+ -+/* PF_BRIDGE/LOCAL_IN ************************************************/ -+/* The packet is locally destined, which requires a real -+ * dst_entry, so detach the fake one. On the way up, the -+ * packet would pass through PRE_ROUTING again (which already -+ * took place when the packet entered the bridge), but we -+ * register an IPv4 PRE_ROUTING 'sabotage' hook that will -+ * prevent this from happening. -+ */ -+static unsigned int br_nf_local_in(unsigned int hook, struct sk_buff **pskb, -+ const struct net_device *in, const struct net_device *out, -+ int (*okfn)(struct sk_buff *)) -+{ -+ struct sk_buff *skb = *pskb; -+ -+ if (skb->protocol != __constant_htons(ETH_P_IP)) -+ return NF_ACCEPT; -+ -+ if (skb->dst == (struct dst_entry *)&__fake_rtable) { -+ dst_release(skb->dst); -+ skb->dst = NULL; -+ } -+ -+ return NF_ACCEPT; -+} -+ -+ -+/* PF_BRIDGE/FORWARD *************************************************/ -+static int br_nf_forward_finish(struct sk_buff *skb) -+{ -+ struct nf_bridge_info *nf_bridge = skb->nf_bridge; -+ -+#ifdef CONFIG_NETFILTER_DEBUG -+ skb->nf_debug ^= (1 << NF_BR_FORWARD); -+#endif -+ -+ if (nf_bridge->mask & BRNF_PKT_TYPE) { -+ skb->pkt_type = PACKET_OTHERHOST; -+ nf_bridge->mask ^= BRNF_PKT_TYPE; -+ } -+ -+ NF_HOOK_THRESH(PF_BRIDGE, NF_BR_FORWARD, skb, nf_bridge->physindev, -+ skb->dev, br_forward_finish, 1); -+ -+ return 0; -+} -+ -+/* This is the 'purely bridged' case. We pass the packet to -+ * netfilter with indev and outdev set to the bridge device, -+ * but we are still able to filter on the 'real' indev/outdev -+ * because of the ipt_physdev.c module. -+ */ -+static unsigned int br_nf_forward(unsigned int hook, struct sk_buff **pskb, -+ const struct net_device *in, const struct net_device *out, -+ int (*okfn)(struct sk_buff *)) -+{ -+ struct sk_buff *skb = *pskb; -+ struct nf_bridge_info *nf_bridge; -+ -+ if (skb->protocol != __constant_htons(ETH_P_IP)) -+ return NF_ACCEPT; -+ -+#ifdef CONFIG_NETFILTER_DEBUG -+ skb->nf_debug ^= (1 << NF_BR_FORWARD); -+#endif -+ -+ nf_bridge = skb->nf_bridge; -+ if (skb->pkt_type == PACKET_OTHERHOST) { -+ skb->pkt_type = PACKET_HOST; -+ nf_bridge->mask |= BRNF_PKT_TYPE; -+ } -+ -+ nf_bridge->mask |= BRNF_BRIDGED; /* The physdev module checks on this */ -+ nf_bridge->physoutdev = skb->dev; -+ -+ NF_HOOK(PF_INET, NF_IP_FORWARD, skb, bridge_parent(nf_bridge->physindev), -+ bridge_parent(skb->dev), br_nf_forward_finish); -+ -+ return NF_STOLEN; -+} -+ -+ -+/* PF_BRIDGE/LOCAL_OUT ***********************************************/ -+static int br_nf_local_out_finish(struct sk_buff *skb) -+{ -+#ifdef CONFIG_NETFILTER_DEBUG -+ skb->nf_debug &= ~(1 << NF_BR_LOCAL_OUT); -+#endif -+ -+ NF_HOOK_THRESH(PF_BRIDGE, NF_BR_LOCAL_OUT, skb, NULL, skb->dev, -+ br_forward_finish, NF_BR_PRI_FIRST + 1); -+ -+ return 0; -+} -+ -+ -+/* This function sees both locally originated IP packets and forwarded -+ * IP packets (in both cases the destination device is a bridge -+ * device). It also sees bridged-and-DNAT'ed packets. -+ * To be able to filter on the physical bridge devices (with the ipt_physdev.c -+ * module), we steal packets destined to a bridge device away from the -+ * PF_INET/FORWARD and PF_INET/OUTPUT hook functions, and give them back later, -+ * when we have determined the real output device. This is done in here. -+ * -+ * If (nf_bridge->mask & BRNF_BRIDGED_DNAT) then the packet is bridged -+ * and we fake the PF_BRIDGE/FORWARD hook. The function br_nf_forward() -+ * will then fake the PF_INET/FORWARD hook. br_nf_local_out() has priority -+ * NF_BR_PRI_FIRST, so no relevant PF_BRIDGE/INPUT functions have been nor -+ * will be executed. -+ * Otherwise, if nf_bridge->physindev is NULL, the bridge-nf code never touched -+ * this packet before, and so the packet was locally originated. We fake -+ * the PF_INET/LOCAL_OUT hook. -+ * Finally, if nf_bridge->physindev isn't NULL, then the packet was IP routed, -+ * so we fake the PF_INET/FORWARD hook. ipv4_sabotage_out() makes sure -+ * even routed packets that didn't arrive on a bridge interface have their -+ * nf_bridge->physindev set. -+ */ -+ -+static unsigned int br_nf_local_out(unsigned int hook, struct sk_buff **pskb, -+ const struct net_device *in, const struct net_device *out, -+ int (*_okfn)(struct sk_buff *)) -+{ -+ int (*okfn)(struct sk_buff *skb); -+ struct net_device *realindev; -+ struct sk_buff *skb = *pskb; -+ struct nf_bridge_info *nf_bridge; -+ -+ if (skb->protocol != __constant_htons(ETH_P_IP)) -+ return NF_ACCEPT; -+ -+ /* Sometimes we get packets with NULL ->dst here (for example, -+ * running a dhcp client daemon triggers this). -+ */ -+ if (skb->dst == NULL) -+ return NF_ACCEPT; -+ -+ nf_bridge = skb->nf_bridge; -+ nf_bridge->physoutdev = skb->dev; -+ -+ realindev = nf_bridge->physindev; -+ -+ /* Bridged, take PF_BRIDGE/FORWARD. -+ * (see big note in front of br_nf_pre_routing_finish) -+ */ -+ if (nf_bridge->mask & BRNF_BRIDGED_DNAT) { -+ okfn = br_forward_finish; -+ -+ if (nf_bridge->mask & BRNF_PKT_TYPE) { -+ skb->pkt_type = PACKET_OTHERHOST; -+ nf_bridge->mask ^= BRNF_PKT_TYPE; -+ } -+ -+ NF_HOOK(PF_BRIDGE, NF_BR_FORWARD, skb, realindev, -+ skb->dev, okfn); -+ } else { -+ okfn = br_nf_local_out_finish; -+ /* IP forwarded traffic has a physindev, locally -+ * generated traffic hasn't. -+ */ -+ if (realindev != NULL) { -+ if (((nf_bridge->mask & BRNF_DONT_TAKE_PARENT) == 0) && -+ has_bridge_parent(realindev)) -+ realindev = bridge_parent(realindev); -+ -+ NF_HOOK_THRESH(PF_INET, NF_IP_FORWARD, skb, realindev, -+ bridge_parent(skb->dev), okfn, -+ NF_IP_PRI_BRIDGE_SABOTAGE_FORWARD + 1); -+ } else { -+#ifdef CONFIG_NETFILTER_DEBUG -+ skb->nf_debug ^= (1 << NF_IP_LOCAL_OUT); -+#endif -+ -+ NF_HOOK_THRESH(PF_INET, NF_IP_LOCAL_OUT, skb, realindev, -+ bridge_parent(skb->dev), okfn, -+ NF_IP_PRI_BRIDGE_SABOTAGE_LOCAL_OUT + 1); -+ } -+ } -+ -+ return NF_STOLEN; -+} -+ -+ -+/* PF_BRIDGE/POST_ROUTING ********************************************/ -+static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff **pskb, -+ const struct net_device *in, const struct net_device *out, -+ int (*okfn)(struct sk_buff *)) -+{ -+ struct sk_buff *skb = *pskb; -+ struct nf_bridge_info *nf_bridge = (*pskb)->nf_bridge; -+ -+ /* Be very paranoid. Must be a device driver bug. */ -+ if (skb->mac.raw < skb->head || skb->mac.raw + ETH_HLEN > skb->data) { -+ printk(KERN_CRIT "br_netfilter: Argh!! br_nf_post_routing: " -+ "bad mac.raw pointer."); -+ if (skb->dev != NULL) { -+ printk("[%s]", skb->dev->name); -+ if (has_bridge_parent(skb->dev)) -+ printk("[%s]", bridge_parent(skb->dev)->name); -+ } -+ printk("\n"); -+ return NF_ACCEPT; -+ } -+ -+ if (skb->protocol != __constant_htons(ETH_P_IP)) -+ return NF_ACCEPT; -+ -+ /* Sometimes we get packets with NULL ->dst here (for example, -+ * running a dhcp client daemon triggers this). -+ */ -+ if (skb->dst == NULL) -+ return NF_ACCEPT; -+ -+#ifdef CONFIG_NETFILTER_DEBUG -+ skb->nf_debug ^= (1 << NF_IP_POST_ROUTING); -+#endif -+ -+ /* We assume any code from br_dev_queue_push_xmit onwards doesn't care -+ * about the value of skb->pkt_type. -+ */ -+ if (skb->pkt_type == PACKET_OTHERHOST) { -+ skb->pkt_type = PACKET_HOST; -+ nf_bridge->mask |= BRNF_PKT_TYPE; -+ } -+ -+ memcpy(nf_bridge->hh, skb->data - 16, 16); -+ -+ NF_HOOK(PF_INET, NF_IP_POST_ROUTING, skb, NULL, -+ bridge_parent(skb->dev), br_dev_queue_push_xmit); -+ -+ return NF_STOLEN; -+} -+ -+ -+/* IPv4/SABOTAGE *****************************************************/ -+ -+/* Don't hand locally destined packets to PF_INET/PRE_ROUTING -+ * for the second time. -+ */ -+static unsigned int ipv4_sabotage_in(unsigned int hook, struct sk_buff **pskb, -+ const struct net_device *in, const struct net_device *out, -+ int (*okfn)(struct sk_buff *)) -+{ -+ if (in->hard_start_xmit == br_dev_xmit && -+ okfn != br_nf_pre_routing_finish) { -+ okfn(*pskb); -+ return NF_STOLEN; -+ } -+ -+ return NF_ACCEPT; -+} -+ -+/* Postpone execution of PF_INET/FORWARD, PF_INET/LOCAL_OUT -+ * and PF_INET/POST_ROUTING until we have done the forwarding -+ * decision in the bridge code and have determined skb->physoutdev. -+ */ -+static unsigned int ipv4_sabotage_out(unsigned int hook, struct sk_buff **pskb, -+ const struct net_device *in, const struct net_device *out, -+ int (*okfn)(struct sk_buff *)) -+{ -+ if (out->hard_start_xmit == br_dev_xmit && -+ okfn != br_nf_forward_finish && -+ okfn != br_nf_local_out_finish && -+ okfn != br_dev_queue_push_xmit) { -+ struct sk_buff *skb = *pskb; -+ struct nf_bridge_info *nf_bridge; -+ -+ if (!skb->nf_bridge && !nf_bridge_alloc(skb)) -+ return NF_DROP; -+ -+ nf_bridge = skb->nf_bridge; -+ -+ /* This frame will arrive on PF_BRIDGE/LOCAL_OUT and we -+ * will need the indev then. For a brouter, the real indev -+ * can be a bridge port, so we make sure br_nf_local_out() -+ * doesn't use the bridge parent of the indev by using -+ * the BRNF_DONT_TAKE_PARENT mask. -+ */ -+ if (hook == NF_IP_FORWARD && nf_bridge->physindev == NULL) { -+ nf_bridge->mask &= BRNF_DONT_TAKE_PARENT; -+ nf_bridge->physindev = (struct net_device *)in; -+ } -+ okfn(skb); -+ return NF_STOLEN; -+ } -+ -+ return NF_ACCEPT; -+} -+ -+/* For br_nf_local_out we need (prio = NF_BR_PRI_FIRST), to insure that innocent -+ * PF_BRIDGE/NF_BR_LOCAL_OUT functions don't get bridged traffic as input. -+ * For br_nf_post_routing, we need (prio = NF_BR_PRI_LAST), because -+ * ip_refrag() can return NF_STOLEN. -+ */ -+static struct nf_hook_ops br_nf_ops[] = { -+ { .hook = br_nf_pre_routing, -+ .pf = PF_BRIDGE, -+ .hooknum = NF_BR_PRE_ROUTING, -+ .priority = NF_BR_PRI_BRNF, }, -+ { .hook = br_nf_local_in, -+ .pf = PF_BRIDGE, -+ .hooknum = NF_BR_LOCAL_IN, -+ .priority = NF_BR_PRI_BRNF, }, -+ { .hook = br_nf_forward, -+ .pf = PF_BRIDGE, -+ .hooknum = NF_BR_FORWARD, -+ .priority = NF_BR_PRI_BRNF, }, -+ { .hook = br_nf_local_out, -+ .pf = PF_BRIDGE, -+ .hooknum = NF_BR_LOCAL_OUT, -+ .priority = NF_BR_PRI_FIRST, }, -+ { .hook = br_nf_post_routing, -+ .pf = PF_BRIDGE, -+ .hooknum = NF_BR_POST_ROUTING, -+ .priority = NF_BR_PRI_LAST, }, -+ { .hook = ipv4_sabotage_in, -+ .pf = PF_INET, -+ .hooknum = NF_IP_PRE_ROUTING, -+ .priority = NF_IP_PRI_FIRST, }, -+ { .hook = ipv4_sabotage_out, -+ .pf = PF_INET, -+ .hooknum = NF_IP_FORWARD, -+ .priority = NF_IP_PRI_BRIDGE_SABOTAGE_FORWARD, }, -+ { .hook = ipv4_sabotage_out, -+ .pf = PF_INET, -+ .hooknum = NF_IP_LOCAL_OUT, -+ .priority = NF_IP_PRI_BRIDGE_SABOTAGE_LOCAL_OUT, }, -+ { .hook = ipv4_sabotage_out, -+ .pf = PF_INET, -+ .hooknum = NF_IP_POST_ROUTING, -+ .priority = NF_IP_PRI_FIRST, }, -+}; -+ -+int br_netfilter_init(void) -+{ -+ int i; -+ -+ for (i = 0; i < ARRAY_SIZE(br_nf_ops); i++) { -+ int ret; -+ -+ if ((ret = nf_register_hook(&br_nf_ops[i])) >= 0) -+ continue; -+ -+ while (i--) -+ nf_unregister_hook(&br_nf_ops[i]); -+ -+ return ret; -+ } -+ -+ printk(KERN_NOTICE "Bridge firewalling registered\n"); -+ -+ return 0; -+} -+ -+void br_netfilter_fini(void) -+{ -+ int i; -+ -+ for (i = ARRAY_SIZE(br_nf_ops) - 1; i >= 0; i--) -+ nf_unregister_hook(&br_nf_ops[i]); -+} ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/net/ipv4/netfilter/ipt_physdev.c Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,127 @@ -+/* Kernel module to match the bridge port in and -+ * out device for IP packets coming into contact with a bridge. */ -+#include <linux/module.h> -+#include <linux/skbuff.h> -+#include <linux/netfilter_ipv4/ipt_physdev.h> -+#include <linux/netfilter_ipv4/ip_tables.h> -+#include <linux/netfilter_bridge.h> -+#include <linux/netdevice.h> -+#define MATCH 1 -+#define NOMATCH 0 -+ -+static int -+match(const struct sk_buff *skb, -+ const struct net_device *in, -+ const struct net_device *out, -+ const void *matchinfo, -+ int offset, -+ const void *hdr, -+ u_int16_t datalen, -+ int *hotdrop) -+{ -+ int i; -+ static const char nulldevname[IFNAMSIZ] = { 0 }; -+ const struct ipt_physdev_info *info = matchinfo; -+ unsigned long ret; -+ const char *indev, *outdev; -+ struct nf_bridge_info *nf_bridge; -+ -+ /* Not a bridged IP packet or no info available yet: -+ * LOCAL_OUT/mangle and LOCAL_OUT/nat don't know if -+ * the destination device will be a bridge. */ -+ if (!(nf_bridge = skb->nf_bridge)) { -+ /* Return MATCH if the invert flags of the used options are on */ -+ if ((info->bitmask & IPT_PHYSDEV_OP_BRIDGED) && -+ !(info->invert & IPT_PHYSDEV_OP_BRIDGED)) -+ return NOMATCH; -+ if ((info->bitmask & IPT_PHYSDEV_OP_ISIN) && -+ !(info->invert & IPT_PHYSDEV_OP_ISIN)) -+ return NOMATCH; -+ if ((info->bitmask & IPT_PHYSDEV_OP_ISOUT) && -+ !(info->invert & IPT_PHYSDEV_OP_ISOUT)) -+ return NOMATCH; -+ if ((info->bitmask & IPT_PHYSDEV_OP_IN) && -+ !(info->invert & IPT_PHYSDEV_OP_IN)) -+ return NOMATCH; -+ if ((info->bitmask & IPT_PHYSDEV_OP_OUT) && -+ !(info->invert & IPT_PHYSDEV_OP_OUT)) -+ return NOMATCH; -+ return MATCH; -+ } -+ -+ /* This only makes sense in the FORWARD and POSTROUTING chains */ -+ if ((info->bitmask & IPT_PHYSDEV_OP_BRIDGED) && -+ (!!(nf_bridge->mask & BRNF_BRIDGED) ^ -+ !(info->invert & IPT_PHYSDEV_OP_BRIDGED))) -+ return NOMATCH; -+ -+ if ((info->bitmask & IPT_PHYSDEV_OP_ISIN && -+ (!nf_bridge->physindev ^ !!(info->invert & IPT_PHYSDEV_OP_ISIN))) || -+ (info->bitmask & IPT_PHYSDEV_OP_ISOUT && -+ (!nf_bridge->physoutdev ^ !!(info->invert & IPT_PHYSDEV_OP_ISOUT)))) -+ return NOMATCH; -+ -+ if (!(info->bitmask & IPT_PHYSDEV_OP_IN)) -+ goto match_outdev; -+ indev = nf_bridge->physindev ? nf_bridge->physindev->name : nulldevname; -+ for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { -+ ret |= (((const unsigned long *)indev)[i] -+ ^ ((const unsigned long *)info->physindev)[i]) -+ & ((const unsigned long *)info->in_mask)[i]; -+ } -+ -+ if ((ret == 0) ^ !(info->invert & IPT_PHYSDEV_OP_IN)) -+ return NOMATCH; -+ -+match_outdev: -+ if (!(info->bitmask & IPT_PHYSDEV_OP_OUT)) -+ return MATCH; -+ outdev = nf_bridge->physoutdev ? -+ nf_bridge->physoutdev->name : nulldevname; -+ for (i = 0, ret = 0; i < IFNAMSIZ/sizeof(unsigned long); i++) { -+ ret |= (((const unsigned long *)outdev)[i] -+ ^ ((const unsigned long *)info->physoutdev)[i]) -+ & ((const unsigned long *)info->out_mask)[i]; -+ } -+ -+ return (ret != 0) ^ !(info->invert & IPT_PHYSDEV_OP_OUT); -+} -+ -+static int -+checkentry(const char *tablename, -+ const struct ipt_ip *ip, -+ void *matchinfo, -+ unsigned int matchsize, -+ unsigned int hook_mask) -+{ -+ const struct ipt_physdev_info *info = matchinfo; -+ -+ if (matchsize != IPT_ALIGN(sizeof(struct ipt_physdev_info))) -+ return 0; -+ if (!(info->bitmask & IPT_PHYSDEV_OP_MASK) || -+ info->bitmask & ~IPT_PHYSDEV_OP_MASK) -+ return 0; -+ return 1; -+} -+ -+static struct ipt_match physdev_match = { -+ .name = "physdev", -+ .match = &match, -+ .checkentry = &checkentry, -+ .me = THIS_MODULE, -+}; -+ -+static int __init init(void) -+{ -+ return ipt_register_match(&physdev_match); -+} -+ -+static void __exit fini(void) -+{ -+ ipt_unregister_match(&physdev_match); -+} -+ -+module_init(init); -+module_exit(fini); -+MODULE_LICENSE("GPL"); -+EXPORT_NO_SYMBOLS; ---- /dev/null Thu Aug 24 11:00:32 2000 -+++ linux-2.4.21-ebt-brnf-3/include/linux/netfilter_ipv4/ipt_physdev.h Fri Aug 8 01:09:06 2003 -@@ -0,0 +1,24 @@ -+#ifndef _IPT_PHYSDEV_H -+#define _IPT_PHYSDEV_H -+ -+#ifdef __KERNEL__ -+#include <linux/if.h> -+#endif -+ -+#define IPT_PHYSDEV_OP_IN 0x01 -+#define IPT_PHYSDEV_OP_OUT 0x02 -+#define IPT_PHYSDEV_OP_BRIDGED 0x04 -+#define IPT_PHYSDEV_OP_ISIN 0x08 -+#define IPT_PHYSDEV_OP_ISOUT 0x10 -+#define IPT_PHYSDEV_OP_MASK (0x20 - 1) -+ -+struct ipt_physdev_info { -+ u_int8_t invert; -+ u_int8_t bitmask; -+ char physindev[IFNAMSIZ]; -+ char in_mask[IFNAMSIZ]; -+ char physoutdev[IFNAMSIZ]; -+ char out_mask[IFNAMSIZ]; -+}; -+ -+#endif /*_IPT_PHYSDEV_H*/ diff --git a/obsolete-buildroot/sources/openwrt/kernel/patches/150-mppe-mppc-0.98.patch b/obsolete-buildroot/sources/openwrt/kernel/patches/150-mppe-mppc-0.98.patch deleted file mode 100644 index 24fad5a..0000000 --- a/obsolete-buildroot/sources/openwrt/kernel/patches/150-mppe-mppc-0.98.patch +++ /dev/null @@ -1,1884 +0,0 @@ -diff -ruN linux-2.4.21.orig/drivers/net/Config.in linux-2.4.21/drivers/net/Config.in ---- linux-2.4.21.orig/drivers/net/Config.in 2003-06-13 16:51:34.000000000 +0200 -+++ linux-2.4.21/drivers/net/Config.in 2003-07-08 07:27:10.000000000 +0200 -@@ -301,6 +301,7 @@ - dep_tristate ' PPP support for sync tty ports' CONFIG_PPP_SYNC_TTY $CONFIG_PPP - dep_tristate ' PPP Deflate compression' CONFIG_PPP_DEFLATE $CONFIG_PPP - dep_tristate ' PPP BSD-Compress compression' CONFIG_PPP_BSDCOMP $CONFIG_PPP -+ dep_tristate ' Microsoft PPP compression/encryption (MPPC/MPPE)' CONFIG_PPP_MPPE $CONFIG_PPP - if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then - dep_tristate ' PPP over Ethernet (EXPERIMENTAL)' CONFIG_PPPOE $CONFIG_PPP - fi -diff -ruN linux-2.4.21.orig/drivers/net/Makefile linux-2.4.21/drivers/net/Makefile ---- linux-2.4.21.orig/drivers/net/Makefile 2003-06-13 16:51:34.000000000 +0200 -+++ linux-2.4.21/drivers/net/Makefile 2003-07-14 23:53:15.000000000 +0200 -@@ -18,8 +18,9 @@ - export-objs := 8390.o arlan.o aironet4500_core.o aironet4500_card.o \ - ppp_async.o ppp_generic.o slhc.o pppox.o auto_irq.o \ - net_init.o mii.o --list-multi := rcpci.o -+list-multi := rcpci.o ppp_mppe_mppc.o - rcpci-objs := rcpci45.o rclanmtl.o -+ppp_mppe_c-objs := ppp_mppe_mppc_comp.o ppp_mppe_crypto.o - - ifeq ($(CONFIG_TULIP),y) - obj-y += tulip/tulip.o -@@ -149,6 +150,15 @@ - obj-$(CONFIG_PPP_SYNC_TTY) += ppp_synctty.o - obj-$(CONFIG_PPP_DEFLATE) += ppp_deflate.o - obj-$(CONFIG_PPP_BSDCOMP) += bsd_comp.o -+ -+ifeq ($(CONFIG_PPP_MPPE),y) -+ obj-y += $(ppp_mppe_c-objs) -+else -+ ifeq ($(CONFIG_PPP_MPPE),m) -+ obj-m += ppp_mppe_mppc.o -+ endif -+endif -+ - obj-$(CONFIG_PPPOE) += pppox.o pppoe.o - - obj-$(CONFIG_SLIP) += slip.o -@@ -258,3 +268,5 @@ - rcpci.o: $(rcpci-objs) - $(LD) -r -o $@ $(rcpci-objs) - -+ppp_mppe_mppc.o: $(ppp_mppe_c-objs) -+ $(LD) -r -o $@ $(ppp_mppe_c-objs) -diff -ruN linux-2.4.21.orig/drivers/net/ppp_generic.c linux-2.4.21/drivers/net/ppp_generic.c ---- linux-2.4.21.orig/drivers/net/ppp_generic.c 2003-06-13 16:51:35.000000000 +0200 -+++ linux-2.4.21/drivers/net/ppp_generic.c 2003-07-12 04:39:03.000000000 +0200 -@@ -19,7 +19,7 @@ - * PPP driver, written by Michael Callahan and Al Longyear, and - * subsequently hacked by Paul Mackerras. - * -- * ==FILEVERSION 20020217== -+ * ==FILEVERSION 20030706== - */ - - #include <linux/config.h> -@@ -102,6 +102,7 @@ - spinlock_t rlock; /* lock for receive side 58 */ - spinlock_t wlock; /* lock for transmit side 5c */ - int mru; /* max receive unit 60 */ -+ int mru_alloc; /* MAX(1500,MRU) for dev_alloc_skb() */ - unsigned int flags; /* control bits 64 */ - unsigned int xstate; /* transmit state bits 68 */ - unsigned int rstate; /* receive state bits 6c */ -@@ -129,6 +130,7 @@ - struct sock_fprog pass_filter; /* filter for packets to pass */ - struct sock_fprog active_filter;/* filter for pkts to reset idle */ - #endif /* CONFIG_PPP_FILTER */ -+ int xpad; /* ECP or CCP (MPPE) transmit padding */ - }; - - /* -@@ -552,7 +554,9 @@ - case PPPIOCSMRU: - if (get_user(val, (int *) arg)) - break; -- ppp->mru = val; -+ ppp->mru_alloc = ppp->mru = val; -+ if (ppp->mru_alloc < PPP_MRU) -+ ppp->mru_alloc = PPP_MRU; /* increase for broken peers */ - err = 0; - break; - -@@ -1023,14 +1027,35 @@ - case PPP_CCP: - /* peek at outbound CCP frames */ - ppp_ccp_peek(ppp, skb, 0); -+ /* -+ * When LZS or MPPE/MPPC is negotiated we don't send -+ * CCP_RESETACK after receiving CCP_RESETREQ; in fact pppd -+ * sends such a packet but we silently discard it here -+ */ -+ if (CCP_CODE(skb->data+2) == CCP_RESETACK -+ && (ppp->xcomp->compress_proto == CI_MPPE -+ || ppp->xcomp->compress_proto == CI_LZS)) { -+ --ppp->stats.tx_packets; -+ ppp->stats.tx_bytes -= skb->len - 2; -+ kfree_skb(skb); -+ return; -+ } - break; - } - - /* try to do packet compression */ - if ((ppp->xstate & SC_COMP_RUN) && ppp->xc_state != 0 - && proto != PPP_LCP && proto != PPP_CCP) { -- new_skb = alloc_skb(ppp->dev->mtu + ppp->dev->hard_header_len, -- GFP_ATOMIC); -+ int comp_ovhd = 0; -+ /* because of possible data expansion when MPPC or LZS -+ is used, allocate compressor's buffer about 12.5% bigger -+ than MTU */ -+ if (ppp->xcomp->compress_proto == CI_MPPE) -+ comp_ovhd = (((ppp->dev->mtu * 9) / 8) + 1); -+ else if (ppp->xcomp->compress_proto == CI_LZS) -+ comp_ovhd = (((ppp->dev->mtu * 9) / 8) + 1) + LZS_OVHD; -+ new_skb = alloc_skb(ppp->dev->mtu + ppp->dev->hard_header_len -+ + ppp->xpad + comp_ovhd, GFP_ATOMIC); - if (new_skb == 0) { - printk(KERN_ERR "PPP: no memory (comp pkt)\n"); - goto drop; -@@ -1042,15 +1067,28 @@ - /* compressor still expects A/C bytes in hdr */ - len = ppp->xcomp->compress(ppp->xc_state, skb->data - 2, - new_skb->data, skb->len + 2, -- ppp->dev->mtu + PPP_HDRLEN); -+ ppp->dev->mtu + ppp->xpad -+ + PPP_HDRLEN); - if (len > 0 && (ppp->flags & SC_CCP_UP)) { - kfree_skb(skb); - skb = new_skb; - skb_put(skb, len); - skb_pull(skb, 2); /* pull off A/C bytes */ -- } else { -+ } else if (len == 0) { - /* didn't compress, or CCP not up yet */ - kfree_skb(new_skb); -+ } else { -+ /* -+ * (len < 0) -+ * MPPE requires that we do not send unencrypted -+ * frames. The compressor will return -1 if we -+ * should drop the frame. We cannot simply test -+ * the compress_proto because MPPE and MPPC share -+ * the same number. -+ */ -+ printk(KERN_ERR "ppp: compressor dropped pkt\n"); -+ kfree_skb(new_skb); -+ goto drop; - } - } - -@@ -1538,14 +1576,15 @@ - int len; - - if (proto == PPP_COMP) { -- ns = dev_alloc_skb(ppp->mru + PPP_HDRLEN); -+ ns = dev_alloc_skb(ppp->mru_alloc + PPP_HDRLEN); - if (ns == 0) { - printk(KERN_ERR "ppp_decompress_frame: no memory\n"); - goto err; - } - /* the decompressor still expects the A/C bytes in the hdr */ - len = ppp->rcomp->decompress(ppp->rc_state, skb->data - 2, -- skb->len + 2, ns->data, ppp->mru + PPP_HDRLEN); -+ skb->len + 2, ns->data, -+ ppp->mru_alloc + PPP_HDRLEN); - if (len < 0) { - /* Pass the compressed frame to pppd as an - error indication. */ -@@ -1571,7 +1610,12 @@ - return skb; - - err: -- ppp->rstate |= SC_DC_ERROR; -+ if (ppp->rcomp->compress_proto != CI_MPPE -+ && ppp->rcomp->compress_proto != CI_LZS) { -+ /* If decompression protocol isn't MPPE/MPPC or LZS, we set -+ SC_DC_ERROR flag and wait for CCP_RESETACK */ -+ ppp->rstate |= SC_DC_ERROR; -+ } - ppp_receive_error(ppp); - return skb; - } -@@ -1980,6 +2024,20 @@ - ocomp->comp_free(ostate); - err = 0; - } -+ if (ccp_option[0] == CI_MPPE) -+ /* -+ * pppd (userland) has reduced the MTU by MPPE_PAD, -+ * to accomodate "compressor" growth. We must -+ * increase the space allocated for compressor -+ * output in ppp_send_frame() accordingly. Note -+ * that from a purist's view, it may be more correct -+ * to require multilink and fragment large packets, -+ * but that seems inefficient compared to this -+ * little trick. -+ */ -+ ppp->xpad = MPPE_PAD; -+ else -+ ppp->xpad = 0; - - } else { - state = cp->decomp_alloc(ccp_option, data.length); -@@ -2251,6 +2309,7 @@ - /* Initialize the new ppp unit */ - ppp->file.index = unit; - ppp->mru = PPP_MRU; -+ ppp->mru_alloc = PPP_MRU; - init_ppp_file(&ppp->file, INTERFACE); - ppp->file.hdrlen = PPP_HDRLEN - 2; /* don't count proto bytes */ - for (i = 0; i < NUM_NP; ++i) -diff -ruN linux-2.4.21.orig/drivers/net/ppp_mppe_crypto.c linux-2.4.21/drivers/net/ppp_mppe_crypto.c ---- linux-2.4.21.orig/drivers/net/ppp_mppe_crypto.c 1970-01-01 01:00:00.000000000 +0100 -+++ linux-2.4.21/drivers/net/ppp_mppe_crypto.c 2003-07-08 19:07:18.000000000 +0200 -@@ -0,0 +1,257 @@ -+/* -+ * ppp_mppe_crypto.c - cryptografic funtions for MPPE -+ * -+ * This code is Public Domain. Please see comments below. -+ * -+ * I have just put SHA1 and ARCFOUR implementations into one file -+ * in order to not pollute kernel namespace. -+ * -+ * Jan Dubiec <jdx@slackware.pl>, 2003-07-08 -+ */ -+ -+/* -+ * ftp://ftp.funet.fi/pub/crypt/hash/sha/sha1.c -+ * -+ * SHA-1 in C -+ * By Steve Reid <steve@edmweb.com> -+ * 100% Public Domain -+ * -+ * Test Vectors (from FIPS PUB 180-1) -+ * "abc" -+ * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D -+ * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" -+ * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 -+ * A million repetitions of "a" -+ * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F -+ */ -+ -+/* #define SHA1HANDSOFF * Copies data before messing with it. */ -+ -+#if defined(__linux__) -+#include <asm/byteorder.h> -+#include <linux/string.h> -+#elif defined(__solaris__) -+#include <sys/isa_defs.h> -+#include <sys/ddi.h> -+#include <sys/sunddi.h> -+#define memcpy(d, s, c) bcopy(s, d, c) -+#define memset(d, b, c) bzero(d, c) -+#endif -+ -+#include "ppp_mppe_crypto.h" -+ -+static void SHA1_Transform(unsigned long[5], const unsigned char[64]); -+ -+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) -+ -+/* blk0() and blk() perform the initial expand. */ -+/* I got the idea of expanding during the round function from SSLeay */ -+#if defined(__LITTLE_ENDIAN) || defined(_LITTLE_ENDIAN) -+#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ -+ |(rol(block->l[i],8)&0x00FF00FF)) -+#elif defined(__BIG_ENDIAN) || defined(_BIG_ENDIAN) -+#define blk0(i) block->l[i] -+#else -+#error Endianness not defined -+#endif -+#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ -+ ^block->l[(i+2)&15]^block->l[i&15],1)) -+ -+/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ -+#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); -+#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); -+#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); -+#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); -+#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); -+ -+/* Hash a single 512-bit block. This is the core of the algorithm. */ -+static void -+SHA1_Transform(unsigned long state[5], const unsigned char buffer[64]) -+{ -+ unsigned long a, b, c, d, e; -+ typedef union { -+ unsigned char c[64]; -+ unsigned long l[16]; -+ } CHAR64LONG16; -+ CHAR64LONG16 *block; -+ -+#ifdef SHA1HANDSOFF -+ static unsigned char workspace[64]; -+ block = (CHAR64LONG16 *) workspace; -+ memcpy(block, buffer, 64); -+#else -+ block = (CHAR64LONG16 *) buffer; -+#endif -+ /* Copy context->state[] to working vars */ -+ a = state[0]; -+ b = state[1]; -+ c = state[2]; -+ d = state[3]; -+ e = state[4]; -+ /* 4 rounds of 20 operations each. Loop unrolled. */ -+ R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); -+ R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); -+ R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); -+ R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); -+ R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); -+ R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); -+ R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); -+ R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); -+ R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); -+ R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); -+ R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); -+ R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); -+ R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); -+ R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); -+ R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); -+ R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); -+ R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); -+ R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); -+ R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); -+ R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); -+ /* Add the working vars back into context.state[] */ -+ state[0] += a; -+ state[1] += b; -+ state[2] += c; -+ state[3] += d; -+ state[4] += e; -+ /* Wipe variables */ -+ a = b = c = d = e = 0; -+} -+ -+/* SHA1Init - Initialize new context */ -+void -+SHA1_Init(SHA1_CTX *context) -+{ -+ /* SHA1 initialization constants */ -+ context->state[0] = 0x67452301; -+ context->state[1] = 0xEFCDAB89; -+ context->state[2] = 0x98BADCFE; -+ context->state[3] = 0x10325476; -+ context->state[4] = 0xC3D2E1F0; -+ context->count[0] = context->count[1] = 0; -+} -+ -+/* Run your data through this. */ -+void -+SHA1_Update(SHA1_CTX *context, const unsigned char *data, unsigned int len) -+{ -+ unsigned int i, j; -+ -+ j = (context->count[0] >> 3) & 63; -+ if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++; -+ context->count[1] += (len >> 29); -+ if ((j + len) > 63) { -+ memcpy(&context->buffer[j], data, (i = 64-j)); -+ SHA1_Transform(context->state, context->buffer); -+ for ( ; i + 63 < len; i += 64) { -+ SHA1_Transform(context->state, &data[i]); -+ } -+ j = 0; -+ } -+ else -+ i = 0; -+ -+ memcpy(&context->buffer[j], &data[i], len - i); -+} -+ -+/* Add padding and return the message digest. */ -+void -+SHA1_Final(unsigned char digest[20], SHA1_CTX *context) -+{ -+ unsigned long i, j; -+ unsigned char finalcount[8]; -+ -+ for (i = 0; i < 8; i++) { -+ finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] -+ >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ -+ } -+ SHA1_Update(context, (unsigned char *) "\200", 1); -+ while ((context->count[0] & 504) != 448) { -+ SHA1_Update(context, (unsigned char *) "\0", 1); -+ } -+ SHA1_Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ -+ for (i = 0; i < 20; i++) { -+ digest[i] = (unsigned char) -+ ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); -+ } -+ /* Wipe variables */ -+ i = j = 0; -+ memset(context->buffer, 0, 64); -+ memset(context->state, 0, 20); -+ memset(context->count, 0, 8); -+ memset(&finalcount, 0, 8); -+#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */ -+ SHA1Transform(context->state, context->buffer); -+#endif -+} -+ -+/* -+ * arcfour.c -+ * by Frank Cusack <frank@google.com> -+ * 100% public domain -+ * -+ * Implemented from the description in _Applied Cryptography_, 2nd ed. -+ * -+ * ** Distribution ** of this software is unlimited and unrestricted. -+ * -+ * ** Use ** of this software is almost certainly legal; however, refer -+ * to <http://theory.lcs.mit.edu/~rivest/faq.html>. -+ */ -+ -+#define swap(a, b) \ -+{ \ -+ unsigned char t = b; \ -+ b = a; \ -+ a = t; \ -+} -+ -+/* -+ * Initialize arcfour from a key. -+ */ -+void -+arcfour_setkey(arcfour_context *context, const unsigned char *key, -+ unsigned keylen) -+{ -+ unsigned i, j; -+ unsigned char K[256]; -+ -+ context->i = context->j = 0; -+ -+ for (i = 0; i < 256; i++) { -+ context->S[i] = i; -+ K[i] = key[i % keylen]; -+ } -+ -+ j = 0; -+ for (i = 0; i < 256; i++) { -+ j = (j + context->S[i] + K[i]) % 256; -+ swap(context->S[i], context->S[j]); -+ } -+ -+ memset(K, 0, sizeof(K)); -+} -+ -+/* -+ * plaintext -> ciphertext (or vice versa) -+ */ -+void -+arcfour_encrypt(arcfour_context *context, const unsigned char *in, unsigned len, -+ unsigned char *out) -+{ -+ unsigned i = context->i; -+ unsigned j = context->j; -+ unsigned char *S = context->S; -+ unsigned char K; -+ -+ while (len--) { -+ i = (i + 1) % 256; -+ j = (j + S[i]) % 256; -+ swap(S[i], S[j]); -+ K = S[(S[i] + S[j]) % 256]; -+ *out++ = *in++ ^ K; -+ } -+ -+ context->i = i; -+ context->j = j; -+} -diff -ruN linux-2.4.21.orig/drivers/net/ppp_mppe_crypto.h linux-2.4.21/drivers/net/ppp_mppe_crypto.h ---- linux-2.4.21.orig/drivers/net/ppp_mppe_crypto.h 1970-01-01 01:00:00.000000000 +0100 -+++ linux-2.4.21/drivers/net/ppp_mppe_crypto.h 2003-07-08 19:07:25.000000000 +0200 -@@ -0,0 +1,40 @@ -+/* -+ * ppp_mppe_crypto.h - cryptografic funtion prototypes for MPPE -+ * -+ * This code is Public Domain. Please see comments below. -+ * -+ * I have just put SHA1 and ARCFOUR declarations into one file -+ * in order to not pollute kernel namespace. -+ * -+ * Jan Dubiec <jdx@slackware.pl>, 2003-07-08 -+ */ -+ -+#ifndef _PPP_MPPE_CRYPTO_ -+#define _PPP_MPPE_CRYPTO_ -+ -+/* SHA1 definitions and prototypes */ -+typedef struct { -+ unsigned long state[5]; -+ unsigned long count[2]; -+ unsigned char buffer[64]; -+} SHA1_CTX; -+ -+#define SHA1_SIGNATURE_SIZE 20 -+ -+extern void SHA1_Init(SHA1_CTX *); -+extern void SHA1_Update(SHA1_CTX *, const unsigned char *, unsigned int); -+extern void SHA1_Final(unsigned char[SHA1_SIGNATURE_SIZE], SHA1_CTX *); -+ -+/* ARCFOUR (aka RC4) definitions and prototypes */ -+typedef struct { -+ unsigned i; -+ unsigned j; -+ unsigned char S[256]; -+} arcfour_context; -+ -+extern void arcfour_setkey(arcfour_context *, const unsigned char *, unsigned); -+extern void arcfour_encrypt(arcfour_context *, const unsigned char *, unsigned, -+ unsigned char *); -+#define arcfour_decrypt arcfour_encrypt -+ -+#endif /* _PPP_MPPE_CRYPTO_ */ -diff -ruN linux-2.4.21.orig/drivers/net/ppp_mppe_mppc_comp.c linux-2.4.21/drivers/net/ppp_mppe_mppc_comp.c ---- linux-2.4.21.orig/drivers/net/ppp_mppe_mppc_comp.c 1970-01-01 01:00:00.000000000 +0100 -+++ linux-2.4.21/drivers/net/ppp_mppe_mppc_comp.c 2003-08-07 22:36:59.000000000 +0200 -@@ -0,0 +1,1144 @@ -+/* -+ * ppp_mppe_mppc_comp.c - MPPC/MPPE "compressor/decompressor" module. -+ * -+ * Copyright (c) 1994 Árpád Magosányi <mag@bunuel.tii.matav.hu> -+ * Copyright (c) 1999 Tim Hockin, Cobalt Networks Inc. <thockin@cobaltnet.com> -+ * Copyright (c) 2002, 2003 Jan Dubiec <jdx@slackware.pl> -+ * -+ * Permission to use, copy, modify, and distribute this software and its -+ * documentation is hereby granted, provided that the above copyright -+ * notice appears in all copies. This software is provided without any -+ * warranty, express or implied. -+ * -+ * The code is based on MPPE kernel module written by Árpád Magosányi and -+ * Tim Hockin which can be found on http://planetmirror.com/pub/mppe/. -+ * I have added MPPC and 56 bit session keys support in MPPE. -+ * -+ * WARNING! Although this is open source code, its usage in some countries -+ * (in particular in the USA) may violate Stac Inc. patent for MPPC. -+ * -+ * Compile command: -+ * gcc -O2 -Wall -I/usr/src/linux/include -D__KERNEL__ -DMODULE -c ppp_mppe_mppc_comp.c -+ * -+ * ==FILEVERSION 20030807== -+ * -+ */ -+ -+#include <linux/module.h> -+#include <linux/slab.h> -+#include <linux/vmalloc.h> -+#include <linux/init.h> -+ -+#include <linux/ppp_defs.h> -+#include <linux/ppp-comp.h> -+ -+#include "ppp_mppe_crypto.h" -+ -+/* -+ * State for a mppc/mppe "(de)compressor". -+ */ -+struct ppp_mppe_state { -+ arcfour_context arcfour_context; -+ u8 master_key[MPPE_MAX_KEY_LEN]; -+ u8 session_key[MPPE_MAX_KEY_LEN]; -+ u8 mppc; /* do we use compression (MPPC)? */ -+ u8 mppe; /* do we use encryption (MPPE)? */ -+ u8 keylen; /* key length in bytes */ -+ u8 bitkeylen; /* key length in bits */ -+ u16 ccount; /* coherency counter */ -+ u16 bits; /* MPPC/MPPE control bits */ -+ u8 stateless; /* do we use stateless mode? */ -+ u8 nextflushed; /* set A bit in the next outgoing packet; -+ used only by compressor*/ -+ u8 flushexpected; /* drop packets until A bit is received; -+ used only by decompressor*/ -+ u8 *hist; /* MPPC history */ -+ u16 *hash; /* Hash table; used only by compressor */ -+ u16 histptr; /* history "cursor" */ -+ int unit; -+ int debug; -+ int mru; -+ struct compstat stats; -+}; -+ -+#define MPPE_OVHD 2 /* MPPE overhead */ -+#define MPPE_HIST_LEN 8192 /* MPPC history size */ -+#define MPPE_MAX_CCOUNT 0x0FFF /* max. coherency counter value */ -+ -+#define MPPE_BIT_FLUSHED 0x80 /* bit A */ -+#define MPPE_BIT_RESET 0x40 /* bit B */ -+#define MPPE_BIT_COMP 0x20 /* bit C */ -+#define MPPE_BIT_ENCRYPTED 0x10 /* bit D */ -+ -+#define MPPE_SALT0 0xD1 /* values used in MPPE key derivation */ -+#define MPPE_SALT1 0x26 /* according to RFC3079 */ -+#define MPPE_SALT2 0x9E -+ -+#define MPPE_CCOUNT(x) ((((x)[4] & 0x0f) << 8) + (x)[5]) -+#define MPPE_BITS(x) ((x)[4] & 0xf0) -+#define MPPE_CTRLHI(x) ((((x)->ccount & 0xf00)>>8)|((x)->bits)) -+#define MPPE_CTRLLO(x) ((x)->ccount & 0xff) -+ -+/* -+ * Key Derivation, from RFC 3078, RFC 3079. -+ * Equivalent to Get_Key() for MS-CHAP as described in RFC 3079. -+ */ -+static void -+GetNewKeyFromSHA(unsigned char *MasterKey, unsigned char *SessionKey, -+ unsigned long SessionKeyLength, unsigned char *InterimKey) -+{ -+ /*Pads used in key derivation */ -+ static unsigned char SHAPad1[40] = -+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; -+ -+ static unsigned char SHAPad2[40] = -+ { 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, -+ 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, -+ 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, -+ 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2, 0xF2 }; -+ -+ SHA1_CTX Context; -+ unsigned char Digest[SHA1_SIGNATURE_SIZE]; -+ -+ SHA1_Init(&Context); -+ SHA1_Update(&Context, MasterKey, SessionKeyLength); -+ SHA1_Update(&Context, SHAPad1, sizeof(SHAPad1)); -+ SHA1_Update(&Context, SessionKey, SessionKeyLength); -+ SHA1_Update(&Context, SHAPad2, sizeof(SHAPad2)); -+ SHA1_Final(Digest,&Context); -+ memcpy(InterimKey, Digest, SessionKeyLength); -+} -+ -+static void -+mppe_change_key(struct ppp_mppe_state *state, int initialize) -+{ -+ unsigned char InterimKey[MPPE_MAX_KEY_LEN]; -+ -+ GetNewKeyFromSHA(state->master_key, state->session_key, -+ state->keylen, InterimKey); -+ if (initialize) { -+ memcpy(state->session_key, InterimKey, state->keylen); -+ } else { -+ arcfour_setkey(&state->arcfour_context, InterimKey, state->keylen); -+ arcfour_encrypt(&state->arcfour_context, InterimKey, state->keylen, -+ state->session_key); -+ } -+ if (state->keylen == 8) { -+ if (state->bitkeylen == 40) { -+ state->session_key[0] = MPPE_SALT0; -+ state->session_key[1] = MPPE_SALT1; -+ state->session_key[2] = MPPE_SALT2; -+ } else { -+ state->session_key[0] = MPPE_SALT0; -+ } -+ } -+ arcfour_setkey(&state->arcfour_context, state->session_key, state->keylen); -+} -+ -+/* increase 12-bit coherency counter */ -+static inline void -+mppe_increase_ccount(struct ppp_mppe_state *state) -+{ -+ state->ccount = (state->ccount + 1) & MPPE_MAX_CCOUNT; -+ if (state->mppe) { -+ if (state->stateless) { -+ mppe_change_key(state, 0); -+ state->nextflushed = 1; -+ } else { -+ if ((state->ccount & 0xff) == 0xff) { -+ mppe_change_key(state, 0); -+ state->nextflushed = 1; -+ } -+ } -+ } -+} -+ -+/* allocate space for a MPPE/MPPC (de)compressor. */ -+/* comp != 0 -> init compressor */ -+/* comp = 0 -> init decompressor */ -+static void * -+mppe_alloc(unsigned char *options, int opt_len, int comp) -+{ -+ struct ppp_mppe_state *state; -+ u8* fname; -+ -+ fname = comp ? "mppe_comp_alloc" : "mppe_decomp_alloc"; -+ -+ /* -+ Hack warning - additionally to the standard MPPC/MPPE configuration -+ options, pppd passes to the (de)copressor 8 or 16 byte session key. -+ Therefore options[1] contains MPPC/MPPE configuration option length -+ (CILEN_MPPE = 6), but the real options length, depending on the key -+ length, is 6+8 or 6+16. -+ */ -+ if (opt_len < CILEN_MPPE) { -+ printk(KERN_WARNING "%s: wrong options length: %u\n", fname, opt_len); -+ return NULL; -+ } -+ -+ if (options[0] != CI_MPPE || options[1] != CILEN_MPPE || -+ (options[2] & ~MPPE_STATELESS) != 0 || -+ options[3] != 0 || options[4] != 0 || -+ (options[5] & ~(MPPE_128BIT|MPPE_56BIT|MPPE_40BIT|MPPE_MPPC)) != 0 || -+ (options[5] & (MPPE_128BIT|MPPE_56BIT|MPPE_40BIT|MPPE_MPPC)) == 0) { -+ printk(KERN_WARNING "%s: options rejected: o[0]=%02x, o[1]=%02x, " -+ "o[2]=%02x, o[3]=%02x, o[4]=%02x, o[5]=%02x\n", fname, options[0], -+ options[1], options[2], options[3], options[4], options[5]); -+ return NULL; -+ } -+ -+ state = (struct ppp_mppe_state *)kmalloc(sizeof(*state), GFP_KERNEL); -+ if (state == NULL) { -+ printk(KERN_ERR "%s: cannot allocate space for %scompressor\n", fname, -+ comp ? "" : "de"); -+ return NULL; -+ } -+ memset(state, 0, sizeof(struct ppp_mppe_state)); -+ -+ state->mppc = options[5] & MPPE_MPPC; /* Do we use MPPC? */ -+ state->mppe = options[5] & (MPPE_128BIT | MPPE_56BIT | -+ MPPE_40BIT); /* Do we use MPPE? */ -+ -+ if (state->mppc) { -+ /* allocate MPPC history */ -+ state->hist = (u8*)vmalloc(2*MPPE_HIST_LEN*sizeof(u8)); -+ if (state->hist == NULL) { -+ kfree(state); -+ printk(KERN_ERR "%s: cannot allocate space for MPPC history\n", -+ fname); -+ return NULL; -+ } -+ -+ /* allocate hashtable for MPPC compressor */ -+ if (comp) { -+ state->hash = (u16*)vmalloc(MPPE_HIST_LEN*sizeof(u16)); -+ if (state->hash == NULL) { -+ vfree(state->hist); -+ kfree(state); -+ printk(KERN_ERR "%s: cannot allocate space for MPPC history\n", -+ fname); -+ return NULL; -+ } -+ } -+ } -+ -+ MOD_INC_USE_COUNT; -+ -+ if (state->mppe) { /* specific for MPPE */ -+ memcpy(state->master_key, options+CILEN_MPPE, MPPE_MAX_KEY_LEN); -+ memcpy(state->session_key, state->master_key, MPPE_MAX_KEY_LEN); -+ /* initial key generation is done in mppe_init() */ -+ } -+ -+ return (void *) state; -+} -+ -+static void * -+mppe_comp_alloc(unsigned char *options, int opt_len) -+{ -+ return mppe_alloc(options, opt_len, 1); -+} -+ -+static void * -+mppe_decomp_alloc(unsigned char *options, int opt_len) -+{ -+ return mppe_alloc(options, opt_len, 0); -+} -+ -+/* cleanup the (de)compressor */ -+static void -+mppe_comp_free(void *arg) -+{ -+ struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; -+ -+ if (state != NULL) { -+ if (state->hist != NULL) -+ vfree(state->hist); -+ if (state->hash != NULL) -+ vfree(state->hash); -+ kfree(state); -+ } -+ MOD_DEC_USE_COUNT; -+} -+ -+/* init MPPC/MPPE (de)compresor */ -+/* comp != 0 -> init compressor */ -+/* comp = 0 -> init decompressor */ -+static int -+mppe_init(void *arg, unsigned char *options, int opt_len, int unit, -+ int hdrlen, int mru, int debug, int comp) -+{ -+ struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; -+ u8* fname; -+ -+ fname = comp ? "mppe_comp_init" : "mppe_decomp_init"; -+ -+ if (opt_len < CILEN_MPPE) { -+ if (debug) -+ printk(KERN_WARNING "%s: wrong options length: %u\n", -+ fname, opt_len); -+ return 0; -+ } -+ -+ if (options[0] != CI_MPPE || options[1] != CILEN_MPPE || -+ (options[2] & ~MPPE_STATELESS) != 0 || -+ options[3] != 0 || options[4] != 0 || -+ (options[5] & ~(MPPE_56BIT|MPPE_128BIT|MPPE_40BIT|MPPE_MPPC)) != 0 || -+ (options[5] & (MPPE_56BIT|MPPE_128BIT|MPPE_40BIT|MPPE_MPPC)) == 0) { -+ if (debug) -+ printk(KERN_WARNING "%s: options rejected: o[0]=%02x, o[1]=%02x, " -+ "o[2]=%02x, o[3]=%02x, o[4]=%02x, o[5]=%02x\n", fname, -+ options[0], options[1], options[2], options[3], options[4], -+ options[5]); -+ return 0; -+ } -+ -+ if ((options[5] & ~MPPE_MPPC) != MPPE_128BIT && -+ (options[5] & ~MPPE_MPPC) != MPPE_56BIT && -+ (options[5] & ~MPPE_MPPC) != MPPE_40BIT && -+ (options[5] & MPPE_MPPC) != MPPE_MPPC) { -+ if (debug) -+ printk(KERN_WARNING "%s: don't know what to do: o[5]=%02x\n", -+ fname, options[5]); -+ return 0; -+ } -+ -+ state->mppc = options[5] & MPPE_MPPC; /* Do we use MPPC? */ -+ state->mppe = options[5] & (MPPE_128BIT | MPPE_56BIT | -+ MPPE_40BIT); /* Do we use MPPE? */ -+ state->stateless = options[2] & MPPE_STATELESS; /* Do we use stateless mode? */ -+ -+ switch (state->mppe) { -+ case MPPE_40BIT: /* 40 bit key */ -+ state->keylen = 8; -+ state->bitkeylen = 40; -+ break; -+ case MPPE_56BIT: /* 56 bit key */ -+ state->keylen = 8; -+ state->bitkeylen = 56; -+ break; -+ case MPPE_128BIT: /* 128 bit key */ -+ state->keylen = 16; -+ state->bitkeylen = 128; -+ break; -+ default: -+ state->keylen = 0; -+ state->bitkeylen = 0; -+ } -+ -+ state->ccount = MPPE_MAX_CCOUNT; -+ state->bits = 0; -+ state->unit = unit; -+ state->debug = debug; -+ state->histptr = MPPE_HIST_LEN; -+ if (state->mppc) { /* reset history if MPPC was negotiated */ -+ memset(state->hist, 0, 2*MPPE_HIST_LEN*sizeof(u8)); -+ } -+ -+ if (state->mppe) { /* generate initial session keys */ -+ mppe_change_key(state, 1); -+ } -+ -+ if (comp) { /* specific for compressor */ -+ state->nextflushed = 1; -+ } else { /* specific for decompressor */ -+ state->mru = mru; -+ state->flushexpected = 1; -+ } -+ -+ return 1; -+} -+ -+static int -+mppe_comp_init(void *arg, unsigned char *options, int opt_len, int unit, -+ int hdrlen, int debug) -+{ -+ return mppe_init(arg, options, opt_len, unit, hdrlen, 0, debug, 1); -+} -+ -+ -+static int -+mppe_decomp_init(void *arg, unsigned char *options, int opt_len, int unit, -+ int hdrlen, int mru, int debug) -+{ -+ return mppe_init(arg, options, opt_len, unit, hdrlen, mru, debug, 0); -+} -+ -+static void -+mppe_comp_reset(void *arg) -+{ -+ struct ppp_mppe_state *state = (struct ppp_mppe_state *)arg; -+ -+ if (state->debug) -+ printk(KERN_DEBUG "%s%d: resetting MPPC/MPPE compressor\n", -+ __FUNCTION__, state->unit); -+ -+ state->nextflushed = 1; -+ if (state->mppe) -+ arcfour_setkey(&state->arcfour_context, state->session_key, -+ state->keylen); -+} -+ -+static void -+mppe_decomp_reset(void *arg) -+{ -+ /* When MPPC/MPPE is in use, we shouldn't receive any CCP Reset-Ack. -+ But when we receive such a packet, we just ignore it. */ -+ return; -+} -+ -+static void -+mppe_stats(void *arg, struct compstat *stats) -+{ -+ struct ppp_mppe_state *state = (struct ppp_mppe_state *)arg; -+ -+ *stats = state->stats; -+} -+ -+/***************************/ -+/**** Compression stuff ****/ -+/***************************/ -+/* inserts 1 to max. 8 bits into the output buffer */ -+static inline void putbits8(u8 *buf, u32 val, const u32 n, u32 *i, u32 *l) -+{ -+ buf += *i; -+ if (*l >= n) { -+ *l = (*l) - n; -+ val <<= *l; -+ *buf = *buf | (val & 0xff); -+ if (*l == 0) { -+ *l = 8; -+ (*i)++; -+ *(++buf) = 0; -+ } -+ } else { -+ (*i)++; -+ *l = 8 - n + (*l); -+ val <<= *l; -+ *buf = *buf | ((val >> 8) & 0xff); -+ *(++buf) = val & 0xff; -+ } -+} -+ -+/* inserts 9 to max. 16 bits into the output buffer */ -+static inline void putbits16(u8 *buf, u32 val, const u32 n, u32 *i, u32 *l) -+{ -+ buf += *i; -+ if (*l >= n - 8) { -+ (*i)++; -+ *l = 8 - n + (*l); -+ val <<= *l; -+ *buf = *buf | ((val >> 8) & 0xff); -+ *(++buf) = val & 0xff; -+ if (*l == 0) { -+ *l = 8; -+ (*i)++; -+ *(++buf) = 0; -+ } -+ } else { -+ (*i)++; (*i)++; -+ *l = 16 - n + (*l); -+ val <<= *l; -+ *buf = *buf | ((val >> 16) & 0xff); -+ *(++buf) = (val >> 8) & 0xff; -+ *(++buf) = val & 0xff; -+ } -+} -+ -+/* inserts 17 to max. 24 bits into the output buffer */ -+static inline void putbits24(u8 *buf, u32 val, const u32 n, u32 *i, u32 *l) -+{ -+ buf += *i; -+ if (*l >= n - 16) { -+ (*i)++; (*i)++; -+ *l = 16 - n + (*l); -+ val <<= *l; -+ *buf = *buf | ((val >> 16) & 0xff); -+ *(++buf) = (val >> 8) & 0xff; -+ *(++buf) = val & 0xff; -+ if (*l == 0) { -+ *l = 8; -+ (*i)++; -+ *(++buf) = 0; -+ } -+ } else { -+ (*i)++; (*i)++; (*i)++; -+ *l = 24 - n + (*l); -+ val <<= *l; -+ *buf = *buf | ((val >> 24) & 0xff); -+ *(++buf) = (val >> 16) & 0xff; -+ *(++buf) = (val >> 8) & 0xff; -+ *(++buf) = val & 0xff; -+ } -+} -+ -+static int -+mppc_compress(struct ppp_mppe_state *state, unsigned char *ibuf, -+ unsigned char *obuf, int isize, int osize) -+{ -+ u32 olen, off, len, idx, i, l; -+ u8 *hist, *sbuf, *p, *q, *r, *s; -+ -+ /* -+ At this point, to avoid possible buffer overflow caused by packet -+ expansion during/after compression, we should make sure that -+ osize >= (((isize*9)/8)+1)+2, but we don't do that because in -+ ppp_generic.c we just allocate bigger obuf. -+ -+ Maximum MPPC packet expansion is 12.5%. This is the worst case when -+ all octets in the input buffer are >= 0x80 and we cannot find any -+ repeated tokens. Additionally we have to reserve 2 bytes for MPPE/MPPC -+ status bits and coherency counter. -+ */ -+ -+ hist = state->hist + MPPE_HIST_LEN; -+ /* check if there is enough room at the end of the history */ -+ if (state->histptr + isize >= 2*MPPE_HIST_LEN) { -+ state->bits |= MPPE_BIT_RESET; -+ state->histptr = MPPE_HIST_LEN; -+ memcpy(state->hist, hist, MPPE_HIST_LEN); -+ } -+ /* add packet to the history; isize must be <= MPPE_HIST_LEN */ -+ sbuf = state->hist + state->histptr; -+ memcpy(sbuf, ibuf, isize); -+ state->histptr += isize; -+ -+ /* compress data */ -+ r = sbuf + isize; -+ *obuf = olen = i = 0; -+ l = 8; -+ while (i < isize - 2) { -+ s = q = sbuf + i; -+ idx = ((40542*((((s[0]<<4)^s[1])<<4)^s[2]))>>4) & 0x1FFF; -+ p = hist + state->hash[idx]; -+ state->hash[idx] = (u16) (s - hist); -+ off = s - p; -+ if (off > 8191 || off < 1 || *p++ != *s++ || *p++ != *s++ || *p++ != *s++) -+ goto literal; -+ if (r - q >= 64) { -+ *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || -+ *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || -+ *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || -+ *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || -+ *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || -+ *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || -+ *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || -+ *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || -+ *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || -+ *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || -+ *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || -+ *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || -+ *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || -+ *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || -+ *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || *p++ != *s++ || -+ *p++ != *s++; -+ if (s - q == 64) { -+ p--; s--; -+ while((*p++ == *s++) && (s < r)); -+ } -+ } else { -+ while((*p++ == *s++) && (s < r)); -+ } -+ len = s - q - 1; -+ i += len; -+ -+ /* at least 3 character match found; code data */ -+ /* encode offset */ -+ if (off < 64) { /* 10-bit offset; 0 <= offset < 64 */ -+ putbits16(obuf, 0x3c0|off, 10, &olen, &l); -+ } else if (off < 320) { /* 12-bit offset; 64 <= offset < 320 */ -+ putbits16(obuf, 0xe00|(off-64), 12, &olen, &l); -+ } else if (off < 8192) { /* 16-bit offset; 320 <= offset < 8192 */ -+ putbits16(obuf, 0xc000|(off-320), 16, &olen, &l); -+ } else { -+ /* This shouldn't happen; we return 0 what means "packet expands", -+ and we send packet uncompressed. */ -+ if (state->debug) -+ printk(KERN_DEBUG "%s%d: wrong offset value: %d\n", -+ __FUNCTION__, state->unit, off); -+ return 0; -+ } -+ /* encode length of match */ -+ if (len < 4) { /* length = 3 */ -+ putbits8(obuf, 0, 1, &olen, &l); -+ } else if (len < 8) { /* 4 <= length < 8 */ -+ putbits8(obuf, 0x08|(len&0x03), 4, &olen, &l); -+ } else if (len < 16) { /* 8 <= length < 16 */ -+ putbits8(obuf, 0x30|(len&0x07), 6, &olen, &l); -+ } else if (len < 32) { /* 16 <= length < 32 */ -+ putbits8(obuf, 0xe0|(len&0x0f), 8, &olen, &l); -+ } else if (len < 64) { /* 32 <= length < 64 */ -+ putbits16(obuf, 0x3c0|(len&0x1f), 10, &olen, &l); -+ } else if (len < 128) { /* 64 <= length < 128 */ -+ putbits16(obuf, 0xf80|(len&0x3f), 12, &olen, &l); -+ } else if (len < 256) { /* 128 <= length < 256 */ -+ putbits16(obuf, 0x3f00|(len&0x7f), 14, &olen, &l); -+ } else if (len < 512) { /* 256 <= length < 512 */ -+ putbits16(obuf, 0xfe00|(len&0xff), 16, &olen, &l); -+ } else if (len < 1024) { /* 512 <= length < 1024 */ -+ putbits24(obuf, 0x3fc00|(len&0x1ff), 18, &olen, &l); -+ } else if (len < 2048) { /* 1024 <= length < 2048 */ -+ putbits24(obuf, 0xff800|(len&0x3ff), 20, &olen, &l); -+ } else if (len < 4096) { /* 2048 <= length < 4096 */ -+ putbits24(obuf, 0x3ff000|(len&0x7ff), 22, &olen, &l); -+ } else if (len < 8192) { /* 4096 <= length < 8192 */ -+ putbits24(obuf, 0xffe000|(len&0xfff), 24, &olen, &l); -+ } else { -+ /* This shouldn't happen; we return 0 what means "packet expands", -+ and send packet uncompressed. */ -+ if (state->debug) -+ printk(KERN_DEBUG "%s%d: wrong length of match value: %d\n", -+ __FUNCTION__, state->unit, len); -+ return 0; -+ } -+ continue; -+ -+ literal: -+ /* no match found; encode literal byte */ -+ if (ibuf[i] < 0x80) { /* literal byte < 0x80 */ -+ putbits8(obuf, (u32) ibuf[i++], 8, &olen, &l); -+ } else { /* literal byte >= 0x80 */ -+ putbits16(obuf, (u32) (0x100|(ibuf[i++]&0x7f)), 9, &olen, &l); -+ } -+ } -+ -+ /* Add remaining octets to the output */ -+ while(isize - i > 0) { -+ if (ibuf[i] < 0x80) { /* literal byte < 0x80 */ -+ putbits8(obuf, (u32) ibuf[i++], 8, &olen, &l); -+ } else { /* literal byte >= 0x80 */ -+ putbits16(obuf, (u32) (0x100|(ibuf[i++]&0x7f)), 9, &olen, &l); -+ } -+ } -+ /* Reset unused bits of the last output octet */ -+ if ((l != 0) && (l != 8)) { -+ putbits8(obuf, 0, l, &olen, &l); -+ } -+ -+ return (int) olen; -+} -+ -+int -+mppe_compress(void *arg, unsigned char *ibuf, unsigned char *obuf, -+ int isize, int osize) -+{ -+ struct ppp_mppe_state *state = (struct ppp_mppe_state *) arg; -+ int proto, olen, complen; -+ unsigned char *wptr; -+ -+ /* Check that the protocol is in the range we handle. */ -+ proto = PPP_PROTOCOL(ibuf); -+ if (proto < 0x0021 || proto > 0x00fa) -+ return 0; -+ -+ wptr = obuf; -+ /* Copy over the PPP header */ -+ wptr[0] = PPP_ADDRESS(ibuf); -+ wptr[1] = PPP_CONTROL(ibuf); -+ wptr[2] = PPP_COMP >> 8; -+ wptr[3] = PPP_COMP; -+ wptr += PPP_HDRLEN + MPPE_OVHD; /* Leave two octets for MPPE/MPPC bits */ -+ -+ mppe_increase_ccount(state); -+ -+ if (state->nextflushed) { -+ if (!state->stateless) { -+ state->nextflushed = 0; -+ } -+ state->bits |= MPPE_BIT_FLUSHED; -+ if (state->mppc) { /* reset history */ -+ state->bits |= MPPE_BIT_RESET; -+ state->histptr = MPPE_HIST_LEN; -+ memset(state->hist + MPPE_HIST_LEN, 0, MPPE_HIST_LEN*sizeof(u8)); -+ } -+ } -+ -+ if (state->mppc && !state->mppe) { /* Do only compression */ -+ complen = mppc_compress(state, ibuf+2, wptr, isize-2, -+ osize-PPP_HDRLEN-MPPE_OVHD); -+ if ((complen > isize) || (complen == 0)) { -+ /* packet expands */ -+ state->nextflushed = 1; -+ memcpy(wptr, ibuf+2, isize-2); -+ olen = isize + (PPP_HDRLEN / 2) + MPPE_OVHD; -+ (state->stats).inc_bytes += olen; -+ (state->stats).inc_packets++; -+ } else { -+ state->bits |= MPPE_BIT_COMP; -+ olen = complen + PPP_HDRLEN + MPPE_OVHD; -+ (state->stats).comp_bytes += olen; -+ (state->stats).comp_packets++; -+ } -+ } else { -+ if (!state->mppc && state->mppe) { /* Do only encryption */ -+ /* read from ibuf, write to wptr, adjust for PPP_HDRLEN */ -+ arcfour_encrypt(&state->arcfour_context, ibuf+2, isize-2, wptr); -+ state->bits |= MPPE_BIT_ENCRYPTED; -+ olen = isize + (PPP_HDRLEN / 2) + MPPE_OVHD; -+ (state->stats).inc_bytes += olen; -+ (state->stats).inc_packets++; -+ } else { /* Do compression and then encryption - RFC3078 */ -+ complen = mppc_compress(state, ibuf+2, wptr, isize-2, -+ osize-PPP_HDRLEN-MPPE_OVHD); -+ if ((complen > isize) || (complen == 0)) { -+ /* packet expands */ -+ memcpy(wptr, ibuf+2, isize-2); -+ state->nextflushed = 1; -+ arcfour_encrypt(&state->arcfour_context, ibuf+2, isize-2, wptr); -+ olen = isize + (PPP_HDRLEN / 2) + MPPE_OVHD; -+ (state->stats).inc_bytes += olen; -+ (state->stats).inc_packets++; -+ } else { -+ state->bits |= MPPE_BIT_COMP; -+ /* Hack warning !!! RC4 implementation which we use does -+ encryption "in place" - it means that input and output -+ buffers can be *the same* memory area. Therefore we don't -+ need to use a temporary buffer. But be careful - other -+ implementations don't have to be so nice. -+ I used to use ibuf as temporary buffer here, but it led -+ packet sniffers into error. Thanks to Wilfried Weissmann -+ for pointing that. */ -+ arcfour_encrypt(&state->arcfour_context, wptr, complen, wptr); -+ olen = complen + PPP_HDRLEN + MPPE_OVHD; -+ (state->stats).comp_bytes += olen; -+ (state->stats).comp_packets++; -+ } -+ state->bits |= MPPE_BIT_ENCRYPTED; -+ } -+ } -+ -+ /* write status bits and coherency counter into the output buffer */ -+ wptr = obuf + PPP_HDRLEN; -+ wptr[0] = MPPE_CTRLHI(state); -+ wptr[1] = MPPE_CTRLLO(state); -+ -+ state->bits = 0; -+ -+ (state->stats).unc_bytes += isize; -+ (state->stats).unc_packets++; -+ -+ return olen; -+} -+ -+/***************************/ -+/*** Decompression stuff ***/ -+/***************************/ -+static inline u32 getbits(const u8 *buf, const u32 n, u32 *i, u32 *l) -+{ -+ static u32 m[] = {0x00, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f, 0xff}; -+ u32 res, ol; -+ -+ ol = *l; -+ if (*l >= n) { -+ *l = (*l) - n; -+ res = (buf[*i] & m[ol]) >> (*l); -+ if (*l == 0) { -+ *l = 8; -+ (*i)++; -+ } -+ } else { -+ *l = 8 - n + (*l); -+ res = (buf[(*i)++] & m[ol]) << 8; -+ res = (res | buf[*i]) >> (*l); -+ } -+ -+ return res; -+} -+ -+static inline u32 getbyte(const u8 *buf, const u32 i, const u32 l) -+{ -+ if (l == 8) { -+ return buf[i]; -+ } else { -+ return (((buf[i] << 8) | buf[i+1]) >> l) & 0xff; -+ } -+} -+ -+static inline void lamecopy(u8 *dst, u8 *src, u32 len) -+{ -+ while (len--) -+ *dst++ = *src++; -+} -+ -+static int -+mppc_decompress(struct ppp_mppe_state *state, unsigned char *ibuf, -+ unsigned char *obuf, int isize, int osize) -+{ -+ u32 olen, off, len, bits, val, sig, i, l; -+ u8 *history, *s; -+ -+ history = state->hist + state->histptr; -+ olen = len = i = 0; -+ l = 8; -+ bits = isize * 8; -+ while (bits >= 8) { -+ val = getbyte(ibuf, i++, l); -+ if (val < 0x80) { /* literal byte < 0x80 */ -+ if (state->histptr < 2*MPPE_HIST_LEN) { -+ /* copy uncompressed byte to the history */ -+ (state->hist)[(state->histptr)++] = (u8) val; -+ } else { -+ /* buffer overflow; drop packet */ -+ if (state->debug) -+ printk(KERN_ERR "%s%d: trying to write outside history " -+ "buffer\n", __FUNCTION__, state->unit); -+ return DECOMP_ERROR; -+ } -+ olen++; -+ bits -= 8; -+ continue; -+ } -+ -+ sig = val & 0xc0; -+ if (sig == 0x80) { /* literal byte >= 0x80 */ -+ if (state->histptr < 2*MPPE_HIST_LEN) { -+ /* copy uncompressed byte to the history */ -+ (state->hist)[(state->histptr)++] = -+ (u8) (0x80|((val&0x3f)<<1)|getbits(ibuf, 1 , &i ,&l)); -+ } else { -+ /* buffer overflow; drop packet */ -+ if (state->debug) -+ printk(KERN_ERR "%s%d: trying to write outside history " -+ "buffer\n", __FUNCTION__, state->unit); -+ return DECOMP_ERROR; -+ } -+ olen++; -+ bits -= 9; -+ continue; -+ } -+ -+ /* Not a literal byte so it must be an (offset,length) pair */ -+ /* decode offset */ -+ sig = val & 0xf0; -+ if (sig == 0xf0) { /* 10-bit offset; 0 <= offset < 64 */ -+ off = (((val&0x0f)<<2)|getbits(ibuf, 2 , &i ,&l)); -+ bits -= 10; -+ } else { -+ if (sig == 0xe0) { /* 12-bit offset; 64 <= offset < 320 */ -+ off = ((((val&0x0f)<<4)|getbits(ibuf, 4 , &i ,&l))+64); -+ bits -= 12; -+ } else { -+ if ((sig&0xe0) == 0xc0) {/* 16-bit offset; 320 <= offset < 8192 */ -+ off = ((((val&0x1f)<<8)|getbyte(ibuf, i++, l))+320); -+ bits -= 16; -+ if (off > MPPE_HIST_LEN - 1) { -+ if (state->debug) -+ printk(KERN_DEBUG "%s%d: too big offset value: %d\n", -+ __FUNCTION__, state->unit, off); -+ return DECOMP_ERROR; -+ } -+ } else { /* this shouldn't happen */ -+ if (state->debug) -+ printk(KERN_DEBUG "%s%d: cannot decode offset value\n", -+ __FUNCTION__, state->unit); -+ return DECOMP_ERROR; -+ } -+ } -+ } -+ /* decode length of match */ -+ val = getbyte(ibuf, i, l); -+ if ((val & 0x80) == 0x00) { /* len = 3 */ -+ len = 3; -+ bits--; -+ getbits(ibuf, 1 , &i ,&l); -+ } else if ((val & 0xc0) == 0x80) { /* 4 <= len < 8 */ -+ len = 0x04 | ((val>>4) & 0x03); -+ bits -= 4; -+ getbits(ibuf, 4 , &i ,&l); -+ } else if ((val & 0xe0) == 0xc0) { /* 8 <= len < 16 */ -+ len = 0x08 | ((val>>2) & 0x07); -+ bits -= 6; -+ getbits(ibuf, 6 , &i ,&l); -+ } else if ((val & 0xf0) == 0xe0) { /* 16 <= len < 32 */ -+ len = 0x10 | (val & 0x0f); -+ bits -= 8; -+ i++; -+ } else { -+ bits -= 8; -+ val = (val << 8) | getbyte(ibuf, ++i, l); -+ if ((val & 0xf800) == 0xf000) { /* 32 <= len < 64 */ -+ len = 0x0020 | ((val >> 6) & 0x001f); -+ bits -= 2; -+ getbits(ibuf, 2 , &i ,&l); -+ } else if ((val & 0xfc00) == 0xf800) { /* 64 <= len < 128 */ -+ len = 0x0040 | ((val >> 4) & 0x003f); -+ bits -= 4; -+ getbits(ibuf, 4 , &i ,&l); -+ } else if ((val & 0xfe00) == 0xfc00) { /* 128 <= len < 256 */ -+ len = 0x0080 | ((val >> 2) & 0x007f); -+ bits -= 6; -+ getbits(ibuf, 6 , &i ,&l); -+ } else if ((val & 0xff00) == 0xfe00) { /* 256 <= len < 512 */ -+ len = 0x0100 | (val & 0x00ff); -+ bits -= 8; -+ i++; -+ } else { -+ bits -= 8; -+ val = (val << 8) | getbyte(ibuf, ++i, l); -+ if ((val & 0xff8000) == 0xff0000) { /* 512 <= len < 1024 */ -+ len = 0x000200 | ((val >> 6) & 0x0001ff); -+ bits -= 2; -+ getbits(ibuf, 2 , &i ,&l); -+ } else if ((val & 0xffc000) == 0xff8000) {/* 1024 <= len < 2048 */ -+ len = 0x000400 | ((val >> 4) & 0x0003ff); -+ bits -= 4; -+ getbits(ibuf, 4 , &i ,&l); -+ } else if ((val & 0xffe000) == 0xffc000) {/* 2048 <= len < 4096 */ -+ len = 0x000800 | ((val >> 2) & 0x0007ff); -+ bits -= 6; -+ getbits(ibuf, 6 , &i ,&l); -+ } else if ((val & 0xfff000) == 0xffe000) {/* 4096 <= len < 8192 */ -+ len = 0x001000 | (val & 0x000fff); -+ bits -= 8; -+ i++; -+ } else { /* this shouldn't happen */ -+ if (state->debug) -+ printk(KERN_DEBUG "%s%d: wrong length code: 0x%X\n", -+ __FUNCTION__, state->unit, val); -+ return DECOMP_ERROR; -+ } -+ } -+ } -+ s = state->hist + state->histptr; -+ state->histptr += len; -+ olen += len; -+ if (state->histptr < 2*MPPE_HIST_LEN) { -+ /* copy uncompressed bytes to the history */ -+ -+ /* In some cases len may be greater than off. It means that memory -+ * areas pointed by s and s-off overlap. I used to use memmove() -+ * here, because I thought that it acts as libc's version. But -+ * I was wrong. I got strange errors sometimes. Wilfried suggested -+ * using of byte by byte copying here and strange errors disappeared. -+ */ -+ lamecopy(s, s-off, len); -+ } else { -+ /* buffer overflow; drop packet */ -+ if (state->debug) -+ printk(KERN_ERR "%s%d: trying to write outside history " -+ "buffer\n", __FUNCTION__, state->unit); -+ return DECOMP_ERROR; -+ } -+ } -+ -+ if (olen <= osize) { -+ /* copy uncompressed packet to the output buffer */ -+ memcpy(obuf, history, olen); -+ } else { -+ /* buffer overflow; drop packet */ -+ if (state->debug) -+ printk(KERN_ERR "%s%d: too big uncompressed packet: %d\n", -+ __FUNCTION__, state->unit, olen+(PPP_HDRLEN/2)); -+ return DECOMP_ERROR; -+ } -+ -+ return (int) olen; -+} -+ -+int -+mppe_decompress(void *arg, unsigned char *ibuf, int isize, -+ unsigned char *obuf, int osize) -+{ -+ struct ppp_mppe_state *state = (struct ppp_mppe_state *)arg; -+ int seq, bits, uncomplen; -+ -+ if (isize <= PPP_HDRLEN + MPPE_OVHD) { -+ if (state->debug) { -+ printk(KERN_DEBUG "%s%d: short packet (len=%d)\n", __FUNCTION__, -+ state->unit, isize); -+ } -+ return DECOMP_ERROR; -+ } -+ -+ /* Get coherency counter and control bits from input buffer */ -+ seq = MPPE_CCOUNT(ibuf); -+ bits = MPPE_BITS(ibuf); -+ -+ if (state->stateless) { -+ /* RFC 3078, sec 8.1. */ -+ mppe_increase_ccount(state); -+ if ((seq != state->ccount) && state->debug) -+ printk(KERN_DEBUG "%s%d: bad sequence number: %d, expected: %d\n", -+ __FUNCTION__, state->unit, seq, state->ccount); -+ while (seq != state->ccount) -+ mppe_increase_ccount(state); -+ } else { -+ /* RFC 3078, sec 8.2. */ -+ if (state->flushexpected) { /* discard state */ -+ if ((bits & MPPE_BIT_FLUSHED)) { /* we received expected FLUSH bit */ -+ while (seq != state->ccount) -+ mppe_increase_ccount(state); -+ state->flushexpected = 0; -+ } else /* drop packet*/ -+ return DECOMP_ERROR; -+ } else { /* normal state */ -+ mppe_increase_ccount(state); -+ if (seq != state->ccount) { -+ /* Packet loss detected, enter the discard state. */ -+ if (state->debug) -+ printk(KERN_DEBUG "%s%d: bad sequence number: %d, expected: %d\n", -+ __FUNCTION__, state->unit, seq, state->ccount); -+ state->flushexpected = 1; -+ return DECOMP_ERROR; -+ } -+ } -+ if (state->mppe && (bits & MPPE_BIT_FLUSHED)) { -+ arcfour_setkey(&state->arcfour_context, state->session_key, -+ state->keylen); -+ } -+ } -+ -+ if (state->mppc && (bits & (MPPE_BIT_FLUSHED | MPPE_BIT_RESET))) { -+ state->histptr = MPPE_HIST_LEN; -+ if ((bits & MPPE_BIT_FLUSHED)) { -+ memset(state->hist + MPPE_HIST_LEN, 0, MPPE_HIST_LEN*sizeof(u8)); -+ } else -+ if ((bits & MPPE_BIT_RESET)) { -+ memcpy(state->hist, state->hist+MPPE_HIST_LEN, MPPE_HIST_LEN); -+ } -+ } -+ -+ /* Fill in the first part of the PPP header. The protocol field -+ comes from the decompressed data. */ -+ obuf[0] = PPP_ADDRESS(ibuf); -+ obuf[1] = PPP_CONTROL(ibuf); -+ obuf += PPP_HDRLEN / 2; -+ -+ if (state->mppe) { /* process encrypted packet */ -+ if ((bits & MPPE_BIT_ENCRYPTED)) { -+ /* OK, packet encrypted, so decrypt it */ -+ if (state->mppc && (bits & MPPE_BIT_COMP)) { -+ /* Hack warning !!! RC4 implementation which we use does -+ decryption "in place" - it means that input and output -+ buffers can be *the same* memory area. Therefore we don't -+ need to use a temporary buffer. But be careful - other -+ implementations don't have to be so nice. */ -+ arcfour_decrypt(&state->arcfour_context, ibuf+PPP_HDRLEN+MPPE_OVHD, -+ isize-PPP_HDRLEN-MPPE_OVHD, ibuf+PPP_HDRLEN+MPPE_OVHD); -+ uncomplen = mppc_decompress(state, ibuf+PPP_HDRLEN+MPPE_OVHD, -+ obuf, isize-PPP_HDRLEN-MPPE_OVHD, -+ osize-(PPP_HDRLEN/2)); -+ if (uncomplen == DECOMP_ERROR) { -+ state->flushexpected = 1; -+ return DECOMP_ERROR; -+ } -+ uncomplen += PPP_HDRLEN / 2; -+ (state->stats).comp_bytes += isize; -+ (state->stats).comp_packets++; -+ } else { -+ arcfour_decrypt(&state->arcfour_context, ibuf+PPP_HDRLEN+MPPE_OVHD, -+ isize-PPP_HDRLEN-MPPE_OVHD, obuf); -+ uncomplen = isize - (PPP_HDRLEN / 2) - MPPE_OVHD; -+ (state->stats).inc_bytes += isize; -+ (state->stats).inc_packets++; -+ } -+ } else { /* this shouldn't happen */ -+ if (state->debug) -+ printk(KERN_ERR "%s%d: encryption negotiated but not an " -+ "encrypted packet received\n", __FUNCTION__, state->unit); -+ mppe_change_key(state, 0); -+ state->flushexpected = 1; -+ return DECOMP_ERROR; -+ } -+ } else { -+ if (state->mppc) { /* no MPPE, only MPPC */ -+ if ((bits & MPPE_BIT_COMP)) { -+ uncomplen = mppc_decompress(state, ibuf+PPP_HDRLEN+MPPE_OVHD, -+ obuf, isize-PPP_HDRLEN-MPPE_OVHD, -+ osize-(PPP_HDRLEN/2)); -+ if (uncomplen == DECOMP_ERROR) { -+ state->flushexpected = 1; -+ return DECOMP_ERROR; -+ } -+ uncomplen += PPP_HDRLEN / 2; -+ (state->stats).comp_bytes += isize; -+ (state->stats).comp_packets++; -+ } else { -+ memcpy(obuf, ibuf+PPP_HDRLEN+MPPE_OVHD, -+ isize-PPP_HDRLEN-MPPE_OVHD); -+ uncomplen = isize - (PPP_HDRLEN / 2) - MPPE_OVHD; -+ (state->stats).inc_bytes += isize; -+ (state->stats).inc_packets++; -+ } -+ } else { /* this shouldn't happen */ -+ if (state->debug) -+ printk(KERN_ERR "%s%d: error - no MPPC nor MPPE negotiated\n", -+ __FUNCTION__, state->unit); -+ state->flushexpected = 1; -+ return DECOMP_ERROR; -+ } -+ } -+ -+ (state->stats).unc_bytes += uncomplen; -+ (state->stats).unc_packets++; -+ -+ return uncomplen; -+} -+ -+ -+/************************************************************ -+ * Module interface table -+ ************************************************************/ -+ -+/* These are in ppp_generic.c */ -+extern int ppp_register_compressor (struct compressor *cp); -+extern void ppp_unregister_compressor (struct compressor *cp); -+ -+/* -+ * Functions exported to ppp_generic.c. -+ */ -+struct compressor ppp_mppe = { -+ CI_MPPE, /* compress_proto */ -+ mppe_comp_alloc, /* comp_alloc */ -+ mppe_comp_free, /* comp_free */ -+ mppe_comp_init, /* comp_init */ -+ mppe_comp_reset, /* comp_reset */ -+ mppe_compress, /* compress */ -+ mppe_stats, /* comp_stat */ -+ mppe_decomp_alloc, /* decomp_alloc */ -+ mppe_comp_free, /* decomp_free */ -+ mppe_decomp_init, /* decomp_init */ -+ mppe_decomp_reset, /* decomp_reset */ -+ mppe_decompress, /* decompress */ -+ NULL, /* incomp */ -+ mppe_stats, /* decomp_stat */ -+}; -+ -+/* -+ In case of MPPC/MPPE there is no need to process incompressible data -+ because such a data is sent in MPPC/MPPE frame. Therefore the (*incomp) -+ callback function isn't needed. -+*/ -+ -+/************************************************************ -+ * Module support routines -+ ************************************************************/ -+ -+int __init mppe_module_init(void) -+{ -+ int answer = ppp_register_compressor(&ppp_mppe); -+ if (answer == 0) { -+ printk(KERN_INFO "MPPE/MPPC encryption/compression module registered\n"); -+ } -+ return answer; -+} -+ -+void __exit mppe_module_cleanup(void) -+{ -+ if (MOD_IN_USE) { -+ printk (KERN_INFO "MPPE/MPPC module busy, removing delayed\n"); -+ } else { -+ ppp_unregister_compressor (&ppp_mppe); -+ printk(KERN_INFO "MPPE/MPPC encryption/compression module unregistered\n"); -+ } -+} -+ -+module_init(mppe_module_init); -+module_exit(mppe_module_cleanup); -+ -+MODULE_AUTHOR("Jan Dubiec <jdx@slackware.pl>"); -+MODULE_DESCRIPTION("MPPE/MPPC encryption/compression module for Linux"); -+MODULE_LICENSE("Dual BSD/GPL"); -diff -ruN linux-2.4.21.orig/include/linux/ppp-comp.h linux-2.4.21/include/linux/ppp-comp.h ---- linux-2.4.21.orig/include/linux/ppp-comp.h 1999-08-06 19:44:11.000000000 +0200 -+++ linux-2.4.21/include/linux/ppp-comp.h 2003-07-15 01:45:22.000000000 +0200 -@@ -1,34 +1,42 @@ - /* - * ppp-comp.h - Definitions for doing PPP packet compression. - * -- * Copyright (c) 1994 The Australian National University. -- * All rights reserved. -+ * Copyright (c) 1984 Paul Mackerras. All rights reserved. - * -- * Permission to use, copy, modify, and distribute this software and its -- * documentation is hereby granted, provided that the above copyright -- * notice appears in all copies. This software is provided without any -- * warranty, express or implied. The Australian National University -- * makes no representations about the suitability of this software for -- * any purpose. -- * -- * IN NO EVENT SHALL THE AUSTRALIAN NATIONAL UNIVERSITY BE LIABLE TO ANY -- * PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES -- * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF -- * THE AUSTRALIAN NATIONAL UNIVERSITY HAVE BEEN ADVISED OF THE POSSIBILITY -- * OF SUCH DAMAGE. -- * -- * THE AUSTRALIAN NATIONAL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES, -- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -- * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS -- * ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO -- * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, -- * OR MODIFICATIONS. -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: - * -- * $Id: ppp-comp.h,v 1.6 1997/11/27 06:04:44 paulus Exp $ -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in -+ * the documentation and/or other materials provided with the -+ * distribution. -+ * -+ * 3. The name(s) of the authors of this software must not be used to -+ * endorse or promote products derived from this software without -+ * prior written permission. -+ * -+ * 4. Redistributions of any form whatsoever must retain the following -+ * acknowledgment: -+ * "This product includes software developed by Paul Mackerras -+ * <paulus@samba.org>". -+ * -+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO -+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY -+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY -+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN -+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING -+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ * -+ * $Id: ppp-comp.h,v 1.10 2002/12/06 09:49:15 paulus Exp $ - */ - - /* -- * ==FILEVERSION 980319== -+ * ==FILEVERSION 20020715== - * - * NOTE TO MAINTAINERS: - * If you modify this file at all, please set the above date. -@@ -78,7 +86,7 @@ - - /* Compress a packet */ - int (*compress) (void *state, unsigned char *rptr, -- unsigned char *obuf, int isize, int osize); -+ unsigned char *obuf, int isize, int osize); - - /* Return compression statistics */ - void (*comp_stat) (void *state, struct compstat *stats); -@@ -99,7 +107,7 @@ - - /* Decompress a packet. */ - int (*decompress) (void *state, unsigned char *ibuf, int isize, -- unsigned char *obuf, int osize); -+ unsigned char *obuf, int osize); - - /* Update state for an incompressible packet received */ - void (*incomp) (void *state, unsigned char *ibuf, int icnt); -@@ -187,6 +195,127 @@ - #define DEFLATE_CHK_SEQUENCE 0 - - /* -+ * Definitions for MPPE. -+ */ -+ -+#define CI_MPPE 18 /* config option for MPPE */ -+#define CILEN_MPPE 6 /* length of config option */ -+ -+#define MPPE_PAD 4 /* MPPE growth per frame */ -+#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */ -+ -+/* option bits for ccp_options.mppe */ -+#define MPPE_OPT_40 0x01 /* 40 bit */ -+#define MPPE_OPT_128 0x02 /* 128 bit */ -+#define MPPE_OPT_STATEFUL 0x04 /* stateful mode */ -+/* unsupported opts */ -+#define MPPE_OPT_56 0x08 /* 56 bit */ -+#define MPPE_OPT_MPPC 0x10 /* MPPC compression */ -+#define MPPE_OPT_D 0x20 /* Unknown */ -+#define MPPE_OPT_UNSUPPORTED (MPPE_OPT_56|MPPE_OPT_MPPC|MPPE_OPT_D) -+#define MPPE_OPT_UNKNOWN 0x40 /* Bits !defined in RFC 3078 were set */ -+ -+/* -+ * This is not nice ... the alternative is a bitfield struct though. -+ * And unfortunately, we cannot share the same bits for the option -+ * names above since C and H are the same bit. We could do a u_int32 -+ * but then we have to do a htonl() all the time and/or we still need -+ * to know which octet is which. -+ */ -+#define MPPE_C_BIT 0x01 /* MPPC */ -+#define MPPE_D_BIT 0x10 /* Obsolete, usage unknown */ -+#define MPPE_L_BIT 0x20 /* 40-bit */ -+#define MPPE_S_BIT 0x40 /* 128-bit */ -+#define MPPE_M_BIT 0x80 /* 56-bit, not supported */ -+#define MPPE_H_BIT 0x01 /* Stateless (in a different byte) */ -+ -+/* Does not include H bit; used for least significant octet only. */ -+#define MPPE_ALL_BITS (MPPE_D_BIT|MPPE_L_BIT|MPPE_S_BIT|MPPE_M_BIT|MPPE_H_BIT) -+ -+/* Build a CI from mppe opts (see RFC 3078) */ -+#define MPPE_OPTS_TO_CI(opts, ci) \ -+ do { \ -+ u_char *ptr = ci; /* u_char[4] */ \ -+ \ -+ /* H bit */ \ -+ if (opts & MPPE_OPT_STATEFUL) \ -+ *ptr++ = 0x0; \ -+ else \ -+ *ptr++ = MPPE_H_BIT; \ -+ *ptr++ = 0; \ -+ *ptr++ = 0; \ -+ \ -+ /* S,L bits */ \ -+ *ptr = 0; \ -+ if (opts & MPPE_OPT_128) \ -+ *ptr |= MPPE_S_BIT; \ -+ if (opts & MPPE_OPT_40) \ -+ *ptr |= MPPE_L_BIT; \ -+ /* M,D,C bits not supported */ \ -+ } while (/* CONSTCOND */ 0) -+ -+/* The reverse of the above */ -+#define MPPE_CI_TO_OPTS(ci, opts) \ -+ do { \ -+ u_char *ptr = ci; /* u_char[4] */ \ -+ \ -+ opts = 0; \ -+ \ -+ /* H bit */ \ -+ if (!(ptr[0] & MPPE_H_BIT)) \ -+ opts |= MPPE_OPT_STATEFUL; \ -+ \ -+ /* S,L bits */ \ -+ if (ptr[3] & MPPE_S_BIT) \ -+ opts |= MPPE_OPT_128; \ -+ if (ptr[3] & MPPE_L_BIT) \ -+ opts |= MPPE_OPT_40; \ -+ \ -+ /* M,D,C bits */ \ -+ if (ptr[3] & MPPE_M_BIT) \ -+ opts |= MPPE_OPT_56; \ -+ if (ptr[3] & MPPE_D_BIT) \ -+ opts |= MPPE_OPT_D; \ -+ if (ptr[3] & MPPE_C_BIT) \ -+ opts |= MPPE_OPT_MPPC; \ -+ \ -+ /* Other bits */ \ -+ if (ptr[0] & ~MPPE_H_BIT) \ -+ opts |= MPPE_OPT_UNKNOWN; \ -+ if (ptr[1] || ptr[2]) \ -+ opts |= MPPE_OPT_UNKNOWN; \ -+ if (ptr[3] & ~MPPE_ALL_BITS) \ -+ opts |= MPPE_OPT_UNKNOWN; \ -+ } while (/* CONSTCOND */ 0) -+ -+/* MPPE/MPPC definitions by J.D.*/ -+#define MPPE_STATELESS MPPE_H_BIT /* configuration bit H */ -+#define MPPE_40BIT MPPE_L_BIT /* configuration bit L */ -+#define MPPE_56BIT MPPE_M_BIT /* configuration bit M */ -+#define MPPE_128BIT MPPE_S_BIT /* configuration bit S */ -+#define MPPE_MPPC MPPE_C_BIT /* configuration bit C */ -+ -+/* -+ * Definitions for Stac LZS. -+ */ -+ -+#define CI_LZS 17 /* config option for Stac LZS */ -+#define CILEN_LZS 5 /* length of config option */ -+ -+#define LZS_OVHD 4 /* max. LZS overhead */ -+#define LZS_HIST_LEN 2048 /* LZS history size */ -+#define LZS_MAX_CCOUNT 0x0FFF /* max. coherency counter value */ -+ -+#define LZS_MODE_NONE 0 -+#define LZS_MODE_LCB 1 -+#define LZS_MODE_CRC 2 -+#define LZS_MODE_SEQ 3 -+#define LZS_MODE_EXT 4 -+ -+#define LZS_EXT_BIT_FLUSHED 0x80 /* bit A */ -+#define LZS_EXT_BIT_COMP 0x20 /* bit C */ -+ -+/* - * Definitions for other, as yet unsupported, compression methods. - */ - diff --git a/obsolete-buildroot/sources/openwrt/kernel/patches/160-expr.patch b/obsolete-buildroot/sources/openwrt/kernel/patches/160-expr.patch deleted file mode 100644 index f19fe24..0000000 --- a/obsolete-buildroot/sources/openwrt/kernel/patches/160-expr.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- linux/Makefile 2004-08-16 21:31:21.850402752 -0400 -+++ linux/Makefile 2004-08-16 21:48:22.372259848 -0400 -@@ -357,7 +357,7 @@ - @rm -f .ver1 - - include/linux/version.h: ./Makefile -- @expr length "$(KERNELRELEASE)" \<= $(uts_len) > /dev/null || \ -+ @expr "$(KERNELRELEASE)" : '.*' \<= $(uts_len) > /dev/null || \ - (echo KERNELRELEASE \"$(KERNELRELEASE)\" exceeds $(uts_len) characters >&2; false) - @echo \#define UTS_RELEASE \"$(KERNELRELEASE)\" > .ver - @echo \#define LINUX_VERSION_CODE `expr $(VERSION) \\* 65536 + $(PATCHLEVEL) \\* 256 + $(SUBLEVEL)` >> .ver |