summaryrefslogtreecommitdiffstats
path: root/src/helpers
diff options
context:
space:
mode:
Diffstat (limited to 'src/helpers')
-rw-r--r--src/helpers/Makefile.am2
-rw-r--r--src/helpers/amanda.c1
-rw-r--r--src/helpers/dhcpv6.c1
-rw-r--r--src/helpers/ftp.c33
-rw-r--r--src/helpers/rpc.c14
-rw-r--r--src/helpers/sane.c11
-rw-r--r--src/helpers/slp.c1
-rw-r--r--src/helpers/ssdp.c10
-rw-r--r--src/helpers/tftp.c1
-rw-r--r--src/helpers/tns.c8
10 files changed, 28 insertions, 54 deletions
diff --git a/src/helpers/Makefile.am b/src/helpers/Makefile.am
index e4f10c9..e458ab4 100644
--- a/src/helpers/Makefile.am
+++ b/src/helpers/Makefile.am
@@ -11,7 +11,7 @@ pkglib_LTLIBRARIES = ct_helper_amanda.la \
ct_helper_slp.la \
ct_helper_ssdp.la
-HELPER_LDFLAGS = -avoid-version -module $(LIBNETFILTER_CONNTRACK_LIBS) $(LAZY_LDFLAGS)
+HELPER_LDFLAGS = -avoid-version -module $(LIBNETFILTER_CONNTRACK_LIBS)
HELPER_CFLAGS = $(AM_CFLAGS) $(LIBNETFILTER_CONNTRACK_CFLAGS)
ct_helper_amanda_la_SOURCES = amanda.c
diff --git a/src/helpers/amanda.c b/src/helpers/amanda.c
index faee1cd..234d511 100644
--- a/src/helpers/amanda.c
+++ b/src/helpers/amanda.c
@@ -24,6 +24,7 @@
#include <netinet/udp.h>
#include <libmnl/libmnl.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <linux/netfilter/nfnetlink_queue.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
#include <libnetfilter_queue/libnetfilter_queue_udp.h>
#include <libnetfilter_queue/pktbuff.h>
diff --git a/src/helpers/dhcpv6.c b/src/helpers/dhcpv6.c
index f87b6ce..4c5676d 100644
--- a/src/helpers/dhcpv6.c
+++ b/src/helpers/dhcpv6.c
@@ -25,6 +25,7 @@
#include <netinet/udp.h>
#include <libmnl/libmnl.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <linux/netfilter/nfnetlink_queue.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
#include <libnetfilter_queue/libnetfilter_queue_udp.h>
#include <libnetfilter_queue/pktbuff.h>
diff --git a/src/helpers/ftp.c b/src/helpers/ftp.c
index c3aa284..2b34534 100644
--- a/src/helpers/ftp.c
+++ b/src/helpers/ftp.c
@@ -30,22 +30,15 @@
#include <libmnl/libmnl.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <linux/netfilter/nfnetlink_queue.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
#include <libnetfilter_queue/libnetfilter_queue_tcp.h>
#include <libnetfilter_queue/pktbuff.h>
#include <linux/netfilter.h>
-static bool loose; /* XXX: export this as config option. */
-
-#define NUM_SEQ_TO_REMEMBER 2
+#include "helpers/ftp.h"
-/* This structure exists only once per master */
-struct ftp_info {
- /* Valid seq positions for cmd matching after newline */
- uint32_t seq_aft_nl[MYCT_DIR_MAX][NUM_SEQ_TO_REMEMBER];
- /* 0 means seq_match_aft_nl not set */
- int seq_aft_nl_num[MYCT_DIR_MAX];
-};
+static bool loose; /* XXX: export this as config option. */
enum nf_ct_ftp_type {
/* PORT command from client */
@@ -339,23 +332,21 @@ static int nf_nat_ftp_fmt_cmd(enum nf_ct_ftp_type type,
char *buffer, size_t buflen,
uint32_t addr, uint16_t port)
{
+ union {
+ unsigned char c[4];
+ uint32_t d;
+ } tmp;
+
+ tmp.d = addr;
switch (type) {
case NF_CT_FTP_PORT:
case NF_CT_FTP_PASV:
return snprintf(buffer, buflen, "%u,%u,%u,%u,%u,%u",
- ((unsigned char *)&addr)[0],
- ((unsigned char *)&addr)[1],
- ((unsigned char *)&addr)[2],
- ((unsigned char *)&addr)[3],
- port >> 8,
- port & 0xFF);
+ tmp.c[0], tmp.c[1], tmp.c[2], tmp.c[3],
+ port >> 8, port & 0xFF);
case NF_CT_FTP_EPRT:
return snprintf(buffer, buflen, "|1|%u.%u.%u.%u|%u|",
- ((unsigned char *)&addr)[0],
- ((unsigned char *)&addr)[1],
- ((unsigned char *)&addr)[2],
- ((unsigned char *)&addr)[3],
- port);
+ tmp.c[0], tmp.c[1], tmp.c[2], tmp.c[3], port);
case NF_CT_FTP_EPSV:
return snprintf(buffer, buflen, "|||%u|", port);
}
diff --git a/src/helpers/rpc.c b/src/helpers/rpc.c
index bd24dd3..732e9ba 100644
--- a/src/helpers/rpc.c
+++ b/src/helpers/rpc.c
@@ -35,26 +35,18 @@
#include <libmnl/libmnl.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <linux/netfilter/nfnetlink_queue.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
#include <libnetfilter_queue/libnetfilter_queue_tcp.h>
#include <libnetfilter_queue/pktbuff.h>
#include <linux/netfilter.h>
+#include "helpers/rpc.h"
+
/* RFC 1050: RPC: Remote Procedure Call Protocol Specification Version 2 */
/* RFC 1014: XDR: External Data Representation Standard */
#define SUPPORTED_RPC_VERSION 2
-struct rpc_info {
- /* XID */
- uint32_t xid;
- /* program */
- uint32_t pm_prog;
- /* program version */
- uint32_t pm_vers;
- /* transport protocol: TCP|UDP */
- uint32_t pm_prot;
-};
-
/* So, this packet has hit the connection tracking matching code.
Mangle it, and change the expectation to match the new version. */
static unsigned int
diff --git a/src/helpers/sane.c b/src/helpers/sane.c
index c30f4ba..ebcb24c 100644
--- a/src/helpers/sane.c
+++ b/src/helpers/sane.c
@@ -34,15 +34,12 @@
#include <netinet/tcp.h>
#include <libmnl/libmnl.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <linux/netfilter/nfnetlink_queue.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
#include <libnetfilter_queue/libnetfilter_queue_tcp.h>
#include <libnetfilter_queue/pktbuff.h>
#include <linux/netfilter.h>
-
-enum sane_state {
- SANE_STATE_NORMAL,
- SANE_STATE_START_REQUESTED,
-};
+#include "helpers/sane.h"
struct sane_request {
uint32_t RPC_code;
@@ -60,10 +57,6 @@ struct sane_reply_net_start {
/* other fields aren't interesting for conntrack */
};
-struct nf_ct_sane_master {
- enum sane_state state;
-};
-
static int
sane_helper_cb(struct pkt_buff *pkt, uint32_t protoff,
struct myct *myct, uint32_t ctinfo)
diff --git a/src/helpers/slp.c b/src/helpers/slp.c
index b8339d6..a53485a 100644
--- a/src/helpers/slp.c
+++ b/src/helpers/slp.c
@@ -28,6 +28,7 @@
#include "myct.h"
#include "log.h"
+#include <linux/netfilter/nfnetlink_queue.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
#include <linux/netfilter.h>
diff --git a/src/helpers/ssdp.c b/src/helpers/ssdp.c
index 58658e3..527892c 100644
--- a/src/helpers/ssdp.c
+++ b/src/helpers/ssdp.c
@@ -48,12 +48,12 @@
#include <errno.h>
#include <stdlib.h>
#include <arpa/inet.h>
-#include <netinet/ip.h>
#define _GNU_SOURCE
#include <netinet/tcp.h>
#include <netinet/udp.h>
#include <libmnl/libmnl.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <linux/netfilter/nfnetlink_queue.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
#include <libnetfilter_queue/libnetfilter_queue_tcp.h>
#include <libnetfilter_queue/pktbuff.h>
@@ -158,11 +158,9 @@ static int handle_ssdp_new(struct pkt_buff *pkt, uint32_t protoff,
{
int ret = NF_ACCEPT;
union nfct_attr_grp_addr daddr, saddr, taddr;
- struct iphdr *net_hdr = (struct iphdr *)pktb_network_header(pkt);
int good_packet = 0;
struct nf_expect *exp;
uint16_t port;
- unsigned int dataoff;
void *sb_ptr;
cthelper_get_addr_dst(myct->ct, MYCT_DIR_ORIG, &daddr);
@@ -200,13 +198,12 @@ static int handle_ssdp_new(struct pkt_buff *pkt, uint32_t protoff,
}
/* No data? Ignore */
- dataoff = net_hdr->ihl*4 + sizeof(struct udphdr);
- if (dataoff >= pktb_len(pkt)) {
+ if (protoff + sizeof(struct udphdr) >= pktb_len(pkt)) {
pr_debug("ssdp_help: UDP payload too small for M-SEARCH; ignoring\n");
return NF_ACCEPT;
}
- sb_ptr = pktb_network_header(pkt) + dataoff;
+ sb_ptr = pktb_network_header(pkt) + protoff + sizeof(struct udphdr);
if (memcmp(sb_ptr, SSDP_M_SEARCH, SSDP_M_SEARCH_SIZE) != 0) {
pr_debug("ssdp_help: UDP payload does not begin with 'M-SEARCH'; ignoring\n");
@@ -259,7 +256,6 @@ static int find_hdr(const char *name, const uint8_t *data, int data_len,
data += i+2;
}
- data_len -= name_len;
data += name_len;
if (pos)
*pos = data;
diff --git a/src/helpers/tftp.c b/src/helpers/tftp.c
index 70dd28a..e61195f 100644
--- a/src/helpers/tftp.c
+++ b/src/helpers/tftp.c
@@ -20,6 +20,7 @@
#include <netinet/udp.h>
#include <libmnl/libmnl.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <linux/netfilter/nfnetlink_queue.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
#include <libnetfilter_queue/libnetfilter_queue_udp.h>
#include <libnetfilter_queue/pktbuff.h>
diff --git a/src/helpers/tns.c b/src/helpers/tns.c
index 2b4fed4..5692f29 100644
--- a/src/helpers/tns.c
+++ b/src/helpers/tns.c
@@ -23,11 +23,14 @@
#include <libmnl/libmnl.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <linux/netfilter/nfnetlink_queue.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
#include <libnetfilter_queue/libnetfilter_queue_tcp.h>
#include <libnetfilter_queue/pktbuff.h>
#include <linux/netfilter.h>
+#include "helpers/tns.h"
+
/* TNS SQL*Net Version 2 */
enum tns_types {
TNS_TYPE_CONNECT = 1,
@@ -57,11 +60,6 @@ struct tns_redirect {
uint16_t data_len;
};
-struct tns_info {
- /* Scan next DATA|REDIRECT packet */
- bool parse;
-};
-
static int try_number(const char *data, size_t dlen, uint32_t array[],
int array_size, char sep, char term)
{