Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
nf_conntrack_pptp.c
Go to the documentation of this file.
1 /*
2  * Connection tracking support for PPTP (Point to Point Tunneling Protocol).
3  * PPTP is a a protocol for creating virtual private networks.
4  * It is a specification defined by Microsoft and some vendors
5  * working with Microsoft. PPTP is built on top of a modified
6  * version of the Internet Generic Routing Encapsulation Protocol.
7  * GRE is defined in RFC 1701 and RFC 1702. Documentation of
8  * PPTP can be found in RFC 2637
9  *
10  * (C) 2000-2005 by Harald Welte <[email protected]>
11  *
12  * Development of this code funded by Astaro AG (http://www.astaro.com/)
13  *
14  * Limitations:
15  * - We blindly assume that control connections are always
16  * established in PNS->PAC direction. This is a violation
17  * of RFFC2673
18  * - We can only support one single call within each session
19  * TODO:
20  * - testing of incoming PPTP calls
21  */
22 
23 #include <linux/module.h>
24 #include <linux/skbuff.h>
25 #include <linux/in.h>
26 #include <linux/tcp.h>
27 
28 #include <net/netfilter/nf_conntrack.h>
29 #include <net/netfilter/nf_conntrack_core.h>
30 #include <net/netfilter/nf_conntrack_helper.h>
31 #include <net/netfilter/nf_conntrack_zones.h>
32 #include <linux/netfilter/nf_conntrack_proto_gre.h>
33 #include <linux/netfilter/nf_conntrack_pptp.h>
34 
35 #define NF_CT_PPTP_VERSION "3.1"
36 
37 MODULE_LICENSE("GPL");
38 MODULE_AUTHOR("Harald Welte <[email protected]>");
39 MODULE_DESCRIPTION("Netfilter connection tracking helper module for PPTP");
40 MODULE_ALIAS("ip_conntrack_pptp");
41 MODULE_ALIAS_NFCT_HELPER("pptp");
42 
43 static DEFINE_SPINLOCK(nf_pptp_lock);
44 
45 int
46 (*nf_nat_pptp_hook_outbound)(struct sk_buff *skb,
47  struct nf_conn *ct, enum ip_conntrack_info ctinfo,
48  unsigned int protoff, struct PptpControlHeader *ctlh,
49  union pptp_ctrl_union *pptpReq) __read_mostly;
50 EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_outbound);
51 
52 int
53 (*nf_nat_pptp_hook_inbound)(struct sk_buff *skb,
54  struct nf_conn *ct, enum ip_conntrack_info ctinfo,
55  unsigned int protoff, struct PptpControlHeader *ctlh,
56  union pptp_ctrl_union *pptpReq) __read_mostly;
57 EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_inbound);
58 
59 void
60 (*nf_nat_pptp_hook_exp_gre)(struct nf_conntrack_expect *expect_orig,
61  struct nf_conntrack_expect *expect_reply)
62  __read_mostly;
63 EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_exp_gre);
64 
65 void
66 (*nf_nat_pptp_hook_expectfn)(struct nf_conn *ct,
67  struct nf_conntrack_expect *exp) __read_mostly;
68 EXPORT_SYMBOL_GPL(nf_nat_pptp_hook_expectfn);
69 
70 #if defined(DEBUG) || defined(CONFIG_DYNAMIC_DEBUG)
71 /* PptpControlMessageType names */
72 const char *const pptp_msg_name[] = {
73  "UNKNOWN_MESSAGE",
74  "START_SESSION_REQUEST",
75  "START_SESSION_REPLY",
76  "STOP_SESSION_REQUEST",
77  "STOP_SESSION_REPLY",
78  "ECHO_REQUEST",
79  "ECHO_REPLY",
80  "OUT_CALL_REQUEST",
81  "OUT_CALL_REPLY",
82  "IN_CALL_REQUEST",
83  "IN_CALL_REPLY",
84  "IN_CALL_CONNECT",
85  "CALL_CLEAR_REQUEST",
86  "CALL_DISCONNECT_NOTIFY",
87  "WAN_ERROR_NOTIFY",
88  "SET_LINK_INFO"
89 };
90 EXPORT_SYMBOL(pptp_msg_name);
91 #endif
92 
93 #define SECS *HZ
94 #define MINS * 60 SECS
95 #define HOURS * 60 MINS
96 
97 #define PPTP_GRE_TIMEOUT (10 MINS)
98 #define PPTP_GRE_STREAM_TIMEOUT (5 HOURS)
99 
100 static void pptp_expectfn(struct nf_conn *ct,
101  struct nf_conntrack_expect *exp)
102 {
103  struct net *net = nf_ct_net(ct);
104  typeof(nf_nat_pptp_hook_expectfn) nf_nat_pptp_expectfn;
105  pr_debug("increasing timeouts\n");
106 
107  /* increase timeout of GRE data channel conntrack entry */
108  ct->proto.gre.timeout = PPTP_GRE_TIMEOUT;
109  ct->proto.gre.stream_timeout = PPTP_GRE_STREAM_TIMEOUT;
110 
111  /* Can you see how rusty this code is, compared with the pre-2.6.11
112  * one? That's what happened to my shiny newnat of 2002 ;( -HW */
113 
114  rcu_read_lock();
115  nf_nat_pptp_expectfn = rcu_dereference(nf_nat_pptp_hook_expectfn);
116  if (nf_nat_pptp_expectfn && ct->master->status & IPS_NAT_MASK)
117  nf_nat_pptp_expectfn(ct, exp);
118  else {
119  struct nf_conntrack_tuple inv_t;
120  struct nf_conntrack_expect *exp_other;
121 
122  /* obviously this tuple inversion only works until you do NAT */
123  nf_ct_invert_tuplepr(&inv_t, &exp->tuple);
124  pr_debug("trying to unexpect other dir: ");
125  nf_ct_dump_tuple(&inv_t);
126 
127  exp_other = nf_ct_expect_find_get(net, nf_ct_zone(ct), &inv_t);
128  if (exp_other) {
129  /* delete other expectation. */
130  pr_debug("found\n");
131  nf_ct_unexpect_related(exp_other);
132  nf_ct_expect_put(exp_other);
133  } else {
134  pr_debug("not found\n");
135  }
136  }
137  rcu_read_unlock();
138 }
139 
140 static int destroy_sibling_or_exp(struct net *net, struct nf_conn *ct,
141  const struct nf_conntrack_tuple *t)
142 {
143  const struct nf_conntrack_tuple_hash *h;
144  struct nf_conntrack_expect *exp;
145  struct nf_conn *sibling;
146  u16 zone = nf_ct_zone(ct);
147 
148  pr_debug("trying to timeout ct or exp for tuple ");
149  nf_ct_dump_tuple(t);
150 
151  h = nf_conntrack_find_get(net, zone, t);
152  if (h) {
153  sibling = nf_ct_tuplehash_to_ctrack(h);
154  pr_debug("setting timeout of conntrack %p to 0\n", sibling);
155  sibling->proto.gre.timeout = 0;
156  sibling->proto.gre.stream_timeout = 0;
157  if (del_timer(&sibling->timeout))
158  sibling->timeout.function((unsigned long)sibling);
159  nf_ct_put(sibling);
160  return 1;
161  } else {
162  exp = nf_ct_expect_find_get(net, zone, t);
163  if (exp) {
164  pr_debug("unexpect_related of expect %p\n", exp);
165  nf_ct_unexpect_related(exp);
166  nf_ct_expect_put(exp);
167  return 1;
168  }
169  }
170  return 0;
171 }
172 
173 /* timeout GRE data connections */
174 static void pptp_destroy_siblings(struct nf_conn *ct)
175 {
176  struct net *net = nf_ct_net(ct);
177  const struct nf_ct_pptp_master *ct_pptp_info = nfct_help_data(ct);
178  struct nf_conntrack_tuple t;
179 
180  nf_ct_gre_keymap_destroy(ct);
181 
182  /* try original (pns->pac) tuple */
183  memcpy(&t, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple, sizeof(t));
184  t.dst.protonum = IPPROTO_GRE;
185  t.src.u.gre.key = ct_pptp_info->pns_call_id;
186  t.dst.u.gre.key = ct_pptp_info->pac_call_id;
187  if (!destroy_sibling_or_exp(net, ct, &t))
188  pr_debug("failed to timeout original pns->pac ct/exp\n");
189 
190  /* try reply (pac->pns) tuple */
191  memcpy(&t, &ct->tuplehash[IP_CT_DIR_REPLY].tuple, sizeof(t));
192  t.dst.protonum = IPPROTO_GRE;
193  t.src.u.gre.key = ct_pptp_info->pac_call_id;
194  t.dst.u.gre.key = ct_pptp_info->pns_call_id;
195  if (!destroy_sibling_or_exp(net, ct, &t))
196  pr_debug("failed to timeout reply pac->pns ct/exp\n");
197 }
198 
199 /* expect GRE connections (PNS->PAC and PAC->PNS direction) */
200 static int exp_gre(struct nf_conn *ct, __be16 callid, __be16 peer_callid)
201 {
202  struct nf_conntrack_expect *exp_orig, *exp_reply;
203  enum ip_conntrack_dir dir;
204  int ret = 1;
205  typeof(nf_nat_pptp_hook_exp_gre) nf_nat_pptp_exp_gre;
206 
207  exp_orig = nf_ct_expect_alloc(ct);
208  if (exp_orig == NULL)
209  goto out;
210 
211  exp_reply = nf_ct_expect_alloc(ct);
212  if (exp_reply == NULL)
213  goto out_put_orig;
214 
215  /* original direction, PNS->PAC */
216  dir = IP_CT_DIR_ORIGINAL;
217  nf_ct_expect_init(exp_orig, NF_CT_EXPECT_CLASS_DEFAULT,
218  nf_ct_l3num(ct),
219  &ct->tuplehash[dir].tuple.src.u3,
220  &ct->tuplehash[dir].tuple.dst.u3,
221  IPPROTO_GRE, &peer_callid, &callid);
222  exp_orig->expectfn = pptp_expectfn;
223 
224  /* reply direction, PAC->PNS */
225  dir = IP_CT_DIR_REPLY;
226  nf_ct_expect_init(exp_reply, NF_CT_EXPECT_CLASS_DEFAULT,
227  nf_ct_l3num(ct),
228  &ct->tuplehash[dir].tuple.src.u3,
229  &ct->tuplehash[dir].tuple.dst.u3,
230  IPPROTO_GRE, &callid, &peer_callid);
231  exp_reply->expectfn = pptp_expectfn;
232 
233  nf_nat_pptp_exp_gre = rcu_dereference(nf_nat_pptp_hook_exp_gre);
234  if (nf_nat_pptp_exp_gre && ct->status & IPS_NAT_MASK)
235  nf_nat_pptp_exp_gre(exp_orig, exp_reply);
236  if (nf_ct_expect_related(exp_orig) != 0)
237  goto out_put_both;
238  if (nf_ct_expect_related(exp_reply) != 0)
239  goto out_unexpect_orig;
240 
241  /* Add GRE keymap entries */
242  if (nf_ct_gre_keymap_add(ct, IP_CT_DIR_ORIGINAL, &exp_orig->tuple) != 0)
243  goto out_unexpect_both;
244  if (nf_ct_gre_keymap_add(ct, IP_CT_DIR_REPLY, &exp_reply->tuple) != 0) {
245  nf_ct_gre_keymap_destroy(ct);
246  goto out_unexpect_both;
247  }
248  ret = 0;
249 
250 out_put_both:
251  nf_ct_expect_put(exp_reply);
252 out_put_orig:
253  nf_ct_expect_put(exp_orig);
254 out:
255  return ret;
256 
257 out_unexpect_both:
258  nf_ct_unexpect_related(exp_reply);
259 out_unexpect_orig:
260  nf_ct_unexpect_related(exp_orig);
261  goto out_put_both;
262 }
263 
264 static inline int
265 pptp_inbound_pkt(struct sk_buff *skb, unsigned int protoff,
266  struct PptpControlHeader *ctlh,
267  union pptp_ctrl_union *pptpReq,
268  unsigned int reqlen,
269  struct nf_conn *ct,
270  enum ip_conntrack_info ctinfo)
271 {
272  struct nf_ct_pptp_master *info = nfct_help_data(ct);
273  u_int16_t msg;
274  __be16 cid = 0, pcid = 0;
275  typeof(nf_nat_pptp_hook_inbound) nf_nat_pptp_inbound;
276 
277  msg = ntohs(ctlh->messageType);
278  pr_debug("inbound control message %s\n", pptp_msg_name[msg]);
279 
280  switch (msg) {
281  case PPTP_START_SESSION_REPLY:
282  /* server confirms new control session */
283  if (info->sstate < PPTP_SESSION_REQUESTED)
284  goto invalid;
285  if (pptpReq->srep.resultCode == PPTP_START_OK)
286  info->sstate = PPTP_SESSION_CONFIRMED;
287  else
288  info->sstate = PPTP_SESSION_ERROR;
289  break;
290 
291  case PPTP_STOP_SESSION_REPLY:
292  /* server confirms end of control session */
293  if (info->sstate > PPTP_SESSION_STOPREQ)
294  goto invalid;
295  if (pptpReq->strep.resultCode == PPTP_STOP_OK)
296  info->sstate = PPTP_SESSION_NONE;
297  else
298  info->sstate = PPTP_SESSION_ERROR;
299  break;
300 
301  case PPTP_OUT_CALL_REPLY:
302  /* server accepted call, we now expect GRE frames */
303  if (info->sstate != PPTP_SESSION_CONFIRMED)
304  goto invalid;
305  if (info->cstate != PPTP_CALL_OUT_REQ &&
306  info->cstate != PPTP_CALL_OUT_CONF)
307  goto invalid;
308 
309  cid = pptpReq->ocack.callID;
310  pcid = pptpReq->ocack.peersCallID;
311  if (info->pns_call_id != pcid)
312  goto invalid;
313  pr_debug("%s, CID=%X, PCID=%X\n", pptp_msg_name[msg],
314  ntohs(cid), ntohs(pcid));
315 
316  if (pptpReq->ocack.resultCode == PPTP_OUTCALL_CONNECT) {
317  info->cstate = PPTP_CALL_OUT_CONF;
318  info->pac_call_id = cid;
319  exp_gre(ct, cid, pcid);
320  } else
321  info->cstate = PPTP_CALL_NONE;
322  break;
323 
324  case PPTP_IN_CALL_REQUEST:
325  /* server tells us about incoming call request */
326  if (info->sstate != PPTP_SESSION_CONFIRMED)
327  goto invalid;
328 
329  cid = pptpReq->icreq.callID;
330  pr_debug("%s, CID=%X\n", pptp_msg_name[msg], ntohs(cid));
331  info->cstate = PPTP_CALL_IN_REQ;
332  info->pac_call_id = cid;
333  break;
334 
335  case PPTP_IN_CALL_CONNECT:
336  /* server tells us about incoming call established */
337  if (info->sstate != PPTP_SESSION_CONFIRMED)
338  goto invalid;
339  if (info->cstate != PPTP_CALL_IN_REP &&
340  info->cstate != PPTP_CALL_IN_CONF)
341  goto invalid;
342 
343  pcid = pptpReq->iccon.peersCallID;
344  cid = info->pac_call_id;
345 
346  if (info->pns_call_id != pcid)
347  goto invalid;
348 
349  pr_debug("%s, PCID=%X\n", pptp_msg_name[msg], ntohs(pcid));
350  info->cstate = PPTP_CALL_IN_CONF;
351 
352  /* we expect a GRE connection from PAC to PNS */
353  exp_gre(ct, cid, pcid);
354  break;
355 
356  case PPTP_CALL_DISCONNECT_NOTIFY:
357  /* server confirms disconnect */
358  cid = pptpReq->disc.callID;
359  pr_debug("%s, CID=%X\n", pptp_msg_name[msg], ntohs(cid));
360  info->cstate = PPTP_CALL_NONE;
361 
362  /* untrack this call id, unexpect GRE packets */
363  pptp_destroy_siblings(ct);
364  break;
365 
366  case PPTP_WAN_ERROR_NOTIFY:
367  case PPTP_SET_LINK_INFO:
368  case PPTP_ECHO_REQUEST:
369  case PPTP_ECHO_REPLY:
370  /* I don't have to explain these ;) */
371  break;
372 
373  default:
374  goto invalid;
375  }
376 
377  nf_nat_pptp_inbound = rcu_dereference(nf_nat_pptp_hook_inbound);
378  if (nf_nat_pptp_inbound && ct->status & IPS_NAT_MASK)
379  return nf_nat_pptp_inbound(skb, ct, ctinfo,
380  protoff, ctlh, pptpReq);
381  return NF_ACCEPT;
382 
383 invalid:
384  pr_debug("invalid %s: type=%d cid=%u pcid=%u "
385  "cstate=%d sstate=%d pns_cid=%u pac_cid=%u\n",
386  msg <= PPTP_MSG_MAX ? pptp_msg_name[msg] : pptp_msg_name[0],
387  msg, ntohs(cid), ntohs(pcid), info->cstate, info->sstate,
388  ntohs(info->pns_call_id), ntohs(info->pac_call_id));
389  return NF_ACCEPT;
390 }
391 
392 static inline int
393 pptp_outbound_pkt(struct sk_buff *skb, unsigned int protoff,
394  struct PptpControlHeader *ctlh,
395  union pptp_ctrl_union *pptpReq,
396  unsigned int reqlen,
397  struct nf_conn *ct,
398  enum ip_conntrack_info ctinfo)
399 {
400  struct nf_ct_pptp_master *info = nfct_help_data(ct);
401  u_int16_t msg;
402  __be16 cid = 0, pcid = 0;
403  typeof(nf_nat_pptp_hook_outbound) nf_nat_pptp_outbound;
404 
405  msg = ntohs(ctlh->messageType);
406  pr_debug("outbound control message %s\n", pptp_msg_name[msg]);
407 
408  switch (msg) {
409  case PPTP_START_SESSION_REQUEST:
410  /* client requests for new control session */
411  if (info->sstate != PPTP_SESSION_NONE)
412  goto invalid;
413  info->sstate = PPTP_SESSION_REQUESTED;
414  break;
415 
416  case PPTP_STOP_SESSION_REQUEST:
417  /* client requests end of control session */
418  info->sstate = PPTP_SESSION_STOPREQ;
419  break;
420 
421  case PPTP_OUT_CALL_REQUEST:
422  /* client initiating connection to server */
423  if (info->sstate != PPTP_SESSION_CONFIRMED)
424  goto invalid;
425  info->cstate = PPTP_CALL_OUT_REQ;
426  /* track PNS call id */
427  cid = pptpReq->ocreq.callID;
428  pr_debug("%s, CID=%X\n", pptp_msg_name[msg], ntohs(cid));
429  info->pns_call_id = cid;
430  break;
431 
432  case PPTP_IN_CALL_REPLY:
433  /* client answers incoming call */
434  if (info->cstate != PPTP_CALL_IN_REQ &&
435  info->cstate != PPTP_CALL_IN_REP)
436  goto invalid;
437 
438  cid = pptpReq->icack.callID;
439  pcid = pptpReq->icack.peersCallID;
440  if (info->pac_call_id != pcid)
441  goto invalid;
442  pr_debug("%s, CID=%X PCID=%X\n", pptp_msg_name[msg],
443  ntohs(cid), ntohs(pcid));
444 
445  if (pptpReq->icack.resultCode == PPTP_INCALL_ACCEPT) {
446  /* part two of the three-way handshake */
447  info->cstate = PPTP_CALL_IN_REP;
448  info->pns_call_id = cid;
449  } else
450  info->cstate = PPTP_CALL_NONE;
451  break;
452 
453  case PPTP_CALL_CLEAR_REQUEST:
454  /* client requests hangup of call */
455  if (info->sstate != PPTP_SESSION_CONFIRMED)
456  goto invalid;
457  /* FUTURE: iterate over all calls and check if
458  * call ID is valid. We don't do this without newnat,
459  * because we only know about last call */
460  info->cstate = PPTP_CALL_CLEAR_REQ;
461  break;
462 
463  case PPTP_SET_LINK_INFO:
464  case PPTP_ECHO_REQUEST:
465  case PPTP_ECHO_REPLY:
466  /* I don't have to explain these ;) */
467  break;
468 
469  default:
470  goto invalid;
471  }
472 
473  nf_nat_pptp_outbound = rcu_dereference(nf_nat_pptp_hook_outbound);
474  if (nf_nat_pptp_outbound && ct->status & IPS_NAT_MASK)
475  return nf_nat_pptp_outbound(skb, ct, ctinfo,
476  protoff, ctlh, pptpReq);
477  return NF_ACCEPT;
478 
479 invalid:
480  pr_debug("invalid %s: type=%d cid=%u pcid=%u "
481  "cstate=%d sstate=%d pns_cid=%u pac_cid=%u\n",
482  msg <= PPTP_MSG_MAX ? pptp_msg_name[msg] : pptp_msg_name[0],
483  msg, ntohs(cid), ntohs(pcid), info->cstate, info->sstate,
484  ntohs(info->pns_call_id), ntohs(info->pac_call_id));
485  return NF_ACCEPT;
486 }
487 
488 static const unsigned int pptp_msg_size[] = {
489  [PPTP_START_SESSION_REQUEST] = sizeof(struct PptpStartSessionRequest),
490  [PPTP_START_SESSION_REPLY] = sizeof(struct PptpStartSessionReply),
491  [PPTP_STOP_SESSION_REQUEST] = sizeof(struct PptpStopSessionRequest),
492  [PPTP_STOP_SESSION_REPLY] = sizeof(struct PptpStopSessionReply),
493  [PPTP_OUT_CALL_REQUEST] = sizeof(struct PptpOutCallRequest),
494  [PPTP_OUT_CALL_REPLY] = sizeof(struct PptpOutCallReply),
495  [PPTP_IN_CALL_REQUEST] = sizeof(struct PptpInCallRequest),
496  [PPTP_IN_CALL_REPLY] = sizeof(struct PptpInCallReply),
497  [PPTP_IN_CALL_CONNECT] = sizeof(struct PptpInCallConnected),
498  [PPTP_CALL_CLEAR_REQUEST] = sizeof(struct PptpClearCallRequest),
499  [PPTP_CALL_DISCONNECT_NOTIFY] = sizeof(struct PptpCallDisconnectNotify),
500  [PPTP_WAN_ERROR_NOTIFY] = sizeof(struct PptpWanErrorNotify),
501  [PPTP_SET_LINK_INFO] = sizeof(struct PptpSetLinkInfo),
502 };
503 
504 /* track caller id inside control connection, call expect_related */
505 static int
506 conntrack_pptp_help(struct sk_buff *skb, unsigned int protoff,
507  struct nf_conn *ct, enum ip_conntrack_info ctinfo)
508 
509 {
510  int dir = CTINFO2DIR(ctinfo);
511  const struct nf_ct_pptp_master *info = nfct_help_data(ct);
512  const struct tcphdr *tcph;
513  struct tcphdr _tcph;
514  const struct pptp_pkt_hdr *pptph;
515  struct pptp_pkt_hdr _pptph;
516  struct PptpControlHeader _ctlh, *ctlh;
517  union pptp_ctrl_union _pptpReq, *pptpReq;
518  unsigned int tcplen = skb->len - protoff;
519  unsigned int datalen, reqlen, nexthdr_off;
520  int oldsstate, oldcstate;
521  int ret;
522  u_int16_t msg;
523 
524  /* don't do any tracking before tcp handshake complete */
525  if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY)
526  return NF_ACCEPT;
527 
528  nexthdr_off = protoff;
529  tcph = skb_header_pointer(skb, nexthdr_off, sizeof(_tcph), &_tcph);
530  BUG_ON(!tcph);
531  nexthdr_off += tcph->doff * 4;
532  datalen = tcplen - tcph->doff * 4;
533 
534  pptph = skb_header_pointer(skb, nexthdr_off, sizeof(_pptph), &_pptph);
535  if (!pptph) {
536  pr_debug("no full PPTP header, can't track\n");
537  return NF_ACCEPT;
538  }
539  nexthdr_off += sizeof(_pptph);
540  datalen -= sizeof(_pptph);
541 
542  /* if it's not a control message we can't do anything with it */
543  if (ntohs(pptph->packetType) != PPTP_PACKET_CONTROL ||
544  ntohl(pptph->magicCookie) != PPTP_MAGIC_COOKIE) {
545  pr_debug("not a control packet\n");
546  return NF_ACCEPT;
547  }
548 
549  ctlh = skb_header_pointer(skb, nexthdr_off, sizeof(_ctlh), &_ctlh);
550  if (!ctlh)
551  return NF_ACCEPT;
552  nexthdr_off += sizeof(_ctlh);
553  datalen -= sizeof(_ctlh);
554 
555  reqlen = datalen;
556  msg = ntohs(ctlh->messageType);
557  if (msg > 0 && msg <= PPTP_MSG_MAX && reqlen < pptp_msg_size[msg])
558  return NF_ACCEPT;
559  if (reqlen > sizeof(*pptpReq))
560  reqlen = sizeof(*pptpReq);
561 
562  pptpReq = skb_header_pointer(skb, nexthdr_off, reqlen, &_pptpReq);
563  if (!pptpReq)
564  return NF_ACCEPT;
565 
566  oldsstate = info->sstate;
567  oldcstate = info->cstate;
568 
569  spin_lock_bh(&nf_pptp_lock);
570 
571  /* FIXME: We just blindly assume that the control connection is always
572  * established from PNS->PAC. However, RFC makes no guarantee */
573  if (dir == IP_CT_DIR_ORIGINAL)
574  /* client -> server (PNS -> PAC) */
575  ret = pptp_outbound_pkt(skb, protoff, ctlh, pptpReq, reqlen, ct,
576  ctinfo);
577  else
578  /* server -> client (PAC -> PNS) */
579  ret = pptp_inbound_pkt(skb, protoff, ctlh, pptpReq, reqlen, ct,
580  ctinfo);
581  pr_debug("sstate: %d->%d, cstate: %d->%d\n",
582  oldsstate, info->sstate, oldcstate, info->cstate);
583  spin_unlock_bh(&nf_pptp_lock);
584 
585  return ret;
586 }
587 
588 static const struct nf_conntrack_expect_policy pptp_exp_policy = {
589  .max_expected = 2,
590  .timeout = 5 * 60,
591 };
592 
593 /* control protocol helper */
594 static struct nf_conntrack_helper pptp __read_mostly = {
595  .name = "pptp",
596  .me = THIS_MODULE,
597  .data_len = sizeof(struct nf_ct_pptp_master),
598  .tuple.src.l3num = AF_INET,
599  .tuple.src.u.tcp.port = cpu_to_be16(PPTP_CONTROL_PORT),
600  .tuple.dst.protonum = IPPROTO_TCP,
601  .help = conntrack_pptp_help,
602  .destroy = pptp_destroy_siblings,
603  .expect_policy = &pptp_exp_policy,
604 };
605 
606 static void nf_conntrack_pptp_net_exit(struct net *net)
607 {
608  nf_ct_gre_keymap_flush(net);
609 }
610 
611 static struct pernet_operations nf_conntrack_pptp_net_ops = {
612  .exit = nf_conntrack_pptp_net_exit,
613 };
614 
615 static int __init nf_conntrack_pptp_init(void)
616 {
617  int rv;
618 
619  rv = nf_conntrack_helper_register(&pptp);
620  if (rv < 0)
621  return rv;
622  rv = register_pernet_subsys(&nf_conntrack_pptp_net_ops);
623  if (rv < 0)
624  nf_conntrack_helper_unregister(&pptp);
625  return rv;
626 }
627 
628 static void __exit nf_conntrack_pptp_fini(void)
629 {
630  nf_conntrack_helper_unregister(&pptp);
631  unregister_pernet_subsys(&nf_conntrack_pptp_net_ops);
632 }
633 
634 module_init(nf_conntrack_pptp_init);
635 module_exit(nf_conntrack_pptp_fini);
Generated on Thu Jan 10 2013 15:00:32 for Linux Kernel by   doxygen 1.8.2