/* Generic function for mangling variable-length address changes inside * NATed UDP connections (like the CONNECT DATA XXXXX MESG XXXXX INDEX XXXXX * command in the Amanda protocol) * * Takes care about all the nasty sequence number changes, checksumming, * skb enlargement, ... * * XXX - This function could be merged with nf_nat_mangle_tcp_packet which * should be fairly easy to do. */ int nf_nat_mangle_udp_packet(struct sk_buff **pskb, struct nf_conn *ct, enum ip_conntrack_info ctinfo, unsigned int match_offset, unsigned int match_len, const char *rep_buffer, unsigned int rep_len) { struct iphdr *iph; struct udphdr *udph; int datalen, oldlen; /* UDP helpers might accidentally mangle the wrong packet */ iph = (*pskb)->nh.iph; if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) + match_offset + match_len) return 0; if (!skb_make_writable(pskb, (*pskb)->len)) return 0; if (rep_len > match_len && rep_len - match_len > skb_tailroom(*pskb) && !enlarge_skb(pskb, rep_len - match_len)) return 0; iph = (*pskb)->nh.iph; udph = (void *)iph + iph->ihl*4; oldlen = (*pskb)->len - iph->ihl*4; mangle_contents(*pskb, iph->ihl*4 + sizeof(*udph), match_offset, match_len, rep_buffer, rep_len); /* update the length of the UDP packet */ datalen = (*pskb)->len - iph->ihl*4; udph->len = htons(datalen); /* fix udp checksum if udp checksum was previously calculated */ if (!udph->check && (*pskb)->ip_summed != CHECKSUM_PARTIAL) return 1; if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { udph->check = 0; udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr, datalen, IPPROTO_UDP, csum_partial((char *)udph, datalen, 0)); if (!udph->check) udph->check = CSUM_MANGLED_0; } else nf_proto_csum_replace2(&udph->check, *pskb, htons(oldlen), htons(datalen), 1); return 1; }
/* Generic function for mangling variable-length address changes inside * NATed TCP connections (like the PORT XXX,XXX,XXX,XXX,XXX,XXX * command in FTP). * * Takes care about all the nasty sequence number changes, checksumming, * skb enlargement, ... * * */ int nf_nat_mangle_tcp_packet(struct sk_buff **pskb, struct nf_conn *ct, enum ip_conntrack_info ctinfo, unsigned int match_offset, unsigned int match_len, const char *rep_buffer, unsigned int rep_len) { struct iphdr *iph; struct tcphdr *tcph; int oldlen, datalen; if (!skb_make_writable(pskb, (*pskb)->len)) return 0; if (rep_len > match_len && rep_len - match_len > skb_tailroom(*pskb) && !enlarge_skb(pskb, rep_len - match_len)) return 0; SKB_LINEAR_ASSERT(*pskb); iph = (*pskb)->nh.iph; tcph = (void *)iph + iph->ihl*4; oldlen = (*pskb)->len - iph->ihl*4; mangle_contents(*pskb, iph->ihl*4 + tcph->doff*4, match_offset, match_len, rep_buffer, rep_len); datalen = (*pskb)->len - iph->ihl*4; if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) { tcph->check = 0; tcph->check = tcp_v4_check(datalen, iph->saddr, iph->daddr, csum_partial((char *)tcph, datalen, 0)); } else nf_proto_csum_replace2(&tcph->check, *pskb, htons(oldlen), htons(datalen), 1); if (rep_len != match_len) { set_bit(IPS_SEQ_ADJUST_BIT, &ct->status); adjust_tcp_sequence(ntohl(tcph->seq), (int)rep_len - (int)match_len, ct, ctinfo); /* Tell TCP window tracking about seq change */ nf_conntrack_tcp_update(*pskb, (*pskb)->nh.iph->ihl*4, ct, CTINFO2DIR(ctinfo)); } return 1; }
/* Generic function for mangling variable-length address changes inside * NATed TCP connections (like the PORT XXX,XXX,XXX,XXX,XXX,XXX * command in FTP). * * Takes care about all the nasty sequence number changes, checksumming, * skb enlargement, ... * * */ int __nf_nat_mangle_tcp_packet(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info ctinfo, unsigned int match_offset, unsigned int match_len, const char *rep_buffer, unsigned int rep_len, bool adjust) { struct rtable *rt = skb_rtable(skb); struct iphdr *iph; struct tcphdr *tcph; int oldlen, datalen; unsigned char ipOffSet; //Leo add if (!skb_make_writable(skb, skb->len)) return 0; if (rep_len > match_len && rep_len - match_len > skb_tailroom(skb) && !enlarge_skb(skb, rep_len - match_len)) return 0; SKB_LINEAR_ASSERT(skb); iph = ip_hdr(skb); ipOffSet = iph->ihl << 2; tcph = (void *)iph + ipOffSet; oldlen = skb->len - ipOffSet; mangle_contents(skb, ipOffSet + tcph->doff*4, match_offset, match_len, rep_buffer, rep_len); datalen = skb->len - ipOffSet; if (skb->ip_summed != CHECKSUM_PARTIAL) { if (!(rt->rt_flags & RTCF_LOCAL) && skb->dev->features & NETIF_F_V4_CSUM) { skb->ip_summed = CHECKSUM_PARTIAL; skb->csum_start = skb_headroom(skb) + skb_network_offset(skb) + ipOffSet; skb->csum_offset = offsetof(struct tcphdr, check); tcph->check = ~tcp_v4_check(datalen, iph->saddr, iph->daddr, 0); } else {
/* Generic function for mangling variable-length address changes inside * NATed UDP connections (like the CONNECT DATA XXXXX MESG XXXXX INDEX XXXXX * command in the Amanda protocol) * * Takes care about all the nasty sequence number changes, checksumming, * skb enlargement, ... * * XXX - This function could be merged with nf_nat_mangle_tcp_packet which * should be fairly easy to do. */ int nf_nat_mangle_udp_packet(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info ctinfo, unsigned int match_offset, unsigned int match_len, const char *rep_buffer, unsigned int rep_len) { struct iphdr *iph; struct udphdr *udph; int datalen, oldlen; /* UDP helpers might accidentally mangle the wrong packet */ iph = ip_hdr(skb); if (skb->len < iph->ihl*4 + sizeof(*udph) + match_offset + match_len) return 0; if (!skb_make_writable(skb, skb->len)) return 0; if (rep_len > match_len && rep_len - match_len > skb_tailroom(skb) && !enlarge_skb(skb, rep_len - match_len)) return 0; iph = ip_hdr(skb); udph = (void *)iph + iph->ihl*4; oldlen = skb->len - iph->ihl*4; mangle_contents(skb, iph->ihl*4 + sizeof(*udph), match_offset, match_len, rep_buffer, rep_len); /* update the length of the UDP packet */ datalen = skb->len - iph->ihl*4; udph->len = htons(datalen); /* fix udp checksum if udp checksum was previously calculated */ if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL) return 1; nf_nat_csum(skb, iph, udph, datalen, &udph->check, oldlen); return 1; }
int nf_nat_mangle_udp_packet(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info ctinfo, unsigned int match_offset, unsigned int match_len, const char *rep_buffer, unsigned int rep_len) { struct iphdr *iph; struct udphdr *udph; int datalen, oldlen; if (!skb_make_writable(skb, skb->len)) return 0; if (rep_len > match_len && rep_len - match_len > skb_tailroom(skb) && !enlarge_skb(skb, rep_len - match_len)) return 0; iph = ip_hdr(skb); udph = (void *)iph + iph->ihl*4; oldlen = skb->len - iph->ihl*4; mangle_contents(skb, iph->ihl*4 + sizeof(*udph), match_offset, match_len, rep_buffer, rep_len); datalen = skb->len - iph->ihl*4; udph->len = htons(datalen); if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL) return 1; nf_nat_csum(skb, iph, udph, datalen, &udph->check, oldlen); return 1; }
int __nf_nat_mangle_tcp_packet(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info ctinfo, unsigned int match_offset, unsigned int match_len, const char *rep_buffer, unsigned int rep_len, bool adjust) { struct iphdr *iph; struct tcphdr *tcph; int oldlen, datalen; if (!skb_make_writable(skb, skb->len)) return 0; if (rep_len > match_len && rep_len - match_len > skb_tailroom(skb) && !enlarge_skb(skb, rep_len - match_len)) return 0; SKB_LINEAR_ASSERT(skb); iph = ip_hdr(skb); tcph = (void *)iph + iph->ihl*4; oldlen = skb->len - iph->ihl*4; mangle_contents(skb, iph->ihl*4 + tcph->doff*4, match_offset, match_len, rep_buffer, rep_len); datalen = skb->len - iph->ihl*4; nf_nat_csum(skb, iph, tcph, datalen, &tcph->check, oldlen); if (adjust && rep_len != match_len) nf_nat_set_seq_adjust(ct, ctinfo, tcph->seq, (int)rep_len - (int)match_len); return 1; }