[deliverable/linux.git] / net / netfilter / nf_nat_helper.c

/* nf_nat_helper.c - generic support functions for NAT helpers
 *
 * (C) 2000-2002 Harald Welte <laforge@netfilter.org>
 * (C) 2003-2006 Netfilter Core Team <coreteam@netfilter.org>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 */
#include <linux/module.h>
#include <linux/gfp.h>
#include <linux/types.h>
#include <linux/skbuff.h>
#include <linux/tcp.h>
#include <linux/udp.h>
#include <net/tcp.h>

#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_conntrack_helper.h>
#include <net/netfilter/nf_conntrack_ecache.h>
#include <net/netfilter/nf_conntrack_expect.h>
#include <net/netfilter/nf_nat.h>
#include <net/netfilter/nf_nat_l3proto.h>
#include <net/netfilter/nf_nat_l4proto.h>
#include <net/netfilter/nf_nat_core.h>
#include <net/netfilter/nf_nat_helper.h>

#define DUMP_OFFSET(x) \
	pr_debug("offset_before=%d, offset_after=%d, correction_pos=%u\n", \
		 x->offset_before, x->offset_after, x->correction_pos);

static DEFINE_SPINLOCK(nf_nat_seqofs_lock);

/* Setup TCP sequence correction given this change at this sequence */
static inline void
adjust_tcp_sequence(u32 seq,
		    int sizediff,
		    struct nf_conn *ct,
		    enum ip_conntrack_info ctinfo)
{
	enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
	struct nf_conn_nat *nat = nfct_nat(ct);
	struct nf_nat_seq *this_way = &nat->seq[dir];

	pr_debug("adjust_tcp_sequence: seq = %u, sizediff = %d\n",
		 seq, sizediff);

	pr_debug("adjust_tcp_sequence: Seq_offset before: ");
	DUMP_OFFSET(this_way);

	spin_lock_bh(&nf_nat_seqofs_lock);

	/* SYN adjust. If it's uninitialized, or this is after last
	 * correction, record it: we don't handle more than one
	 * adjustment in the window, but do deal with common case of a
	 * retransmit */
	if (this_way->offset_before == this_way->offset_after ||
	    before(this_way->correction_pos, seq)) {
		this_way->correction_pos = seq;
		this_way->offset_before = this_way->offset_after;
		this_way->offset_after += sizediff;
	}
	spin_unlock_bh(&nf_nat_seqofs_lock);

	pr_debug("adjust_tcp_sequence: Seq_offset after: ");
	DUMP_OFFSET(this_way);
}

/* Get the offset value, for conntrack */
s16 nf_nat_get_offset(const struct nf_conn *ct,
		      enum ip_conntrack_dir dir,
		      u32 seq)
{
	struct nf_conn_nat *nat = nfct_nat(ct);
	struct nf_nat_seq *this_way;
	s16 offset;

	if (!nat)
		return 0;

	this_way = &nat->seq[dir];
	spin_lock_bh(&nf_nat_seqofs_lock);
	offset = after(seq, this_way->correction_pos)
		 ? this_way->offset_after : this_way->offset_before;
	spin_unlock_bh(&nf_nat_seqofs_lock);

	return offset;
}

/* Frobs data inside this packet, which is linear. */
static void mangle_contents(struct sk_buff *skb,
			    unsigned int dataoff,
			    unsigned int match_offset,
			    unsigned int match_len,
			    const char *rep_buffer,
			    unsigned int rep_len)
{
	unsigned char *data;

	BUG_ON(skb_is_nonlinear(skb));
	data = skb_network_header(skb) + dataoff;

	/* move post-replacement */
	memmove(data + match_offset + rep_len,
		data + match_offset + match_len,
		skb->tail - (skb->network_header + dataoff +
			     match_offset + match_len));

	/* insert data from buffer */
	memcpy(data + match_offset, rep_buffer, rep_len);

	/* update skb info */
	if (rep_len > match_len) {
		pr_debug("nf_nat_mangle_packet: Extending packet by "
			 "%u from %u bytes\n", rep_len - match_len, skb->len);
		skb_put(skb, rep_len - match_len);
	} else {
		pr_debug("nf_nat_mangle_packet: Shrinking packet from "
			 "%u from %u bytes\n", match_len - rep_len, skb->len);
		__skb_trim(skb, skb->len + rep_len - match_len);
	}

	if (nf_ct_l3num((struct nf_conn *)skb->nfct) == NFPROTO_IPV4) {
		/* fix IP hdr checksum information */
		ip_hdr(skb)->tot_len = htons(skb->len);
		ip_send_check(ip_hdr(skb));
	} else
		ipv6_hdr(skb)->payload_len =
			htons(skb->len - sizeof(struct ipv6hdr));
}

/* Unusual, but possible case. */
static int enlarge_skb(struct sk_buff *skb, unsigned int extra)
{
	if (skb->len + extra > 65535)
		return 0;

	if (pskb_expand_head(skb, 0, extra - skb_tailroom(skb), GFP_ATOMIC))
		return 0;

	return 1;
}

void nf_nat_set_seq_adjust(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
			   __be32 seq, s16 off)
{
	if (!off)
		return;
	set_bit(IPS_SEQ_ADJUST_BIT, &ct->status);
	adjust_tcp_sequence(ntohl(seq), off, ct, ctinfo);
	nf_conntrack_event_cache(IPCT_NATSEQADJ, ct);
}
EXPORT_SYMBOL_GPL(nf_nat_set_seq_adjust);

void nf_nat_tcp_seq_adjust(struct sk_buff *skb, struct nf_conn *ct,
			   u32 ctinfo, int off)
{
	const struct tcphdr *th;

	if (nf_ct_protonum(ct) != IPPROTO_TCP)
		return;

	th = (struct tcphdr *)(skb_network_header(skb)+ ip_hdrlen(skb));
	nf_nat_set_seq_adjust(ct, ctinfo, th->seq, off);
}
EXPORT_SYMBOL_GPL(nf_nat_tcp_seq_adjust);

/* Generic function for mangling variable-length address changes inside
 * NATed TCP connections (like the PORT XXX,XXX,XXX,XXX,XXX,XXX
 * command in FTP).
 *
 * Takes care about all the nasty sequence number changes, checksumming,
 * skb enlargement, ...
 *
 * */
int __nf_nat_mangle_tcp_packet(struct sk_buff *skb,
			       struct nf_conn *ct,
			       enum ip_conntrack_info ctinfo,
			       unsigned int protoff,
			       unsigned int match_offset,
			       unsigned int match_len,
			       const char *rep_buffer,
			       unsigned int rep_len, bool adjust)
{
	const struct nf_nat_l3proto *l3proto;
	struct tcphdr *tcph;
	int oldlen, datalen;

	if (!skb_make_writable(skb, skb->len))
		return 0;

	if (rep_len > match_len &&
	    rep_len - match_len > skb_tailroom(skb) &&
	    !enlarge_skb(skb, rep_len - match_len))
		return 0;

	SKB_LINEAR_ASSERT(skb);

	tcph = (void *)skb->data + protoff;

	oldlen = skb->len - protoff;
	mangle_contents(skb, protoff + tcph->doff*4,
			match_offset, match_len, rep_buffer, rep_len);

	datalen = skb->len - protoff;

	l3proto = __nf_nat_l3proto_find(nf_ct_l3num(ct));
	l3proto->csum_recalc(skb, IPPROTO_TCP, tcph, &tcph->check,
			     datalen, oldlen);

	if (adjust && rep_len != match_len)
		nf_nat_set_seq_adjust(ct, ctinfo, tcph->seq,
				      (int)rep_len - (int)match_len);

	return 1;
}
EXPORT_SYMBOL(__nf_nat_mangle_tcp_packet);

/* Generic function for mangling variable-length address changes inside
 * NATed UDP connections (like the CONNECT DATA XXXXX MESG XXXXX INDEX XXXXX
 * command in the Amanda protocol)
 *
 * Takes care about all the nasty sequence number changes, checksumming,
 * skb enlargement, ...
 *
 * XXX - This function could be merged with nf_nat_mangle_tcp_packet which
 *       should be fairly easy to do.
 */
int
nf_nat_mangle_udp_packet(struct sk_buff *skb,
			 struct nf_conn *ct,
			 enum ip_conntrack_info ctinfo,
			 unsigned int protoff,
			 unsigned int match_offset,
			 unsigned int match_len,
			 const char *rep_buffer,
			 unsigned int rep_len)
{
	const struct nf_nat_l3proto *l3proto;
	struct udphdr *udph;
	int datalen, oldlen;

	if (!skb_make_writable(skb, skb->len))
		return 0;

	if (rep_len > match_len &&
	    rep_len - match_len > skb_tailroom(skb) &&
	    !enlarge_skb(skb, rep_len - match_len))
		return 0;

	udph = (void *)skb->data + protoff;

	oldlen = skb->len - protoff;
	mangle_contents(skb, protoff + sizeof(*udph),
			match_offset, match_len, rep_buffer, rep_len);

	/* update the length of the UDP packet */
	datalen = skb->len - protoff;
	udph->len = htons(datalen);

	/* fix udp checksum if udp checksum was previously calculated */
	if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL)
		return 1;

	l3proto = __nf_nat_l3proto_find(nf_ct_l3num(ct));
	l3proto->csum_recalc(skb, IPPROTO_UDP, udph, &udph->check,
			     datalen, oldlen);

	return 1;
}
EXPORT_SYMBOL(nf_nat_mangle_udp_packet);

/* Adjust one found SACK option including checksum correction */
static void
sack_adjust(struct sk_buff *skb,
	    struct tcphdr *tcph,
	    unsigned int sackoff,
	    unsigned int sackend,
	    struct nf_nat_seq *natseq)
{
	while (sackoff < sackend) {
		struct tcp_sack_block_wire *sack;
		__be32 new_start_seq, new_end_seq;

		sack = (void *)skb->data + sackoff;
		if (after(ntohl(sack->start_seq) - natseq->offset_before,
			  natseq->correction_pos))
			new_start_seq = htonl(ntohl(sack->start_seq)
					- natseq->offset_after);
		else
			new_start_seq = htonl(ntohl(sack->start_seq)
					- natseq->offset_before);

		if (after(ntohl(sack->end_seq) - natseq->offset_before,
			  natseq->correction_pos))
			new_end_seq = htonl(ntohl(sack->end_seq)
				      - natseq->offset_after);
		else
			new_end_seq = htonl(ntohl(sack->end_seq)
				      - natseq->offset_before);

		pr_debug("sack_adjust: start_seq: %d->%d, end_seq: %d->%d\n",
			 ntohl(sack->start_seq), new_start_seq,
			 ntohl(sack->end_seq), new_end_seq);

		inet_proto_csum_replace4(&tcph->check, skb,
					 sack->start_seq, new_start_seq, 0);
		inet_proto_csum_replace4(&tcph->check, skb,
					 sack->end_seq, new_end_seq, 0);
		sack->start_seq = new_start_seq;
		sack->end_seq = new_end_seq;
		sackoff += sizeof(*sack);
	}
}

/* TCP SACK sequence number adjustment */
static inline unsigned int
nf_nat_sack_adjust(struct sk_buff *skb,
		   unsigned int protoff,
		   struct tcphdr *tcph,
		   struct nf_conn *ct,
		   enum ip_conntrack_info ctinfo)
{
	unsigned int dir, optoff, optend;
	struct nf_conn_nat *nat = nfct_nat(ct);

	optoff = protoff + sizeof(struct tcphdr);
	optend = protoff + tcph->doff * 4;

	if (!skb_make_writable(skb, optend))
		return 0;

	dir = CTINFO2DIR(ctinfo);

	while (optoff < optend) {
		/* Usually: option, length. */
		unsigned char *op = skb->data + optoff;

		switch (op[0]) {
		case TCPOPT_EOL:
			return 1;
		case TCPOPT_NOP:
			optoff++;
			continue;
		default:
			/* no partial options */
			if (optoff + 1 == optend ||
			    optoff + op[1] > optend ||
			    op[1] < 2)
				return 0;
			if (op[0] == TCPOPT_SACK &&
			    op[1] >= 2+TCPOLEN_SACK_PERBLOCK &&
			    ((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0)
				sack_adjust(skb, tcph, optoff+2,
					    optoff+op[1], &nat->seq[!dir]);
			optoff += op[1];
		}
	}
	return 1;
}

/* TCP sequence number adjustment.  Returns 1 on success, 0 on failure */
int
nf_nat_seq_adjust(struct sk_buff *skb,
		  struct nf_conn *ct,
		  enum ip_conntrack_info ctinfo,
		  unsigned int protoff)
{
	struct tcphdr *tcph;
	int dir;
	__be32 newseq, newack;
	s16 seqoff, ackoff;
	struct nf_conn_nat *nat = nfct_nat(ct);
	struct nf_nat_seq *this_way, *other_way;

	dir = CTINFO2DIR(ctinfo);

	this_way = &nat->seq[dir];
	other_way = &nat->seq[!dir];

	if (!skb_make_writable(skb, protoff + sizeof(*tcph)))
		return 0;

	tcph = (void *)skb->data + protoff;
	if (after(ntohl(tcph->seq), this_way->correction_pos))
		seqoff = this_way->offset_after;
	else
		seqoff = this_way->offset_before;

	if (after(ntohl(tcph->ack_seq) - other_way->offset_before,
		  other_way->correction_pos))
		ackoff = other_way->offset_after;
	else
		ackoff = other_way->offset_before;

	newseq = htonl(ntohl(tcph->seq) + seqoff);
	newack = htonl(ntohl(tcph->ack_seq) - ackoff);

	inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0);
	inet_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0);

	pr_debug("Adjusting sequence number from %u->%u, ack from %u->%u\n",
		 ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq),
		 ntohl(newack));

	tcph->seq = newseq;
	tcph->ack_seq = newack;

	return nf_nat_sack_adjust(skb, protoff, tcph, ct, ctinfo);
}

/* Setup NAT on this expected conntrack so it follows master. */
/* If we fail to get a free NAT slot, we'll get dropped on confirm */
void nf_nat_follow_master(struct nf_conn *ct,
			  struct nf_conntrack_expect *exp)
{
	struct nf_nat_range range;

	/* This must be a fresh one. */
	BUG_ON(ct->status & IPS_NAT_DONE_MASK);

	/* Change src to where master sends to */
	range.flags = NF_NAT_RANGE_MAP_IPS;
	range.min_addr = range.max_addr
		= ct->master->tuplehash[!exp->dir].tuple.dst.u3;
	nf_nat_setup_info(ct, &range, NF_NAT_MANIP_SRC);

	/* For DST manip, map port here to where it's expected. */
	range.flags = (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED);
	range.min_proto = range.max_proto = exp->saved_proto;
	range.min_addr = range.max_addr
		= ct->master->tuplehash[!exp->dir].tuple.src.u3;
	nf_nat_setup_info(ct, &range, NF_NAT_MANIP_DST);
}
EXPORT_SYMBOL(nf_nat_follow_master);
Commit	Line	Data
c7232c99	1	/* nf_nat_helper.c - generic support functions for NAT helpers
5b1158e9 JK	2	*
	3	* (C) 2000-2002 Harald Welte <laforge@netfilter.org>
	4	* (C) 2003-2006 Netfilter Core Team <coreteam@netfilter.org>
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License version 2 as
	8	* published by the Free Software Foundation.
	9	*/
	10	#include <linux/module.h>
5a0e3ad6	11	#include <linux/gfp.h>
5b1158e9	12	#include <linux/types.h>
5b1158e9 JK	13	#include <linux/skbuff.h>
	14	#include <linux/tcp.h>
	15	#include <linux/udp.h>
5b1158e9 JK	16	#include <net/tcp.h>
5b1158e9 JK	17
5b1158e9 JK	18	#include <net/netfilter/nf_conntrack.h>
5b1158e9 JK	19	#include <net/netfilter/nf_conntrack_helper.h>
13eae15a	20	#include <net/netfilter/nf_conntrack_ecache.h>
5b1158e9 JK	21	#include <net/netfilter/nf_conntrack_expect.h>
5b1158e9 JK	22	#include <net/netfilter/nf_nat.h>
c7232c99 PM	23	#include <net/netfilter/nf_nat_l3proto.h>
c7232c99 PM	24	#include <net/netfilter/nf_nat_l4proto.h>
5b1158e9 JK	25	#include <net/netfilter/nf_nat_core.h>
	26	#include <net/netfilter/nf_nat_helper.h>
	27
0d53778e PM	28	#define DUMP_OFFSET(x) \
	29	pr_debug("offset_before=%d, offset_after=%d, correction_pos=%u\n", \
	30	x->offset_before, x->offset_after, x->correction_pos);
5b1158e9 JK	31
	32	static DEFINE_SPINLOCK(nf_nat_seqofs_lock);
	33
	34	/* Setup TCP sequence correction given this change at this sequence */
	35	static inline void
	36	adjust_tcp_sequence(u32 seq,
	37	int sizediff,
	38	struct nf_conn *ct,
	39	enum ip_conntrack_info ctinfo)
	40	{
76ac8940	41	enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
5b1158e9	42	struct nf_conn_nat *nat = nfct_nat(ct);
76ac8940	43	struct nf_nat_seq *this_way = &nat->seq[dir];
5b1158e9	44
76ac8940 HE	45	pr_debug("adjust_tcp_sequence: seq = %u, sizediff = %d\n",
76ac8940 HE	46	seq, sizediff);
5b1158e9	47
76ac8940	48	pr_debug("adjust_tcp_sequence: Seq_offset before: ");
5b1158e9 JK	49	DUMP_OFFSET(this_way);
	50
	51	spin_lock_bh(&nf_nat_seqofs_lock);
	52
	53	/* SYN adjust. If it's uninitialized, or this is after last
	54	* correction, record it: we don't handle more than one
	55	* adjustment in the window, but do deal with common case of a
	56	* retransmit */
	57	if (this_way->offset_before == this_way->offset_after \|\|
	58	before(this_way->correction_pos, seq)) {
76ac8940 HE	59	this_way->correction_pos = seq;
	60	this_way->offset_before = this_way->offset_after;
	61	this_way->offset_after += sizediff;
5b1158e9 JK	62	}
	63	spin_unlock_bh(&nf_nat_seqofs_lock);
	64
76ac8940	65	pr_debug("adjust_tcp_sequence: Seq_offset after: ");
5b1158e9 JK	66	DUMP_OFFSET(this_way);
	67	}
	68
f9dd09c7 JK	69	/* Get the offset value, for conntrack */
	70	s16 nf_nat_get_offset(const struct nf_conn *ct,
	71	enum ip_conntrack_dir dir,
	72	u32 seq)
	73	{
	74	struct nf_conn_nat *nat = nfct_nat(ct);
	75	struct nf_nat_seq *this_way;
	76	s16 offset;
	77
	78	if (!nat)
	79	return 0;
	80
	81	this_way = &nat->seq[dir];
	82	spin_lock_bh(&nf_nat_seqofs_lock);
	83	offset = after(seq, this_way->correction_pos)
	84	? this_way->offset_after : this_way->offset_before;
	85	spin_unlock_bh(&nf_nat_seqofs_lock);
	86
	87	return offset;
	88	}
f9dd09c7	89
5b1158e9 JK	90	/* Frobs data inside this packet, which is linear. */
	91	static void mangle_contents(struct sk_buff *skb,
	92	unsigned int dataoff,
	93	unsigned int match_offset,
	94	unsigned int match_len,
	95	const char *rep_buffer,
	96	unsigned int rep_len)
	97	{
	98	unsigned char *data;
	99
	100	BUG_ON(skb_is_nonlinear(skb));
eddc9ec5	101	data = skb_network_header(skb) + dataoff;
5b1158e9 JK	102
	103	/* move post-replacement */
	104	memmove(data + match_offset + rep_len,
	105	data + match_offset + match_len,
27a884dc ACM	106	skb->tail - (skb->network_header + dataoff +
27a884dc ACM	107	match_offset + match_len));
5b1158e9 JK	108
	109	/* insert data from buffer */
	110	memcpy(data + match_offset, rep_buffer, rep_len);
	111
	112	/* update skb info */
	113	if (rep_len > match_len) {
0d53778e PM	114	pr_debug("nf_nat_mangle_packet: Extending packet by "
0d53778e PM	115	"%u from %u bytes\n", rep_len - match_len, skb->len);
5b1158e9 JK	116	skb_put(skb, rep_len - match_len);
5b1158e9 JK	117	} else {
0d53778e PM	118	pr_debug("nf_nat_mangle_packet: Shrinking packet from "
0d53778e PM	119	"%u from %u bytes\n", match_len - rep_len, skb->len);
5b1158e9 JK	120	__skb_trim(skb, skb->len + rep_len - match_len);
	121	}
	122
c7232c99 PM	123	if (nf_ct_l3num((struct nf_conn *)skb->nfct) == NFPROTO_IPV4) {
	124	/* fix IP hdr checksum information */
	125	ip_hdr(skb)->tot_len = htons(skb->len);
	126	ip_send_check(ip_hdr(skb));
	127	} else
	128	ipv6_hdr(skb)->payload_len =
	129	htons(skb->len - sizeof(struct ipv6hdr));
5b1158e9 JK	130	}
	131
	132	/* Unusual, but possible case. */
3db05fea	133	static int enlarge_skb(struct sk_buff *skb, unsigned int extra)
5b1158e9	134	{
3db05fea	135	if (skb->len + extra > 65535)
5b1158e9 JK	136	return 0;
5b1158e9 JK	137
3db05fea	138	if (pskb_expand_head(skb, 0, extra - skb_tailroom(skb), GFP_ATOMIC))
5b1158e9 JK	139	return 0;
5b1158e9 JK	140
5b1158e9 JK	141	return 1;
	142	}
	143
010c0b9f PM	144	void nf_nat_set_seq_adjust(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
	145	__be32 seq, s16 off)
	146	{
	147	if (!off)
	148	return;
	149	set_bit(IPS_SEQ_ADJUST_BIT, &ct->status);
	150	adjust_tcp_sequence(ntohl(seq), off, ct, ctinfo);
	151	nf_conntrack_event_cache(IPCT_NATSEQADJ, ct);
	152	}
	153	EXPORT_SYMBOL_GPL(nf_nat_set_seq_adjust);
	154
8c88f87c PNA	155	void nf_nat_tcp_seq_adjust(struct sk_buff skb, struct nf_conn ct,
	156	u32 ctinfo, int off)
	157	{
	158	const struct tcphdr *th;
	159
	160	if (nf_ct_protonum(ct) != IPPROTO_TCP)
	161	return;
	162
	163	th = (struct tcphdr *)(skb_network_header(skb)+ ip_hdrlen(skb));
	164	nf_nat_set_seq_adjust(ct, ctinfo, th->seq, off);
	165	}
	166	EXPORT_SYMBOL_GPL(nf_nat_tcp_seq_adjust);
	167
5b1158e9 JK	168	/* Generic function for mangling variable-length address changes inside
	169	* NATed TCP connections (like the PORT XXX,XXX,XXX,XXX,XXX,XXX
	170	* command in FTP).
	171	*
	172	* Takes care about all the nasty sequence number changes, checksumming,
	173	* skb enlargement, ...
	174	*
	175	* */
010c0b9f PM	176	int __nf_nat_mangle_tcp_packet(struct sk_buff *skb,
	177	struct nf_conn *ct,
	178	enum ip_conntrack_info ctinfo,
051966c0	179	unsigned int protoff,
010c0b9f PM	180	unsigned int match_offset,
	181	unsigned int match_len,
	182	const char *rep_buffer,
	183	unsigned int rep_len, bool adjust)
5b1158e9	184	{
c7232c99	185	const struct nf_nat_l3proto *l3proto;
5b1158e9 JK	186	struct tcphdr *tcph;
	187	int oldlen, datalen;
	188
3db05fea	189	if (!skb_make_writable(skb, skb->len))
5b1158e9 JK	190	return 0;
	191
	192	if (rep_len > match_len &&
3db05fea HX	193	rep_len - match_len > skb_tailroom(skb) &&
3db05fea HX	194	!enlarge_skb(skb, rep_len - match_len))
5b1158e9 JK	195	return 0;
5b1158e9 JK	196
3db05fea	197	SKB_LINEAR_ASSERT(skb);
5b1158e9	198
c7232c99	199	tcph = (void *)skb->data + protoff;
5b1158e9	200
c7232c99 PM	201	oldlen = skb->len - protoff;
c7232c99 PM	202	mangle_contents(skb, protoff + tcph->doff*4,
5b1158e9 JK	203	match_offset, match_len, rep_buffer, rep_len);
5b1158e9 JK	204
c7232c99 PM	205	datalen = skb->len - protoff;
	206
	207	l3proto = __nf_nat_l3proto_find(nf_ct_l3num(ct));
	208	l3proto->csum_recalc(skb, IPPROTO_TCP, tcph, &tcph->check,
	209	datalen, oldlen);
5b1158e9	210
010c0b9f PM	211	if (adjust && rep_len != match_len)
	212	nf_nat_set_seq_adjust(ct, ctinfo, tcph->seq,
	213	(int)rep_len - (int)match_len);
	214
5b1158e9 JK	215	return 1;
5b1158e9 JK	216	}
010c0b9f	217	EXPORT_SYMBOL(__nf_nat_mangle_tcp_packet);
5b1158e9 JK	218
	219	/* Generic function for mangling variable-length address changes inside
	220	* NATed UDP connections (like the CONNECT DATA XXXXX MESG XXXXX INDEX XXXXX
	221	* command in the Amanda protocol)
	222	*
	223	* Takes care about all the nasty sequence number changes, checksumming,
	224	* skb enlargement, ...
	225	*
	226	* XXX - This function could be merged with nf_nat_mangle_tcp_packet which
	227	* should be fairly easy to do.
	228	*/
	229	int
3db05fea	230	nf_nat_mangle_udp_packet(struct sk_buff *skb,
5b1158e9 JK	231	struct nf_conn *ct,
5b1158e9 JK	232	enum ip_conntrack_info ctinfo,
051966c0	233	unsigned int protoff,
5b1158e9 JK	234	unsigned int match_offset,
	235	unsigned int match_len,
	236	const char *rep_buffer,
	237	unsigned int rep_len)
	238	{
c7232c99	239	const struct nf_nat_l3proto *l3proto;
5b1158e9 JK	240	struct udphdr *udph;
	241	int datalen, oldlen;
	242
3db05fea	243	if (!skb_make_writable(skb, skb->len))
5b1158e9 JK	244	return 0;
	245
	246	if (rep_len > match_len &&
3db05fea HX	247	rep_len - match_len > skb_tailroom(skb) &&
3db05fea HX	248	!enlarge_skb(skb, rep_len - match_len))
5b1158e9 JK	249	return 0;
5b1158e9 JK	250
c7232c99	251	udph = (void *)skb->data + protoff;
5b1158e9	252
c7232c99 PM	253	oldlen = skb->len - protoff;
c7232c99 PM	254	mangle_contents(skb, protoff + sizeof(*udph),
5b1158e9 JK	255	match_offset, match_len, rep_buffer, rep_len);
	256
	257	/* update the length of the UDP packet */
c7232c99	258	datalen = skb->len - protoff;
5b1158e9 JK	259	udph->len = htons(datalen);
	260
	261	/* fix udp checksum if udp checksum was previously calculated */
3db05fea	262	if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL)
5b1158e9 JK	263	return 1;
5b1158e9 JK	264
c7232c99 PM	265	l3proto = __nf_nat_l3proto_find(nf_ct_l3num(ct));
	266	l3proto->csum_recalc(skb, IPPROTO_UDP, udph, &udph->check,
	267	datalen, oldlen);
5b1158e9 JK	268
	269	return 1;
	270	}
	271	EXPORT_SYMBOL(nf_nat_mangle_udp_packet);
	272
	273	/* Adjust one found SACK option including checksum correction */
	274	static void
	275	sack_adjust(struct sk_buff *skb,
	276	struct tcphdr *tcph,
	277	unsigned int sackoff,
	278	unsigned int sackend,
	279	struct nf_nat_seq *natseq)
	280	{
	281	while (sackoff < sackend) {
	282	struct tcp_sack_block_wire *sack;
	283	__be32 new_start_seq, new_end_seq;
	284
	285	sack = (void *)skb->data + sackoff;
	286	if (after(ntohl(sack->start_seq) - natseq->offset_before,
	287	natseq->correction_pos))
	288	new_start_seq = htonl(ntohl(sack->start_seq)
	289	- natseq->offset_after);
	290	else
	291	new_start_seq = htonl(ntohl(sack->start_seq)
	292	- natseq->offset_before);
	293
	294	if (after(ntohl(sack->end_seq) - natseq->offset_before,
	295	natseq->correction_pos))
	296	new_end_seq = htonl(ntohl(sack->end_seq)
	297	- natseq->offset_after);
	298	else
	299	new_end_seq = htonl(ntohl(sack->end_seq)
	300	- natseq->offset_before);
	301
0d53778e PM	302	pr_debug("sack_adjust: start_seq: %d->%d, end_seq: %d->%d\n",
	303	ntohl(sack->start_seq), new_start_seq,
	304	ntohl(sack->end_seq), new_end_seq);
5b1158e9	305
be0ea7d5 PM	306	inet_proto_csum_replace4(&tcph->check, skb,
	307	sack->start_seq, new_start_seq, 0);
	308	inet_proto_csum_replace4(&tcph->check, skb,
	309	sack->end_seq, new_end_seq, 0);
5b1158e9 JK	310	sack->start_seq = new_start_seq;
	311	sack->end_seq = new_end_seq;
	312	sackoff += sizeof(*sack);
	313	}
	314	}
	315
	316	/* TCP SACK sequence number adjustment */
	317	static inline unsigned int
3db05fea	318	nf_nat_sack_adjust(struct sk_buff *skb,
c7232c99	319	unsigned int protoff,
5b1158e9 JK	320	struct tcphdr *tcph,
	321	struct nf_conn *ct,
	322	enum ip_conntrack_info ctinfo)
	323	{
	324	unsigned int dir, optoff, optend;
	325	struct nf_conn_nat *nat = nfct_nat(ct);
	326
c7232c99 PM	327	optoff = protoff + sizeof(struct tcphdr);
c7232c99 PM	328	optend = protoff + tcph->doff * 4;
5b1158e9	329
3db05fea	330	if (!skb_make_writable(skb, optend))
5b1158e9 JK	331	return 0;
	332
	333	dir = CTINFO2DIR(ctinfo);
	334
	335	while (optoff < optend) {
	336	/* Usually: option, length. */
3db05fea	337	unsigned char *op = skb->data + optoff;
5b1158e9 JK	338
	339	switch (op[0]) {
	340	case TCPOPT_EOL:
	341	return 1;
	342	case TCPOPT_NOP:
	343	optoff++;
	344	continue;
	345	default:
	346	/* no partial options */
	347	if (optoff + 1 == optend \|\|
	348	optoff + op[1] > optend \|\|
	349	op[1] < 2)
	350	return 0;
	351	if (op[0] == TCPOPT_SACK &&
	352	op[1] >= 2+TCPOLEN_SACK_PERBLOCK &&
	353	((op[1] - 2) % TCPOLEN_SACK_PERBLOCK) == 0)
3db05fea	354	sack_adjust(skb, tcph, optoff+2,
b6b84d4a	355	optoff+op[1], &nat->seq[!dir]);
5b1158e9 JK	356	optoff += op[1];
	357	}
	358	}
	359	return 1;
	360	}
	361
	362	/* TCP sequence number adjustment. Returns 1 on success, 0 on failure */
	363	int
3db05fea	364	nf_nat_seq_adjust(struct sk_buff *skb,
5b1158e9	365	struct nf_conn *ct,
051966c0 PM	366	enum ip_conntrack_info ctinfo,
051966c0 PM	367	unsigned int protoff)
5b1158e9 JK	368	{
	369	struct tcphdr *tcph;
	370	int dir;
	371	__be32 newseq, newack;
a3a9f79e	372	s16 seqoff, ackoff;
5b1158e9 JK	373	struct nf_conn_nat *nat = nfct_nat(ct);
	374	struct nf_nat_seq this_way, other_way;
	375
	376	dir = CTINFO2DIR(ctinfo);
	377
b6b84d4a YK	378	this_way = &nat->seq[dir];
b6b84d4a YK	379	other_way = &nat->seq[!dir];
5b1158e9	380
051966c0	381	if (!skb_make_writable(skb, protoff + sizeof(*tcph)))
5b1158e9 JK	382	return 0;
5b1158e9 JK	383
051966c0	384	tcph = (void *)skb->data + protoff;
5b1158e9	385	if (after(ntohl(tcph->seq), this_way->correction_pos))
a3a9f79e	386	seqoff = this_way->offset_after;
5b1158e9	387	else
a3a9f79e	388	seqoff = this_way->offset_before;
5b1158e9 JK	389
	390	if (after(ntohl(tcph->ack_seq) - other_way->offset_before,
	391	other_way->correction_pos))
a3a9f79e	392	ackoff = other_way->offset_after;
5b1158e9	393	else
a3a9f79e PM	394	ackoff = other_way->offset_before;
	395
	396	newseq = htonl(ntohl(tcph->seq) + seqoff);
	397	newack = htonl(ntohl(tcph->ack_seq) - ackoff);
5b1158e9	398
be0ea7d5 PM	399	inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0);
be0ea7d5 PM	400	inet_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0);
5b1158e9	401
0d53778e PM	402	pr_debug("Adjusting sequence number from %u->%u, ack from %u->%u\n",
	403	ntohl(tcph->seq), ntohl(newseq), ntohl(tcph->ack_seq),
	404	ntohl(newack));
5b1158e9 JK	405
	406	tcph->seq = newseq;
	407	tcph->ack_seq = newack;
	408
c7232c99	409	return nf_nat_sack_adjust(skb, protoff, tcph, ct, ctinfo);
5b1158e9	410	}
5b1158e9 JK	411
	412	/* Setup NAT on this expected conntrack so it follows master. */
	413	/* If we fail to get a free NAT slot, we'll get dropped on confirm */
	414	void nf_nat_follow_master(struct nf_conn *ct,
	415	struct nf_conntrack_expect *exp)
	416	{
c7232c99	417	struct nf_nat_range range;
5b1158e9 JK	418
	419	/* This must be a fresh one. */
	420	BUG_ON(ct->status & IPS_NAT_DONE_MASK);
	421
	422	/* Change src to where master sends to */
cbc9f2f4	423	range.flags = NF_NAT_RANGE_MAP_IPS;
c7232c99 PM	424	range.min_addr = range.max_addr
c7232c99 PM	425	= ct->master->tuplehash[!exp->dir].tuple.dst.u3;
cbc9f2f4	426	nf_nat_setup_info(ct, &range, NF_NAT_MANIP_SRC);
5b1158e9 JK	427
5b1158e9 JK	428	/* For DST manip, map port here to where it's expected. */
cbc9f2f4	429	range.flags = (NF_NAT_RANGE_MAP_IPS \| NF_NAT_RANGE_PROTO_SPECIFIED);
c7232c99 PM	430	range.min_proto = range.max_proto = exp->saved_proto;
	431	range.min_addr = range.max_addr
	432	= ct->master->tuplehash[!exp->dir].tuple.src.u3;
cbc9f2f4	433	nf_nat_setup_info(ct, &range, NF_NAT_MANIP_DST);
5b1158e9 JK	434	}
5b1158e9 JK	435	EXPORT_SYMBOL(nf_nat_follow_master);