1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
/*
* nf_conntrack_l2tp.c - Version 3.0
*
* Connection tracking support for PPTP (Point to Point Tunneling Protocol).
* PPTP is a a protocol for creating virtual private networks.
* It is a specification defined by Microsoft and some vendors
* working with Microsoft. PPTP is built on top of a modified
* version of the Internet Generic Routing Encapsulation Protocol.
* GRE is defined in RFC 1701 and RFC 1702. Documentation of
* PPTP can be found in RFC 2637
*
* (C) 2000-2005 by Harald Welte <laforge@gnumonks.org>
*
* Development of this code funded by Astaro AG (http://www.astaro.com/)
*
* Limitations:
* - We blindly assume that control connections are always
* established in PNS->PAC direction. This is a violation
* of RFFC2673
* - We can only support one single call within each session
*
* TODO:
* - testing of incoming L2TP calls
*
* Changes:
* 2002-02-05 - Version 1.3
* - Call nf_conntrack_unexpect_related() from
* pptp_destroy_siblings() to destroy expectations in case
* CALL_DISCONNECT_NOTIFY or tcp fin packet was seen
* (Philip Craig <philipc@snapgear.com>)
* - Add Version information at module loadtime
* 2002-02-10 - Version 1.6
* - move to C99 style initializers
* - remove second expectation if first arrives
* 2004-10-22 - Version 2.0
* - merge Mandrake's 2.6.x port with recent 2.6.x API changes
* - fix lots of linear skb assumptions from Mandrake's port
* 2005-06-10 - Version 2.1
* - use nf_conntrack_expect_free() instead of kfree() on the
* expect's (which are from the slab for quite some time)
* 2005-06-10 - Version 3.0
* - port helper to post-2.6.11 API changes,
* funded by Oxcoda NetBox Blue (http://www.netboxblue.com/)
* 2005-07-30 - Version 3.1
* - port helper to 2.6.13 API changes
*
*/
#include <linux/module.h>
#include <linux/netfilter.h>
#include <linux/ip.h>
#include <net/checksum.h>
#include <net/tcp.h>
#include <net/netfilter/nf_conntrack.h>
#include <net/netfilter/nf_conntrack_core.h>
#include <net/netfilter/nf_conntrack_helper.h>
#define IP_CT_L2TP_VERSION "3.1"
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>");
MODULE_DESCRIPTION("Netfilter connection tracking helper module for l2tp");
#if 0
#define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s: " format, __FILE__, __FUNCTION__, ## args)
#else
#define DEBUGP(format, args...)
#endif
#define L2TP_CONTROL_PORT 1701
/* track caller id inside control connection, call expect_related */
static int conntrack_l2tp_help(struct sk_buff *skb, unsigned int protoff,
struct nf_conn *ct, enum ip_conntrack_info ctinfo)
{
#ifdef RTL_NF_ALG_CTL
ALG_CHECK_ONOFF(alg_type_l2tp);
#endif
return NF_ACCEPT;
}
static struct nf_conntrack_expect_policy l2tp_exp_policy = {
.max_expected = 2,
.timeout = 5 * 60
};
/* control protocol helper */
static struct nf_conntrack_helper l2tp = {
.name = "l2tp",
.me = THIS_MODULE,
.tuple.src.l3num = AF_INET,
.tuple.src.u.udp.port = __constant_htons(L2TP_CONTROL_PORT),
.tuple.dst.protonum = IPPROTO_UDP,
.help = conntrack_l2tp_help,
.expect_policy = &l2tp_exp_policy
};
static int __init nf_conntrack_l2tp_init(void)
{
int retcode;
DEBUGP("registering helper\n");
if ((retcode = nf_conntrack_helper_register(&l2tp))) {
printk(KERN_ERR "Unable to register conntrack application "
"helper for l2tp: %d\n", retcode);
return retcode;
}
printk("nf_conntrack_l2tp version %s loaded\n", IP_CT_L2TP_VERSION);
return 0;
}
static void nf_conntrack_l2tp_fini(void)
{
nf_conntrack_helper_unregister(&l2tp);
printk("nf_conntrack_pptp version %s unloaded\n", IP_CT_L2TP_VERSION);
}
module_init(nf_conntrack_l2tp_init);
module_exit(nf_conntrack_l2tp_fini);
|
