|
|
|
|
@ -10,6 +10,7 @@
|
|
|
|
|
#include <linux/version.h>
|
|
|
|
|
#include <net/icmp.h>
|
|
|
|
|
#include <net/ip.h>
|
|
|
|
|
#include <net/ipv6.h>
|
|
|
|
|
#include <net/tcp.h>
|
|
|
|
|
#include <net/route.h>
|
|
|
|
|
#include <net/dst.h>
|
|
|
|
|
@ -17,6 +18,7 @@
|
|
|
|
|
#include <linux/spinlock.h>
|
|
|
|
|
#include <linux/netfilter_ipv4/ip_tables.h>
|
|
|
|
|
#include <linux/netfilter_ipv4.h>
|
|
|
|
|
#include <linux/netfilter_ipv6.h>
|
|
|
|
|
#include <linux/netfilter/x_tables.h>
|
|
|
|
|
#include "xt_MEDIAPROXY.h"
|
|
|
|
|
|
|
|
|
|
@ -150,7 +152,7 @@ static struct seq_operations proc_main_list_seq_ops = {
|
|
|
|
|
static struct mediaproxy_table *new_table(void) {
|
|
|
|
|
struct mediaproxy_table *t;
|
|
|
|
|
|
|
|
|
|
DBG(KERN_DEBUG "Creating new table\n");
|
|
|
|
|
DBG("Creating new table\n");
|
|
|
|
|
|
|
|
|
|
if (!try_module_get(THIS_MODULE))
|
|
|
|
|
return NULL;
|
|
|
|
|
@ -269,7 +271,7 @@ static void target_push(struct mediaproxy_target *t) {
|
|
|
|
|
if (!atomic_dec_and_test(&t->refcnt))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
DBG(KERN_DEBUG "Freeing target\n");
|
|
|
|
|
DBG("Freeing target\n");
|
|
|
|
|
|
|
|
|
|
kfree(t);
|
|
|
|
|
}
|
|
|
|
|
@ -309,7 +311,7 @@ static void table_push(struct mediaproxy_table *t) {
|
|
|
|
|
if (!atomic_dec_and_test(&t->refcnt))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
DBG(KERN_DEBUG "Freeing table\n");
|
|
|
|
|
DBG("Freeing table\n");
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < 256; i++) {
|
|
|
|
|
if (!t->target[i])
|
|
|
|
|
@ -347,7 +349,7 @@ static int unlink_table(struct mediaproxy_table *t) {
|
|
|
|
|
if (t->id >= MAX_ID)
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
DBG(KERN_DEBUG "Unlinking table %u\n", t->id);
|
|
|
|
|
DBG("Unlinking table %u\n", t->id);
|
|
|
|
|
|
|
|
|
|
write_lock_irqsave(&table_lock, flags);
|
|
|
|
|
if (t->id >= MAX_ID || table[t->id] != t) {
|
|
|
|
|
@ -737,7 +739,7 @@ static int table_new_target(struct mediaproxy_table *t, struct mediaproxy_target
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
DBG(KERN_DEBUG "Creating new target\n");
|
|
|
|
|
DBG("Creating new target\n");
|
|
|
|
|
|
|
|
|
|
err = -ENOMEM;
|
|
|
|
|
g = kmalloc(sizeof(*g), GFP_KERNEL);
|
|
|
|
|
@ -970,7 +972,7 @@ static ssize_t proc_control_write(struct file *file, const char __user *buf, siz
|
|
|
|
|
|
|
|
|
|
switch (msg.cmd) {
|
|
|
|
|
case MMG_NOOP:
|
|
|
|
|
DBG(KERN_DEBUG "noop.\n");
|
|
|
|
|
DBG("noop.\n");
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case MMG_ADD:
|
|
|
|
|
@ -1022,7 +1024,7 @@ static int send_proxy_packet4(struct sk_buff *skb, struct mp_address *src, struc
|
|
|
|
|
ih = (void *) skb_push(skb, sizeof(*ih));
|
|
|
|
|
skb_reset_network_header(skb);
|
|
|
|
|
|
|
|
|
|
DBG(KERN_DEBUG "datalen=%u network_header=%p transport_header=%p\n", datalen, skb_network_header(skb), skb_transport_header(skb));
|
|
|
|
|
DBG("datalen=%u network_header=%p transport_header=%p\n", datalen, skb_network_header(skb), skb_transport_header(skb));
|
|
|
|
|
|
|
|
|
|
datalen += sizeof(*uh);
|
|
|
|
|
*uh = (struct udphdr) {
|
|
|
|
|
@ -1031,8 +1033,8 @@ static int send_proxy_packet4(struct sk_buff *skb, struct mp_address *src, struc
|
|
|
|
|
.len = htons(datalen),
|
|
|
|
|
};
|
|
|
|
|
*ih = (struct iphdr) {
|
|
|
|
|
.ihl = 5,
|
|
|
|
|
.version = 4,
|
|
|
|
|
.ihl = 5,
|
|
|
|
|
.tos = tos,
|
|
|
|
|
.tot_len = htons(sizeof(*ih) + datalen),
|
|
|
|
|
.ttl = 64,
|
|
|
|
|
@ -1066,6 +1068,60 @@ drop:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int send_proxy_packet6(struct sk_buff *skb, struct mp_address *src, struct mp_address *dst, unsigned char tos) {
|
|
|
|
|
struct ipv6hdr *ih;
|
|
|
|
|
struct udphdr *uh;
|
|
|
|
|
unsigned int datalen;
|
|
|
|
|
|
|
|
|
|
datalen = skb->len;
|
|
|
|
|
|
|
|
|
|
uh = (void *) skb_push(skb, sizeof(*uh));
|
|
|
|
|
skb_reset_transport_header(skb);
|
|
|
|
|
ih = (void *) skb_push(skb, sizeof(*ih));
|
|
|
|
|
skb_reset_network_header(skb);
|
|
|
|
|
|
|
|
|
|
DBG("datalen=%u network_header=%p transport_header=%p\n", datalen, skb_network_header(skb), skb_transport_header(skb));
|
|
|
|
|
|
|
|
|
|
datalen += sizeof(*uh);
|
|
|
|
|
*uh = (struct udphdr) {
|
|
|
|
|
.source = htons(src->port),
|
|
|
|
|
.dest = htons(dst->port),
|
|
|
|
|
.len = htons(datalen),
|
|
|
|
|
};
|
|
|
|
|
*ih = (struct ipv6hdr) {
|
|
|
|
|
.version = 6,
|
|
|
|
|
.priority = tos,
|
|
|
|
|
.payload_len = htons(datalen),
|
|
|
|
|
.nexthdr = IPPROTO_UDP,
|
|
|
|
|
.hop_limit = 64,
|
|
|
|
|
};
|
|
|
|
|
memcpy(&ih->saddr, src->ipv6, sizeof(ih->saddr));
|
|
|
|
|
memcpy(&ih->daddr, dst->ipv6, sizeof(ih->daddr));
|
|
|
|
|
|
|
|
|
|
skb->csum_start = skb_transport_header(skb) - skb->head;
|
|
|
|
|
skb->csum_offset = offsetof(struct udphdr, check);
|
|
|
|
|
uh->check = csum_ipv6_magic(&ih->saddr, &ih->daddr, datalen, IPPROTO_UDP, csum_partial(uh, datalen, 0));
|
|
|
|
|
if (uh->check == 0)
|
|
|
|
|
uh->check = CSUM_MANGLED_0;
|
|
|
|
|
|
|
|
|
|
skb->protocol = htons(ETH_P_IPV6);
|
|
|
|
|
if (ip6_route_me_harder(skb))
|
|
|
|
|
goto drop;
|
|
|
|
|
|
|
|
|
|
skb->ip_summed = CHECKSUM_NONE;
|
|
|
|
|
|
|
|
|
|
ip6_local_out(skb);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
drop:
|
|
|
|
|
kfree_skb(skb);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static int send_proxy_packet(struct sk_buff *skb, struct mp_address *src, struct mp_address *dst, unsigned char tos) {
|
|
|
|
|
if (src->family != dst->family)
|
|
|
|
|
goto drop;
|
|
|
|
|
@ -1075,6 +1131,10 @@ static int send_proxy_packet(struct sk_buff *skb, struct mp_address *src, struct
|
|
|
|
|
return send_proxy_packet4(skb, src, dst, tos);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case AF_INET6:
|
|
|
|
|
return send_proxy_packet6(skb, src, dst, tos);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
goto drop;
|
|
|
|
|
}
|
|
|
|
|
@ -1127,17 +1187,17 @@ static unsigned int mediaproxy4(struct sk_buff *oskb, const struct xt_action_par
|
|
|
|
|
if (datalen < sizeof(*uh))
|
|
|
|
|
goto skip2;
|
|
|
|
|
datalen -= sizeof(*uh);
|
|
|
|
|
DBG(KERN_DEBUG "udp payload = %u\n", datalen);
|
|
|
|
|
DBG("udp payload = %u\n", datalen);
|
|
|
|
|
skb_trim(skb, datalen);
|
|
|
|
|
|
|
|
|
|
g = get_target(t, ntohs(uh->dest));
|
|
|
|
|
if (!g)
|
|
|
|
|
goto skip2;
|
|
|
|
|
|
|
|
|
|
DBG(KERN_DEBUG "target found, src "MIPF" -> dst "MIPF"\n", MIPP(g->target.src_addr), MIPP(g->target.dst_addr));
|
|
|
|
|
DBG("target found, src "MIPF" -> dst "MIPF"\n", MIPP(g->target.src_addr), MIPP(g->target.dst_addr));
|
|
|
|
|
|
|
|
|
|
if (g->target.mirror_addr.family) {
|
|
|
|
|
DBG(KERN_DEBUG "sending mirror packet to dst "MIPF"\n", MIPP(g->target.mirror_addr));
|
|
|
|
|
DBG("sending mirror packet to dst "MIPF"\n", MIPP(g->target.mirror_addr));
|
|
|
|
|
skb2 = skb_copy(skb, GFP_ATOMIC);
|
|
|
|
|
err = send_proxy_packet(skb2, &g->target.src_addr, &g->target.mirror_addr, g->target.tos);
|
|
|
|
|
if (err) {
|
|
|
|
|
@ -1212,17 +1272,17 @@ static unsigned int mediaproxy6(struct sk_buff *oskb, const struct xt_action_par
|
|
|
|
|
if (datalen < sizeof(*uh))
|
|
|
|
|
goto skip2;
|
|
|
|
|
datalen -= sizeof(*uh);
|
|
|
|
|
DBG(KERN_DEBUG "udp payload = %u\n", datalen);
|
|
|
|
|
DBG("udp payload = %u\n", datalen);
|
|
|
|
|
skb_trim(skb, datalen);
|
|
|
|
|
|
|
|
|
|
g = get_target(t, ntohs(uh->dest));
|
|
|
|
|
if (!g)
|
|
|
|
|
goto skip2;
|
|
|
|
|
|
|
|
|
|
DBG(KERN_DEBUG "target found, src "MIPF" -> dst "MIPF"\n", MIPP(g->target.src_addr), MIPP(g->target.dst_addr));
|
|
|
|
|
DBG("target found, src "MIPF" -> dst "MIPF"\n", MIPP(g->target.src_addr), MIPP(g->target.dst_addr));
|
|
|
|
|
|
|
|
|
|
if (is_valid_address(&g->target.mirror_addr)) {
|
|
|
|
|
DBG(KERN_DEBUG "sending mirror packet to dst "MIPF"\n", MIPP(g->target.mirror_addr));
|
|
|
|
|
DBG("sending mirror packet to dst "MIPF"\n", MIPP(g->target.mirror_addr));
|
|
|
|
|
skb2 = skb_copy(skb, GFP_ATOMIC);
|
|
|
|
|
err = send_proxy_packet(skb2, &g->target.src_addr, &g->target.mirror_addr, g->target.tos);
|
|
|
|
|
if (err) {
|
|
|
|
|
|
Richard Fuchs
14 years ago