| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Aug 2016 23:03:46 +0800
From: Feng Gao <gfree.wind@...il.com>
To: Gao Feng <fgao@...ai8.com>
Cc: Pablo Neira Ayuso <pablo@...filter.org>,
Patrick McHardy <kaber@...sh.net>,
Netfilter Developer Mailing List
<netfilter-devel@...r.kernel.org>,
Philp Prindeville <philipp@...fish-solutions.com>,
Linux Kernel Network Developers <netdev@...r.kernel.org>
Subject: Re: [PATCH 1/1] netfilter: gre: Use the consitent GRE and PPTP struct
instead of the structures defined in netfilter
My email server reports the last same patch email failed to send.
So I just sent it again.
I am sorry, if anyone receives duplicated ones.
Regards
Feng
On Fri, Aug 19, 2016 at 11:01 PM, <fgao@...ai8.com> wrote:
> From: Gao Feng <fgao@...ai8.com>
>
> There are two structures which define the GRE header and PPTP
> header. So it is unneccessary to define duplicated structures in
> netfilter again.
>
> Signed-off-by: Gao Feng <fgao@...ai8.com>
> ---
> v1: Intial patch
>
> include/linux/netfilter/nf_conntrack_proto_gre.h | 63 +-----------------------
> include/uapi/linux/if_tunnel.h | 1 +
> net/ipv4/netfilter/nf_nat_proto_gre.c | 15 +++---
> net/netfilter/nf_conntrack_proto_gre.c | 14 +++---
> 4 files changed, 19 insertions(+), 74 deletions(-)
>
> diff --git a/include/linux/netfilter/nf_conntrack_proto_gre.h b/include/linux/netfilter/nf_conntrack_proto_gre.h
> index df78dc2..9c741da 100644
> --- a/include/linux/netfilter/nf_conntrack_proto_gre.h
> +++ b/include/linux/netfilter/nf_conntrack_proto_gre.h
> @@ -2,67 +2,8 @@
> #define _CONNTRACK_PROTO_GRE_H
> #include <asm/byteorder.h>
>
> -/* GRE PROTOCOL HEADER */
> -
> -/* GRE Version field */
> -#define GRE_VERSION_1701 0x0
> -#define GRE_VERSION_PPTP 0x1
> -
> -/* GRE Protocol field */
> -#define GRE_PROTOCOL_PPTP 0x880B
> -
> -/* GRE Flags */
> -#define GRE_FLAG_C 0x80
> -#define GRE_FLAG_R 0x40
> -#define GRE_FLAG_K 0x20
> -#define GRE_FLAG_S 0x10
> -#define GRE_FLAG_A 0x80
> -
> -#define GRE_IS_C(f) ((f)&GRE_FLAG_C)
> -#define GRE_IS_R(f) ((f)&GRE_FLAG_R)
> -#define GRE_IS_K(f) ((f)&GRE_FLAG_K)
> -#define GRE_IS_S(f) ((f)&GRE_FLAG_S)
> -#define GRE_IS_A(f) ((f)&GRE_FLAG_A)
> -
> -/* GRE is a mess: Four different standards */
> -struct gre_hdr {
> -#if defined(__LITTLE_ENDIAN_BITFIELD)
> - __u16 rec:3,
> - srr:1,
> - seq:1,
> - key:1,
> - routing:1,
> - csum:1,
> - version:3,
> - reserved:4,
> - ack:1;
> -#elif defined(__BIG_ENDIAN_BITFIELD)
> - __u16 csum:1,
> - routing:1,
> - key:1,
> - seq:1,
> - srr:1,
> - rec:3,
> - ack:1,
> - reserved:4,
> - version:3;
> -#else
> -#error "Adjust your <asm/byteorder.h> defines"
> -#endif
> - __be16 protocol;
> -};
> -
> -/* modified GRE header for PPTP */
> -struct gre_hdr_pptp {
> - __u8 flags; /* bitfield */
> - __u8 version; /* should be GRE_VERSION_PPTP */
> - __be16 protocol; /* should be GRE_PROTOCOL_PPTP */
> - __be16 payload_len; /* size of ppp payload, not inc. gre header */
> - __be16 call_id; /* peer's call_id for this session */
> - __be32 seq; /* sequence number. Present if S==1 */
> - __be32 ack; /* seq number of highest packet received by */
> - /* sender in this session */
> -};
> +#include <net/gre.h>
> +#include <net/pptp.h>
>
> struct nf_ct_gre {
> unsigned int stream_timeout;
> diff --git a/include/uapi/linux/if_tunnel.h b/include/uapi/linux/if_tunnel.h
> index 361b9f0..1b27e2c 100644
> --- a/include/uapi/linux/if_tunnel.h
> +++ b/include/uapi/linux/if_tunnel.h
> @@ -36,6 +36,7 @@
> #define GRE_IS_REC(f) ((f) & GRE_REC)
> #define GRE_IS_ACK(f) ((f) & GRE_ACK)
>
> +#define GRE_VERSION_0 __cpu_to_be16(0x0000)
> #define GRE_VERSION_1 __cpu_to_be16(0x0001)
> #define GRE_PROTO_PPP __cpu_to_be16(0x880b)
> #define GRE_PPTP_KEY_MASK __cpu_to_be32(0xffff)
> diff --git a/net/ipv4/netfilter/nf_nat_proto_gre.c b/net/ipv4/netfilter/nf_nat_proto_gre.c
> index 9414923..afe81a8 100644
> --- a/net/ipv4/netfilter/nf_nat_proto_gre.c
> +++ b/net/ipv4/netfilter/nf_nat_proto_gre.c
> @@ -88,8 +88,9 @@ gre_manip_pkt(struct sk_buff *skb,
> const struct nf_conntrack_tuple *tuple,
> enum nf_nat_manip_type maniptype)
> {
> - const struct gre_hdr *greh;
> - struct gre_hdr_pptp *pgreh;
> + const struct gre_base_hdr *greh;
> + struct pptp_gre_header *pgreh;
> + u16 gre_ver;
>
> /* pgreh includes two optional 32bit fields which are not required
> * to be there. That's where the magic '8' comes from */
> @@ -97,18 +98,20 @@ gre_manip_pkt(struct sk_buff *skb,
> return false;
>
> greh = (void *)skb->data + hdroff;
> - pgreh = (struct gre_hdr_pptp *)greh;
> + pgreh = (struct pptp_gre_header *)greh;
>
> /* we only have destination manip of a packet, since 'source key'
> * is not present in the packet itself */
> if (maniptype != NF_NAT_MANIP_DST)
> return true;
> - switch (greh->version) {
> - case GRE_VERSION_1701:
> +
> + gre_ver = ntohs(greh->flags & GRE_VERSION);
> + switch (gre_ver) {
> + case GRE_VERSION_0:
> /* We do not currently NAT any GREv0 packets.
> * Try to behave like "nf_nat_proto_unknown" */
> break;
> - case GRE_VERSION_PPTP:
> + case GRE_VERSION_1:
> pr_debug("call_id -> 0x%04x\n", ntohs(tuple->dst.u.gre.key));
> pgreh->call_id = tuple->dst.u.gre.key;
> break;
> diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c
> index a96451a..f46597f 100644
> --- a/net/netfilter/nf_conntrack_proto_gre.c
> +++ b/net/netfilter/nf_conntrack_proto_gre.c
> @@ -192,15 +192,15 @@ static bool gre_invert_tuple(struct nf_conntrack_tuple *tuple,
> static bool gre_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
> struct net *net, struct nf_conntrack_tuple *tuple)
> {
> - const struct gre_hdr_pptp *pgrehdr;
> - struct gre_hdr_pptp _pgrehdr;
> + const struct pptp_gre_header *pgrehdr;
> + struct pptp_gre_header _pgrehdr;
> __be16 srckey;
> - const struct gre_hdr *grehdr;
> - struct gre_hdr _grehdr;
> + const struct gre_base_hdr *grehdr;
> + struct gre_base_hdr _grehdr;
>
> /* first only delinearize old RFC1701 GRE header */
> grehdr = skb_header_pointer(skb, dataoff, sizeof(_grehdr), &_grehdr);
> - if (!grehdr || grehdr->version != GRE_VERSION_PPTP) {
> + if (!grehdr || ntohs(grehdr->flags & GRE_VERSION) != GRE_VERSION_1) {
> /* try to behave like "nf_conntrack_proto_generic" */
> tuple->src.u.all = 0;
> tuple->dst.u.all = 0;
> @@ -212,8 +212,8 @@ static bool gre_pkt_to_tuple(const struct sk_buff *skb, unsigned int dataoff,
> if (!pgrehdr)
> return true;
>
> - if (ntohs(grehdr->protocol) != GRE_PROTOCOL_PPTP) {
> - pr_debug("GRE_VERSION_PPTP but unknown proto\n");
> + if (grehdr->protocol != GRE_PROTO_PPP) {
> + pr_debug("Unknown GRE proto(0x%x)\n", ntohs(grehdr->protocol));
> return false;
> }
>
> --
> 1.9.1
>
Powered by blists - more mailing lists