[NETFILTER]: nf_conntrack/nf_nat: add IRC helper port

#ifndef _NF_CONNTRACK_IRC_H

#define _NF_CONNTRACK_IRC_H

#ifdef __KERNEL__

#define IRC_PORT	6667

extern unsigned int (*nf_nat_irc_hook)(struct sk_buff **pskb,

				       enum ip_conntrack_info ctinfo,

				       unsigned int matchoff,

				       unsigned int matchlen,

				       struct nf_conntrack_expect *exp);

#endif /* __KERNEL__ */

#endif /* _NF_CONNTRACK_IRC_H */

	default IP_NF_NAT if IP_NF_IRC=y

	default m if IP_NF_IRC=m

config NF_NAT_IRC

	tristate

	depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT

	default NF_NAT && NF_CONNTRACK_IRC

config IP_NF_NAT_TFTP

	tristate

	depends on IP_NF_IPTABLES!=n && IP_NF_CONNTRACK!=n && IP_NF_NAT!=n

obj-$(CONFIG_NF_NAT_AMANDA) += nf_nat_amanda.o

obj-$(CONFIG_NF_NAT_FTP) += nf_nat_ftp.o

obj-$(CONFIG_NF_NAT_H323) += nf_nat_h323.o

obj-$(CONFIG_NF_NAT_IRC) += nf_nat_irc.o

# generic IP tables 

obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o

/* IRC extension for TCP NAT alteration.

 *

 * (C) 2000-2001 by Harald Welte <laforge@gnumonks.org>

 * (C) 2004 Rusty Russell <rusty@rustcorp.com.au> IBM Corporation

 * based on a copy of RR's ip_nat_ftp.c

 *

 * This program is free software; you can redistribute it and/or

 * modify it under the terms of the GNU General Public License

 * as published by the Free Software Foundation; either version

 * 2 of the License, or (at your option) any later version.

 */

#include <linux/module.h>

#include <linux/moduleparam.h>

#include <linux/tcp.h>

#include <linux/kernel.h>

#include <net/netfilter/nf_nat.h>

#include <net/netfilter/nf_nat_helper.h>

#include <net/netfilter/nf_nat_rule.h>

#include <net/netfilter/nf_conntrack_helper.h>

#include <net/netfilter/nf_conntrack_expect.h>

#include <linux/netfilter/nf_conntrack_irc.h>

#if 0

#define DEBUGP printk

#else

#define DEBUGP(format, args...)

#endif

MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>");

MODULE_DESCRIPTION("IRC (DCC) NAT helper");

MODULE_LICENSE("GPL");

MODULE_ALIAS("ip_nat_irc");

static unsigned int help(struct sk_buff **pskb,

			 enum ip_conntrack_info ctinfo,

			 unsigned int matchoff,

			 unsigned int matchlen,

			 struct nf_conntrack_expect *exp)

{

	char buffer[sizeof("4294967296 65635")];

	u_int32_t ip;

	u_int16_t port;

	unsigned int ret;

	DEBUGP("IRC_NAT: info (seq %u + %u) in %u\n",

	       expect->seq, exp_irc_info->len, ntohl(tcph->seq));

	/* Reply comes from server. */

	exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;

	exp->dir = IP_CT_DIR_REPLY;

	exp->expectfn = nf_nat_follow_master;

	/* Try to get same port: if not, try to change it. */

	for (port = ntohs(exp->saved_proto.tcp.port); port != 0; port++) {

		exp->tuple.dst.u.tcp.port = htons(port);

		if (nf_conntrack_expect_related(exp) == 0)

			break;

	}

	if (port == 0)

		return NF_DROP;

	ip = ntohl(exp->master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip);

	sprintf(buffer, "%u %u", ip, port);

	DEBUGP("nf_nat_irc: inserting '%s' == %u.%u.%u.%u, port %u\n",

	       buffer, NIPQUAD(ip), port);

	ret = nf_nat_mangle_tcp_packet(pskb, exp->master, ctinfo,

				       matchoff, matchlen, buffer,

				       strlen(buffer));

	if (ret != NF_ACCEPT)

		nf_conntrack_unexpect_related(exp);

	return ret;

}

static void __exit nf_nat_irc_fini(void)

{

	rcu_assign_pointer(nf_nat_irc_hook, NULL);

	synchronize_rcu();

}

static int __init nf_nat_irc_init(void)

{

	BUG_ON(rcu_dereference(nf_nat_irc_hook));

	rcu_assign_pointer(nf_nat_irc_hook, help);

	return 0;

}

/* Prior to 2.6.11, we had a ports param.  No longer, but don't break users. */

static int warn_set(const char *val, struct kernel_param *kp)

{

	printk(KERN_INFO KBUILD_MODNAME

	       ": kernel >= 2.6.10 only uses 'ports' for conntrack modules\n");

	return 0;

}

module_param_call(ports, warn_set, NULL, NULL, 0);

module_init(nf_nat_irc_init);

module_exit(nf_nat_irc_fini);

	  To compile it as a module, choose M here.  If unsure, say N.

config NF_CONNTRACK_IRC

	tristate "IRC protocol support (EXPERIMENTAL)"

	depends on EXPERIMENTAL && NF_CONNTRACK

	help

	  There is a commonly-used extension to IRC called

	  Direct Client-to-Client Protocol (DCC).  This enables users to send

	  files to each other, and also chat to each other without the need

	  of a server.  DCC Sending is used anywhere you send files over IRC,

	  and DCC Chat is most commonly used by Eggdrop bots.  If you are

	  using NAT, this extension will enable you to send files and initiate

	  chats.  Note that you do NOT need this extension to get files or

	  have others initiate chats, or everything else in IRC.

	  To compile it as a module, choose M here.  If unsure, say N.

config NF_CT_NETLINK

	tristate 'Connection tracking netlink interface (EXPERIMENTAL)'

	depends on EXPERIMENTAL && NF_CONNTRACK && NETFILTER_NETLINK