[NETFILTER]: Add new PPTP conntrack and NAT helper

#include <linux/netfilter_ipv4/ip_conntrack_tcp.h>

#include <linux/netfilter_ipv4/ip_conntrack_icmp.h>

#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h>

#include <linux/netfilter_ipv4/ip_conntrack_sctp.h>

/* per conntrack: protocol private data */

union ip_conntrack_proto {

	/* insert conntrack proto private data here */

	struct ip_ct_gre gre;

	struct ip_ct_sctp sctp;

	struct ip_ct_tcp tcp;

	struct ip_ct_icmp icmp;

};

/* Add protocol helper include file here */

#include <linux/netfilter_ipv4/ip_conntrack_pptp.h>

#include <linux/netfilter_ipv4/ip_conntrack_amanda.h>

#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>

#include <linux/netfilter_ipv4/ip_conntrack_irc.h>

/* per conntrack: application helper private data */

union ip_conntrack_help {

	/* insert conntrack helper private data (master) here */

	struct ip_ct_pptp_master ct_pptp_info;

	struct ip_ct_ftp_master ct_ftp_info;

	struct ip_ct_irc_master ct_irc_info;

};

#ifdef CONFIG_IP_NF_NAT_NEEDED

#include <linux/netfilter_ipv4/ip_nat.h>

#include <linux/netfilter_ipv4/ip_nat_pptp.h>

/* per conntrack: nat application helper private data */

union ip_conntrack_nat_help {

	/* insert nat helper private data here */

	struct ip_nat_pptp nat_pptp_info;

};

#endif

#include <linux/types.h>

#ifdef CONFIG_IP_NF_NAT_NEEDED

	struct {

		struct ip_nat_info info;

		union ip_conntrack_nat_help help;

#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \

	defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)

		int masq_index;

/* PPTP constants and structs */

#ifndef _CONNTRACK_PPTP_H

#define _CONNTRACK_PPTP_H

/* state of the control session */

enum pptp_ctrlsess_state {

	PPTP_SESSION_NONE,			/* no session present */

	PPTP_SESSION_ERROR,			/* some session error */

	PPTP_SESSION_STOPREQ,			/* stop_sess request seen */

	PPTP_SESSION_REQUESTED,			/* start_sess request seen */

	PPTP_SESSION_CONFIRMED,			/* session established */

};

/* state of the call inside the control session */

enum pptp_ctrlcall_state {

	PPTP_CALL_NONE,

	PPTP_CALL_ERROR,

	PPTP_CALL_OUT_REQ,

	PPTP_CALL_OUT_CONF,

	PPTP_CALL_IN_REQ,

	PPTP_CALL_IN_REP,

	PPTP_CALL_IN_CONF,

	PPTP_CALL_CLEAR_REQ,

};

/* conntrack private data */

struct ip_ct_pptp_master {

	enum pptp_ctrlsess_state sstate;	/* session state */

	/* everything below is going to be per-expectation in newnat,

	 * since there could be more than one call within one session */

	enum pptp_ctrlcall_state cstate;	/* call state */

	u_int16_t pac_call_id;			/* call id of PAC, host byte order */

	u_int16_t pns_call_id;			/* call id of PNS, host byte order */

	/* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack

	 * and therefore imposes a fixed limit on the number of maps */

	struct ip_ct_gre_keymap *keymap_orig, *keymap_reply;

};

/* conntrack_expect private member */

struct ip_ct_pptp_expect {

	enum pptp_ctrlcall_state cstate; 	/* call state */

	u_int16_t pac_call_id;			/* call id of PAC */

	u_int16_t pns_call_id;			/* call id of PNS */

};

#ifdef __KERNEL__

#define IP_CONNTR_PPTP		PPTP_CONTROL_PORT

#define PPTP_CONTROL_PORT	1723

#define PPTP_PACKET_CONTROL	1

#define PPTP_PACKET_MGMT	2

#define PPTP_MAGIC_COOKIE	0x1a2b3c4d

struct pptp_pkt_hdr {

	__u16	packetLength;

	__u16	packetType;

	__u32	magicCookie;

};

/* PptpControlMessageType values */

#define PPTP_START_SESSION_REQUEST	1

#define PPTP_START_SESSION_REPLY	2

#define PPTP_STOP_SESSION_REQUEST	3

#define PPTP_STOP_SESSION_REPLY		4

#define PPTP_ECHO_REQUEST		5

#define PPTP_ECHO_REPLY			6

#define PPTP_OUT_CALL_REQUEST		7

#define PPTP_OUT_CALL_REPLY		8

#define PPTP_IN_CALL_REQUEST		9

#define PPTP_IN_CALL_REPLY		10

#define PPTP_IN_CALL_CONNECT		11

#define PPTP_CALL_CLEAR_REQUEST		12

#define PPTP_CALL_DISCONNECT_NOTIFY	13

#define PPTP_WAN_ERROR_NOTIFY		14

#define PPTP_SET_LINK_INFO		15

#define PPTP_MSG_MAX			15

/* PptpGeneralError values */

#define PPTP_ERROR_CODE_NONE		0

#define PPTP_NOT_CONNECTED		1

#define PPTP_BAD_FORMAT			2

#define PPTP_BAD_VALUE			3

#define PPTP_NO_RESOURCE		4

#define PPTP_BAD_CALLID			5

#define PPTP_REMOVE_DEVICE_ERROR	6

struct PptpControlHeader {

	__u16	messageType;

	__u16	reserved;

};

/* FramingCapability Bitmap Values */

#define PPTP_FRAME_CAP_ASYNC		0x1

#define PPTP_FRAME_CAP_SYNC		0x2

/* BearerCapability Bitmap Values */

#define PPTP_BEARER_CAP_ANALOG		0x1

#define PPTP_BEARER_CAP_DIGITAL		0x2

struct PptpStartSessionRequest {

	__u16	protocolVersion;

	__u8	reserved1;

	__u8	reserved2;

	__u32	framingCapability;

	__u32	bearerCapability;

	__u16	maxChannels;

	__u16	firmwareRevision;

	__u8	hostName[64];

	__u8	vendorString[64];

};

/* PptpStartSessionResultCode Values */

#define PPTP_START_OK			1

#define PPTP_START_GENERAL_ERROR	2

#define PPTP_START_ALREADY_CONNECTED	3

#define PPTP_START_NOT_AUTHORIZED	4

#define PPTP_START_UNKNOWN_PROTOCOL	5

struct PptpStartSessionReply {

	__u16	protocolVersion;

	__u8	resultCode;

	__u8	generalErrorCode;

	__u32	framingCapability;

	__u32	bearerCapability;

	__u16	maxChannels;

	__u16	firmwareRevision;

	__u8	hostName[64];

	__u8	vendorString[64];

};

/* PptpStopReasons */

#define PPTP_STOP_NONE			1

#define PPTP_STOP_PROTOCOL		2

#define PPTP_STOP_LOCAL_SHUTDOWN	3

struct PptpStopSessionRequest {

	__u8	reason;

};

/* PptpStopSessionResultCode */

#define PPTP_STOP_OK			1

#define PPTP_STOP_GENERAL_ERROR		2

struct PptpStopSessionReply {

	__u8	resultCode;

	__u8	generalErrorCode;

};

struct PptpEchoRequest {

	__u32 identNumber;

};

/* PptpEchoReplyResultCode */

#define PPTP_ECHO_OK			1

#define PPTP_ECHO_GENERAL_ERROR		2

struct PptpEchoReply {

	__u32	identNumber;

	__u8	resultCode;

	__u8	generalErrorCode;

	__u16	reserved;

};

/* PptpFramingType */

#define PPTP_ASYNC_FRAMING		1

#define PPTP_SYNC_FRAMING		2

#define PPTP_DONT_CARE_FRAMING		3

/* PptpCallBearerType */

#define PPTP_ANALOG_TYPE		1

#define PPTP_DIGITAL_TYPE		2

#define PPTP_DONT_CARE_BEARER_TYPE	3

struct PptpOutCallRequest {

	__u16	callID;

	__u16	callSerialNumber;

	__u32	minBPS;

	__u32	maxBPS;

	__u32	bearerType;

	__u32	framingType;

	__u16	packetWindow;

	__u16	packetProcDelay;

	__u16	reserved1;

	__u16	phoneNumberLength;

	__u16	reserved2;

	__u8	phoneNumber[64];

	__u8	subAddress[64];

};

/* PptpCallResultCode */

#define PPTP_OUTCALL_CONNECT		1

#define PPTP_OUTCALL_GENERAL_ERROR	2

#define PPTP_OUTCALL_NO_CARRIER		3

#define PPTP_OUTCALL_BUSY		4

#define PPTP_OUTCALL_NO_DIAL_TONE	5

#define PPTP_OUTCALL_TIMEOUT		6

#define PPTP_OUTCALL_DONT_ACCEPT	7

struct PptpOutCallReply {

	__u16	callID;

	__u16	peersCallID;

	__u8	resultCode;

	__u8	generalErrorCode;

	__u16	causeCode;

	__u32	connectSpeed;

	__u16	packetWindow;

	__u16	packetProcDelay;

	__u32	physChannelID;

};

struct PptpInCallRequest {

	__u16	callID;

	__u16	callSerialNumber;

	__u32	callBearerType;

	__u32	physChannelID;

	__u16	dialedNumberLength;

	__u16	dialingNumberLength;

	__u8	dialedNumber[64];

	__u8	dialingNumber[64];

	__u8	subAddress[64];

};

/* PptpInCallResultCode */

#define PPTP_INCALL_ACCEPT		1

#define PPTP_INCALL_GENERAL_ERROR	2

#define PPTP_INCALL_DONT_ACCEPT		3

struct PptpInCallReply {

	__u16	callID;

	__u16	peersCallID;

	__u8	resultCode;

	__u8	generalErrorCode;

	__u16	packetWindow;

	__u16	packetProcDelay;

	__u16	reserved;

};

struct PptpInCallConnected {

	__u16	peersCallID;

	__u16	reserved;

	__u32	connectSpeed;

	__u16	packetWindow;

	__u16	packetProcDelay;

	__u32	callFramingType;

};

struct PptpClearCallRequest {

	__u16	callID;

	__u16	reserved;

};

struct PptpCallDisconnectNotify {

	__u16	callID;

	__u8	resultCode;

	__u8	generalErrorCode;

	__u16	causeCode;

	__u16	reserved;

	__u8	callStatistics[128];

};

struct PptpWanErrorNotify {

	__u16	peersCallID;

	__u16	reserved;

	__u32	crcErrors;

	__u32	framingErrors;

	__u32	hardwareOverRuns;

	__u32	bufferOverRuns;

	__u32	timeoutErrors;

	__u32	alignmentErrors;

};

struct PptpSetLinkInfo {

	__u16	peersCallID;

	__u16	reserved;

	__u32	sendAccm;

	__u32	recvAccm;

};

struct pptp_priv_data {

	__u16	call_id;

	__u16	mcall_id;

	__u16	pcall_id;

};

union pptp_ctrl_union {

		struct PptpStartSessionRequest	sreq;

		struct PptpStartSessionReply	srep;

		struct PptpStopSessionRequest	streq;

		struct PptpStopSessionReply	strep;

                struct PptpOutCallRequest       ocreq;

                struct PptpOutCallReply         ocack;

                struct PptpInCallRequest        icreq;

                struct PptpInCallReply          icack;

                struct PptpInCallConnected      iccon;

		struct PptpClearCallRequest	clrreq;

                struct PptpCallDisconnectNotify disc;

                struct PptpWanErrorNotify       wanerr;

                struct PptpSetLinkInfo          setlink;

};

extern int

(*ip_nat_pptp_hook_outbound)(struct sk_buff **pskb,

			  struct ip_conntrack *ct,

			  enum ip_conntrack_info ctinfo,

			  struct PptpControlHeader *ctlh,

			  union pptp_ctrl_union *pptpReq);

extern int

(*ip_nat_pptp_hook_inbound)(struct sk_buff **pskb,

			  struct ip_conntrack *ct,

			  enum ip_conntrack_info ctinfo,

			  struct PptpControlHeader *ctlh,

			  union pptp_ctrl_union *pptpReq);

extern int

(*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *exp_orig,

			    struct ip_conntrack_expect *exp_reply);

extern void

(*ip_nat_pptp_hook_expectfn)(struct ip_conntrack *ct,

			     struct ip_conntrack_expect *exp);

#endif /* __KERNEL__ */

#endif /* _CONNTRACK_PPTP_H */

#ifndef _CONNTRACK_PROTO_GRE_H

#define _CONNTRACK_PROTO_GRE_H

#include <asm/byteorder.h>

/* GRE PROTOCOL HEADER */

/* GRE Version field */

#define GRE_VERSION_1701	0x0

#define GRE_VERSION_PPTP	0x1

/* GRE Protocol field */

#define GRE_PROTOCOL_PPTP	0x880B

/* GRE Flags */

#define GRE_FLAG_C		0x80

#define GRE_FLAG_R		0x40

#define GRE_FLAG_K		0x20

#define GRE_FLAG_S		0x10

#define GRE_FLAG_A		0x80

#define GRE_IS_C(f)	((f)&GRE_FLAG_C)

#define GRE_IS_R(f)	((f)&GRE_FLAG_R)

#define GRE_IS_K(f)	((f)&GRE_FLAG_K)

#define GRE_IS_S(f)	((f)&GRE_FLAG_S)

#define GRE_IS_A(f)	((f)&GRE_FLAG_A)

/* GRE is a mess: Four different standards */

struct gre_hdr {

#if defined(__LITTLE_ENDIAN_BITFIELD)

	__u16	rec:3,

		srr:1,

		seq:1,

		key:1,

		routing:1,

		csum:1,

		version:3,

		reserved:4,

		ack:1;

#elif defined(__BIG_ENDIAN_BITFIELD)

	__u16	csum:1,

		routing:1,

		key:1,

		seq:1,

		srr:1,

		rec:3,

		ack:1,

		reserved:4,

		version:3;

#else

#error "Adjust your <asm/byteorder.h> defines"

#endif

	__u16	protocol;

};

/* modified GRE header for PPTP */

struct gre_hdr_pptp {

	__u8  flags;		/* bitfield */

	__u8  version;		/* should be GRE_VERSION_PPTP */

	__u16 protocol;		/* should be GRE_PROTOCOL_PPTP */

	__u16 payload_len;	/* size of ppp payload, not inc. gre header */

	__u16 call_id;		/* peer's call_id for this session */

	__u32 seq;		/* sequence number.  Present if S==1 */

	__u32 ack;		/* seq number of highest packet recieved by */

				/*  sender in this session */

};

/* this is part of ip_conntrack */

struct ip_ct_gre {

	unsigned int stream_timeout;

	unsigned int timeout;

};

#ifdef __KERNEL__

struct ip_conntrack_expect;

struct ip_conntrack;

/* structure for original <-> reply keymap */

struct ip_ct_gre_keymap {

	struct list_head list;

	struct ip_conntrack_tuple tuple;

};

/* add new tuple->key_reply pair to keymap */

int ip_ct_gre_keymap_add(struct ip_conntrack *ct,

			 struct ip_conntrack_tuple *t,

			 int reply);

/* delete keymap entries */

void ip_ct_gre_keymap_destroy(struct ip_conntrack *ct);

/* get pointer to gre key, if present */

static inline u_int32_t *gre_key(struct gre_hdr *greh)

{

	if (!greh->key)

		return NULL;

	if (greh->csum || greh->routing)

		return (u_int32_t *) (greh+sizeof(*greh)+4);

	return (u_int32_t *) (greh+sizeof(*greh));

}

/* get pointer ot gre csum, if present */

static inline u_int16_t *gre_csum(struct gre_hdr *greh)

{

	if (!greh->csum)

		return NULL;

	return (u_int16_t *) (greh+sizeof(*greh));

}

#endif /* __KERNEL__ */

#endif /* _CONNTRACK_PROTO_GRE_H */

	struct {

		u_int16_t port;

	} sctp;

	struct {

		u_int16_t key;	/* key is 32bit, pptp only uses 16 */

	} gre;

};

/* The manipulable part of the tuple. */

			struct {

				u_int16_t port;

			} sctp;

			struct {

				u_int16_t key;	/* key is 32bit, 

						 * pptp only uses 16 */

			} gre;

		} u;

		/* The protocol. */

/* PPTP constants and structs */

#ifndef _NAT_PPTP_H

#define _NAT_PPTP_H

/* conntrack private data */

struct ip_nat_pptp {

	u_int16_t pns_call_id;		/* NAT'ed PNS call id */

	u_int16_t pac_call_id;		/* NAT'ed PAC call id */

};

#endif /* _NAT_PPTP_H */