netfilter: nat: nf_nat_mangle_{udp,tcp}_packet returns boolean

struct sk_buff;

/* These return true or false. */

int __nf_nat_mangle_tcp_packet(struct sk_buff *skb, struct nf_conn *ct,

bool __nf_nat_mangle_tcp_packet(struct sk_buff *skb, struct nf_conn *ct,

				enum ip_conntrack_info ctinfo,

				unsigned int protoff, unsigned int match_offset,

				unsigned int match_len, const char *rep_buffer,

				unsigned int rep_len, bool adjust);

static inline int nf_nat_mangle_tcp_packet(struct sk_buff *skb,

static inline bool nf_nat_mangle_tcp_packet(struct sk_buff *skb,

					    struct nf_conn *ct,

					    enum ip_conntrack_info ctinfo,

					    unsigned int protoff,

					  rep_buffer, rep_len, true);

}

int nf_nat_mangle_udp_packet(struct sk_buff *skb, struct nf_conn *ct,

bool nf_nat_mangle_udp_packet(struct sk_buff *skb, struct nf_conn *ct,

			      enum ip_conntrack_info ctinfo,

			      unsigned int protoff, unsigned int match_offset,

			      unsigned int match_len, const char *rep_buffer,

		 ntohs(REQ_CID(pptpReq, cid_off)), ntohs(new_callid));

	/* mangle packet */

	if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff,

	if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff,

				      cid_off + sizeof(struct pptp_pkt_hdr) +

				      sizeof(struct PptpControlHeader),

				      sizeof(new_callid), (char *)&new_callid,

				     sizeof(new_callid)) == 0)

				      sizeof(new_callid)))

		return NF_DROP;

	return NF_ACCEPT;

}

	pr_debug("altering peer call id from 0x%04x to 0x%04x\n",

		 ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid));

	if (nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff,

	if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff,

				      pcid_off + sizeof(struct pptp_pkt_hdr) +

				      sizeof(struct PptpControlHeader),

				      sizeof(new_pcid), (char *)&new_pcid,

				     sizeof(new_pcid)) == 0)

				      sizeof(new_pcid)))

		return NF_DROP;

	return NF_ACCEPT;

}

		ct = nf_ct_get(skb, &ctinfo);

		if (ct && !nf_ct_is_untracked(ct) && nfct_nat(ct)) {

			bool mangled;

			/* If mangling fails this function will return 0

			 * which will cause the packet to be dropped.

			 * Mangling can only fail under memory pressure,

			 * packet.

			 */

			rcu_read_lock();

			ret = nf_nat_mangle_tcp_packet(skb, ct, ctinfo,

			mangled = nf_nat_mangle_tcp_packet(skb, ct, ctinfo,

							   iph->ihl * 4,

						       start-data, end-start,

							   start - data,

							   end - start,

							   buf, buf_len);

			rcu_read_unlock();

			if (ret) {

			if (mangled) {

				ip_vs_nfct_expect_related(skb, ct, n_cp,

							  IPPROTO_TCP, 0, 0);

				if (skb->ip_summed == CHECKSUM_COMPLETE)

{

	char buffer[sizeof("65535")];

	u_int16_t port;

	unsigned int ret;

	/* Connection comes from client. */

	exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;

	}

	sprintf(buffer, "%u", port);

	ret = nf_nat_mangle_udp_packet(skb, exp->master, ctinfo,

	if (!nf_nat_mangle_udp_packet(skb, exp->master, ctinfo,

				      protoff, matchoff, matchlen,

				       buffer, strlen(buffer));

	if (ret != NF_ACCEPT) {

				      buffer, strlen(buffer))) {

		nf_ct_helper_log(skb, exp->master, "cannot mangle packet");

		nf_ct_unexpect_related(exp);

		return NF_DROP;

	}

	return ret;

	return NF_ACCEPT;

}

static void __exit nf_nat_amanda_fini(void)

}

/* Unusual, but possible case. */

static int enlarge_skb(struct sk_buff *skb, unsigned int extra)

static bool enlarge_skb(struct sk_buff *skb, unsigned int extra)

{

	if (skb->len + extra > 65535)

		return 0;

		return false;

	if (pskb_expand_head(skb, 0, extra - skb_tailroom(skb), GFP_ATOMIC))

		return 0;

		return false;

	return 1;

	return true;

}

/* Generic function for mangling variable-length address changes inside

 * skb enlargement, ...

 *

 * */

int __nf_nat_mangle_tcp_packet(struct sk_buff *skb,

bool __nf_nat_mangle_tcp_packet(struct sk_buff *skb,

				struct nf_conn *ct,

				enum ip_conntrack_info ctinfo,

				unsigned int protoff,

	int oldlen, datalen;

	if (!skb_make_writable(skb, skb->len))

		return 0;

		return false;

	if (rep_len > match_len &&

	    rep_len - match_len > skb_tailroom(skb) &&

	    !enlarge_skb(skb, rep_len - match_len))

		return 0;

		return false;

	SKB_LINEAR_ASSERT(skb);

		nf_ct_seqadj_set(ct, ctinfo, tcph->seq,

				 (int)rep_len - (int)match_len);

	return 1;

	return true;

}

EXPORT_SYMBOL(__nf_nat_mangle_tcp_packet);

 * XXX - This function could be merged with nf_nat_mangle_tcp_packet which

 *       should be fairly easy to do.

 */

int

bool

nf_nat_mangle_udp_packet(struct sk_buff *skb,

			 struct nf_conn *ct,

			 enum ip_conntrack_info ctinfo,

	int datalen, oldlen;

	if (!skb_make_writable(skb, skb->len))

		return 0;

		return false;

	if (rep_len > match_len &&

	    rep_len - match_len > skb_tailroom(skb) &&

	    !enlarge_skb(skb, rep_len - match_len))

		return 0;

		return false;

	udph = (void *)skb->data + protoff;

	/* fix udp checksum if udp checksum was previously calculated */

	if (!udph->check && skb->ip_summed != CHECKSUM_PARTIAL)

		return 1;

		return true;

	l3proto = __nf_nat_l3proto_find(nf_ct_l3num(ct));

	l3proto->csum_recalc(skb, IPPROTO_UDP, udph, &udph->check,

			     datalen, oldlen);

	return 1;

	return true;

}

EXPORT_SYMBOL(nf_nat_mangle_udp_packet);