[NETFILTER]: nf_conntrack/nf_nat: add TFTP helper port

#ifndef _NF_CONNTRACK_TFTP_H

#define _NF_CONNTRACK_TFTP_H

#define TFTP_PORT 69

struct tftphdr {

	__be16 opcode;

};

#define TFTP_OPCODE_READ	1

#define TFTP_OPCODE_WRITE	2

#define TFTP_OPCODE_DATA	3

#define TFTP_OPCODE_ACK		4

#define TFTP_OPCODE_ERROR	5

extern unsigned int (*nf_nat_tftp_hook)(struct sk_buff **pskb,

				        enum ip_conntrack_info ctinfo,

				        struct nf_conntrack_expect *exp);

#endif /* _NF_CONNTRACK_TFTP_H */

	default IP_NF_NAT if IP_NF_TFTP=y

	default m if IP_NF_TFTP=m

config NF_NAT_TFTP

	tristate

	depends on IP_NF_IPTABLES && NF_CONNTRACK && NF_NAT

	default NF_NAT && NF_CONNTRACK_TFTP

config IP_NF_NAT_AMANDA

	tristate

	depends on IP_NF_IPTABLES!=n && IP_NF_CONNTRACK!=n && IP_NF_NAT!=n

obj-$(CONFIG_NF_NAT_IRC) += nf_nat_irc.o

obj-$(CONFIG_NF_NAT_PPTP) += nf_nat_pptp.o

obj-$(CONFIG_NF_NAT_SIP) += nf_nat_sip.o

obj-$(CONFIG_NF_NAT_TFTP) += nf_nat_tftp.o

# NAT protocols (nf_nat)

obj-$(CONFIG_NF_NAT_PROTO_GRE) += nf_nat_proto_gre.o

/* (C) 2001-2002 Magnus Boden <mb@ozaba.mine.nu>

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 as

 * published by the Free Software Foundation.

 */

#include <linux/module.h>

#include <linux/moduleparam.h>

#include <linux/udp.h>

#include <net/netfilter/nf_nat_helper.h>

#include <net/netfilter/nf_nat_rule.h>

#include <net/netfilter/nf_conntrack_helper.h>

#include <net/netfilter/nf_conntrack_expect.h>

#include <linux/netfilter/nf_conntrack_tftp.h>

MODULE_AUTHOR("Magnus Boden <mb@ozaba.mine.nu>");

MODULE_DESCRIPTION("TFTP NAT helper");

MODULE_LICENSE("GPL");

MODULE_ALIAS("ip_nat_tftp");

static unsigned int help(struct sk_buff **pskb,

			 enum ip_conntrack_info ctinfo,

			 struct nf_conntrack_expect *exp)

{

	struct nf_conn *ct = exp->master;

	exp->saved_proto.udp.port

		= ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u.udp.port;

	exp->dir = IP_CT_DIR_REPLY;

	exp->expectfn = nf_nat_follow_master;

	if (nf_conntrack_expect_related(exp) != 0)

		return NF_DROP;

	return NF_ACCEPT;

}

static void __exit nf_nat_tftp_fini(void)

{

	rcu_assign_pointer(nf_nat_tftp_hook, NULL);

	synchronize_rcu();

}

static int __init nf_nat_tftp_init(void)

{

	BUG_ON(rcu_dereference(nf_nat_tftp_hook));

	rcu_assign_pointer(nf_nat_tftp_hook, help);

	return 0;

}

module_init(nf_nat_tftp_init);

module_exit(nf_nat_tftp_fini);

	  To compile it as a module, choose M here.  If unsure, say N.

config NF_CONNTRACK_TFTP

	tristate "TFTP protocol support (EXPERIMENTAL)"

	depends on EXPERIMENTAL && NF_CONNTRACK

	help

	  TFTP connection tracking helper, this is required depending

	  on how restrictive your ruleset is.

	  If you are using a tftp client behind -j SNAT or -j MASQUERADING

	  you will need this.

	  To compile it as a module, choose M here.  If unsure, say N.

config NF_CT_NETLINK

	tristate 'Connection tracking netlink interface (EXPERIMENTAL)'

	depends on EXPERIMENTAL && NF_CONNTRACK && NETFILTER_NETLINK