* RE: [PATCH] Quake III Arena conntracker
@ 2002-10-05 20:55 Filip Sneppe (Cronos)
0 siblings, 0 replies; only message in thread
From: Filip Sneppe (Cronos) @ 2002-10-05 20:55 UTC (permalink / raw)
To: netfilter-devel; +Cc: Brad Chapman
[-- Attachment #1: Type: text/plain, Size: 1579 bytes --]
Hi,
This patch (against netfilter CVS and against 2.4.20-pre8) adds a
conntrack/NAT helper for Quake3 Arena Master server connections.
Brad Chapman showed some interest and has been running a version with
NAT support for at least a month now (see mail below).
Feel free to include it in p-o-m.
Brad, thanks for sparking my interest in this again, and for
volunteering to test it out on your network.
Regards,
Filip
From: Brad Chapman <kakadu_croc@yahoo.com>
To: Filip Sneppe (Cronos) <filip.sneppe@cronos.be>
Subject: RE: [PATCH] Quake III Arena conntracker
Date: 29 Sep 2002 16:42:18 -0700
Mr. Filip,
--- "Filip Sneppe (Cronos)" <filip.sneppe@cronos.be> wrote:
> On Mon, 2002-08-26 at 21:21, Brad Chapman wrote:
> >
> > It does. ATM the only thing tested is the Quake3 helper, and not with a fully
> closed
> > rulset (I'm allowing 27950 and 27960 in TCP/UDP already). However, so far
> nothing
> > seems to be crashing or Oopsing.
>
> Hi Brad,
>
> Have you had any issues with the quake3 conntrack/nat patch I sent you ?
> If not, I guess it wouldn't harm to have it in patch-o-matic so more
> people can test it.
No. I've had no issues whatsoever. The patch works great and even appears to work
for Quake2 traffic as well. It belongs in p-o-m; maybe once it's put there I'll try
it to see if it acts any differently.
>
> Thanks for your testing,
> Filip
>
>
Brad
=====
Brad Chapman
Permanent e-mail: kakadu_croc@yahoo.com
__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com
[-- Attachment #2: diff.quake3.2.4.20-pre8.20021005-1 --]
[-- Type: text/x-patch, Size: 18862 bytes --]
diff -urN -X dontdiff linux-2.4.20-pre8/Documentation/Configure.help linux-2.4.20-pre8-quake3/Documentation/Configure.help
--- linux-2.4.20-pre8/Documentation/Configure.help 2002-10-01 21:11:33.000000000 +0200
+++ linux-2.4.20-pre8-quake3/Documentation/Configure.help 2002-10-01 21:32:15.000000000 +0200
@@ -2499,6 +2499,16 @@
If you want to compile it as a module, say M here and read
<file:Documentation/modules.txt>. If unsure, say `Y'.
+Quake III Arena protocol support
+CONFIG_IP_NF_QUAKE3
+ Quake III Arena connection tracking helper. This module allows for a
+ stricter firewall rulebase if one only allows traffic to a master
+ server. Connections to Quake III server IP addresses and ports returned
+ by the master server will be tracked automatically.
+
+ If you want to compile it as a module, say M here and read
+ Documentation/modules.txt. If unsure, say `Y'.
+
User space queueing via NETLINK
CONFIG_IP_NF_QUEUE
Netfilter has the ability to queue packets to user space: the
diff -urN -X dontdiff linux-2.4.20-pre8/include/linux/netfilter_ipv4/ip_conntrack_quake3.h linux-2.4.20-pre8-quake3/include/linux/netfilter_ipv4/ip_conntrack_quake3.h
--- linux-2.4.20-pre8/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 1970-01-01 01:00:00.000000000 +0100
+++ linux-2.4.20-pre8-quake3/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 2002-10-01 21:32:15.000000000 +0200
@@ -0,0 +1,21 @@
+#ifndef _IP_CT_QUAKE3
+#define _IP_CT_QUAKE3
+
+/* Don't confuse with 27960, often used as the Server Port */
+#define QUAKE3_MASTER_PORT 27950
+
+struct quake3_search {
+ const char marker[4]; /* always 0xff 0xff 0xff 0xff ? */
+ const char *pattern;
+ size_t plen;
+};
+
+/* This structure is per expected connection */
+struct ip_ct_quake3_expect {
+};
+
+/* This structure exists only once per master */
+struct ip_ct_quake3_master {
+};
+
+#endif /* _IP_CT_QUAKE3 */
diff -urN -X dontdiff linux-2.4.20-pre8/net/ipv4/netfilter/Config.in linux-2.4.20-pre8-quake3/net/ipv4/netfilter/Config.in
--- linux-2.4.20-pre8/net/ipv4/netfilter/Config.in 2002-10-01 21:12:32.000000000 +0200
+++ linux-2.4.20-pre8-quake3/net/ipv4/netfilter/Config.in 2002-10-01 21:32:15.000000000 +0200
@@ -8,6 +8,7 @@
if [ "$CONFIG_IP_NF_CONNTRACK" != "n" ]; then
dep_tristate ' FTP protocol support' CONFIG_IP_NF_FTP $CONFIG_IP_NF_CONNTRACK
dep_tristate ' IRC protocol support' CONFIG_IP_NF_IRC $CONFIG_IP_NF_CONNTRACK
+ dep_tristate ' Quake III protocol support' CONFIG_IP_NF_QUAKE3 $CONFIG_IP_NF_CONNTRACK
fi
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
@@ -60,6 +61,13 @@
if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
dep_tristate ' Basic SNMP-ALG support (EXPERIMENTAL)' CONFIG_IP_NF_NAT_SNMP_BASIC $CONFIG_IP_NF_NAT
fi
+ if [ "$CONFIG_IP_NF_QUAKE3" = "m" ]; then
+ define_tristate CONFIG_IP_NF_NAT_QUAKE3 m
+ else
+ if [ "$CONFIG_IP_NF_QUAKE3" = "y" ]; then
+ define_tristate CONFIG_IP_NF_NAT_QUAKE3 $CONFIG_IP_NF_NAT
+ fi
+ fi
if [ "$CONFIG_IP_NF_IRC" = "m" ]; then
define_tristate CONFIG_IP_NF_NAT_IRC m
else
diff -urN -X dontdiff linux-2.4.20-pre8/net/ipv4/netfilter/Makefile linux-2.4.20-pre8-quake3/net/ipv4/netfilter/Makefile
--- linux-2.4.20-pre8/net/ipv4/netfilter/Makefile 2002-10-01 21:12:32.000000000 +0200
+++ linux-2.4.20-pre8-quake3/net/ipv4/netfilter/Makefile 2002-10-01 21:32:15.000000000 +0200
@@ -42,9 +42,15 @@
export-objs += ip_conntrack_irc.o
endif
+obj-$(CONFIG_IP_NF_QUAKE3) += ip_conntrack_quake3.o
+ifdef CONFIG_IP_NF_NAT_QUAKE3
+ export-objs += ip_conntrack_quake3.o
+endif
+
# NAT helpers
obj-$(CONFIG_IP_NF_NAT_FTP) += ip_nat_ftp.o
obj-$(CONFIG_IP_NF_NAT_IRC) += ip_nat_irc.o
+obj-$(CONFIG_IP_NF_NAT_QUAKE3) += ip_nat_quake3.o
# generic IP tables
obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o
diff -urN -X dontdiff linux-2.4.20-pre8/net/ipv4/netfilter/ip_conntrack_quake3.c linux-2.4.20-pre8-quake3/net/ipv4/netfilter/ip_conntrack_quake3.c
--- linux-2.4.20-pre8/net/ipv4/netfilter/ip_conntrack_quake3.c 1970-01-01 01:00:00.000000000 +0100
+++ linux-2.4.20-pre8-quake3/net/ipv4/netfilter/ip_conntrack_quake3.c 2002-10-01 21:32:15.000000000 +0200
@@ -0,0 +1,156 @@
+/* Quake3 extension for IP connection tracking
+ * (C) 2002 by Filip Sneppe <filip.sneppe@cronos.be>
+ * based on ip_conntrack_ftp.c and ip_conntrack_tftp.c
+ *
+ * ip_conntrack_quake3.c v0.04 2002-08-31
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Module load syntax:
+ * insmod ip_conntrack_quake3.o ports=port1,port2,...port<MAX_PORTS>
+ *
+ * please give the ports of all Quake3 master servers You wish to
+ * connect to. If you don't specify ports, the default will be UDP
+ * port 27950.
+ *
+ * Thanks to the Ethereal folks for their analysis of the Quake3 protocol.
+ */
+
+#include <linux/module.h>
+#include <linux/ip.h>
+#include <linux/udp.h>
+
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
+#include <linux/netfilter_ipv4/ip_conntrack_quake3.h>
+
+struct module *ip_conntrack_quake3 = THIS_MODULE;
+
+MODULE_AUTHOR("Filip Sneppe <filip.sneppe@cronos.be>");
+MODULE_DESCRIPTION("Netfilter connection tracking module for Quake III Arena");
+MODULE_LICENSE("GPL");
+
+#define MAX_PORTS 8
+static int ports[MAX_PORTS];
+static int ports_c = 0;
+#ifdef MODULE_PARM
+MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i");
+MODULE_PARM_DESC(ports, "port numbers of Quake III master servers");
+#endif
+
+/* Quake3 master server reply will add > 100 expectations per reply packet; when
+ doing lots of printk's, klogd may not be able to read /proc/kmsg fast enough */
+#if 0
+#define DEBUGP printk
+#else
+#define DEBUGP(format, args...)
+#endif
+
+struct quake3_search quake3s_conntrack = { "****", "getserversResponse", sizeof("getserversResponse") - 1 };
+
+static int quake3_help(const struct iphdr *iph, size_t len,
+ struct ip_conntrack *ct,
+ enum ip_conntrack_info ctinfo)
+{
+ struct udphdr *udph = (void *)iph + iph->ihl * 4;
+ int dir = CTINFO2DIR(ctinfo);
+ struct ip_conntrack_expect exp;
+ int i;
+
+ /* Until there's been traffic both ways, don't look in packets. note: it's UDP ! */
+ if (ctinfo != IP_CT_ESTABLISHED
+ && ctinfo != IP_CT_IS_REPLY) {
+ DEBUGP("ip_conntrack_quake3: not ok ! Conntrackinfo = %u\n", ctinfo);
+ return NF_ACCEPT;
+ } else { DEBUGP("ip_conntrack_quake3: it's ok ! Conntrackinfo = %u\n", ctinfo); }
+
+ if (strnicmp((const char *)udph + 12, quake3s_conntrack.pattern, quake3s_conntrack.plen) == 0) {
+ for(i=31; /* 8 bytes UDP hdr, 4 bytes filler, 18 bytes "getserversResponse", 1 byte "\" */
+ i+6 < ntohs(udph->len);
+ i+=7) {
+ DEBUGP("ip_conntrack_quake3: adding server at offset %u/%u %u.%u.%u.%u:%u\n",
+ i, ntohs(udph->len),
+ NIPQUAD( (u_int32_t) *( (u_int32_t *)( (int)udph + i ) ) ),
+ ntohs((__u16) *( (__u16 *)( (int)udph + i + 4 ) ) ) );
+
+ memset(&exp, 0, sizeof(exp));
+
+ exp.tuple = ((struct ip_conntrack_tuple)
+ { { ct->tuplehash[!dir].tuple.src.ip, { 0 } },
+ { (u_int32_t) *((u_int32_t *)((int)udph + i)),
+ { (__u16) *((__u16 *)((int)udph+i+4)) },
+ IPPROTO_UDP } }
+ );
+ exp.mask = ((struct ip_conntrack_tuple)
+ { { 0xFFFFFFFF, { 0 } },
+ { 0xFFFFFFFF, { 0xFFFF }, 0xFFFF }});
+ exp.expectfn = NULL;
+
+ ip_conntrack_expect_related(ct, &exp);
+ }
+
+ }
+
+ return(NF_ACCEPT);
+}
+
+static struct ip_conntrack_helper quake3[MAX_PORTS];
+static char quake3_names[MAX_PORTS][13]; /* quake3-65535 */
+
+static void fini(void)
+{
+ int i;
+
+ for(i = 0 ; (i < ports_c); i++) {
+ DEBUGP("ip_conntrack_quake3: unregistering helper for port %d\n",
+ ports[i]);
+ ip_conntrack_helper_unregister(&quake3[i]);
+ }
+}
+
+static int __init init(void)
+{
+ int i, ret;
+ char *tmpname;
+
+ if(!ports[0])
+ ports[0]=QUAKE3_MASTER_PORT;
+
+ for(i = 0 ; (i < MAX_PORTS) && ports[i] ; i++) {
+ /* Create helper structure */
+ memset(&quake3[i], 0, sizeof(struct ip_conntrack_helper));
+
+ quake3[i].tuple.dst.protonum = IPPROTO_UDP;
+ quake3[i].tuple.src.u.udp.port = htons(ports[i]);
+ quake3[i].mask.dst.protonum = 0xFFFF;
+ quake3[i].mask.src.u.udp.port = 0xFFFF;
+ quake3[i].help = quake3_help;
+ quake3[i].me = THIS_MODULE;
+
+ tmpname = &quake3_names[i][0];
+ if (ports[i] == QUAKE3_MASTER_PORT)
+ sprintf(tmpname, "quake3");
+ else
+ sprintf(tmpname, "quake3-%d", i);
+ quake3[i].name = tmpname;
+
+ DEBUGP("ip_conntrack_quake3: registering helper for port %d\n",
+ ports[i]);
+
+ ret=ip_conntrack_helper_register(&quake3[i]);
+ if(ret) {
+ fini();
+ return(ret);
+ }
+ ports_c++;
+ }
+
+ return(0);
+}
+
+module_init(init);
+module_exit(fini);
diff -urN -X dontdiff linux-2.4.20-pre8/net/ipv4/netfilter/ip_nat_quake3.c linux-2.4.20-pre8-quake3/net/ipv4/netfilter/ip_nat_quake3.c
--- linux-2.4.20-pre8/net/ipv4/netfilter/ip_nat_quake3.c 1970-01-01 01:00:00.000000000 +0100
+++ linux-2.4.20-pre8-quake3/net/ipv4/netfilter/ip_nat_quake3.c 2002-10-01 21:32:15.000000000 +0200
@@ -0,0 +1,249 @@
+/* Quake3 extension for UDP NAT alteration.
+ * (C) 2002 by Filip Sneppe <filip.sneppe@cronos.be>
+ * based on ip_nat_ftp.c and ip_nat_tftp.c
+ *
+ * ip_nat_quake3.c v0.0.3 2002-08-31
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ *
+ * Module load syntax:
+ * insmod ip_nat_quake3.o ports=port1,port2,...port<MAX_PORTS>
+ *
+ * please give the ports of all Quake3 master servers You wish to
+ * connect to. If you don't specify ports, the default will be UDP
+ * port 27950.
+ *
+ * Thanks to the Ethereal folks for their analysis of the Quake3 protocol.
+ *
+ * Notes:
+ * - If you're one of those people who would try anything to lower
+ * latency while playing Quake (and who isn't :-) ), you may want to
+ * consider not loading ip_nat_quake3 at all and just MASQUERADE all
+ * outgoing UDP traffic.
+ * This will make ip_conntrack_quake3 add the necessary expectations,
+ * but there will be no overhead for client->server UDP streams. If
+ * ip_nat_quake3 is loaded, quake3_nat_expected will be called per NAT
+ * hook for every packet in the client->server UDP stream.
+ * - Only SNAT/MASQUEARDE targets are useful for ip_nat_quake3.
+ * The IP addresses in the master connection payload (=IP addresses
+ * of Quake servers) have no relation with the master server so
+ * DNAT'ing the master connection to a server should not change the
+ * expected connections.
+ * - Not tested due to lack of equipment:
+ * - multiple Quake3 clients behind one MASQUERADE gateway
+ * - what if Quake3 client is running on router too
+ */
+
+#include <linux/module.h>
+#include <linux/netfilter_ipv4.h>
+#include <linux/ip.h>
+#include <linux/udp.h>
+
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
+#include <linux/netfilter_ipv4/ip_conntrack_quake3.h>
+#include <linux/netfilter_ipv4/ip_nat_helper.h>
+#include <linux/netfilter_ipv4/ip_nat_rule.h>
+
+MODULE_AUTHOR("Filip Sneppe <filip.sneppe@cronos.be>");
+MODULE_DESCRIPTION("Netfilter NAT helper for Quake III Arena");
+MODULE_LICENSE("GPL");
+
+#define MAX_PORTS 8
+
+static int ports[MAX_PORTS];
+static int ports_c = 0;
+#ifdef MODULE_PARM
+MODULE_PARM(ports,"1-" __MODULE_STRING(MAX_PORTS) "i");
+MODULE_PARM_DESC(ports, "port numbers of Quake III master servers");
+#endif
+
+/* Quake3 master server reply will add > 100 expectations per reply packet; when
+ doing lots of printk's, klogd may not be able to read /proc/kmsg fast enough */
+#if 0
+#define DEBUGP printk
+#else
+#define DEBUGP(format, args...)
+#endif
+
+static struct quake3_search quake3s_nat = { "****", "getserversResponse", sizeof("getserversResponse") - 1 };
+
+static unsigned int
+quake3_nat_help(struct ip_conntrack *ct,
+ struct ip_conntrack_expect *exp,
+ struct ip_nat_info *info,
+ enum ip_conntrack_info ctinfo,
+ unsigned int hooknum,
+ struct sk_buff **pskb)
+{
+ struct iphdr *iph = (*pskb)->nh.iph;
+ struct udphdr *udph = (void *)iph + iph->ihl * 4;
+ struct ip_conntrack_tuple repl;
+ int dir = CTINFO2DIR(ctinfo);
+ int i;
+
+ DEBUGP("ip_nat_quake3: quake3_nat_help, direction: %s hook: %s\n",
+ dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY",
+ hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
+ : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
+ : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???"
+ );
+ DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
+ DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
+
+ /* Only mangle things once: original direction in POST_ROUTING
+ and reply direction on PRE_ROUTING. */
+ if (!((hooknum == NF_IP_POST_ROUTING && dir == IP_CT_DIR_ORIGINAL)
+ || (hooknum == NF_IP_PRE_ROUTING && dir == IP_CT_DIR_REPLY))) {
+ DEBUGP("ip_nat_quake3: Not touching dir %s at hook %s\n",
+ dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY",
+ hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
+ : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
+ : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "????");
+ return NF_ACCEPT;
+ }
+
+ if (!exp) {
+ DEBUGP("no conntrack expectation to modify\n");
+ return NF_ACCEPT;
+ }
+
+ if (strnicmp((const char *)udph + 12, quake3s_nat.pattern, quake3s_nat.plen) == 0) {
+ for(i=31; /* 8 bytes UDP hdr, 4 bytes filler, 18 bytes "getserversResponse", 1 byte "\" */
+ i+6 < ntohs(udph->len);
+ i+=7) {
+ DEBUGP("ip_nat_quake3: adding server at offset %u/%u %u.%u.%u.%u:%u\n",
+ i, ntohs(udph->len),
+ NIPQUAD( (u_int32_t) *( (u_int32_t *)( (int)udph + i ) ) ),
+ ntohs((__u16) *( (__u16 *)( (int)udph + i + 4 ) ) ) );
+
+ memset(&repl, 0, sizeof(repl));
+
+ repl.dst.protonum = IPPROTO_UDP;
+ repl.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
+ repl.dst.ip = *( (u_int32_t *)( (int)udph + i ) );
+ repl.dst.u.udp.port = (__u16) *( (__u16 *)( (int)udph + i + 4 ) );
+
+ ip_conntrack_change_expect(exp, &repl);
+ }
+ }
+ return NF_ACCEPT;
+}
+
+static unsigned int
+quake3_nat_expected(struct sk_buff **pskb,
+ unsigned int hooknum,
+ struct ip_conntrack *ct,
+ struct ip_nat_info *info)
+{
+ const struct ip_conntrack *master = ct->master->expectant;
+ struct ip_nat_multi_range mr;
+ u_int32_t newsrcip, newdstip, newip;
+#if 0
+ const struct ip_conntrack_tuple *repl =
+ &master->tuplehash[IP_CT_DIR_REPLY].tuple;
+ struct iphdr *iph = (*pskb)->nh.iph;
+ struct udphdr *udph = (void *)iph + iph->ihl*4;
+#endif
+
+ DEBUGP("ip_nat_quake3: quake3_nat_expected: here we are\n");
+ DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
+
+ IP_NF_ASSERT(info);
+ IP_NF_ASSERT(master);
+ IP_NF_ASSERT(!(info->initialized & (1 << HOOK2MANIP(hooknum))));
+
+ newdstip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
+ newsrcip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
+
+ if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC) {
+ newip = newsrcip;
+ DEBUGP("hook: %s orig: %u.%u.%u.%u:%u <-> %u.%u.%u.%u:%u "
+ "newsrc: %u.%u.%u.%u\n",
+ hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
+ : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
+ : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "????",
+ NIPQUAD((*pskb)->nh.iph->saddr), ntohs(udph->source),
+ NIPQUAD((*pskb)->nh.iph->daddr), ntohs(udph->dest),
+ NIPQUAD(newip));
+
+ } else {
+ newip = newdstip;
+ DEBUGP("hook: %s orig: %u.%u.%u.%u:%u <-> %u.%u.%u.%u:%u "
+ "newdst: %u.%u.%u.%u\n",
+ hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
+ : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
+ : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "????",
+ NIPQUAD((*pskb)->nh.iph->saddr), ntohs(udph->source),
+ NIPQUAD((*pskb)->nh.iph->daddr), ntohs(udph->dest),
+ NIPQUAD(newip));
+ }
+
+ mr.rangesize = 1;
+ mr.range[0].flags = IP_NAT_RANGE_MAP_IPS;
+ mr.range[0].min_ip = mr.range[0].max_ip = newip;
+
+ return ip_nat_setup_info(ct,&mr,hooknum);
+}
+
+static struct ip_nat_helper quake3[MAX_PORTS];
+static char quake3_names[MAX_PORTS][13]; /* quake3-65535 */
+
+static void fini(void)
+{
+ int i;
+
+ for (i = 0 ; i < ports_c; i++) {
+ DEBUGP("ip_nat_quake3: unregistering helper for port %d\n", ports[i]);
+ ip_nat_helper_unregister(&quake3[i]);
+ }
+}
+
+static int __init init(void)
+ {
+ int i, ret = 0;
+ char *tmpname;
+
+ if (!ports[0])
+ ports[0] = QUAKE3_MASTER_PORT;
+
+ for (i = 0 ; (i < MAX_PORTS) && ports[i] ; i++) {
+ memset(&quake3[i], 0, sizeof(struct ip_nat_helper));
+
+ quake3[i].tuple.dst.protonum = IPPROTO_UDP;
+ quake3[i].tuple.src.u.udp.port = htons(ports[i]);
+ quake3[i].mask.dst.protonum = 0xFFFF;
+ quake3[i].mask.src.u.udp.port = 0xFFFF;
+ quake3[i].help = quake3_nat_help;
+ quake3[i].flags = 0;
+ quake3[i].me = THIS_MODULE;
+ quake3[i].expect = quake3_nat_expected;
+
+ tmpname = &quake3_names[i][0];
+ if (ports[i] == QUAKE3_MASTER_PORT)
+ sprintf(tmpname, "quake3");
+ else
+ sprintf(tmpname, "quake3-%d", i);
+ quake3[i].name = tmpname;
+
+ DEBUGP("ip_nat_quake3: registering helper for port %d: name %s\n",
+ ports[i], quake3[i].name);
+ ret = ip_nat_helper_register(&quake3[i]);
+
+ if (ret) {
+ printk("ip_nat_quake3: unable to register helper for port %d\n",
+ ports[i]);
+ fini();
+ return ret;
+ }
+ ports_c++;
+ }
+ return ret;
+ }
+
+module_init(init);
+module_exit(fini);
[-- Attachment #3: diff.quake3.patch-o-matic.20021005-1 --]
[-- Type: text/x-patch, Size: 20810 bytes --]
diff -urN netfilter-orig/patch-o-matic/extra/quake3-conntrack.patch netfilter/patch-o-matic/extra/quake3-conntrack.patch
--- netfilter-orig/patch-o-matic/extra/quake3-conntrack.patch 1970-01-01 01:00:00.000000000 +0100
+++ netfilter/patch-o-matic/extra/quake3-conntrack.patch 2002-10-05 22:19:27.000000000 +0200
@@ -0,0 +1,438 @@
+diff -urN -X dontdiff linux-2.4.20-pre8/include/linux/netfilter_ipv4/ip_conntrack_quake3.h linux-2.4.20-pre8-quake3/include/linux/netfilter_ipv4/ip_conntrack_quake3.h
+--- linux-2.4.20-pre8/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.4.20-pre8-quake3/include/linux/netfilter_ipv4/ip_conntrack_quake3.h 2002-10-01 21:32:15.000000000 +0200
+@@ -0,0 +1,21 @@
++#ifndef _IP_CT_QUAKE3
++#define _IP_CT_QUAKE3
++
++/* Don't confuse with 27960, often used as the Server Port */
++#define QUAKE3_MASTER_PORT 27950
++
++struct quake3_search {
++ const char marker[4]; /* always 0xff 0xff 0xff 0xff ? */
++ const char *pattern;
++ size_t plen;
++};
++
++/* This structure is per expected connection */
++struct ip_ct_quake3_expect {
++};
++
++/* This structure exists only once per master */
++struct ip_ct_quake3_master {
++};
++
++#endif /* _IP_CT_QUAKE3 */
+diff -urN -X dontdiff linux-2.4.20-pre8/net/ipv4/netfilter/ip_conntrack_quake3.c linux-2.4.20-pre8-quake3/net/ipv4/netfilter/ip_conntrack_quake3.c
+--- linux-2.4.20-pre8/net/ipv4/netfilter/ip_conntrack_quake3.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.4.20-pre8-quake3/net/ipv4/netfilter/ip_conntrack_quake3.c 2002-10-01 21:32:15.000000000 +0200
+@@ -0,0 +1,156 @@
++/* Quake3 extension for IP connection tracking
++ * (C) 2002 by Filip Sneppe <filip.sneppe@cronos.be>
++ * based on ip_conntrack_ftp.c and ip_conntrack_tftp.c
++ *
++ * ip_conntrack_quake3.c v0.04 2002-08-31
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version
++ * 2 of the License, or (at your option) any later version.
++ *
++ * Module load syntax:
++ * insmod ip_conntrack_quake3.o ports=port1,port2,...port<MAX_PORTS>
++ *
++ * please give the ports of all Quake3 master servers You wish to
++ * connect to. If you don't specify ports, the default will be UDP
++ * port 27950.
++ *
++ * Thanks to the Ethereal folks for their analysis of the Quake3 protocol.
++ */
++
++#include <linux/module.h>
++#include <linux/ip.h>
++#include <linux/udp.h>
++
++#include <linux/netfilter.h>
++#include <linux/netfilter_ipv4/ip_tables.h>
++#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
++#include <linux/netfilter_ipv4/ip_conntrack_quake3.h>
++
++struct module *ip_conntrack_quake3 = THIS_MODULE;
++
++MODULE_AUTHOR("Filip Sneppe <filip.sneppe@cronos.be>");
++MODULE_DESCRIPTION("Netfilter connection tracking module for Quake III Arena");
++MODULE_LICENSE("GPL");
++
++#define MAX_PORTS 8
++static int ports[MAX_PORTS];
++static int ports_c = 0;
++#ifdef MODULE_PARM
++MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i");
++MODULE_PARM_DESC(ports, "port numbers of Quake III master servers");
++#endif
++
++/* Quake3 master server reply will add > 100 expectations per reply packet; when
++ doing lots of printk's, klogd may not be able to read /proc/kmsg fast enough */
++#if 0
++#define DEBUGP printk
++#else
++#define DEBUGP(format, args...)
++#endif
++
++struct quake3_search quake3s_conntrack = { "****", "getserversResponse", sizeof("getserversResponse") - 1 };
++
++static int quake3_help(const struct iphdr *iph, size_t len,
++ struct ip_conntrack *ct,
++ enum ip_conntrack_info ctinfo)
++{
++ struct udphdr *udph = (void *)iph + iph->ihl * 4;
++ int dir = CTINFO2DIR(ctinfo);
++ struct ip_conntrack_expect exp;
++ int i;
++
++ /* Until there's been traffic both ways, don't look in packets. note: it's UDP ! */
++ if (ctinfo != IP_CT_ESTABLISHED
++ && ctinfo != IP_CT_IS_REPLY) {
++ DEBUGP("ip_conntrack_quake3: not ok ! Conntrackinfo = %u\n", ctinfo);
++ return NF_ACCEPT;
++ } else { DEBUGP("ip_conntrack_quake3: it's ok ! Conntrackinfo = %u\n", ctinfo); }
++
++ if (strnicmp((const char *)udph + 12, quake3s_conntrack.pattern, quake3s_conntrack.plen) == 0) {
++ for(i=31; /* 8 bytes UDP hdr, 4 bytes filler, 18 bytes "getserversResponse", 1 byte "\" */
++ i+6 < ntohs(udph->len);
++ i+=7) {
++ DEBUGP("ip_conntrack_quake3: adding server at offset %u/%u %u.%u.%u.%u:%u\n",
++ i, ntohs(udph->len),
++ NIPQUAD( (u_int32_t) *( (u_int32_t *)( (int)udph + i ) ) ),
++ ntohs((__u16) *( (__u16 *)( (int)udph + i + 4 ) ) ) );
++
++ memset(&exp, 0, sizeof(exp));
++
++ exp.tuple = ((struct ip_conntrack_tuple)
++ { { ct->tuplehash[!dir].tuple.src.ip, { 0 } },
++ { (u_int32_t) *((u_int32_t *)((int)udph + i)),
++ { (__u16) *((__u16 *)((int)udph+i+4)) },
++ IPPROTO_UDP } }
++ );
++ exp.mask = ((struct ip_conntrack_tuple)
++ { { 0xFFFFFFFF, { 0 } },
++ { 0xFFFFFFFF, { 0xFFFF }, 0xFFFF }});
++ exp.expectfn = NULL;
++
++ ip_conntrack_expect_related(ct, &exp);
++ }
++
++ }
++
++ return(NF_ACCEPT);
++}
++
++static struct ip_conntrack_helper quake3[MAX_PORTS];
++static char quake3_names[MAX_PORTS][13]; /* quake3-65535 */
++
++static void fini(void)
++{
++ int i;
++
++ for(i = 0 ; (i < ports_c); i++) {
++ DEBUGP("ip_conntrack_quake3: unregistering helper for port %d\n",
++ ports[i]);
++ ip_conntrack_helper_unregister(&quake3[i]);
++ }
++}
++
++static int __init init(void)
++{
++ int i, ret;
++ char *tmpname;
++
++ if(!ports[0])
++ ports[0]=QUAKE3_MASTER_PORT;
++
++ for(i = 0 ; (i < MAX_PORTS) && ports[i] ; i++) {
++ /* Create helper structure */
++ memset(&quake3[i], 0, sizeof(struct ip_conntrack_helper));
++
++ quake3[i].tuple.dst.protonum = IPPROTO_UDP;
++ quake3[i].tuple.src.u.udp.port = htons(ports[i]);
++ quake3[i].mask.dst.protonum = 0xFFFF;
++ quake3[i].mask.src.u.udp.port = 0xFFFF;
++ quake3[i].help = quake3_help;
++ quake3[i].me = THIS_MODULE;
++
++ tmpname = &quake3_names[i][0];
++ if (ports[i] == QUAKE3_MASTER_PORT)
++ sprintf(tmpname, "quake3");
++ else
++ sprintf(tmpname, "quake3-%d", i);
++ quake3[i].name = tmpname;
++
++ DEBUGP("ip_conntrack_quake3: registering helper for port %d\n",
++ ports[i]);
++
++ ret=ip_conntrack_helper_register(&quake3[i]);
++ if(ret) {
++ fini();
++ return(ret);
++ }
++ ports_c++;
++ }
++
++ return(0);
++}
++
++module_init(init);
++module_exit(fini);
+diff -urN -X dontdiff linux-2.4.20-pre8/net/ipv4/netfilter/ip_nat_quake3.c linux-2.4.20-pre8-quake3/net/ipv4/netfilter/ip_nat_quake3.c
+--- linux-2.4.20-pre8/net/ipv4/netfilter/ip_nat_quake3.c 1970-01-01 01:00:00.000000000 +0100
++++ linux-2.4.20-pre8-quake3/net/ipv4/netfilter/ip_nat_quake3.c 2002-10-01 21:32:15.000000000 +0200
+@@ -0,0 +1,249 @@
++/* Quake3 extension for UDP NAT alteration.
++ * (C) 2002 by Filip Sneppe <filip.sneppe@cronos.be>
++ * based on ip_nat_ftp.c and ip_nat_tftp.c
++ *
++ * ip_nat_quake3.c v0.0.3 2002-08-31
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version
++ * 2 of the License, or (at your option) any later version.
++ *
++ * Module load syntax:
++ * insmod ip_nat_quake3.o ports=port1,port2,...port<MAX_PORTS>
++ *
++ * please give the ports of all Quake3 master servers You wish to
++ * connect to. If you don't specify ports, the default will be UDP
++ * port 27950.
++ *
++ * Thanks to the Ethereal folks for their analysis of the Quake3 protocol.
++ *
++ * Notes:
++ * - If you're one of those people who would try anything to lower
++ * latency while playing Quake (and who isn't :-) ), you may want to
++ * consider not loading ip_nat_quake3 at all and just MASQUERADE all
++ * outgoing UDP traffic.
++ * This will make ip_conntrack_quake3 add the necessary expectations,
++ * but there will be no overhead for client->server UDP streams. If
++ * ip_nat_quake3 is loaded, quake3_nat_expected will be called per NAT
++ * hook for every packet in the client->server UDP stream.
++ * - Only SNAT/MASQUEARDE targets are useful for ip_nat_quake3.
++ * The IP addresses in the master connection payload (=IP addresses
++ * of Quake servers) have no relation with the master server so
++ * DNAT'ing the master connection to a server should not change the
++ * expected connections.
++ * - Not tested due to lack of equipment:
++ * - multiple Quake3 clients behind one MASQUERADE gateway
++ * - what if Quake3 client is running on router too
++ */
++
++#include <linux/module.h>
++#include <linux/netfilter_ipv4.h>
++#include <linux/ip.h>
++#include <linux/udp.h>
++
++#include <linux/netfilter.h>
++#include <linux/netfilter_ipv4/ip_tables.h>
++#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
++#include <linux/netfilter_ipv4/ip_conntrack_quake3.h>
++#include <linux/netfilter_ipv4/ip_nat_helper.h>
++#include <linux/netfilter_ipv4/ip_nat_rule.h>
++
++MODULE_AUTHOR("Filip Sneppe <filip.sneppe@cronos.be>");
++MODULE_DESCRIPTION("Netfilter NAT helper for Quake III Arena");
++MODULE_LICENSE("GPL");
++
++#define MAX_PORTS 8
++
++static int ports[MAX_PORTS];
++static int ports_c = 0;
++#ifdef MODULE_PARM
++MODULE_PARM(ports,"1-" __MODULE_STRING(MAX_PORTS) "i");
++MODULE_PARM_DESC(ports, "port numbers of Quake III master servers");
++#endif
++
++/* Quake3 master server reply will add > 100 expectations per reply packet; when
++ doing lots of printk's, klogd may not be able to read /proc/kmsg fast enough */
++#if 0
++#define DEBUGP printk
++#else
++#define DEBUGP(format, args...)
++#endif
++
++static struct quake3_search quake3s_nat = { "****", "getserversResponse", sizeof("getserversResponse") - 1 };
++
++static unsigned int
++quake3_nat_help(struct ip_conntrack *ct,
++ struct ip_conntrack_expect *exp,
++ struct ip_nat_info *info,
++ enum ip_conntrack_info ctinfo,
++ unsigned int hooknum,
++ struct sk_buff **pskb)
++{
++ struct iphdr *iph = (*pskb)->nh.iph;
++ struct udphdr *udph = (void *)iph + iph->ihl * 4;
++ struct ip_conntrack_tuple repl;
++ int dir = CTINFO2DIR(ctinfo);
++ int i;
++
++ DEBUGP("ip_nat_quake3: quake3_nat_help, direction: %s hook: %s\n",
++ dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY",
++ hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
++ : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
++ : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "???"
++ );
++ DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
++ DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_REPLY].tuple);
++
++ /* Only mangle things once: original direction in POST_ROUTING
++ and reply direction on PRE_ROUTING. */
++ if (!((hooknum == NF_IP_POST_ROUTING && dir == IP_CT_DIR_ORIGINAL)
++ || (hooknum == NF_IP_PRE_ROUTING && dir == IP_CT_DIR_REPLY))) {
++ DEBUGP("ip_nat_quake3: Not touching dir %s at hook %s\n",
++ dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY",
++ hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
++ : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
++ : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "????");
++ return NF_ACCEPT;
++ }
++
++ if (!exp) {
++ DEBUGP("no conntrack expectation to modify\n");
++ return NF_ACCEPT;
++ }
++
++ if (strnicmp((const char *)udph + 12, quake3s_nat.pattern, quake3s_nat.plen) == 0) {
++ for(i=31; /* 8 bytes UDP hdr, 4 bytes filler, 18 bytes "getserversResponse", 1 byte "\" */
++ i+6 < ntohs(udph->len);
++ i+=7) {
++ DEBUGP("ip_nat_quake3: adding server at offset %u/%u %u.%u.%u.%u:%u\n",
++ i, ntohs(udph->len),
++ NIPQUAD( (u_int32_t) *( (u_int32_t *)( (int)udph + i ) ) ),
++ ntohs((__u16) *( (__u16 *)( (int)udph + i + 4 ) ) ) );
++
++ memset(&repl, 0, sizeof(repl));
++
++ repl.dst.protonum = IPPROTO_UDP;
++ repl.src.ip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip;
++ repl.dst.ip = *( (u_int32_t *)( (int)udph + i ) );
++ repl.dst.u.udp.port = (__u16) *( (__u16 *)( (int)udph + i + 4 ) );
++
++ ip_conntrack_change_expect(exp, &repl);
++ }
++ }
++ return NF_ACCEPT;
++}
++
++static unsigned int
++quake3_nat_expected(struct sk_buff **pskb,
++ unsigned int hooknum,
++ struct ip_conntrack *ct,
++ struct ip_nat_info *info)
++{
++ const struct ip_conntrack *master = ct->master->expectant;
++ struct ip_nat_multi_range mr;
++ u_int32_t newsrcip, newdstip, newip;
++#if 0
++ const struct ip_conntrack_tuple *repl =
++ &master->tuplehash[IP_CT_DIR_REPLY].tuple;
++ struct iphdr *iph = (*pskb)->nh.iph;
++ struct udphdr *udph = (void *)iph + iph->ihl*4;
++#endif
++
++ DEBUGP("ip_nat_quake3: quake3_nat_expected: here we are\n");
++ DUMP_TUPLE(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
++
++ IP_NF_ASSERT(info);
++ IP_NF_ASSERT(master);
++ IP_NF_ASSERT(!(info->initialized & (1 << HOOK2MANIP(hooknum))));
++
++ newdstip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
++ newsrcip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
++
++ if (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC) {
++ newip = newsrcip;
++ DEBUGP("hook: %s orig: %u.%u.%u.%u:%u <-> %u.%u.%u.%u:%u "
++ "newsrc: %u.%u.%u.%u\n",
++ hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
++ : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
++ : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "????",
++ NIPQUAD((*pskb)->nh.iph->saddr), ntohs(udph->source),
++ NIPQUAD((*pskb)->nh.iph->daddr), ntohs(udph->dest),
++ NIPQUAD(newip));
++
++ } else {
++ newip = newdstip;
++ DEBUGP("hook: %s orig: %u.%u.%u.%u:%u <-> %u.%u.%u.%u:%u "
++ "newdst: %u.%u.%u.%u\n",
++ hooknum == NF_IP_POST_ROUTING ? "POSTROUTING"
++ : hooknum == NF_IP_PRE_ROUTING ? "PREROUTING"
++ : hooknum == NF_IP_LOCAL_OUT ? "OUTPUT" : "????",
++ NIPQUAD((*pskb)->nh.iph->saddr), ntohs(udph->source),
++ NIPQUAD((*pskb)->nh.iph->daddr), ntohs(udph->dest),
++ NIPQUAD(newip));
++ }
++
++ mr.rangesize = 1;
++ mr.range[0].flags = IP_NAT_RANGE_MAP_IPS;
++ mr.range[0].min_ip = mr.range[0].max_ip = newip;
++
++ return ip_nat_setup_info(ct,&mr,hooknum);
++}
++
++static struct ip_nat_helper quake3[MAX_PORTS];
++static char quake3_names[MAX_PORTS][13]; /* quake3-65535 */
++
++static void fini(void)
++{
++ int i;
++
++ for (i = 0 ; i < ports_c; i++) {
++ DEBUGP("ip_nat_quake3: unregistering helper for port %d\n", ports[i]);
++ ip_nat_helper_unregister(&quake3[i]);
++ }
++}
++
++static int __init init(void)
++ {
++ int i, ret = 0;
++ char *tmpname;
++
++ if (!ports[0])
++ ports[0] = QUAKE3_MASTER_PORT;
++
++ for (i = 0 ; (i < MAX_PORTS) && ports[i] ; i++) {
++ memset(&quake3[i], 0, sizeof(struct ip_nat_helper));
++
++ quake3[i].tuple.dst.protonum = IPPROTO_UDP;
++ quake3[i].tuple.src.u.udp.port = htons(ports[i]);
++ quake3[i].mask.dst.protonum = 0xFFFF;
++ quake3[i].mask.src.u.udp.port = 0xFFFF;
++ quake3[i].help = quake3_nat_help;
++ quake3[i].flags = 0;
++ quake3[i].me = THIS_MODULE;
++ quake3[i].expect = quake3_nat_expected;
++
++ tmpname = &quake3_names[i][0];
++ if (ports[i] == QUAKE3_MASTER_PORT)
++ sprintf(tmpname, "quake3");
++ else
++ sprintf(tmpname, "quake3-%d", i);
++ quake3[i].name = tmpname;
++
++ DEBUGP("ip_nat_quake3: registering helper for port %d: name %s\n",
++ ports[i], quake3[i].name);
++ ret = ip_nat_helper_register(&quake3[i]);
++
++ if (ret) {
++ printk("ip_nat_quake3: unable to register helper for port %d\n",
++ ports[i]);
++ fini();
++ return ret;
++ }
++ ports_c++;
++ }
++ return ret;
++ }
++
++module_init(init);
++module_exit(fini);
diff -urN netfilter-orig/patch-o-matic/extra/quake3-conntrack.patch.config.in netfilter/patch-o-matic/extra/quake3-conntrack.patch.config.in
--- netfilter-orig/patch-o-matic/extra/quake3-conntrack.patch.config.in 1970-01-01 01:00:00.000000000 +0100
+++ netfilter/patch-o-matic/extra/quake3-conntrack.patch.config.in 2002-10-05 22:41:18.000000000 +0200
@@ -0,0 +1,2 @@
+ dep_tristate ' IRC protocol support' CONFIG_IP_NF_IRC $CONFIG_IP_NF_CONNTRACK
+ dep_tristate ' Quake III protocol support' CONFIG_IP_NF_QUAKE3 $CONFIG_IP_NF_CONNTRACK
diff -urN netfilter-orig/patch-o-matic/extra/quake3-conntrack.patch.config.in-2 netfilter/patch-o-matic/extra/quake3-conntrack.patch.config.in-2
--- netfilter-orig/patch-o-matic/extra/quake3-conntrack.patch.config.in-2 1970-01-01 01:00:00.000000000 +0100
+++ netfilter/patch-o-matic/extra/quake3-conntrack.patch.config.in-2 2002-10-05 22:45:04.000000000 +0200
@@ -0,0 +1,8 @@
+ define_tristate CONFIG_IP_NF_NAT_IRC $CONFIG_IP_NF_NAT
+ fi
+ fi
+ if [ "$CONFIG_IP_NF_QUAKE3" = "m" ]; then
+ define_tristate CONFIG_IP_NF_NAT_QUAKE3 m
+ else
+ if [ "$CONFIG_IP_NF_QUAKE3" = "y" ]; then
+ define_tristate CONFIG_IP_NF_NAT_QUAKE3 $CONFIG_IP_NF_NAT
diff -urN netfilter-orig/patch-o-matic/extra/quake3-conntrack.patch.configure.help netfilter/patch-o-matic/extra/quake3-conntrack.patch.configure.help
--- netfilter-orig/patch-o-matic/extra/quake3-conntrack.patch.configure.help 1970-01-01 01:00:00.000000000 +0100
+++ netfilter/patch-o-matic/extra/quake3-conntrack.patch.configure.help 2002-10-05 22:47:52.000000000 +0200
@@ -0,0 +1,10 @@
+CONFIG_IP_NF_IRC
+Quake III Arena protocol support
+CONFIG_IP_NF_QUAKE3
+ Quake III Arena connection tracking helper. This module allows for a
+ stricter firewall rulebase if one only allows traffic to a master
+ server. Connections to Quake III server IP addresses and ports returned
+ by the master server will be tracked automatically.
+
+ If you want to compile it as a module, say M here and read
+ <file:Documentation/modules.txt>. If unsure, say `Y'.
diff -urN netfilter-orig/patch-o-matic/extra/quake3-conntrack.patch.help netfilter/patch-o-matic/extra/quake3-conntrack.patch.help
--- netfilter-orig/patch-o-matic/extra/quake3-conntrack.patch.help 1970-01-01 01:00:00.000000000 +0100
+++ netfilter/patch-o-matic/extra/quake3-conntrack.patch.help 2002-10-05 23:11:52.000000000 +0200
@@ -0,0 +1,17 @@
+Author: Filip Sneppe <filip.sneppe@cronos.be>
+Status: WorksForMe (tm)
+
+This adds CONFIG_IP_NF_QUAKE3: a Quake III Arena support module for
+netfilter connection tracking/NAT.
+
+Quake III Arena Internet multiplayer works by querying an Internet
+master server on UDP port 27950 for specific Quake III servers. The
+master server responds with the IP addresses and UDP ports of
+registered game servers. Those UDP ports can be randomly chosen
+(although 27960 is often used).
+
+This connection tracking module will listen for UDP replies
+from a master server, and will add the necessary expectations
+for connections from client to game servers.
+
+Note: Requires newnat !
diff -urN netfilter-orig/patch-o-matic/extra/quake3-conntrack.patch.makefile netfilter/patch-o-matic/extra/quake3-conntrack.patch.makefile
--- netfilter-orig/patch-o-matic/extra/quake3-conntrack.patch.makefile 1970-01-01 01:00:00.000000000 +0100
+++ netfilter/patch-o-matic/extra/quake3-conntrack.patch.makefile 2002-10-05 22:51:27.000000000 +0200
@@ -0,0 +1,5 @@
+# connection tracking helpers
+obj-$(CONFIG_IP_NF_QUAKE3) += ip_conntrack_quake3.o
+ifdef CONFIG_IP_NF_NAT_QUAKE3
+ export-objs += ip_conntrack_quake3.o
+endif
diff -urN netfilter-orig/patch-o-matic/extra/quake3-conntrack.patch.makefile-2 netfilter/patch-o-matic/extra/quake3-conntrack.patch.makefile-2
--- netfilter-orig/patch-o-matic/extra/quake3-conntrack.patch.makefile-2 1970-01-01 01:00:00.000000000 +0100
+++ netfilter/patch-o-matic/extra/quake3-conntrack.patch.makefile-2 2002-10-05 22:52:02.000000000 +0200
@@ -0,0 +1,2 @@
+obj-$(CONFIG_IP_NF_NAT_IRC) += ip_nat_irc.o
+obj-$(CONFIG_IP_NF_NAT_QUAKE3) += ip_nat_quake3.o
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2002-10-05 20:55 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-10-05 20:55 [PATCH] Quake III Arena conntracker Filip Sneppe (Cronos)
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.