[PATCH 2.4/2.5]

[PATCH 2.4/2.5]

[Filip Sneppe (Cronos)]

[-- Attachment #1: Type: text/plain, Size: 281 bytes --]

Hi Brian,

Are you ok with the following two patches? They allow for the
amanda conntrack/nat modules to track up to 8 ports - it has
more or less become a common practice for most conntrack/nat
helpers in the kernel. There's a patch for 2.4 and one for 2.5.

Regards,
Filip







[-- Attachment #2: diff.netfilter.amanda-2.4-20030629 --]
[-- Type: text/x-patch, Size: 8779 bytes --]

diff -urN -X dontdiff linux-2.4.22-pre2-orig/include/linux/netfilter_ipv4/ip_conntrack_amanda.h linux-2.4.22-pre2/include/linux/netfilter_ipv4/ip_conntrack_amanda.h
--- linux-2.4.22-pre2-orig/include/linux/netfilter_ipv4/ip_conntrack_amanda.h	2003-06-28 23:20:35.000000000 +0200
+++ linux-2.4.22-pre2/include/linux/netfilter_ipv4/ip_conntrack_amanda.h	2003-06-29 04:13:52.000000000 +0200
@@ -17,7 +17,7 @@
 };
 
 #define NUM_MSGS 	3
-
+#define AMANDA_PORT	10080
 
 struct ip_ct_amanda_expect
 {
diff -urN -X dontdiff linux-2.4.22-pre2-orig/net/ipv4/netfilter/ip_conntrack_amanda.c linux-2.4.22-pre2/net/ipv4/netfilter/ip_conntrack_amanda.c
--- linux-2.4.22-pre2-orig/net/ipv4/netfilter/ip_conntrack_amanda.c	2003-06-13 16:51:39.000000000 +0200
+++ linux-2.4.22-pre2/net/ipv4/netfilter/ip_conntrack_amanda.c	2003-06-29 05:29:27.000000000 +0200
@@ -1,4 +1,4 @@
-/* Amanda extension for IP connection tracking, Version 0.2
+/* Amanda extension for IP connection tracking, Version 0.3
  * (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca>
  * based on HW's ip_conntrack_irc.c as well as other modules
  *
@@ -8,7 +8,8 @@
  *      2 of the License, or (at your option) any later version.
  *
  *	Module load syntax:
- * 	insmod ip_conntrack_amanda.o [master_timeout=n]
+ * 	insmod ip_conntrack_amanda.o [master_timeout=n] 
+ * 				     [ports=p1,p2,...,p<MAX_PORTS>]
  *	
  *	Where master_timeout is the timeout (in seconds) of the master
  *	connection (port 10080).  This defaults to 5 minutes but if
@@ -16,6 +17,11 @@
  *	before getting back to the Amanda server, you can increase
  *	this value.
  *
+ *	Where ports sets the UDP ports used to track the Amanda protocol.
+ *
+ *	Changes:
+ *	v0.3 - 2003/06/29 - Add tracking support for up to 8 ports
+ *			    Filip Sneppe <filip.sneppe@cronos.be>
  */
 
 #include <linux/module.h>
@@ -30,11 +36,19 @@
 
 static unsigned int master_timeout = 300;
 
+#define MAX_PORTS	8
+static int ports[MAX_PORTS];
+static int ports_c = 0;
+
 MODULE_AUTHOR("Brian J. Murrell <netfilter@interlinx.bc.ca>");
 MODULE_DESCRIPTION("Amanda connection tracking module");
 MODULE_LICENSE("GPL");
+#ifdef MODULE_PARM
 MODULE_PARM(master_timeout, "i");
 MODULE_PARM_DESC(master_timeout, "timeout for the master connection");
+MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i");
+MODULE_PARM_DESC(ports, "port numbers of Amanda servers");
+#endif
 
 DECLARE_LOCK(ip_amanda_lock);
 struct module *ip_conntrack_amanda = THIS_MODULE;
@@ -193,39 +207,60 @@
 	return NF_ACCEPT;
 }
 
-static struct ip_conntrack_helper amanda_helper;
+static struct ip_conntrack_helper amanda_helper[MAX_PORTS];
+static char amanda_helper_names[MAX_PORTS][13];
 
 static void fini(void)
 {
-	DEBUGP("ip_ct_amanda: unregistering helper for port 10080\n");
-	ip_conntrack_helper_unregister(&amanda_helper);
+	int i;
+
+	for (i = 0; (i < ports_c) && ports[i]; i++) {
+		DEBUGP("ip_ct_amanda: unregistering helper for port %d\n",
+		       ports[i]);
+		ip_conntrack_helper_unregister(&amanda_helper[i]);
+	}
 }
 
 static int __init init(void)
 {
-	int ret;
+	int i, ret;
+	char *tmpname;
+
+	if(ports[0] == 0)
+		ports[0] = AMANDA_PORT;
 
-	memset(&amanda_helper, 0, sizeof(struct ip_conntrack_helper));
-	amanda_helper.tuple.src.u.udp.port = htons(10080);
-	amanda_helper.tuple.dst.protonum = IPPROTO_UDP;
-	amanda_helper.mask.src.u.udp.port = 0xFFFF;
-	amanda_helper.mask.dst.protonum = 0xFFFF;
-	amanda_helper.max_expected = NUM_MSGS;
-	amanda_helper.timeout = 180;
-	amanda_helper.flags = IP_CT_HELPER_F_REUSE_EXPECT;
-	amanda_helper.me = ip_conntrack_amanda;
-	amanda_helper.help = help;
-	amanda_helper.name = "amanda";
-
-	DEBUGP("ip_ct_amanda: registering helper for port 10080\n");
-
-	ret = ip_conntrack_helper_register(&amanda_helper);
-
-	if (ret) {
-		printk("ip_ct_amanda: ERROR registering helper\n");
-		fini();
-		return -EBUSY;
+	for(i = 0; (i < MAX_PORTS) && ports[i]; i++) {
+		memset(&amanda_helper[i], 0, sizeof(struct ip_conntrack_helper));
+		amanda_helper[i].tuple.src.u.udp.port = htons(ports[i]);
+		amanda_helper[i].tuple.dst.protonum = IPPROTO_UDP;
+		amanda_helper[i].mask.src.u.udp.port = 0xFFFF;
+		amanda_helper[i].mask.dst.protonum = 0xFFFF;
+		amanda_helper[i].max_expected = NUM_MSGS;
+		amanda_helper[i].timeout = 180;
+		amanda_helper[i].flags = IP_CT_HELPER_F_REUSE_EXPECT;
+		amanda_helper[i].me = ip_conntrack_amanda;
+		amanda_helper[i].help = help;
+
+		tmpname = &amanda_helper_names[i][0];
+		if(ports[i] == AMANDA_PORT)
+			sprintf(tmpname, "amanda");
+		else
+			sprintf(tmpname, "amanda-%d", ports[i]);
+		amanda_helper[i].name = tmpname;
+
+		DEBUGP("ip_ct_amanda: registering helper for port %d\n",
+		       ports[i]);
+		
+		ret = ip_conntrack_helper_register(&amanda_helper[i]);
+
+		if (ret) {
+			printk("ip_ct_amanda: ERROR registering helper\n");
+			fini();
+			return ret;
+		}
+		ports_c++;
 	}
+
 	return 0;
 }
 
diff -urN -X dontdiff linux-2.4.22-pre2-orig/net/ipv4/netfilter/ip_nat_amanda.c linux-2.4.22-pre2/net/ipv4/netfilter/ip_nat_amanda.c
--- linux-2.4.22-pre2-orig/net/ipv4/netfilter/ip_nat_amanda.c	2003-06-28 21:49:01.000000000 +0200
+++ linux-2.4.22-pre2/net/ipv4/netfilter/ip_nat_amanda.c	2003-06-29 05:29:44.000000000 +0200
@@ -8,7 +8,13 @@
  *      2 of the License, or (at your option) any later version.
  *
  *	Module load syntax:
- * 	insmod ip_nat_amanda.o
+ * 	insmod ip_nat_amanda.o [ports=p1,p2,...,p<MAX_PORTS>]
+ *
+ * 	Where ports sets the UDP ports used to track the Amanda protocol.
+ *
+ * 	Changes:
+ * 	2003/06/29 - Add tracking support for up to 8 ports
+ * 		     Filip Sneppe <filip.sneppe@cronos.be>
  */
 
 #include <linux/module.h>
@@ -38,6 +44,14 @@
 MODULE_DESCRIPTION("Amanda network address translation module");
 MODULE_LICENSE("GPL");
 
+#define MAX_PORTS	8
+static int ports[MAX_PORTS];
+static int ports_c = 0;
+#ifdef MODULE_PARM
+MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i");
+MODULE_PARM_DESC(ports, "port numbers of Amanda servers");
+#endif
+
 /* protects amanda part of conntracks */
 DECLARE_LOCK_EXTERN(ip_amanda_lock);
 
@@ -179,45 +193,62 @@
 	return NF_ACCEPT;
 }
 
-static struct ip_nat_helper ip_nat_amanda_helper;
+static struct ip_nat_helper ip_nat_amanda_helper[MAX_PORTS];
+static char amanda_helper_names[MAX_PORTS][13];
 
 /* This function is intentionally _NOT_ defined as  __exit, because
  * it is needed by init() */
 static void fini(void)
 {
-	DEBUGP("ip_nat_amanda: unregistering nat helper\n");
-	ip_nat_helper_unregister(&ip_nat_amanda_helper);
+	int i;
+
+	for(i = 0; i < ports_c; i++) {
+		DEBUGP("ip_nat_amanda: unregistering nat helper for port %d\n",
+		       ports[i]);
+		ip_nat_helper_unregister(&ip_nat_amanda_helper[i]);
+	}
 }
 
 static int __init init(void)
 {
-	int ret = 0;
-	struct ip_nat_helper *hlpr;
+	int i, ret = 0;
+	char *tmpname;
 
-	hlpr = &ip_nat_amanda_helper;
-	memset(hlpr, 0, sizeof(struct ip_nat_helper));
+	if(!ports[0])
+		ports[0] = AMANDA_PORT;
 
-	hlpr->tuple.dst.protonum = IPPROTO_UDP;
-	hlpr->tuple.src.u.udp.port = htons(10080);
-	hlpr->mask.src.u.udp.port = 0xFFFF;
-	hlpr->mask.dst.protonum = 0xFFFF;
-	hlpr->help = help;
-	hlpr->flags = 0;
-	hlpr->me = THIS_MODULE;
-	hlpr->expect = amanda_nat_expected;
-
-	hlpr->name = "amanda";
-
-	DEBUGP
-	    ("ip_nat_amanda: Trying to register nat helper\n");
-	ret = ip_nat_helper_register(hlpr);
-
-	if (ret) {
-		printk
-		    ("ip_nat_amanda: error registering nat helper\n");
-		fini();
-		return 1;
+	for(i = 0; (i < MAX_PORTS) && ports[i]; i++) {
+		memset(&ip_nat_amanda_helper[i], 0, sizeof(struct ip_nat_helper));
+		ip_nat_amanda_helper[i].tuple.dst.protonum = IPPROTO_UDP;
+		ip_nat_amanda_helper[i].tuple.src.u.udp.port = htons(ports[i]);
+		ip_nat_amanda_helper[i].mask.src.u.udp.port = 0xFFFF;
+		ip_nat_amanda_helper[i].mask.dst.protonum = 0xFFFF;
+		ip_nat_amanda_helper[i].help = help;
+		ip_nat_amanda_helper[i].flags = 0;
+		ip_nat_amanda_helper[i].me = THIS_MODULE;
+		ip_nat_amanda_helper[i].expect = amanda_nat_expected;
+
+		tmpname = &amanda_helper_names[i][0];
+		if(ports[i] == AMANDA_PORT)
+			sprintf(tmpname, "amanda");
+		else
+			sprintf(tmpname, "amanda-%d", ports[i]);
+		ip_nat_amanda_helper[i].name = tmpname;
+
+		DEBUGP("ip_nat_amanda: Trying to register nat helperfor port %d\n",
+		       ports[i]);
+		ret = ip_nat_helper_register(&ip_nat_amanda_helper[i]);
+
+		if (ret) {
+			printk
+				("ip_nat_amanda: error registering for port %d\n",
+				 ports[i]);
+			fini();
+			return ret;
+		}
+		ports_c++;
 	}
+
 	return ret;
 }
 

[-- Attachment #3: diff.netfilter.amanda-2.5-20030629 --]
[-- Type: text/x-patch, Size: 8622 bytes --]

diff -urN -X dontdiff linux-2.5.73-orig/include/linux/netfilter_ipv4/ip_conntrack_amanda.h linux-2.5.73/include/linux/netfilter_ipv4/ip_conntrack_amanda.h
--- linux-2.5.73-orig/include/linux/netfilter_ipv4/ip_conntrack_amanda.h	2003-06-22 20:32:33.000000000 +0200
+++ linux-2.5.73/include/linux/netfilter_ipv4/ip_conntrack_amanda.h	2003-06-29 21:12:07.000000000 +0200
@@ -11,6 +11,8 @@
 
 #endif
 
+#define AMANDA_PORT	10080
+
 struct ip_ct_amanda_expect
 {
 	u_int16_t port;		/* port number of this expectation */
diff -urN -X dontdiff linux-2.5.73-orig/net/ipv4/netfilter/ip_conntrack_amanda.c linux-2.5.73/net/ipv4/netfilter/ip_conntrack_amanda.c
--- linux-2.5.73-orig/net/ipv4/netfilter/ip_conntrack_amanda.c	2003-06-22 20:32:58.000000000 +0200
+++ linux-2.5.73/net/ipv4/netfilter/ip_conntrack_amanda.c	2003-06-29 22:06:38.000000000 +0200
@@ -1,4 +1,4 @@
-/* Amanda extension for IP connection tracking, Version 0.2
+/* Amanda extension for IP connection tracking, Version 0.3
  * (C) 2002 by Brian J. Murrell <netfilter@interlinx.bc.ca>
  * based on HW's ip_conntrack_irc.c as well as other modules
  *
@@ -8,7 +8,8 @@
  *      2 of the License, or (at your option) any later version.
  *
  *	Module load syntax:
- * 	insmod ip_conntrack_amanda.o [master_timeout=n]
+ * 	insmod ip_conntrack_amanda.o [master_timeout=n] 
+ * 				     [ports=p1,p2,...,p<MAX_PORTS>]
  *	
  *	Where master_timeout is the timeout (in seconds) of the master
  *	connection (port 10080).  This defaults to 5 minutes but if
@@ -16,6 +17,11 @@
  *	before getting back to the Amanda server, you can increase
  *	this value.
  *
+ *	Where ports sets the UDP ports used to track the Amanda protocol.
+ *
+ *	Changes:
+ *	v0.3 - 2003/06/29 - Add tracking support for up to 8 ports
+ *			    Filip Sneppe <filip.sneppe@cronos.be>
  */
 
 #include <linux/module.h>
@@ -30,11 +36,19 @@
 
 static unsigned int master_timeout = 300;
 
+#define MAX_PORTS	8
+static int ports[MAX_PORTS];
+static int ports_c = 0;
+
 MODULE_AUTHOR("Brian J. Murrell <netfilter@interlinx.bc.ca>");
 MODULE_DESCRIPTION("Amanda connection tracking module");
 MODULE_LICENSE("GPL");
+#ifdef MODULE_PARM
 MODULE_PARM(master_timeout, "i");
 MODULE_PARM_DESC(master_timeout, "timeout for the master connection");
+MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i");
+MODULE_PARM_DESC(ports, "port numbers of Amanda servers");
+#endif
 
 DECLARE_LOCK(ip_amanda_lock);
 
@@ -170,41 +184,61 @@
 	return NF_ACCEPT;
 }
 
-static struct ip_conntrack_helper amanda_helper = {
-	.max_expected = ARRAY_SIZE(conns),
-	.timeout = 180,
-	.flags = IP_CT_HELPER_F_REUSE_EXPECT,
-	.me = THIS_MODULE,
-	.help = help,
-	.name = "amanda",
-
-	.tuple = { .src = { .u = { __constant_htons(10080) } },
-		   .dst = { .protonum = IPPROTO_UDP },
-	},
-	.mask = { .src = { .u = { 0xFFFF } },
-		 .dst = { .protonum = 0xFFFF },
-	},
-};
+static struct ip_conntrack_helper amanda_helper[MAX_PORTS];
+static char amanda_helper_names[MAX_PORTS][13];
 
 static void fini(void)
 {
-	DEBUGP("ip_ct_amanda: unregistering helper for port 10080\n");
-	ip_conntrack_helper_unregister(&amanda_helper);
+	int i;
+
+	for (i = 0; (i < ports_c) && ports[i]; i++) {
+		DEBUGP("ip_ct_amanda: unregistering helper for port %d\n",
+		       ports[i]);
+		ip_conntrack_helper_unregister(&amanda_helper[i]);
+	}
 }
 
 static int __init init(void)
 {
-	int ret;
+	int i, ret = 0;
+	char *tmpname;
 
-	DEBUGP("ip_ct_amanda: registering helper for port 10080\n");
-	ret = ip_conntrack_helper_register(&amanda_helper);
+	if(ports[0] == 0)
+		ports[0] = AMANDA_PORT;
 
-	if (ret) {
-		printk("ip_ct_amanda: ERROR registering helper\n");
-		fini();
-		return -EBUSY;
+	for(i = 0; (i < MAX_PORTS) && ports[i]; i++) {
+		memset(&amanda_helper[i], 0, sizeof(struct ip_conntrack_helper));
+		amanda_helper[i].tuple.src.u.udp.port = __constant_htons(ports[i]);
+		amanda_helper[i].tuple.dst.protonum = IPPROTO_UDP;
+		amanda_helper[i].mask.src.u.udp.port = 0xFFFF;
+		amanda_helper[i].mask.dst.protonum = 0xFFFF;
+		amanda_helper[i].max_expected = ARRAY_SIZE(conns);
+		amanda_helper[i].timeout = 180;
+		amanda_helper[i].flags = IP_CT_HELPER_F_REUSE_EXPECT;
+		amanda_helper[i].me = THIS_MODULE;
+		amanda_helper[i].help = help;
+
+		tmpname = &amanda_helper_names[i][0];
+		if(ports[i] == AMANDA_PORT)
+			sprintf(tmpname, "amanda");
+		else
+			sprintf(tmpname, "amanda-%d", ports[i]);
+		amanda_helper[i].name = tmpname;
+
+		DEBUGP("ip_ct_amanda: registering helper for port %d\n",
+		       ports[i]);
+
+		ret = ip_conntrack_helper_register(&amanda_helper[i]);
+
+		if (ret) {
+			printk("ip_ct_amanda: ERROR registering helper\n");
+			fini();
+			return ret;
+		}
+		ports_c++;
 	}
-	return 0;
+
+	return ret;
 }
 
 PROVIDES_CONNTRACK(amanda);
diff -urN -X dontdiff linux-2.5.73-orig/net/ipv4/netfilter/ip_nat_amanda.c linux-2.5.73/net/ipv4/netfilter/ip_nat_amanda.c
--- linux-2.5.73-orig/net/ipv4/netfilter/ip_nat_amanda.c	2003-06-22 20:32:36.000000000 +0200
+++ linux-2.5.73/net/ipv4/netfilter/ip_nat_amanda.c	2003-06-29 21:25:02.000000000 +0200
@@ -8,7 +8,13 @@
  *      2 of the License, or (at your option) any later version.
  *
  *	Module load syntax:
- * 	insmod ip_nat_amanda.o
+ * 	insmod ip_nat_amanda.o [ports=p1,p2,...,p<MAX_PORTS>]
+ *
+ * 	Where ports sets the UDP ports used to track the Amanda protocol.
+ *
+ * 	Changes:
+ * 	2003/06/29 - Add tracking support for up to 8 ports
+ * 		     Filip Sneppe <filip.sneppe@cronos.be>
  */
 
 #include <linux/module.h>
@@ -38,6 +44,14 @@
 MODULE_DESCRIPTION("Amanda network address translation module");
 MODULE_LICENSE("GPL");
 
+#define MAX_PORTS	8
+static int ports[MAX_PORTS];
+static int ports_c = 0;
+#ifdef MODULE_PARM
+MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i");
+MODULE_PARM_DESC(ports, "port numbers of Amanda servers");
+#endif
+
 /* protects amanda part of conntracks */
 DECLARE_LOCK_EXTERN(ip_amanda_lock);
 
@@ -179,45 +193,62 @@
 	return NF_ACCEPT;
 }
 
-static struct ip_nat_helper ip_nat_amanda_helper;
+static struct ip_nat_helper ip_nat_amanda_helper[MAX_PORTS];
+static char amanda_helper_names[MAX_PORTS][13];
 
 /* This function is intentionally _NOT_ defined as  __exit, because
  * it is needed by init() */
 static void fini(void)
 {
-	DEBUGP("ip_nat_amanda: unregistering nat helper\n");
-	ip_nat_helper_unregister(&ip_nat_amanda_helper);
+	int i;
+
+	for(i = 0; i < ports_c; i++) {
+		DEBUGP("ip_nat_amanda: unregistering nat helper for port %d\n",
+		       ports[i]);
+		ip_nat_helper_unregister(&ip_nat_amanda_helper[i]);
+	}
 }
 
 static int __init init(void)
 {
-	int ret = 0;
-	struct ip_nat_helper *hlpr;
+	int i, ret = 0;
+	char *tmpname;
 
-	hlpr = &ip_nat_amanda_helper;
-	memset(hlpr, 0, sizeof(struct ip_nat_helper));
+	if(!ports[0])
+		ports[0] = AMANDA_PORT;
 
-	hlpr->tuple.dst.protonum = IPPROTO_UDP;
-	hlpr->tuple.src.u.udp.port = htons(10080);
-	hlpr->mask.src.u.udp.port = 0xFFFF;
-	hlpr->mask.dst.protonum = 0xFFFF;
-	hlpr->help = help;
-	hlpr->flags = 0;
-	hlpr->me = THIS_MODULE;
-	hlpr->expect = amanda_nat_expected;
-
-	hlpr->name = "amanda";
-
-	DEBUGP
-	    ("ip_nat_amanda: Trying to register nat helper\n");
-	ret = ip_nat_helper_register(hlpr);
-
-	if (ret) {
-		printk
-		    ("ip_nat_amanda: error registering nat helper\n");
-		fini();
-		return 1;
+	for(i = 0; (i < MAX_PORTS) && ports[i]; i++) {
+		memset(&ip_nat_amanda_helper[i], 0, sizeof(struct ip_nat_helper));
+		ip_nat_amanda_helper[i].tuple.dst.protonum = IPPROTO_UDP;
+		ip_nat_amanda_helper[i].tuple.src.u.udp.port = htons(ports[i]);
+		ip_nat_amanda_helper[i].mask.src.u.udp.port = 0xFFFF;
+		ip_nat_amanda_helper[i].mask.dst.protonum = 0xFFFF;
+		ip_nat_amanda_helper[i].help = help;
+		ip_nat_amanda_helper[i].flags = 0;
+		ip_nat_amanda_helper[i].me = THIS_MODULE;
+		ip_nat_amanda_helper[i].expect = amanda_nat_expected;
+
+		tmpname = &amanda_helper_names[i][0];
+		if(ports[i] == AMANDA_PORT)
+			sprintf(tmpname, "amanda");
+		else
+			sprintf(tmpname, "amanda-%d", ports[i]);
+		ip_nat_amanda_helper[i].name = tmpname;
+
+		DEBUGP("ip_nat_amanda: Trying to register nat helperfor port %d\n",
+		       ports[i]);
+		ret = ip_nat_helper_register(&ip_nat_amanda_helper[i]);
+
+		if (ret) {
+			printk
+				("ip_nat_amanda: error registering for port %d\n",
+				 ports[i]);
+			fini();
+			return ret;
+		}
+		ports_c++;
 	}
+
 	return ret;
 }
 

Re: [PATCH 2.4/2.5]

[Brian J. Murrell]

[-- Attachment #1: Type: text/plain, Size: 944 bytes --]

On Sun, 2003-06-29 at 15:11, Filip Sneppe (Cronos) wrote:
> Hi Brian,
> 
> Are you ok with the following two patches? They allow for the
> amanda conntrack/nat modules to track up to 8 ports - it has
> more or less become a common practice for most conntrack/nat
> helpers in the kernel.

In what scenario would there be a need for multiple ports?  The
connection is initiated from the Amanda "server" to the clients.  It's
the clients that listen on port 10080, and it's the connection from the
server to the clients that is watched for, natted and conntracked.

I am having a hard time thinking of a scenario where a client would want
to listen on a port other than it's default and/or listen on multiple
ports for commands from the backup server.

The patch (the 2.4 one anyway) looks syntactically correct.  It's just
the need for it that I am not quite seeing.

b.

-- 
Brian J. Murrell <netfilter@interlinx.bc.ca>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [PATCH 2.4/2.5]

[Filip Sneppe (Cronos)]

On Sun, 2003-06-29 at 21:37, Brian J. Murrell wrote:
> 
> I am having a hard time thinking of a scenario where a client would want
> to listen on a port other than it's default and/or listen on multiple
> ports for commands from the backup server.
> 
Well not a lot of common scenarios, I will give you that, but
I just figured that in some situations, people run services 
on different ports, not the standard ports the services are normally
associated with. Sometimes because those ports are blocked by
another firewall, sometimes to confuse portscanners. I just
figured that the other conntrackers in the kernel had this
feature so I added it to your code...

Regards,
Filip

Re: [PATCH 2.4/2.5]

[Brian J. Murrell]

[-- Attachment #1: Type: text/plain, Size: 653 bytes --]

On Sun, 2003-06-29 at 16:20, Filip Sneppe (Cronos) wrote:
> Well not a lot of common scenarios, I will give you that, but
> I just figured that in some situations, people run services 
> on different ports, not the standard ports the services are normally
> associated with. Sometimes because those ports are blocked by
> another firewall, sometimes to confuse portscanners.

That is all fair enough I suppose.  I have no specific objection to it,
just didn't do it myself because I could not see the need.  If Harald
(and/or the core team) see fit, I have no objection to adding it.

b.

-- 
Brian J. Murrell <netfilter@interlinx.bc.ca>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [PATCH 2.4/2.5]

[Patrick McHardy]

Hi Filip,
you should remove the memsets, they are currently beeing removed from the
others helpers.

Best regards,
Patrick

Filip Sneppe (Cronos) wrote:

>-	if (ret) {
>-		printk("ip_ct_amanda: ERROR registering helper\n");
>-		fini();
>-		return -EBUSY;
>+	for(i = 0; (i < MAX_PORTS) && ports[i]; i++) {
>+		memset(&amanda_helper[i], 0, sizeof(struct ip_conntrack_helper));
>+		amanda_helper[i].tuple.src.u.udp.port = htons(ports[i]);
>+		amanda_helper[i].tuple.dst.protonum = IPPROTO_UDP;
>
>  
>

Re: [PATCH 2.4/2.5]

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1643 bytes --]

On Sun, Jun 29, 2003 at 04:31:50PM -0400, Brian J. Murrell wrote:
> On Sun, 2003-06-29 at 16:20, Filip Sneppe (Cronos) wrote:
> > Well not a lot of common scenarios, I will give you that, but
> > I just figured that in some situations, people run services 
> > on different ports, not the standard ports the services are normally
> > associated with. Sometimes because those ports are blocked by
> > another firewall, sometimes to confuse portscanners.
> 
> That is all fair enough I suppose.  I have no specific objection to it,
> just didn't do it myself because I could not see the need.  If Harald
> (and/or the core team) see fit, I have no objection to adding it.

I don't really see the need for such a patch unless the port numbers
used by amanda can be tuned somehow (by an amanda server/client config
file).   I'm not that familiar with the amanda suite, could somebody
please investicate this?

I mean, if we really need any helper to be working on any port, we
could even think of a more generic mechanism (like making helpers target
of a special table ('helper' with only one chain).... there you could do
stuff like 
'iptables -t helper -j HELPER --helper-name ftp -p tcp --dport 21'

> Brian J. Murrell <netfilter@interlinx.bc.ca>

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [PATCH 2.4/2.5]

[Brian J. Murrell]

[-- Attachment #1: Type: text/plain, Size: 602 bytes --]

On Mon, 2003-06-30 at 08:05, Harald Welte wrote:
> 
> I don't really see the need for such a patch unless the port numbers
> used by amanda can be tuned somehow (by an amanda server/client config
> file).   I'm not that familiar with the amanda suite, could somebody
> please investicate this?

The port numbers can certainly be tuned.  In the case of the client
(which having configurable ports as per Filip's patch addresses) the
client is simply started from the [x]inetd super-server, so it can be on
any port the admin wishes.

b.

-- 
Brian J. Murrell <netfilter@interlinx.bc.ca>

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]