All of lore.kernel.org
 help / color / mirror / Atom feed
From: David Stes <stes@pandora.be>
To: laforge@netfilter.org
Cc: netfilter-devel@lists.netfilter.org
Subject: svn diff for Legato NetWorker RPC/RSH modules
Date: Sun, 03 Jul 2005 14:48:45 +0200	[thread overview]
Message-ID: <42C7DEAD.4010209@pandora.be> (raw)


Hello,

Here is the result of a "svn diff" for some changes to the 
"patch-o-matic-ng" .

These changes are for using the RPC/RSH modules for Legato NetWorker 
traffic over a netfilter firewall.

Is it please possible to commit this diff ?
When I try to commit the changes myself, I get a "Forbidden" (permission 
denied).
Here is the DIFF :

Index: patchlets/rsh/linux/net/ipv4/netfilter/ip_conntrack_rsh.c
===================================================================
--- patchlets/rsh/linux/net/ipv4/netfilter/ip_conntrack_rsh.c	(revision 4087)
+++ patchlets/rsh/linux/net/ipv4/netfilter/ip_conntrack_rsh.c	(working copy)
@@ -2,6 +2,9 @@
  * (C) 2002 by Ian (Larry) Latter <Ian.Latter@mq.edu.au>
  * based on HW's ip_conntrack_irc.c	
  *
+ * (C) 2004,2005 by David Stes <stes@pandora.be>
+ * Modification for Legato NetWorker range [7937-9936] instead of [0:1023]
+ *
  * ip_conntrack_rsh.c,v 1.0 2002/07/17 14:49:26
  *
  *      This program is free software; you can redistribute it and/or
@@ -10,10 +13,11 @@
  *      2 of the License, or (at your option) any later version.
  **
  *	Module load syntax:
- * 	insmod ip_conntrack_rsh.o ports=port1,port2,...port<MAX_PORTS>
+ * 	insmod ip_conntrack_rsh.o range=1023,ports=port1,port2,...port<MAX_PORTS>
  *	
  * 	please give the ports of all RSH servers You wish to connect to.
  *	If You don't specify ports, the default will be port 514
+ *      If you don't specify any range, the default will be 1023
  **
  *      Note to all:
  *        RSH blows ... you should use SSH (openssh.org) to replace it,
@@ -109,6 +113,8 @@
 #include <linux/netfilter_ipv4/ip_conntrack_rsh.h>
 
 #define MAX_PORTS 8
+static int range; /* defaults to = 1023 */
+static unsigned short rangemask; /* defaults to = 0xfc00 */
 static int ports[MAX_PORTS];
 static int ports_n_c = 0;
 
@@ -116,6 +122,8 @@
 MODULE_DESCRIPTION("RSH connection tracking module");
 MODULE_LICENSE("GPL");
 #ifdef MODULE_PARM
+MODULE_PARM(range, "i");
+MODULE_PARM_DESC(range, "max port of reserved range (default is 1023)");
 MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i");
 MODULE_PARM_DESC(ports, "port numbers of RSH servers");
 #endif
@@ -198,8 +206,8 @@
 
 	/* dont relate sessions that try to expose the client */
 	DEBUGP("found port %u\n", port);
-	if (port > 1023) {
-		DEBUGP("skipping, expected port size is greater than 1023!\n");
+	if (port > range) {
+		DEBUGP("skipping, expected port size is greater than range!\n");
 		return NF_ACCEPT;
 	}
 
@@ -229,8 +237,8 @@
 	exp->mask.src.ip = 0xffffffff;
 	exp->mask.dst.ip = 0xffffffff;
 
-	exp->mask.src.u.tcp.port = htons(0xfc00);
-	exp->mask.dst.u.tcp.port = htons(0xffff);
+	exp->mask.src.u.tcp.port = htons(rangemask);
+	exp->mask.dst.u.tcp.port = htons(rangemask);
 	exp->mask.dst.protonum = 0xffff;
 
 	exp->expectfn = NULL;
@@ -267,6 +275,16 @@
 	if (ports[0] == 0)
 		ports[0] = RSH_PORT;
 
+	/* the check on reserved port <1023 doesn't work with Legato */
+        /* for Legato NetWorker, the check should be that port <= 9936 */ 
+
+        if (range == 0) 
+		range = 1023;
+
+	/* Legato uses range [ 7937 : 9936 ] -> 7937 by default */
+
+        rangemask = 0xffff ^ range; /* defaults to = 0xfc00 */
+
 	for (port = 0; (port < MAX_PORTS) && ports[port]; port++) {
 		memset(&rsh_helpers[port], 0, sizeof(struct ip_conntrack_helper));
 
@@ -287,8 +305,8 @@
 
 		/* RSH must come from ports 0:1023 to ports[port] (514) */
 		rsh_helpers[port].tuple.src.u.tcp.port = htons(ports[port]);
-		rsh_helpers[port].mask.src.u.tcp.port = htons(0xfc00);
-		rsh_helpers[port].mask.dst.u.tcp.port = htons(0xfc00);
+		rsh_helpers[port].mask.src.u.tcp.port = htons(rangemask);
+		rsh_helpers[port].mask.dst.u.tcp.port = htons(rangemask);
 
 		rsh_helpers[port].help = help;
 
Index: patchlets/rsh/linux/Documentation/Configure.help.ladd
===================================================================
--- patchlets/rsh/linux/Documentation/Configure.help.ladd	(revision 4087)
+++ patchlets/rsh/linux/Documentation/Configure.help.ladd	(working copy)
@@ -16,6 +16,8 @@
            practice" to use RSH, use SSH in all instances.
            (see rfc1244, rfc1948, rfc2179, etc ad-nauseum)
 
+  The RSH connection module supports Legato NetWorker's nsrexec.
+  For support of Legato NetWorker, you will need the RPC and the RSH modules.
 
   If you want to compile it as a module, say M here and read
   <file:Documentation/modules.txt>.  If unsure, say `N'.
Index: patchlets/rsh/help
===================================================================
--- patchlets/rsh/help	(revision 4087)
+++ patchlets/rsh/help	(working copy)
@@ -38,8 +38,22 @@
            --sport 0:1023 -d ${server} --dport 0:1023 ! --syn
            --state ESTABLISHED -j ACCEPT
 
+The nsrexec option of the RSH/RPC module supports Legato NetWorker backup.
 
+For Legato NetWorker,
 
+add options ip_conntrack_rsh range=9936 ports=7937
+add options ipt_rpc ports=7938
+add options ip_conntrack_rpc_tcp nsrexec=7937 ports=7938
+add options ip_conntrack_rpc_udp ports=7938
+
+iptables -A FORWARD -j ACCEPT -p tcp -m state --state NEW -m tcp --dport 7937
+iptables -A FORWARD -j ACCEPT -p tcp -m state --state NEW -m tcp --dport 7938
+iptables -A FORWARD -j ACCEPT -p udp -m state --state NEW -m udp --dport 7938
+iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
+iptables -A FORWARD -m state --state RELATED -j ACCEPT
+iptables -A FORWARD -m rpc --rpcs nsrd,nsrmmd,nsrindexd,nsrmmdbd,nsrstat,nsrjb,rap,rapserv -j ACCEPT
+
 Warning:
 
   This module could be dangerous. It is not "best practice" to use
Index: patchlets/rpc/linux/net/ipv4/netfilter/ip_conntrack_rpc_tcp.c
===================================================================
--- patchlets/rpc/linux/net/ipv4/netfilter/ip_conntrack_rpc_tcp.c	(revision 4087)
+++ patchlets/rpc/linux/net/ipv4/netfilter/ip_conntrack_rpc_tcp.c	(working copy)
@@ -9,6 +9,9 @@
  * (C) 2002,2003 by Ian (Larry) Latter <Ian.Latter@mq.edu.au>
  *	- upgraded conntrack modules to newnat api - kernel 2.4.20+
  *	- extended matching to support filtering on procedures
+ * 
+ * (c) 2004,2005 by David Stes <stes@pandora.be>
+ *      - add nsrexec option for Legato NetWorker
  *
  * ip_conntrack_rpc_tpc.c,v 2.2 2003/01/12 18:30:00
  *
@@ -18,10 +21,15 @@
  *	2 of the License, or (at your option) any later version.
  **
  *	Module load syntax:
- *	insmod ip_conntrack_rpc_tcp.o ports=port1,port2,...port<MAX_PORTS>
+ *	insmod ip_conntrack_rpc_tcp.o nsrexec=<n>,ports=port1,...port<MAX_PORTS>
  *
  *	Please give the ports of all RPC servers you wish to connect to.
- *	If you don't specify ports, the default will be port 111.
+ *      For example, ports=111,7938 for Legato NetWorker's portmapper on 7938.
+ *	If you don't specify ports, the default will be port 111 (SUN portmap).
+ *
+ *      Please specify nsrexec, the TCP port of the rexec() service of
+ *      Legato NetWorker.  For example, nsrexec=7937
+ *
  **
  *	Note to all:
  *
@@ -62,8 +70,11 @@
 #define MAX_PORTS 8
 static int ports[MAX_PORTS];
 static int ports_n_c = 0;
+static int nsrexec = 0;
 
 #ifdef MODULE_PARM
+MODULE_PARM(nsrexec, "i");
+MODULE_PARM_DESC(nsrexec, "TCP port of Legato NetWorker's rexec service");
 MODULE_PARM(ports, "1-" __MODULE_STRING(MAX_PORTS) "i");
 MODULE_PARM_DESC(ports, "port numbers (TCP/UDP) of RPC portmapper servers");
 #endif
@@ -280,7 +291,7 @@
 		 * expectation ...  if port == 0, then this service is 
 		 * not going to be registered.
 		 */
-		if (port_buf) {
+		if (port_buf && port_buf != nsrexec) {
 			DEBUGP("port found: %u\n", port_buf);
 
 			memset(&expect, 0, sizeof(expect));
Index: patchlets/rpc/linux/Documentation/Configure.help.ladd
===================================================================
--- patchlets/rpc/linux/Documentation/Configure.help.ladd	(revision 4087)
+++ patchlets/rpc/linux/Documentation/Configure.help.ladd	(working copy)
@@ -25,6 +25,22 @@
   procedures per iptables rule, may be specified by the user,
   to enable effective RPC management.
 
+  The nsrexec option of the RSH/RPC module supports Legato NetWorker backup.
 
+For Legato NetWorker,
+
+add options ip_conntrack_rsh range=9936 ports=7937
+add options ipt_rpc ports=7938
+add options ip_conntrack_rpc_tcp nsrexec=7937 ports=7938
+add options ip_conntrack_rpc_udp ports=7938
+
+iptables -A FORWARD -j ACCEPT -p tcp -m state --state NEW -m tcp --dport 7937
+iptables -A FORWARD -j ACCEPT -p tcp -m state --state NEW -m tcp --dport 7938
+iptables -A FORWARD -j ACCEPT -p udp -m state --state NEW -m udp --dport 7938
+iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
+iptables -A FORWARD -m state --state RELATED -j ACCEPT
+iptables -A FORWARD -m rpc --rpcs nsrd,nsrmmd,nsrindexd,nsrmmdbd,nsrstat,nsrjb,rap,rapserv -j ACCEPT
+
+
   If you want to compile it as a module, say M here and read
   <file:Documentation/modules.txt>.  If unsure, say `N'.
Index: patchlets/rpc/help
===================================================================
--- patchlets/rpc/help	(revision 4087)
+++ patchlets/rpc/help	(working copy)
@@ -56,6 +56,23 @@
      user@client# rusers $server
 
 
+The nsrexec option of the RSH/RPC module supports Legato NetWorker backup.
+
+For Legato NetWorker,
+
+add options ip_conntrack_rsh range=9936 ports=7937
+add options ipt_rpc ports=7938
+add options ip_conntrack_rpc_tcp nsrexec=7937 ports=7938
+add options ip_conntrack_rpc_udp ports=7938
+
+iptables -A FORWARD -j ACCEPT -p tcp -m state --state NEW -m tcp --dport 7937
+iptables -A FORWARD -j ACCEPT -p tcp -m state --state NEW -m tcp --dport 7938
+iptables -A FORWARD -j ACCEPT -p udp -m state --state NEW -m udp --dport 7938
+iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
+iptables -A FORWARD -m state --state RELATED -j ACCEPT
+iptables -A FORWARD -m rpc --rpcs nsrd,nsrmmd,nsrindexd,nsrmmdbd,nsrstat,nsrjb,rap,rapserv -j ACCEPT
+
+
 Warning:
 
   RPCs should not be exposed to the internet - ask the Pentagon;

             reply	other threads:[~2005-07-03 12:48 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-07-03 12:48 David Stes [this message]
2005-07-03 14:02 ` svn diff for Legato NetWorker RPC/RSH modules Harald Welte
2005-07-03 14:21   ` David Stes
2005-08-13  5:21   ` port to Linux 2.6 of the RPC/ RSH modules David Stes
2005-08-16 16:39     ` Jan Engelhardt
2005-08-19  8:56   ` RPC and " David Stes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42C7DEAD.4010209@pandora.be \
    --to=stes@pandora.be \
    --cc=laforge@netfilter.org \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.