PPTP conntrack for kernel 2.6

PPTP conntrack for kernel 2.6

[Laurens Blankers]

Hi all,

Could someone please port the pptp conntrack module to kernel 2.6?

This module is the only thing that prevents me from switching to kernel 
2.6, so it would be really great if someone could port it.

Sincerly,

Laurens

Re: PPTP conntrack for kernel 2.6

[Robbie Dinn]

Laurens Blankers wrote:
> Could someone please port the pptp conntrack module to kernel 2.6?

I thought I would have a go at this. It is a bit harder to do
than I thought.

<aside>
At the moment I am stuck trying to fix up function gre_manip_pkt()
in ip_nat_proto_gre.c . I can change the function parameter to
match the function prototype, but I don't know to fix the code
in the body of the function.

I tried looking at functions udp_manip_pkt() and tcp_manip_pkt()
for guidance (in files ip_nat_protocol_{udp|tcp}.c), but I am still
confused.
</aside>

I think I might have spotted something that looks a bit strange,
maybe even a bug? Please bear in mind that I don't understand the
code.

Both udp_manip_pkt() and tcp_manip_pkt() make a call to
skb_ip_make_writable(). It is the second parameter passed to
skb_ip_make_writable() that I am worried about.

In udp_manip_pkt() it is called like this:

      if (!skb_ip_make_writable(pskb, hdroff + sizeof(hdr)))

where hdr is a pointer to a struct udphdr

In tcp_manip_pkt() it is called like this:

      if (!skb_ip_make_writable(pskb, hdroff + hdrsize))

where hdrsize may have a value of sizeof(tcphdr)

I am worried that sizeof(struct udphdr) and sizeof(struct udphdr *)
are different things.

Have I found a bug or am I simply confused?

Re: PPTP conntrack for kernel 2.6

[Harald Welte]

[-- Attachment #1: Type: text/plain, Size: 1835 bytes --]

On Tue, Aug 17, 2004 at 09:58:37AM +0100, Robbie Dinn wrote:
> Laurens Blankers wrote:
> >Could someone please port the pptp conntrack module to kernel 2.6?
> 
> I thought I would have a go at this. It is a bit harder to do
> than I thought.

Thanks for picking this issue up.

PPTP is actually the only helper that can be ported to 2.6.x without the
big hazzle of implementing pattern matching on nonlinear skb's, so it
can done in a safe way (as opposed to lots of other helpers).

> I think I might have spotted something that looks a bit strange,
> maybe even a bug? Please bear in mind that I don't understand the
> code.

It's not that difficult.  We're trying to assure that a certain part of
the skb can be written to. (linearized, non-shared/cloned,...)

> Both udp_manip_pkt() and tcp_manip_pkt() make a call to
> skb_ip_make_writable(). It is the second parameter passed to
> skb_ip_make_writable() that I am worried about.
> 
> In udp_manip_pkt() it is called like this:
> 
>      if (!skb_ip_make_writable(pskb, hdroff + sizeof(hdr)))
> 
> where hdr is a pointer to a struct udphdr

that is indeed a bug.  It has to be sizeof(*hdr)

> In tcp_manip_pkt() it is called like this:
> 
>      if (!skb_ip_make_writable(pskb, hdroff + hdrsize))
> 
> where hdrsize may have a value of sizeof(tcphdr)

yes, depending on tcp options, ..

Bugfix is in
patch-o-matic-ng/updtes/18_linux-2.6.8.1-udp-nat-nonlinear.patch

-- 
- Harald Welte <laforge@netfilter.org>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]