Release 4.11 net/netfilter/nf_nat_ftp.c
/* FTP extension for TCP NAT alteration. */
/* (C) 1999-2001 Paul `Rusty' Russell
* (C) 2002-2006 Netfilter Core Team <coreteam@netfilter.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*/
#include <linux/module.h>
#include <linux/moduleparam.h>
#include <linux/inet.h>
#include <linux/tcp.h>
#include <linux/netfilter_ipv4.h>
#include <net/netfilter/nf_nat.h>
#include <net/netfilter/nf_nat_helper.h>
#include <net/netfilter/nf_conntrack_helper.h>
#include <net/netfilter/nf_conntrack_expect.h>
#include <linux/netfilter/nf_conntrack_ftp.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Rusty Russell <rusty@rustcorp.com.au>");
MODULE_DESCRIPTION("ftp NAT helper");
MODULE_ALIAS("ip_nat_ftp");
/* FIXME: Time out? --RR */
static int nf_nat_ftp_fmt_cmd(struct nf_conn *ct, enum nf_ct_ftp_type type,
char *buffer, size_t buflen,
union nf_inet_addr *addr, u16 port)
{
switch (type) {
case NF_CT_FTP_PORT:
case NF_CT_FTP_PASV:
return snprintf(buffer, buflen, "%u,%u,%u,%u,%u,%u",
((unsigned char *)&addr->ip)[0],
((unsigned char *)&addr->ip)[1],
((unsigned char *)&addr->ip)[2],
((unsigned char *)&addr->ip)[3],
port >> 8,
port & 0xFF);
case NF_CT_FTP_EPRT:
if (nf_ct_l3num(ct) == NFPROTO_IPV4)
return snprintf(buffer, buflen, "|1|%pI4|%u|",
&addr->ip, port);
else
return snprintf(buffer, buflen, "|2|%pI6|%u|",
&addr->ip6, port);
case NF_CT_FTP_EPSV:
return snprintf(buffer, buflen, "|||%u|", port);
}
return 0;
}
Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| Joe Perches | 96 | 51.89% | 1 | 33.33% |
| Patrick McHardy | 45 | 24.32% | 1 | 33.33% |
| Jozsef Kadlecsik | 44 | 23.78% | 1 | 33.33% |
| Total | 185 | 100.00% | 3 | 100.00% |
/* So, this packet has hit the connection tracking matching code.
Mangle it, and change the expectation to match the new version. */
static unsigned int nf_nat_ftp(struct sk_buff *skb,
enum ip_conntrack_info ctinfo,
enum nf_ct_ftp_type type,
unsigned int protoff,
unsigned int matchoff,
unsigned int matchlen,
struct nf_conntrack_expect *exp)
{
union nf_inet_addr newaddr;
u_int16_t port;
int dir = CTINFO2DIR(ctinfo);
struct nf_conn *ct = exp->master;
char buffer[sizeof("|1||65535|") + INET6_ADDRSTRLEN];
unsigned int buflen;
pr_debug("FTP_NAT: type %i, off %u len %u\n", type, matchoff, matchlen);
/* Connection will come from wherever this packet goes, hence !dir */
newaddr = ct->tuplehash[!dir].tuple.dst.u3;
exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
exp->dir = !dir;
/* When you see the packet, we need to NAT it the same as the
* this one. */
exp->expectfn = nf_nat_follow_master;
/* Try to get same port: if not, try to change it. */
for (port = ntohs(exp->saved_proto.tcp.port); port != 0; port++) {
int ret;
exp->tuple.dst.u.tcp.port = htons(port);
ret = nf_ct_expect_related(exp);
if (ret == 0)
break;
else if (ret != -EBUSY) {
port = 0;
break;
}
}
if (port == 0) {
nf_ct_helper_log(skb, ct, "all ports in use");
return NF_DROP;
}
buflen = nf_nat_ftp_fmt_cmd(ct, type, buffer, sizeof(buffer),
&newaddr, port);
if (!buflen)
goto out;
pr_debug("calling nf_nat_mangle_tcp_packet\n");
if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff, matchoff,
matchlen, buffer, buflen))
goto out;
return NF_ACCEPT;
out:
nf_ct_helper_log(skb, ct, "cannot mangle packet");
nf_ct_unexpect_related(exp);
return NF_DROP;
}
Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| Jozsef Kadlecsik | 184 | 58.79% | 1 | 11.11% |
| Joe Perches | 63 | 20.13% | 1 | 11.11% |
| Pablo Neira Ayuso | 44 | 14.06% | 2 | 22.22% |
| Patrick McHardy | 20 | 6.39% | 4 | 44.44% |
| Herbert Xu | 2 | 0.64% | 1 | 11.11% |
| Total | 313 | 100.00% | 9 | 100.00% |
static void __exit nf_nat_ftp_fini(void)
{
RCU_INIT_POINTER(nf_nat_ftp_hook, NULL);
synchronize_rcu();
}
Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| Jozsef Kadlecsik | 18 | 94.74% | 1 | 50.00% |
| Stephen Hemminger | 1 | 5.26% | 1 | 50.00% |
| Total | 19 | 100.00% | 2 | 100.00% |
static int __init nf_nat_ftp_init(void)
{
BUG_ON(nf_nat_ftp_hook != NULL);
RCU_INIT_POINTER(nf_nat_ftp_hook, nf_nat_ftp);
return 0;
}
Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| Jozsef Kadlecsik | 23 | 88.46% | 1 | 33.33% |
| Patrick McHardy | 2 | 7.69% | 1 | 33.33% |
| Stephen Hemminger | 1 | 3.85% | 1 | 33.33% |
| Total | 26 | 100.00% | 3 | 100.00% |
/* Prior to 2.6.11, we had a ports param. No longer, but don't break users. */
static int warn_set(const char *val, struct kernel_param *kp)
{
printk(KERN_INFO KBUILD_MODNAME
": kernel >= 2.6.10 only uses 'ports' for conntrack modules\n");
return 0;
}
Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| Jozsef Kadlecsik | 25 | 100.00% | 1 | 100.00% |
| Total | 25 | 100.00% | 1 | 100.00% |
module_param_call(ports, warn_set, NULL, NULL, 0);
module_init(nf_nat_ftp_init);
module_exit(nf_nat_ftp_fini);
Overall Contributors
| Person | Tokens | Prop | Commits | CommitProp |
| Jozsef Kadlecsik | 371 | 57.43% | 1 | 9.09% |
| Joe Perches | 159 | 24.61% | 1 | 9.09% |
| Patrick McHardy | 68 | 10.53% | 5 | 45.45% |
| Pablo Neira Ayuso | 44 | 6.81% | 2 | 18.18% |
| Stephen Hemminger | 2 | 0.31% | 1 | 9.09% |
| Herbert Xu | 2 | 0.31% | 1 | 9.09% |
| Total | 646 | 100.00% | 11 | 100.00% |
Information contained on this website is for historical information purposes only and does not indicate or represent copyright ownership.