2 * ip_conntrack_pptp.c - Version 3.0
4 * Connection tracking support for PPTP (Point to Point Tunneling Protocol).
5 * PPTP is a a protocol for creating virtual private networks.
6 * It is a specification defined by Microsoft and some vendors
7 * working with Microsoft. PPTP is built on top of a modified
8 * version of the Internet Generic Routing Encapsulation Protocol.
9 * GRE is defined in RFC 1701 and RFC 1702. Documentation of
10 * PPTP can be found in RFC 2637
12 * (C) 2000-2005 by Harald Welte <laforge@gnumonks.org>
14 * Development of this code funded by Astaro AG (http://www.astaro.com/)
17 * - We blindly assume that control connections are always
18 * established in PNS->PAC direction. This is a violation
20 * - We can only support one single call within each session
23 * - testing of incoming PPTP calls
26 * 2002-02-05 - Version 1.3
27 * - Call ip_conntrack_unexpect_related() from
28 * pptp_timeout_related() to destroy expectations in case
29 * CALL_DISCONNECT_NOTIFY or tcp fin packet was seen
30 * (Philip Craig <philipc@snapgear.com>)
31 * - Add Version information at module loadtime
32 * 2002-02-10 - Version 1.6
33 * - move to C99 style initializers
34 * - remove second expectation if first arrives
35 * 2004-10-22 - Version 2.0
36 * - merge Mandrake's 2.6.x port with recent 2.6.x API changes
37 * - fix lots of linear skb assumptions from Mandrake's port
38 * 2005-06-10 - Version 2.1
39 * - use ip_conntrack_expect_free() instead of kfree() on the
40 * expect's (which are from the slab for quite some time)
41 * 2005-06-10 - Version 3.0
42 * - port helper to post-2.6.11 API changes,
43 * funded by Oxcoda NetBox Blue (http://www.netboxblue.com/)
47 #include <linux/config.h>
48 #include <linux/module.h>
49 #include <linux/netfilter.h>
51 #include <net/checksum.h>
54 #include <linux/netfilter_ipv4/lockhelp.h>
55 #include <linux/netfilter_ipv4/ip_conntrack.h>
56 #include <linux/netfilter_ipv4/ip_conntrack_core.h>
57 #include <linux/netfilter_ipv4/ip_conntrack_helper.h>
58 #include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h>
59 #include <linux/netfilter_ipv4/ip_conntrack_pptp.h>
61 #define IP_CT_PPTP_VERSION "3.0"
63 MODULE_LICENSE("GPL");
64 MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>");
65 MODULE_DESCRIPTION("Netfilter connection tracking helper module for PPTP");
67 DECLARE_LOCK(ip_pptp_lock);
70 (*ip_nat_pptp_hook_outbound)(struct sk_buff **pskb,
71 struct ip_conntrack *ct,
72 enum ip_conntrack_info ctinfo,
73 struct PptpControlHeader *ctlh,
74 union pptp_ctrl_union *pptpReq);
77 (*ip_nat_pptp_hook_inbound)(struct sk_buff **pskb,
78 struct ip_conntrack *ct,
79 enum ip_conntrack_info ctinfo,
80 struct PptpControlHeader *ctlh,
81 union pptp_ctrl_union *pptpReq);
84 (*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *expect_orig,
85 struct ip_conntrack_expect *expect_reply);
88 (*ip_nat_pptp_hook_expectfn)(struct ip_conntrack *ct,
89 struct ip_conntrack_expect *exp);
92 #include "ip_conntrack_pptp_priv.h"
93 #define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s: " format, __FILE__, __FUNCTION__, ## args)
95 #define DEBUGP(format, args...)
99 #define MINS * 60 SECS
100 #define HOURS * 60 MINS
101 #define DAYS * 24 HOURS
103 #define PPTP_GRE_TIMEOUT (10 MINS)
104 #define PPTP_GRE_STREAM_TIMEOUT (5 DAYS)
106 static void pptp_expectfn(struct ip_conntrack *ct,
107 struct ip_conntrack_expect *exp)
109 DEBUGP("increasing timeouts\n");
111 /* increase timeout of GRE data channel conntrack entry */
112 ct->proto.gre.timeout = PPTP_GRE_TIMEOUT;
113 ct->proto.gre.stream_timeout = PPTP_GRE_STREAM_TIMEOUT;
115 /* Can you see how rusty this code is, compared with the pre-2.6.11
116 * one? That's what happened to my shiny newnat of 2002 ;( -HW */
118 if (!ip_nat_pptp_hook_expectfn) {
119 struct ip_conntrack_tuple inv_t;
120 struct ip_conntrack_expect *exp_other;
122 /* obviously this tuple inversion only works until you do NAT */
123 invert_tuplepr(&inv_t, &exp->tuple);
124 DEBUGP("trying to unexpect other dir: ");
127 exp_other = __ip_conntrack_exp_find(&inv_t);
129 /* delete other expectation. */
131 ip_conntrack_unexpect_related(exp_other);
133 DEBUGP("not found\n");
136 /* we need more than simple inversion */
137 ip_nat_pptp_hook_expectfn(ct, exp);
141 static int timeout_ct_or_exp(const struct ip_conntrack_tuple *t)
143 struct ip_conntrack_tuple_hash *h;
144 struct ip_conntrack_expect *exp;
146 DEBUGP("trying to timeout ct or exp for tuple ");
149 h = __ip_conntrack_find(t, NULL);
151 struct ip_conntrack *sibling = tuplehash_to_ctrack(h);
152 DEBUGP("setting timeout of conntrack %p to 0\n", sibling);
153 sibling->proto.gre.timeout = 0;
154 sibling->proto.gre.stream_timeout = 0;
155 /* refresh_acct will not modify counters if skb == NULL */
156 ip_ct_refresh_acct(sibling, 0, NULL, 0);
159 exp = __ip_conntrack_exp_find(t);
161 DEBUGP("unexpect_related of expect %p\n", exp);
162 ip_conntrack_unexpect_related(exp);
171 /* timeout GRE data connections */
172 static int pptp_timeout_related(struct ip_conntrack *ct)
174 struct ip_conntrack_tuple t;
177 /* Since ct->sibling_list has literally rusted away in 2.6.11,
178 * we now need another way to find out about our sibling
179 * contrack and expects... -HW */
181 /* try original (pns->pac) tuple */
182 memcpy(&t, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple, sizeof(t));
183 t.dst.protonum = IPPROTO_GRE;
184 t.src.u.gre.key = htons(ct->help.ct_pptp_info.pns_call_id);
185 t.dst.u.gre.key = htons(ct->help.ct_pptp_info.pac_call_id);
187 ret = timeout_ct_or_exp(&t);
189 /* try reply (pac->pns) tuple */
190 memcpy(&t, &ct->tuplehash[IP_CT_DIR_REPLY].tuple, sizeof(t));
191 t.dst.protonum = IPPROTO_GRE;
192 t.src.u.gre.key = htons(ct->help.ct_pptp_info.pac_call_id);
193 t.dst.u.gre.key = htons(ct->help.ct_pptp_info.pns_call_id);
195 ret += timeout_ct_or_exp(&t);
200 /* expect GRE connections (PNS->PAC and PAC->PNS direction) */
202 exp_gre(struct ip_conntrack *master,
205 u_int16_t peer_callid)
207 struct ip_conntrack_tuple inv_tuple;
208 struct ip_conntrack_tuple exp_tuples[] = {
209 /* tuple in original direction, PNS->PAC */
210 { .src = { .ip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip,
211 .u = { .gre = { .key = peer_callid } }
213 .dst = { .ip = master->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip,
214 .u = { .gre = { .key = callid } },
215 .protonum = IPPROTO_GRE
218 /* tuple in reply direction, PAC->PNS */
219 { .src = { .ip = master->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip,
220 .u = { .gre = { .key = callid } }
222 .dst = { .ip = master->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip,
223 .u = { .gre = { .key = peer_callid } },
224 .protonum = IPPROTO_GRE
229 struct ip_conntrack_expect *exp_orig, *exp_reply;
231 exp_orig = ip_conntrack_expect_alloc();
232 if (exp_orig == NULL)
235 exp_reply = ip_conntrack_expect_alloc();
236 if (exp_reply == NULL) {
237 ip_conntrack_expect_free(exp_orig);
241 memcpy(&exp_orig->tuple, &exp_tuples[0], sizeof(exp_orig->tuple));
243 exp_orig->mask.src.ip = 0xffffffff;
244 exp_orig->mask.src.u.all = 0;
245 exp_orig->mask.dst.u.all = 0;
246 exp_orig->mask.dst.u.gre.key = 0xffff;
247 exp_orig->mask.dst.ip = 0xffffffff;
248 exp_orig->mask.dst.protonum = 0xff;
250 exp_orig->master = master;
251 exp_orig->expectfn = pptp_expectfn;
253 exp_orig->dir = IP_CT_DIR_ORIGINAL;
255 /* both expectations are identical apart from tuple */
256 memcpy(exp_reply, exp_orig, sizeof(*exp_reply));
257 memcpy(&exp_reply->tuple, &exp_tuples[1], sizeof(exp_reply->tuple));
259 exp_reply->dir = !exp_orig->dir;
261 if (ip_nat_pptp_hook_exp_gre)
262 return ip_nat_pptp_hook_exp_gre(exp_orig, exp_reply);
265 DEBUGP("calling expect_related PNS->PAC");
266 DUMP_TUPLE(&exp_orig->tuple);
268 if (ip_conntrack_expect_related(exp_orig) != 0) {
269 ip_conntrack_expect_free(exp_orig);
270 ip_conntrack_expect_free(exp_reply);
271 DEBUGP("cannot expect_related()\n");
275 DEBUGP("calling expect_related PAC->PNS");
276 DUMP_TUPLE(&exp_reply->tuple);
278 if (ip_conntrack_expect_related(exp_reply) != 0) {
279 ip_conntrack_unexpect_related(exp_orig);
280 ip_conntrack_expect_free(exp_reply);
281 DEBUGP("cannot expect_related()\n");
285 /* Add GRE keymap entries */
286 if (ip_ct_gre_keymap_add(master, &exp_reply->tuple, 0) != 0) {
287 ip_conntrack_unexpect_related(exp_orig);
288 ip_conntrack_unexpect_related(exp_reply);
289 DEBUGP("cannot keymap_add() exp\n");
293 invert_tuplepr(&inv_tuple, &exp_reply->tuple);
294 if (ip_ct_gre_keymap_add(master, &inv_tuple, 1) != 0) {
295 ip_conntrack_unexpect_related(exp_orig);
296 ip_conntrack_unexpect_related(exp_reply);
297 ip_ct_gre_keymap_destroy(master);
298 DEBUGP("cannot keymap_add() exp_inv\n");
308 pptp_inbound_pkt(struct sk_buff **pskb,
310 unsigned int ctlhoff,
312 struct ip_conntrack *ct,
313 enum ip_conntrack_info ctinfo)
315 struct PptpControlHeader _ctlh, *ctlh;
317 union pptp_ctrl_union _pptpReq, *pptpReq;
318 struct ip_ct_pptp_master *info = &ct->help.ct_pptp_info;
319 u_int16_t msg, *cid, *pcid;
322 ctlh = skb_header_pointer(*pskb, ctlhoff, sizeof(_ctlh), &_ctlh);
323 if (unlikely(!ctlh)) {
324 DEBUGP("error during skb_header_pointer\n");
328 reqlen = datalen - sizeof(struct pptp_pkt_hdr) - sizeof(_ctlh);
329 pptpReq = skb_header_pointer(*pskb, ctlhoff+sizeof(_ctlh),
331 if (unlikely(!pptpReq)) {
332 DEBUGP("error during skb_header_pointer\n");
336 msg = ntohs(ctlh->messageType);
337 DEBUGP("inbound control message %s\n", strMName[msg]);
340 case PPTP_START_SESSION_REPLY:
341 if (reqlen < sizeof(_pptpReq.srep)) {
342 DEBUGP("%s: short packet\n", strMName[msg]);
346 /* server confirms new control session */
347 if (info->sstate < PPTP_SESSION_REQUESTED) {
348 DEBUGP("%s without START_SESS_REQUEST\n",
352 if (pptpReq->srep.resultCode == PPTP_START_OK)
353 info->sstate = PPTP_SESSION_CONFIRMED;
355 info->sstate = PPTP_SESSION_ERROR;
358 case PPTP_STOP_SESSION_REPLY:
359 if (reqlen < sizeof(_pptpReq.strep)) {
360 DEBUGP("%s: short packet\n", strMName[msg]);
364 /* server confirms end of control session */
365 if (info->sstate > PPTP_SESSION_STOPREQ) {
366 DEBUGP("%s without STOP_SESS_REQUEST\n",
370 if (pptpReq->strep.resultCode == PPTP_STOP_OK)
371 info->sstate = PPTP_SESSION_NONE;
373 info->sstate = PPTP_SESSION_ERROR;
376 case PPTP_OUT_CALL_REPLY:
377 if (reqlen < sizeof(_pptpReq.ocack)) {
378 DEBUGP("%s: short packet\n", strMName[msg]);
382 /* server accepted call, we now expect GRE frames */
383 if (info->sstate != PPTP_SESSION_CONFIRMED) {
384 DEBUGP("%s but no session\n", strMName[msg]);
387 if (info->cstate != PPTP_CALL_OUT_REQ &&
388 info->cstate != PPTP_CALL_OUT_CONF) {
389 DEBUGP("%s without OUTCALL_REQ\n", strMName[msg]);
392 if (pptpReq->ocack.resultCode != PPTP_OUTCALL_CONNECT) {
393 info->cstate = PPTP_CALL_NONE;
397 cid = &pptpReq->ocack.callID;
398 pcid = &pptpReq->ocack.peersCallID;
400 info->pac_call_id = ntohs(*cid);
402 if (htons(info->pns_call_id) != *pcid) {
403 DEBUGP("%s for unknown callid %u\n",
404 strMName[msg], ntohs(*pcid));
408 DEBUGP("%s, CID=%X, PCID=%X\n", strMName[msg],
409 ntohs(*cid), ntohs(*pcid));
411 info->cstate = PPTP_CALL_OUT_CONF;
413 seq = ntohl(tcph->seq) + sizeof(struct pptp_pkt_hdr)
414 + sizeof(struct PptpControlHeader)
415 + ((void *)pcid - (void *)pptpReq);
417 if (exp_gre(ct, seq, *cid, *pcid) != 0)
418 printk("ip_conntrack_pptp: error during exp_gre\n");
421 case PPTP_IN_CALL_REQUEST:
422 if (reqlen < sizeof(_pptpReq.icack)) {
423 DEBUGP("%s: short packet\n", strMName[msg]);
427 /* server tells us about incoming call request */
428 if (info->sstate != PPTP_SESSION_CONFIRMED) {
429 DEBUGP("%s but no session\n", strMName[msg]);
432 pcid = &pptpReq->icack.peersCallID;
433 DEBUGP("%s, PCID=%X\n", strMName[msg], ntohs(*pcid));
434 info->cstate = PPTP_CALL_IN_REQ;
435 info->pac_call_id = ntohs(*pcid);
438 case PPTP_IN_CALL_CONNECT:
439 if (reqlen < sizeof(_pptpReq.iccon)) {
440 DEBUGP("%s: short packet\n", strMName[msg]);
444 /* server tells us about incoming call established */
445 if (info->sstate != PPTP_SESSION_CONFIRMED) {
446 DEBUGP("%s but no session\n", strMName[msg]);
449 if (info->sstate != PPTP_CALL_IN_REP
450 && info->sstate != PPTP_CALL_IN_CONF) {
451 DEBUGP("%s but never sent IN_CALL_REPLY\n",
456 pcid = &pptpReq->iccon.peersCallID;
457 cid = &info->pac_call_id;
459 if (info->pns_call_id != ntohs(*pcid)) {
460 DEBUGP("%s for unknown CallID %u\n",
461 strMName[msg], ntohs(*cid));
465 DEBUGP("%s, PCID=%X\n", strMName[msg], ntohs(*pcid));
466 info->cstate = PPTP_CALL_IN_CONF;
468 /* we expect a GRE connection from PAC to PNS */
469 seq = ntohl(tcph->seq) + sizeof(struct pptp_pkt_hdr)
470 + sizeof(struct PptpControlHeader)
471 + ((void *)pcid - (void *)pptpReq);
473 if (exp_gre(ct, seq, *cid, *pcid) != 0)
474 printk("ip_conntrack_pptp: error during exp_gre\n");
478 case PPTP_CALL_DISCONNECT_NOTIFY:
479 if (reqlen < sizeof(_pptpReq.disc)) {
480 DEBUGP("%s: short packet\n", strMName[msg]);
484 /* server confirms disconnect */
485 cid = &pptpReq->disc.callID;
486 DEBUGP("%s, CID=%X\n", strMName[msg], ntohs(*cid));
487 info->cstate = PPTP_CALL_NONE;
489 /* untrack this call id, unexpect GRE packets */
490 pptp_timeout_related(ct);
493 case PPTP_WAN_ERROR_NOTIFY:
496 case PPTP_ECHO_REQUEST:
497 case PPTP_ECHO_REPLY:
498 /* I don't have to explain these ;) */
501 DEBUGP("invalid %s (TY=%d)\n", (msg <= PPTP_MSG_MAX)
502 ? strMName[msg]:strMName[0], msg);
507 if (ip_nat_pptp_hook_inbound)
508 return ip_nat_pptp_hook_inbound(pskb, ct, ctinfo, ctlh,
516 pptp_outbound_pkt(struct sk_buff **pskb,
518 unsigned int ctlhoff,
520 struct ip_conntrack *ct,
521 enum ip_conntrack_info ctinfo)
523 struct PptpControlHeader _ctlh, *ctlh;
525 union pptp_ctrl_union _pptpReq, *pptpReq;
526 struct ip_ct_pptp_master *info = &ct->help.ct_pptp_info;
527 u_int16_t msg, *cid, *pcid;
529 ctlh = skb_header_pointer(*pskb, ctlhoff, sizeof(_ctlh), &_ctlh);
533 reqlen = datalen - sizeof(struct pptp_pkt_hdr) - sizeof(_ctlh);
534 pptpReq = skb_header_pointer(*pskb, ctlhoff+sizeof(_ctlh), reqlen,
539 msg = ntohs(ctlh->messageType);
540 DEBUGP("outbound control message %s\n", strMName[msg]);
543 case PPTP_START_SESSION_REQUEST:
544 /* client requests for new control session */
545 if (info->sstate != PPTP_SESSION_NONE) {
546 DEBUGP("%s but we already have one",
549 info->sstate = PPTP_SESSION_REQUESTED;
551 case PPTP_STOP_SESSION_REQUEST:
552 /* client requests end of control session */
553 info->sstate = PPTP_SESSION_STOPREQ;
556 case PPTP_OUT_CALL_REQUEST:
557 if (reqlen < sizeof(_pptpReq.ocreq)) {
558 DEBUGP("%s: short packet\n", strMName[msg]);
562 /* client initiating connection to server */
563 if (info->sstate != PPTP_SESSION_CONFIRMED) {
564 DEBUGP("%s but no session\n",
568 info->cstate = PPTP_CALL_OUT_REQ;
569 /* track PNS call id */
570 cid = &pptpReq->ocreq.callID;
571 DEBUGP("%s, CID=%X\n", strMName[msg], ntohs(*cid));
572 info->pns_call_id = ntohs(*cid);
574 case PPTP_IN_CALL_REPLY:
575 if (reqlen < sizeof(_pptpReq.icack)) {
576 DEBUGP("%s: short packet\n", strMName[msg]);
580 /* client answers incoming call */
581 if (info->cstate != PPTP_CALL_IN_REQ
582 && info->cstate != PPTP_CALL_IN_REP) {
583 DEBUGP("%s without incall_req\n",
587 if (pptpReq->icack.resultCode != PPTP_INCALL_ACCEPT) {
588 info->cstate = PPTP_CALL_NONE;
591 pcid = &pptpReq->icack.peersCallID;
592 if (info->pac_call_id != ntohs(*pcid)) {
593 DEBUGP("%s for unknown call %u\n",
594 strMName[msg], ntohs(*pcid));
597 DEBUGP("%s, CID=%X\n", strMName[msg], ntohs(*pcid));
598 /* part two of the three-way handshake */
599 info->cstate = PPTP_CALL_IN_REP;
600 info->pns_call_id = ntohs(pptpReq->icack.callID);
603 case PPTP_CALL_CLEAR_REQUEST:
604 /* client requests hangup of call */
605 if (info->sstate != PPTP_SESSION_CONFIRMED) {
606 DEBUGP("CLEAR_CALL but no session\n");
609 /* FUTURE: iterate over all calls and check if
610 * call ID is valid. We don't do this without newnat,
611 * because we only know about last call */
612 info->cstate = PPTP_CALL_CLEAR_REQ;
614 case PPTP_SET_LINK_INFO:
616 case PPTP_ECHO_REQUEST:
617 case PPTP_ECHO_REPLY:
618 /* I don't have to explain these ;) */
621 DEBUGP("invalid %s (TY=%d)\n", (msg <= PPTP_MSG_MAX)?
622 strMName[msg]:strMName[0], msg);
623 /* unknown: no need to create GRE masq table entry */
627 if (ip_nat_pptp_hook_outbound)
628 return ip_nat_pptp_hook_outbound(pskb, ct, ctinfo, ctlh,
635 /* track caller id inside control connection, call expect_related */
637 conntrack_pptp_help(struct sk_buff **pskb,
638 struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
641 struct pptp_pkt_hdr _pptph, *pptph;
643 struct tcphdr _tcph, *tcph;
644 u_int32_t tcplen = (*pskb)->len - (*pskb)->nh.iph->ihl * 4;
647 int dir = CTINFO2DIR(ctinfo);
648 struct ip_ct_pptp_master *info = &ct->help.ct_pptp_info;
649 unsigned int nexthdr_off;
651 int oldsstate, oldcstate;
654 /* don't do any tracking before tcp handshake complete */
655 if (ctinfo != IP_CT_ESTABLISHED
656 && ctinfo != IP_CT_ESTABLISHED+IP_CT_IS_REPLY) {
657 DEBUGP("ctinfo = %u, skipping\n", ctinfo);
661 nexthdr_off = (*pskb)->nh.iph->ihl*4;
662 tcph = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4, sizeof(_tcph),
667 /* not a complete TCP header? */
668 if (tcplen < sizeof(struct tcphdr) || tcplen < tcph->doff * 4) {
669 DEBUGP("tcplen = %u\n", tcplen);
674 datalen = tcplen - tcph->doff * 4;
676 /* checksum invalid? */
677 if (tcp_v4_check(tcph, tcplen, (*pskb)->nh.iph->saddr,
678 (*pskb)->nh.iph->daddr,
679 csum_partial((char *) tcph, tcplen, 0))) {
680 DEBUGP(" bad csum\n");
681 /* W2K PPTP server sends TCP packets with wrong checksum :(( */
685 if (tcph->fin || tcph->rst) {
686 DEBUGP("RST/FIN received, timeouting GRE\n");
687 /* can't do this after real newnat */
688 info->cstate = PPTP_CALL_NONE;
690 /* untrack this call id, unexpect GRE packets */
691 pptp_timeout_related(ct);
694 nexthdr_off += tcph->doff*4;
695 pptph = skb_header_pointer(*pskb, (*pskb)->nh.iph->ihl*4 + tcph->doff*4,
696 sizeof(_pptph), &_pptph);
698 DEBUGP("no full PPTP header, can't track\n");
702 datalimit = (void *) pptph + datalen;
704 /* if it's not a control message we can't do anything with it */
705 if (ntohs(pptph->packetType) != PPTP_PACKET_CONTROL ||
706 ntohl(pptph->magicCookie) != PPTP_MAGIC_COOKIE) {
707 DEBUGP("not a control packet\n");
711 oldsstate = info->sstate;
712 oldcstate = info->cstate;
714 LOCK_BH(&ip_pptp_lock);
716 nexthdr_off += sizeof(_pptph);
717 /* FIXME: We just blindly assume that the control connection is always
718 * established from PNS->PAC. However, RFC makes no guarantee */
719 if (dir == IP_CT_DIR_ORIGINAL)
720 /* client -> server (PNS -> PAC) */
721 ret = pptp_outbound_pkt(pskb, tcph, nexthdr_off, datalen, ct,
724 /* server -> client (PAC -> PNS) */
725 ret = pptp_inbound_pkt(pskb, tcph, nexthdr_off, datalen, ct,
727 DEBUGP("sstate: %d->%d, cstate: %d->%d\n",
728 oldsstate, info->sstate, oldcstate, info->cstate);
729 UNLOCK_BH(&ip_pptp_lock);
734 /* control protocol helper */
735 static struct ip_conntrack_helper pptp = {
736 .list = { NULL, NULL },
741 .tuple = { .src = { .ip = 0,
742 .u = { .tcp = { .port =
743 __constant_htons(PPTP_CONTROL_PORT) } }
747 .protonum = IPPROTO_TCP
750 .mask = { .src = { .ip = 0,
751 .u = { .tcp = { .port = 0xffff } }
758 .help = conntrack_pptp_help
761 /* ip_conntrack_pptp initialization */
762 static int __init init(void)
766 DEBUGP(" registering helper\n");
767 if ((retcode = ip_conntrack_helper_register(&pptp))) {
768 printk(KERN_ERR "Unable to register conntrack application "
769 "helper for pptp: %d\n", retcode);
773 printk("ip_conntrack_pptp version %s loaded\n", IP_CT_PPTP_VERSION);
777 static void __exit fini(void)
779 ip_conntrack_helper_unregister(&pptp);
780 printk("ip_conntrack_pptp version %s unloaded\n", IP_CT_PPTP_VERSION);
786 EXPORT_SYMBOL(ip_pptp_lock);
787 EXPORT_SYMBOL(ip_nat_pptp_hook_outbound);
788 EXPORT_SYMBOL(ip_nat_pptp_hook_inbound);
789 EXPORT_SYMBOL(ip_nat_pptp_hook_exp_gre);
790 EXPORT_SYMBOL(ip_nat_pptp_hook_expectfn);