From: Sapan Bhatia Date: Mon, 4 Aug 2008 08:58:04 +0000 (+0000) Subject: This modification enables raw sockets to receive packets taht are received by UDP... X-Git-Tag: linux-2.6-22-22~2 X-Git-Url: http://git.onelab.eu/?p=linux-2.6.git;a=commitdiff_plain;h=d31226902d792dd31a0d10182f4783bbe3819038 This modification enables raw sockets to receive packets taht are received by UDP sockets that don't send, but are bound to a given port. --- diff --git a/linux-2.6-522-iptables-connection-tagging.patch b/linux-2.6-522-iptables-connection-tagging.patch index 7ccbd55e3..80b105abd 100644 --- a/linux-2.6-522-iptables-connection-tagging.patch +++ b/linux-2.6-522-iptables-connection-tagging.patch @@ -110,8 +110,8 @@ diff -Nurb linux-2.6.22-521/net/netfilter/nf_conntrack_core.c linux-2.6.22-522/n diff -Nurb linux-2.6.22-521/net/netfilter/xt_MARK.c linux-2.6.22-522/net/netfilter/xt_MARK.c --- linux-2.6.22-521/net/netfilter/xt_MARK.c 2007-07-08 19:32:17.000000000 -0400 -+++ linux-2.6.22-522/net/netfilter/xt_MARK.c 2008-07-31 14:49:48.000000000 -0400 -@@ -5,13 +5,18 @@ ++++ linux-2.6.22-522/net/netfilter/xt_MARK.c 2008-08-04 04:59:30.000000000 -0400 +@@ -5,13 +5,19 @@ * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. @@ -122,6 +122,7 @@ diff -Nurb linux-2.6.22-521/net/netfilter/xt_MARK.c linux-2.6.22-522/net/netfilt +#include #include #include ++#include #include +#include +#include @@ -130,7 +131,7 @@ diff -Nurb linux-2.6.22-521/net/netfilter/xt_MARK.c linux-2.6.22-522/net/netfilt #include #include -@@ -21,6 +26,48 @@ +@@ -21,6 +27,48 @@ MODULE_ALIAS("ipt_MARK"); MODULE_ALIAS("ip6t_MARK"); @@ -179,18 +180,75 @@ diff -Nurb linux-2.6.22-521/net/netfilter/xt_MARK.c linux-2.6.22-522/net/netfilt static unsigned int target_v0(struct sk_buff **pskb, const struct net_device *in, -@@ -35,6 +82,10 @@ +@@ -35,6 +83,67 @@ return XT_CONTINUE; } +extern DEFINE_PER_CPU(int, sknid_elevator); ++static struct sock *__udp4_lib_lookup(__be32 saddr, __be16 sport, ++ __be32 daddr, __be16 dport, ++ int dif, struct hlist_head udptable[]) ++{ ++ struct sock *sk, *result = NULL; ++ struct hlist_node *node; ++ unsigned short hnum = ntohs(dport); ++ int badness = -1; ++ ++ read_lock(&udp_hash_lock); ++ ++ sk_for_each(sk, node, &udptable[hnum & (UDP_HTABLE_SIZE - 1)]) { ++ struct inet_sock *inet = inet_sk(sk); ++ ++ if (sk->sk_hash == hnum && !ipv6_only_sock(sk)) { ++ int score = (sk->sk_family == PF_INET ? 1 : 0); ++ ++ if (inet->rcv_saddr) { ++ if (inet->rcv_saddr != daddr) ++ continue; ++ score+=2; ++ } else { ++ /* block non nx_info ips */ ++ if (!v4_addr_in_nx_info(sk->sk_nx_info, ++ daddr, NXA_MASK_BIND)) ++ continue; ++ } ++ if (inet->daddr) { ++ if (inet->daddr != saddr) ++ continue; ++ score+=2; ++ } ++ if (inet->dport) { ++ if (inet->dport != sport) ++ continue; ++ score+=2; ++ } ++ if (sk->sk_bound_dev_if) { ++ if (sk->sk_bound_dev_if != dif) ++ continue; ++ score+=2; ++ } ++ if (score == 9) { ++ result = sk; ++ break; ++ } else if (score > badness) { ++ result = sk; ++ badness = score; ++ } ++ } ++ } ++ ++ if (result) ++ sock_hold(result); ++ read_unlock(&udp_hash_lock); ++ return result; ++} + +#define related(ct) (ct==(IP_CT_IS_REPLY + IP_CT_RELATED)) + static unsigned int target_v1(struct sk_buff **pskb, const struct net_device *in, -@@ -44,7 +95,20 @@ +@@ -44,7 +153,20 @@ const void *targinfo) { const struct xt_mark_target_info_v1 *markinfo = targinfo; @@ -212,7 +270,7 @@ diff -Nurb linux-2.6.22-521/net/netfilter/xt_MARK.c linux-2.6.22-522/net/netfilt switch (markinfo->mode) { case XT_MARK_SET: -@@ -58,13 +122,102 @@ +@@ -58,13 +180,117 @@ case XT_MARK_OR: mark = (*pskb)->mark | markinfo->mark; break; @@ -233,17 +291,32 @@ diff -Nurb linux-2.6.22-521/net/netfilter/xt_MARK.c linux-2.6.22-522/net/netfilt + ip = ct->tuplehash[dir].tuple.dst.u3.ip; + port = get_dst_port(&ct->tuplehash[dir].tuple); + -+ if (proto == 1 || proto == 17) { -+ if ((*pskb)->mark>0) /* The packet is marked, it's going out */ -+ { -+ ct->xid[0]=(*pskb)->mark; -+ } -+ -+ if (ct->xid[0] > 0) { -+ mark = ct->xid[0]; -+ } ++ if (proto == 1) { ++ if ((*pskb)->mark>0) /* The packet is marked, it's going out */ ++ { ++ ct->xid[0]=(*pskb)->mark; ++ } + ++ if (ct->xid[0] > 0) { ++ mark = ct->xid[0]; ++ } + } ++ else if (proto == 17) { ++ struct sock *sk; ++ if (!(*pskb)->mark) { ++ sk = __udp4_lib_lookup(src_ip, src_port, ip, port, ++ dif, udp_hash); ++ ++ if (sk && hooknum==NF_IP_LOCAL_IN) { ++ mark=sk->sk_nid; ++ } ++ } ++ else ++ if ((*pskb)->mark>0) /* The packet is marked, it's going out */ ++ { ++ ct->xid[0]=(*pskb)->mark; ++ } ++ } + else if (proto == 6) { + if ((*pskb)->sk) { + /* It's a listening socket */ @@ -269,7 +342,7 @@ diff -Nurb linux-2.6.22-521/net/netfilter/xt_MARK.c linux-2.6.22-522/net/netfilt + ct->xid[dir]=connection_sk->sk_nid; + } + -+ if (mark==-1 && (ct->xid[dir] != 0)) ++ if (mark==-1 && (connection_sk->sk_nid != 0)) + mark = ct->xid[dir]; + + @@ -316,7 +389,7 @@ diff -Nurb linux-2.6.22-521/net/netfilter/xt_MARK.c linux-2.6.22-522/net/netfilt static int checkentry_v0(const char *tablename, const void *entry, -@@ -92,7 +245,8 @@ +@@ -92,7 +318,8 @@ if (markinfo->mode != XT_MARK_SET && markinfo->mode != XT_MARK_AND