Upgrade to 2.1.73.

6 files changed, 398 insertions, 23 deletions

diff --git a/include/net/ip_autofw.h b/include/net/ip_autofw.h
new file mode 100644
index 000000000..feeec7bb1
--- /dev/null
+++ b/include/net/ip_autofw.h
@@ -0,0 +1,33 @@
+#include <linux/types.h>
+#include <linux/kernel.h>
+
+#ifndef _IP_AUTOFW_H
+#define _IP_AUTOFW_H
+
+#define IP_AUTOFW_EXPIRE	     15*HZ
+
+#define IP_FWD_RANGE 		1
+#define IP_FWD_PORT		2
+#define IP_FWD_DIRECT		3
+
+#define IP_AUTOFW_ACTIVE	1
+#define IP_AUTOFW_USETIME	2
+#define IP_AUTOFW_SECURE	4
+
+struct ip_autofw {
+	struct ip_autofw * next;
+	__u16 type;
+	__u16 low;
+	__u16 hidden;
+	__u16 high;
+	__u16 visible;
+	__u16 protocol;
+	__u32 lastcontact;
+	__u32 where;
+	__u16 ctlproto;
+	__u16 ctlport;
+	__u16 flags;
+	struct timer_list timer;
+};
+int ip_autofw_init(void);
+#endif /* _IP_AUTOFW_H */
diff --git a/include/net/ip_masq.h b/include/net/ip_masq.h
index 4a0b10a55..810abd5f6 100644
--- a/include/net/ip_masq.h
+++ b/include/net/ip_masq.h
@@ -5,9 +5,23 @@
 #ifndef _IP_MASQ_H
 #define _IP_MASQ_H
 
+#ifdef __KERNEL__
 #include <linux/types.h>
 #include <linux/netdevice.h>
+#include <linux/ip.h>
 #include <linux/skbuff.h>
+#endif /* __KERNEL__ */
+
+/*
+ * This define affects the number of ports that can be handled
+ * by each of the protocol helper modules.
+ */
+#define MAX_MASQ_APP_PORTS 12
+
+/*
+ *	Linux ports don't normally get allocated above 32K.
+ *	I used an extra 4K port-space
+ */
 
 /*
  *	Linux ports don't normally get allocated above 32K.
@@ -20,18 +34,21 @@
 #define MASQUERADE_EXPIRE_TCP     15*60*HZ
 #define MASQUERADE_EXPIRE_TCP_FIN  2*60*HZ
 #define MASQUERADE_EXPIRE_UDP      5*60*HZ
+/* 
+ * ICMP can no longer be modified on the fly using an ioctl - this
+ * define is the only way to change the timeouts 
+ */
+#define MASQUERADE_EXPIRE_ICMP      125*HZ
 
 #define IP_MASQ_F_OUT_SEQ              	0x01	/* must do output seq adjust */
 #define IP_MASQ_F_IN_SEQ              	0x02	/* must do input seq adjust */
-#define IP_MASQ_F_NO_DPORT    		0x04	/* no dport set yet */
-#define IP_MASQ_F_NO_DADDR      	0x08 	/* no daddr yet */
-#define IP_MASQ_F_HASHED		0x10 	/* hashed entry */
-#define IP_MASQ_F_SAW_RST		0x20 	/* tcp rst pkt seen */
-#define IP_MASQ_F_SAW_FIN_IN		0x40 	/* tcp fin pkt seen incoming */
-#define IP_MASQ_F_SAW_FIN_OUT		0x80 	/* tcp fin pkt seen outgoing */
-#define IP_MASQ_F_SAW_FIN		(IP_MASQ_F_SAW_FIN_IN | \
-					 IP_MASQ_F_SAW_FIN_OUT)
-						/* tcp fin pkts seen */
+#define IP_MASQ_F_NO_DPORT     	        0x04	/* no dport set yet */
+#define IP_MASQ_F_NO_DADDR	        0x08 	/* no daddr yet */
+#define IP_MASQ_F_HASHED	        0x10 	/* hashed entry */
+
+#define IP_MASQ_F_NO_SPORT	       0x200	/* no sport set yet */
+#define IP_MASQ_F_NO_REPLY	       0x800	/* no reply yet from outside */
+#define IP_MASQ_F_MPORT		      0x1000 	/* own mport specified */
 
 #ifdef __KERNEL__
 
@@ -51,6 +68,7 @@ struct ip_masq_seq {
  */
 struct ip_masq {
         struct ip_masq  *m_link, *s_link; /* hashed link ptrs */
+	atomic_t refcnt;		/* reference count */
 	struct timer_list timer;	/* Expiration timer */
 	__u16 		protocol;	/* Which protocol are we talking? */
 	__u16		sport, dport, mport;	/* src, dst & masq ports */
@@ -58,7 +76,12 @@ struct ip_masq {
         struct ip_masq_seq out_seq, in_seq;
 	struct ip_masq_app *app;	/* bound ip_masq_app object */
 	void		*app_data;	/* Application private data */
-	unsigned  flags;        	/* status flags */
+	struct ip_masq	*control;	/* Master control connection */
+	atomic_t        n_control;	/* Number of "controlled" masqs */
+	unsigned  	flags;        	/* status flags */
+	unsigned	timeout;	/* timeout */
+	unsigned	state;		/* state info */
+	struct ip_masq_timeout_table *timeout_table;
 };
 
 /*
@@ -76,9 +99,10 @@ extern struct ip_fw_masq *ip_masq_expire;
 /*
  *	[0]: UDP free_ports
  *	[1]: TCP free_ports
+ *	[2]: ICMP free_ports
  */
 
-extern int ip_masq_free_ports[2];
+extern atomic_t ip_masq_free_ports[3];
 
 /*
  *	ip_masq initializer (registers symbols and /proc/net entries)
@@ -89,14 +113,17 @@ extern int ip_masq_init(void);
  *	functions called from ip layer
  */
 extern int ip_fw_masquerade(struct sk_buff **, __u32 maddr);
-extern int ip_fw_masq_icmp(struct sk_buff **);
+extern int ip_fw_masq_icmp(struct sk_buff **, __u32 maddr);
 extern int ip_fw_demasquerade(struct sk_buff **);
 
 /*
  *	ip_masq obj creation/deletion functions.
  */
-extern struct ip_masq *ip_masq_new(__u32 maddr, int proto, __u32 saddr, __u16 sport, __u32 daddr, __u16 dport, unsigned flags);
-extern void ip_masq_set_expire(struct ip_masq *ms, unsigned long tout);
+extern struct ip_masq *ip_masq_new(int proto, __u32 maddr, __u16 mport, __u32 saddr, __u16 sport, __u32 daddr, __u16 dport, unsigned flags);
+
+extern void ip_masq_control_add(struct ip_masq *ms, struct ip_masq* ctl_ms);
+extern void ip_masq_control_del(struct ip_masq *ms);
+extern struct ip_masq * ip_masq_control_get(struct ip_masq *ms);
 
 
 /*
@@ -118,7 +145,7 @@ struct ip_masq_app
         int (*pkt_out)          /* output (masquerading) hook */
                 (struct ip_masq_app *, struct ip_masq *, struct sk_buff **, __u32);
         int (*pkt_in)           /* input (demasq) hook */
-                (struct ip_masq_app *, struct ip_masq *, struct sk_buff **);
+                (struct ip_masq_app *, struct ip_masq *, struct sk_buff **, __u32);
 };
 
 /*
@@ -148,13 +175,109 @@ extern int ip_masq_unbind_app(struct ip_masq *ms);
  *	
  */
 extern int ip_masq_app_pkt_out(struct ip_masq *, struct sk_buff **skb_p, __u32 maddr);
-extern int ip_masq_app_pkt_in(struct ip_masq *, struct sk_buff **skb_p);
+extern int ip_masq_app_pkt_in(struct ip_masq *, struct sk_buff **skb_p, __u32 maddr);
 
 /*
  *	service routine(s).
  */
-extern struct ip_masq * ip_masq_out_get_2(int protocol, __u32 s_addr, __u16 s_port, __u32 d_addr, __u16 d_port);
-extern struct ip_masq * ip_masq_in_get_2(int protocol, __u32 s_addr, __u16 s_port, __u32 d_addr, __u16 d_port);
+
+extern struct ip_masq * ip_masq_out_get(int protocol, __u32 s_addr, __u16 s_port, __u32 d_addr, __u16 d_port);
+extern struct ip_masq * ip_masq_in_get(int protocol, __u32 s_addr, __u16 s_port, __u32 d_addr, __u16 d_port);
+
+extern int ip_masq_listen(struct ip_masq *);
+
+static __inline__ struct ip_masq * ip_masq_in_get_iph(const struct iphdr *iph)
+{
+ 	const __u16 *portp = (__u16 *)&(((char *)iph)[iph->ihl*4]);
+        return ip_masq_in_get(iph->protocol, 
+				iph->saddr, portp[0], 
+				iph->daddr, portp[1]);
+}
+
+static __inline__ struct ip_masq * ip_masq_out_get_iph(const struct iphdr *iph)
+{
+ 	const __u16 *portp  = (__u16 *)&(((char *)iph)[iph->ihl*4]);
+        return ip_masq_out_get(iph->protocol, 
+				iph->saddr, portp[0], 
+				iph->daddr, portp[1]);
+}
+
+extern void ip_masq_put(struct ip_masq *ms);
+
+
+/* 
+ *	Locking stuff
+ */
+
+
+static __inline__ void ip_masq_lock(atomic_t *lock, int rw)
+{
+#if 0
+	if (rw) 
+#endif
+		start_bh_atomic();
+	atomic_inc(lock);
+}
+
+static __inline__ void ip_masq_unlock(atomic_t *lock, int rw)
+{
+	atomic_dec(lock);
+#if 0
+	if (rw) 
+#endif
+		end_bh_atomic();
+}
+
+/*
+ *	Sleep-able lockzzz...
+ */
+static __inline__ void ip_masq_lockz(atomic_t *lock, struct wait_queue ** waitq, int rw)
+{
+	if (rw)
+		while(atomic_read(lock)) sleep_on(waitq);
+	ip_masq_lock(lock, rw);
+}
+
+static __inline__ void ip_masq_unlockz(atomic_t *lock, struct wait_queue ** waitq, int rw)
+{
+	ip_masq_unlock(lock, rw);
+	if (rw)
+		wake_up(waitq);
+}
+	
+/*
+ *	Perfect for winning races ... ;)
+ */
+static __inline__ int ip_masq_nlocks(atomic_t *lock)
+{
+	return atomic_read(lock);
+}
+
+extern atomic_t __ip_masq_lock;
+
+/*
+ *	Debugging stuff
+ */
+
+extern int ip_masq_get_debug_level(void);
+
+#ifndef CONFIG_IP_MASQ_NDEBUG
+#define IP_MASQ_DEBUG(level, msg...) \
+	if (level <= ip_masq_get_debug_level()) \
+		printk(KERN_DEBUG "IP_MASQ:" ## msg)
+#else	/* NO DEBUGGING at ALL */
+#define IP_MASQ_DEBUG(level, msg...) do { } while (0)
+#endif
+
+#define IP_MASQ_INFO(msg...) \
+	printk(KERN_INFO "IP_MASQ:" ## msg)
+
+#define IP_MASQ_ERR(msg...) \
+	printk(KERN_ERR "IP_MASQ:" ## msg)
+
+#define IP_MASQ_WARNING(msg...) \
+	printk(KERN_WARNING "IP_MASQ:" ## msg)
+
 
 /*
  *	/proc/net entry
@@ -167,6 +290,71 @@ extern int ip_masq_app_getinfo(char *buffer, char **start, off_t offset, int len
  */
 extern struct sk_buff * ip_masq_skb_replace(struct sk_buff *skb, int pri, char *o_buf, int o_len, char *n_buf, int n_len);
 
+/*
+ * masq_proto_num returns 0 for UDP, 1 for TCP, 2 for ICMP
+ */
+
+static __inline__ int masq_proto_num(unsigned proto)
+{
+   switch (proto)
+   {
+      case IPPROTO_UDP:  return (0); break;
+      case IPPROTO_TCP:  return (1); break;
+      case IPPROTO_ICMP: return (2); break;
+      default:           return (-1); break;
+   }
+}
+
+static __inline__ const char *masq_proto_name(unsigned proto)
+{
+	static char buf[20];
+	static const char *strProt[] = {"UDP","TCP","ICMP"};
+	int msproto = masq_proto_num(proto);
+
+	if (msproto<0||msproto>2)  {
+		sprintf(buf, "IP_%d", proto);
+		return buf;
+	}
+        return strProt[msproto];
+}
+
+enum {
+	IP_MASQ_S_NONE = 0,
+	IP_MASQ_S_ESTABLISHED,
+	IP_MASQ_S_SYN_SENT,
+	IP_MASQ_S_SYN_RECV,
+	IP_MASQ_S_FIN_WAIT,
+	IP_MASQ_S_TIME_WAIT,
+	IP_MASQ_S_CLOSE,
+	IP_MASQ_S_CLOSE_WAIT,
+	IP_MASQ_S_LAST_ACK,
+	IP_MASQ_S_LISTEN,
+	IP_MASQ_S_UDP,
+	IP_MASQ_S_ICMP,
+	IP_MASQ_S_LAST
+};
+
+struct ip_masq_timeout_table {
+	atomic_t refcnt;
+	int scale;
+	int timeout[IP_MASQ_S_LAST+1];
+};
+
+static __inline__ void ip_masq_timeout_attach(struct ip_masq *ms, struct ip_masq_timeout_table *mstim)
+{
+	atomic_inc (&mstim->refcnt);
+	ms->timeout_table=mstim;
+}
+
+static __inline__ void ip_masq_timeout_detach(struct ip_masq *ms)
+{
+	struct ip_masq_timeout_table *mstim = ms->timeout_table;
+
+	if (!mstim)
+		return;
+	atomic_dec(&mstim->refcnt);
+}
+
 #endif /* __KERNEL__ */
 
 #endif /* _IP_MASQ_H */
diff --git a/include/net/ip_masq_mod.h b/include/net/ip_masq_mod.h
new file mode 100644
index 000000000..427421d9b
--- /dev/null
+++ b/include/net/ip_masq_mod.h
@@ -0,0 +1,78 @@
+/*
+ *	IP Masquerading Modules Support
+ *
+ * Version:	@(#)ip_masq_mod.h  0.01      97/10/30
+ *
+ * Author:	Juan Jose Ciarlante, <jjciarla@raiz.uncu.edu.ar>
+ *
+ */
+
+
+#ifdef __KERNEL__
+#include <linux/types.h>
+#include <linux/ip_fw.h>
+#include <linux/proc_fs.h>
+#include <net/ip_masq.h>
+
+enum {
+	IP_MASQ_MOD_NOP,
+	IP_MASQ_MOD_ACCEPT,
+	IP_MASQ_MOD_REJECT
+};
+
+struct ip_masq_mod {
+	struct ip_masq_mod *next;	/* next mod for addrs. lookups */
+	struct ip_masq_mod *next_reg;	/* next mod for configuration ctls */
+	char *mmod_name;
+	atomic_t refcnt;
+	atomic_t mmod_nent;		/* number of entries */
+	struct proc_dir_entry *mmod_proc_ent;
+	int (*mmod_ctl) (int optname, struct ip_fw_masqctl *, int optlen);
+	int (*mmod_init) (void);
+	int (*mmod_done) (void);
+	int (*mmod_in_rule) (struct iphdr *, __u16 *);
+	int (*mmod_in_update) (struct iphdr *, struct ip_masq *);
+	struct ip_masq * (*mmod_in_create) (struct iphdr *, __u16 *, __u32);
+	int (*mmod_out_rule) (struct iphdr *, __u16 *);
+	int (*mmod_out_update) (struct iphdr *, __u16 *, struct ip_masq *);
+	struct ip_masq * (*mmod_out_create) (struct iphdr *, __u16 *, __u32);
+};
+
+/*
+ *	Service routines (called from ip_masq.c)
+ */
+int ip_masq_mod_out_rule(struct iphdr *iph, __u16 *portp);
+int ip_masq_mod_out_update(struct iphdr *iph, __u16 *portp, struct ip_masq *ms);
+struct ip_masq * ip_masq_mod_out_create(struct iphdr *iph, __u16 *portp, __u32 maddr);
+
+int ip_masq_mod_in_rule(struct iphdr *iph, __u16 *portp);
+int ip_masq_mod_in_update(struct iphdr *iph, __u16 *portp, struct ip_masq *ms);
+struct ip_masq * ip_masq_mod_in_create(struct iphdr *iph, __u16 *portp, __u32 maddr);
+
+extern int ip_masq_mod_ctl(int optname, struct ip_fw_masqctl *, int len);
+
+/*
+ * 	ip_masq_mod registration functions 
+ */
+extern int register_ip_masq_mod(struct ip_masq_mod *mmod);
+extern int unregister_ip_masq_mod(struct ip_masq_mod *mmod);
+extern int ip_masq_mod_lkp_unlink(struct ip_masq_mod *mmod);
+extern int ip_masq_mod_lkp_link(struct ip_masq_mod *mmod);
+
+/*
+ *	Utility ...
+ */
+static __inline__ void ip_masq_mod_dec_nent(struct ip_masq_mod *mmod)
+{
+	if (atomic_dec_and_test(&mmod->mmod_nent)) {
+		ip_masq_mod_lkp_unlink(mmod);
+	}
+}
+static __inline__ void ip_masq_mod_inc_nent(struct ip_masq_mod *mmod)
+{
+	atomic_inc(&mmod->mmod_nent);
+	if (atomic_read(&mmod->mmod_nent)==1)
+		ip_masq_mod_lkp_link(mmod);
+}
+
+#endif /* __KERNEL__ */
diff --git a/include/net/ip_portfw.h b/include/net/ip_portfw.h
new file mode 100644
index 000000000..f2b51ea1c
--- /dev/null
+++ b/include/net/ip_portfw.h
@@ -0,0 +1,29 @@
+#ifndef _IP_PORTFW_H
+#define  _IP_PORTFW_H
+
+#include <linux/types.h>
+
+#define IP_PORTFW_PORT_MIN 1
+#define IP_PORTFW_PORT_MAX 60999
+
+#ifdef __KERNEL__
+struct ip_portfw {
+	struct 		list_head list;
+	__u32           laddr, raddr;
+	__u16           lport, rport;
+	atomic_t	pref_cnt;	/* pref "counter" down to 0 */
+	int 		pref;		/* user set pref */
+};
+extern int ip_portfw_init(void);
+
+#endif /* __KERNEL__ */
+
+struct ip_portfw_edits {
+	__u16           protocol;       /* Which protocol are we talking? */
+	__u32           laddr, raddr;   /* Remote address */
+	__u16           lport, rport;   /* Local and remote port */
+	__u16           dummy;          /* Make up to multiple of 4 */
+	int 		pref;		/* Preference value */
+};
+
+#endif
diff --git a/include/net/llc.h b/include/net/llc.h
index 37abe50af..654a658d7 100644
--- a/include/net/llc.h
+++ b/include/net/llc.h
@@ -13,6 +13,7 @@ struct llc_struct
 { 
 	char eye[4];			/* To recognize llc area in dump */
 	int retry_count;		/* LLC link state variables */
+	unsigned char name[9];		/* name of this llc instance */
 	unsigned char s_flag;
 	unsigned char p_flag;
 	unsigned char f_flag;
@@ -68,9 +69,7 @@ struct llc_struct
 	char * client_data;		/* Pointer to clients context */
 	unsigned char local_sap;
 	unsigned char remote_sap ;
-	char remote_mac[MAX_ADDR_LEN];  /* MAC address of remote session partner */
-	int  remote_mac_len;		/* Actual length of mac address */
-	int  mac_offset;		/* Source mac offset in skb */ 
+	char remote_mac[MAX_ADDR_LEN];  /* MAC address of remote session partner */ 
 	struct device *dev;		/* Device we are attached to */
 		     
 	unsigned char llc_mode;		/* See doc 7.1 on p70 */
@@ -132,3 +131,5 @@ void		llc_test_request(llcptr lp, int data_len, char *pdu_data);
 
 int		register_cl2llc_client(llcptr llc, const char *device, void (*ops)(llcptr), u8 *rmac, u8 ssap, u8 dsap);
 void		unregister_cl2llc_client(llcptr lp);
+int 		llc_mac_data_indicate(llcptr lp, struct sk_buff *skb );
+
diff --git a/include/net/tcp.h b/include/net/tcp.h
index f47a273d0..39c1b1f70 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -181,6 +181,9 @@ static __inline__ void tcp_sk_unbindify(struct sock *sk)
 				 * to be no checksum			*/
 
 #define TCP_SYNACK_PERIOD	(HZ/2)
+#define TCP_QUICK_TRIES		8  /* How often we try to retransmit, until
+				    * we tell the LL layer that it is something
+				    * wrong (e.g. that it can expire redirects) */
 
 /*
  *	TCP option
@@ -462,8 +465,6 @@ extern int tcp_chkaddr(struct sk_buff *);
 /* tcp_timer.c */
 #define     tcp_reset_msl_timer(x,y,z)	net_reset_timer(x,y,z)
 extern void tcp_reset_xmit_timer(struct sock *, int, unsigned long);
-extern void tcp_clear_xmit_timer(struct sock *, int);
-extern int  tcp_timer_is_set(struct sock *, int);
 extern void tcp_init_xmit_timers(struct sock *);
 extern void tcp_clear_xmit_timers(struct sock *);
 
@@ -744,4 +745,49 @@ extern __inline__ void tcp_dec_slow_timer(int timer)
 	atomic_dec(&slt->count);
 }
 
+extern const char timer_bug_msg[];
+
+static inline void tcp_clear_xmit_timer(struct sock *sk, int what)
+{
+	struct tcp_opt *tp = &sk->tp_pinfo.af_tcp;
+	struct timer_list *timer;
+	
+	switch (what) {
+	case TIME_RETRANS:
+		timer = &tp->retransmit_timer;
+		break;
+	case TIME_DACK:
+		timer = &tp->delack_timer;
+		break;
+	case TIME_PROBE0:
+		timer = &tp->probe_timer;
+		break;	
+	default:
+		printk(timer_bug_msg);
+		return;
+	};
+	del_timer(timer);
+}
+
+static inline int tcp_timer_is_set(struct sock *sk, int what)
+{
+	struct tcp_opt *tp = &sk->tp_pinfo.af_tcp;
+
+	switch (what) {
+	case TIME_RETRANS:
+		return tp->retransmit_timer.next != NULL;
+		break;
+	case TIME_DACK:
+		return tp->delack_timer.next != NULL;
+		break;
+	case TIME_PROBE0:
+		return tp->probe_timer.next != NULL;
+		break;	
+	default:
+		printk(timer_bug_msg);
+	};
+	return 0;
+}
+
+
 #endif	/* _TCP_H */