[NETFILTER]: ip_nat_proto_gre: do not modify/corrupt GREv0 packets through NAT

While porting some changes of the 2.6.21-rc7 pptp/proto_gre conntrack
and nat modules to a 2.4.32 kernel I noticed that the gre_key function
returns a wrong pointer to the GRE key of a version 0 packet thus
corrupting the packet payload.

The intended behaviour for GREv0 packets is to act like
ip_conntrack_proto_generic/ip_nat_proto_unknown so I have ripped the
offending functions (not used anymore) and modified the
ip_nat_proto_gre modules to not touch version 0 (non PPTP) packets.

Signed-off-by: Jorge Boncompte <jorge@dti2.net>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>

diff --git a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
index 8d090ef82f5ffc9d71f136b9f544e8dc66ecb679..950408857a07545a04e0e026392ff30c850301c3 100644 (file)
--- a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
@@ -90,25 +90,6 @@ int ip_ct_gre_keymap_add(struct ip_conntrack *ct,
 /* delete keymap entries */
 void ip_ct_gre_keymap_destroy(struct ip_conntrack *ct);
 
-
-/* get pointer to gre key, if present */
-static inline u_int32_t *gre_key(struct gre_hdr *greh)
-{
-       if (!greh->key)
-               return NULL;
-       if (greh->csum || greh->routing)
-               return (u_int32_t *) (greh+sizeof(*greh)+4);
-       return (u_int32_t *) (greh+sizeof(*greh));
-}
-
-/* get pointer ot gre csum, if present */
-static inline u_int16_t *gre_csum(struct gre_hdr *greh)
-{
-       if (!greh->csum)
-               return NULL;
-       return (u_int16_t *) (greh+sizeof(*greh));
-}
-
 #endif /* __KERNEL__ */
 
 #endif /* _CONNTRACK_PROTO_GRE_H */

diff --git a/net/ipv4/netfilter/ip_nat_proto_gre.c b/net/ipv4/netfilter/ip_nat_proto_gre.c
index 6c4899d8046a5b3265555869e9c8528f3a5553c2..fb4ec670f0058f61445000d5b2be89d2619aaa3b 100644 (file)
--- a/net/ipv4/netfilter/ip_nat_proto_gre.c
+++ b/net/ipv4/netfilter/ip_nat_proto_gre.c
@@ -71,6 +71,11 @@ gre_unique_tuple(struct ip_conntrack_tuple *tuple,
        u_int16_t *keyptr;
        unsigned int min, i, range_size;
 
+       /* If there is no master conntrack we are not PPTP,
+          do not change tuples */
+       if (!conntrack->master)
+               return 0;
+               
        if (maniptype == IP_NAT_MANIP_SRC)
                keyptr = &tuple->src.u.gre.key;
        else
@@ -123,19 +128,9 @@ gre_manip_pkt(struct sk_buff **pskb,
        if (maniptype == IP_NAT_MANIP_DST) {
                /* key manipulation is always dest */
                switch (greh->version) {
-               case 0:
-                       if (!greh->key) {
-                               DEBUGP("can't nat GRE w/o key\n");
-                               break;
-                       }
-                       if (greh->csum) {
-                               /* FIXME: Never tested this code... */
-                               *(gre_csum(greh)) = 
-                                       ip_nat_cheat_check(~*(gre_key(greh)),
-                                                       tuple->dst.u.gre.key,
-                                                       *(gre_csum(greh)));
-                       }
-                       *(gre_key(greh)) = tuple->dst.u.gre.key;
+               case GRE_VERSION_1701:
+                       /* We do not currently NAT any GREv0 packets.
+                        * Try to behave like "ip_nat_proto_unknown" */
                        break;
                case GRE_VERSION_PPTP:
                        DEBUGP("call_id -> 0x%04x\n",