1
2
3
4
5
6
7
8
9
10
11
12
13#define KMSG_COMPONENT "IPVS"
14#define pr_fmt(fmt) KMSG_COMPONENT ": " fmt
15
16#include <linux/in.h>
17#include <linux/ip.h>
18#include <linux/module.h>
19#include <linux/kernel.h>
20#include <linux/netfilter.h>
21#include <linux/netfilter_ipv4.h>
22
23#include <net/ip_vs.h>
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41#define PORT_ISAKMP 500
42
43static void
44ah_esp_conn_fill_param_proto(int af, const struct ip_vs_iphdr *iph,
45 int inverse, struct ip_vs_conn_param *p)
46{
47 if (likely(!inverse))
48 ip_vs_conn_fill_param(af, IPPROTO_UDP,
49 &iph->saddr, htons(PORT_ISAKMP),
50 &iph->daddr, htons(PORT_ISAKMP), p);
51 else
52 ip_vs_conn_fill_param(af, IPPROTO_UDP,
53 &iph->daddr, htons(PORT_ISAKMP),
54 &iph->saddr, htons(PORT_ISAKMP), p);
55}
56
57static struct ip_vs_conn *
58ah_esp_conn_in_get(int af, const struct sk_buff *skb, struct ip_vs_protocol *pp,
59 const struct ip_vs_iphdr *iph, unsigned int proto_off,
60 int inverse)
61{
62 struct ip_vs_conn *cp;
63 struct ip_vs_conn_param p;
64
65 ah_esp_conn_fill_param_proto(af, iph, inverse, &p);
66 cp = ip_vs_conn_in_get(&p);
67 if (!cp) {
68
69
70
71
72 IP_VS_DBG_BUF(12, "Unknown ISAKMP entry for outin packet "
73 "%s%s %s->%s\n",
74 inverse ? "ICMP+" : "",
75 pp->name,
76 IP_VS_DBG_ADDR(af, &iph->saddr),
77 IP_VS_DBG_ADDR(af, &iph->daddr));
78 }
79
80 return cp;
81}
82
83
84static struct ip_vs_conn *
85ah_esp_conn_out_get(int af, const struct sk_buff *skb,
86 struct ip_vs_protocol *pp,
87 const struct ip_vs_iphdr *iph,
88 unsigned int proto_off,
89 int inverse)
90{
91 struct ip_vs_conn *cp;
92 struct ip_vs_conn_param p;
93
94 ah_esp_conn_fill_param_proto(af, iph, inverse, &p);
95 cp = ip_vs_conn_out_get(&p);
96 if (!cp) {
97 IP_VS_DBG_BUF(12, "Unknown ISAKMP entry for inout packet "
98 "%s%s %s->%s\n",
99 inverse ? "ICMP+" : "",
100 pp->name,
101 IP_VS_DBG_ADDR(af, &iph->saddr),
102 IP_VS_DBG_ADDR(af, &iph->daddr));
103 }
104
105 return cp;
106}
107
108
109static int
110ah_esp_conn_schedule(int af, struct sk_buff *skb, struct ip_vs_protocol *pp,
111 int *verdict, struct ip_vs_conn **cpp)
112{
113
114
115
116 *verdict = NF_ACCEPT;
117 return 0;
118}
119
120static void ah_esp_init(struct ip_vs_protocol *pp)
121{
122
123}
124
125
126static void ah_esp_exit(struct ip_vs_protocol *pp)
127{
128
129}
130
131
132#ifdef CONFIG_IP_VS_PROTO_AH
133struct ip_vs_protocol ip_vs_protocol_ah = {
134 .name = "AH",
135 .protocol = IPPROTO_AH,
136 .num_states = 1,
137 .dont_defrag = 1,
138 .init = ah_esp_init,
139 .exit = ah_esp_exit,
140 .conn_schedule = ah_esp_conn_schedule,
141 .conn_in_get = ah_esp_conn_in_get,
142 .conn_out_get = ah_esp_conn_out_get,
143 .snat_handler = NULL,
144 .dnat_handler = NULL,
145 .csum_check = NULL,
146 .state_transition = NULL,
147 .register_app = NULL,
148 .unregister_app = NULL,
149 .app_conn_bind = NULL,
150 .debug_packet = ip_vs_tcpudp_debug_packet,
151 .timeout_change = NULL,
152 .set_state_timeout = NULL,
153};
154#endif
155
156#ifdef CONFIG_IP_VS_PROTO_ESP
157struct ip_vs_protocol ip_vs_protocol_esp = {
158 .name = "ESP",
159 .protocol = IPPROTO_ESP,
160 .num_states = 1,
161 .dont_defrag = 1,
162 .init = ah_esp_init,
163 .exit = ah_esp_exit,
164 .conn_schedule = ah_esp_conn_schedule,
165 .conn_in_get = ah_esp_conn_in_get,
166 .conn_out_get = ah_esp_conn_out_get,
167 .snat_handler = NULL,
168 .dnat_handler = NULL,
169 .csum_check = NULL,
170 .state_transition = NULL,
171 .register_app = NULL,
172 .unregister_app = NULL,
173 .app_conn_bind = NULL,
174 .debug_packet = ip_vs_tcpudp_debug_packet,
175 .timeout_change = NULL,
176};
177#endif
178
