1// SPDX-License-Identifier: GPL-2.0-or-later
2/* IRC extension for TCP NAT alteration.
3 *
4 * (C) 2000-2001 by Harald Welte <laforge@gnumonks.org>
5 * (C) 2004 Rusty Russell <rusty@rustcorp.com.au> IBM Corporation
6 * based on a copy of RR's ip_nat_ftp.c
7 */
8
9#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
10
11#include <linux/module.h>
12#include <linux/moduleparam.h>
13#include <linux/tcp.h>
14#include <linux/kernel.h>
15
16#include <net/netfilter/nf_nat.h>
17#include <net/netfilter/nf_nat_helper.h>
18#include <net/netfilter/nf_conntrack_helper.h>
19#include <net/netfilter/nf_conntrack_expect.h>
20#include <linux/netfilter/nf_conntrack_irc.h>
21
22#define NAT_HELPER_NAME "irc"
23
24MODULE_AUTHOR("Harald Welte <laforge@gnumonks.org>");
25MODULE_DESCRIPTION("IRC (DCC) NAT helper");
26MODULE_LICENSE("GPL");
27MODULE_ALIAS_NF_NAT_HELPER(NAT_HELPER_NAME);
28
29static struct nf_conntrack_nat_helper nat_helper_irc =
30 NF_CT_NAT_HELPER_INIT(NAT_HELPER_NAME);
31
32static unsigned int help(struct sk_buff *skb,
33 enum ip_conntrack_info ctinfo,
34 unsigned int protoff,
35 unsigned int matchoff,
36 unsigned int matchlen,
37 struct nf_conntrack_expect *exp)
38{
39 char buffer[sizeof("4294967296 65635")];
40 struct nf_conn *ct = exp->master;
41 union nf_inet_addr newaddr;
42 u_int16_t port;
43
44 /* Reply comes from server. */
45 newaddr = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3;
46
47 exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
48 exp->dir = IP_CT_DIR_REPLY;
49 exp->expectfn = nf_nat_follow_master;
50
51 port = nf_nat_exp_find_port(exp,
52 ntohs(exp->saved_proto.tcp.port));
53 if (port == 0) {
54 nf_ct_helper_log(skb, ct, fmt: "all ports in use");
55 return NF_DROP;
56 }
57
58 /* strlen("\1DCC CHAT chat AAAAAAAA P\1\n")=27
59 * strlen("\1DCC SCHAT chat AAAAAAAA P\1\n")=28
60 * strlen("\1DCC SEND F AAAAAAAA P S\1\n")=26
61 * strlen("\1DCC MOVE F AAAAAAAA P S\1\n")=26
62 * strlen("\1DCC TSEND F AAAAAAAA P S\1\n")=27
63 *
64 * AAAAAAAAA: bound addr (1.0.0.0==16777216, min 8 digits,
65 * 255.255.255.255==4294967296, 10 digits)
66 * P: bound port (min 1 d, max 5d (65635))
67 * F: filename (min 1 d )
68 * S: size (min 1 d )
69 * 0x01, \n: terminators
70 */
71 /* AAA = "us", ie. where server normally talks to. */
72 snprintf(buf: buffer, size: sizeof(buffer), fmt: "%u %u", ntohl(newaddr.ip), port);
73 pr_debug("inserting '%s' == %pI4, port %u\n",
74 buffer, &newaddr.ip, port);
75
76 if (!nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff, match_offset: matchoff,
77 match_len: matchlen, rep_buffer: buffer, rep_len: strlen(buffer))) {
78 nf_ct_helper_log(skb, ct, fmt: "cannot mangle packet");
79 nf_ct_unexpect_related(exp);
80 return NF_DROP;
81 }
82
83 return NF_ACCEPT;
84}
85
86static void __exit nf_nat_irc_fini(void)
87{
88 nf_nat_helper_unregister(nat: &nat_helper_irc);
89 RCU_INIT_POINTER(nf_nat_irc_hook, NULL);
90 synchronize_rcu();
91}
92
93static int __init nf_nat_irc_init(void)
94{
95 BUG_ON(nf_nat_irc_hook != NULL);
96 nf_nat_helper_register(nat: &nat_helper_irc);
97 RCU_INIT_POINTER(nf_nat_irc_hook, help);
98 return 0;
99}
100
101/* Prior to 2.6.11, we had a ports param. No longer, but don't break users. */
102static int warn_set(const char *val, const struct kernel_param *kp)
103{
104 pr_info("kernel >= 2.6.10 only uses 'ports' for conntrack modules\n");
105 return 0;
106}
107module_param_call(ports, warn_set, NULL, NULL, 0);
108
109module_init(nf_nat_irc_init);
110module_exit(nf_nat_irc_fini);
111