--- oidentd-2.0.3+cvs20020603.orig/src/Makefile.in	2002-06-03 10:54:51.000000000 +0200
+++ oidentd-2.0.3+cvs20020603/src/Makefile.in	2002-08-13 20:46:12.000000000 +0200
@@ -42,6 +42,9 @@
 
 top_builddir = ..
 
+ctnetlink = /home/gandalf/cvs/020809/netfilter/iptables2/libnfnetlink/libnfnetlink.o \
+		/home/gandalf/cvs/020809/netfilter/iptables2/libctnetlink/libctnetlink.o
+
 ACLOCAL = @ACLOCAL@
 AUTOCONF = @AUTOCONF@
 AUTOMAKE = @AUTOMAKE@
@@ -98,7 +101,7 @@
 LDFLAGS = @LDFLAGS@
 oidentd_OBJECTS =  oidentd.o oidentd_util.o oidentd_inet_util.o \
 oidentd_user_db.o oidentd_options.o oidentd_masq.o oidentd_cfg_scan.o \
-oidentd_cfg_parse.o os.o
+oidentd_cfg_parse.o os.o $(ctnetlink)
 oidentd_LDADD = $(LDADD)
 oidentd_DEPENDENCIES = 
 oidentd_LDFLAGS = 
--- oidentd-2.0.3+cvs20020603.orig/src/kernel/linux.c	2002-06-03 10:54:51.000000000 +0200
+++ oidentd-2.0.3+cvs20020603/src/kernel/linux.c	2002-08-21 14:23:50.000000000 +0200
@@ -22,6 +22,7 @@
 
 #include <config.h>
 
+#include <stdlib.h>
 #include <unistd.h>
 #include <stdio.h>
 #include <string.h>
@@ -38,14 +39,33 @@
 #include <oidentd_masq.h>
 #include <oidentd_options.h>
 
+#include <asm/byteorder.h>
+#include <linux/list.h>
+#include <linux/types.h>
+#include <linux/netlink.h>
+#include <linux/nfnetlink_conntrack.h>
+        
+#include "/home/gandalf/cvs/020809/netfilter/iptables2/libctnetlink/libctnetlink.h"
+#include "/home/gandalf/cvs/020809/netfilter/iptables2/libnfnetlink/libnfnetlink.h"
+
 #ifdef HAVE_LIBUDB
 #	include <udb.h>
 #endif
 
 #define CFILE		"/proc/net/tcp"
 #define CFILE6		"/proc/net/tcp6"
-#define MASQFILE	"/proc/net/ip_masquerade"
-#define CONNTRACK	"/proc/net/ip_conntrack"
+
+#define NIPQUAD(addr) \
+	((unsigned char *)&addr)[0], \
+	((unsigned char *)&addr)[1], \
+	((unsigned char *)&addr)[2], \
+	((unsigned char *)&addr)[3]
+				
+#define HIPQUAD(addr) \
+	((unsigned char *)&addr)[3], \
+	((unsigned char *)&addr)[2], \
+	((unsigned char *)&addr)[1], \
+	((unsigned char *)&addr)[0]
 
 extern struct sockaddr_storage proxy;
 
@@ -197,7 +217,6 @@
 }
 
 #ifdef MASQ_SUPPORT
-
 /*
 ** Handle a request to a host that's IP masquerading through us.
 ** Returns 0 on success, -1 on failure.
@@ -209,12 +228,22 @@
 			struct sockaddr_storage *laddr,
 			struct sockaddr_storage *faddr)
 {
-	FILE *fp;
-	char buf[2048];
-	bool netfilter;
+	char os[24];
+	in_port_t mport;
+	in_port_t lportm;
+	in_port_t fportm;
+	char user[MAX_ULEN];
+	in_addr_t localm;
+	in_addr_t remotem;
+	struct sockaddr_storage ss;
+	int ret;
+
+	struct ip_conntrack_tuple stuple;
+	struct ip_conntrack_tuple *ftuple;
+	struct ctnl_get_conntrack_st req;
+	struct ctnl_handle cth;
 
-	/* laddr is unneeded on Linux */
-	(void) laddr;
+	memset(&req, 0, sizeof(req));
 
 	/*
 	** There's no masq support for IPv6 yet.
@@ -226,130 +255,73 @@
 	lport = ntohs(lport);
 	fport = ntohs(fport);
 
-	fp = fopen(MASQFILE, "r");
-	if (fp == NULL) {
-		if (errno != ENOENT)
-			debug("fopen: %s: %s", MASQFILE, strerror(errno));
-
-		fp = fopen(CONNTRACK, "r");
-		if (fp == NULL) {
-			if (errno != ENOENT)
-				debug("fopen: %s: %s", CONNTRACK, strerror(errno));
-			return (-1);
-		}
+	stuple.dst.protonum = IPPROTO_TCP;
+	stuple.src.ip = SIN4(faddr)->sin_addr.s_addr;
+	stuple.src.u.all = htons(fport);
+	stuple.dst.ip = SIN4(laddr)->sin_addr.s_addr;
+	stuple.dst.u.all = htons(lport);
+
+	debug("request lookup: %d.%d.%d.%d:%d -> %d.%d.%d.%d:%d",
+		NIPQUAD(SIN4(faddr)->sin_addr.s_addr), fport, NIPQUAD(SIN4(laddr)->sin_addr.s_addr), lport);
+
+	if(ctnl_open(&cth, 0) < 0) {
+		debug("ctnetlink open failed","");
+		return -1;
+	}
 
-		netfilter = true;
+	if (ctnl_get_conntrack(&cth, &stuple, &req) == -100) {
+		debug("lookup success","");
+		ftuple = NFA_DATA(req.cb[CTA_ORIG]);
+		ctnl_close(&cth);
 	} else {
-		netfilter = false;
-
-		/* Eat the header line. */
-		fgets(buf, sizeof(buf), fp);
+		debug("no match", "");
+		ctnl_close(&cth);
+		return -1;
 	}
+		
+	localm = ntohl(ftuple->src.ip);
+	remotem = ntohl(ftuple->dst.ip);
+	mport = lport;
+	lportm = ntohs(ftuple->src.u.tcp.port);
+	fportm = ntohs(ftuple->dst.u.tcp.port);
 
-	while (fgets(buf, sizeof(buf), fp)) {
-		char os[24];
-		char proto[16];
-		in_port_t mport;
-		in_port_t lportm;
-		in_port_t fportm;
-		char user[MAX_ULEN];
-		in_addr_t localm;
-		in_addr_t remotem;
-		struct sockaddr_storage ss;
-		int ret;
-
-		if (netfilter == false) {
-			u_int32_t mport_temp;
-			u_int32_t lportm_temp;
-			u_int32_t fportm_temp;
-
-			ret = sscanf(buf, "%15s %X:%X %X:%X %X %*X %*d %*d %*u",
-					proto, &localm, &lportm_temp,
-					&remotem, &fportm_temp, &mport_temp);
-
-			if (ret != 6)
-				continue;
-
-			mport = (in_port_t) mport_temp;
-			lportm = (in_port_t) lportm_temp;
-			fportm = (in_port_t) fportm_temp;
-		} else {
-			int l1, l2, l3, l4, r1, r2, r3, r4;
-			u_int32_t mport_temp;
-			u_int32_t lportm_temp;
-			u_int32_t fportm_temp;
-
-			ret = sscanf(buf,
-				"%15s %*d %*d ESTABLISHED src=%d.%d.%d.%d dst=%d.%d.%d.%d sport=%d dport=%d %*s %*s %*s dport=%d",
-					proto, &l1, &l2, &l3, &l4, &r1, &r2, &r3, &r4,
-					&lportm_temp, &fportm_temp, &mport_temp);
-
-			if (ret != 12)
-				continue;
-
-			mport = (in_port_t) mport_temp;
-			lportm = (in_port_t) lportm_temp;
-			fportm = (in_port_t) fportm_temp;
-
-			localm = l1 << 24 | l2 << 16 | l3 << 8 | l4;
-			remotem = r1 << 24 | r2 << 16 | r3 << 8 | r4;
-		}
-
-		if (strcasecmp(proto, "tcp"))
-			continue;
+	free(req.buf);
 
-		if (mport != lport)
-			continue;
+	debug("original connection: %d.%d.%d.%d:%d (%d) -> %d.%d.%d.%d:%d",
+		HIPQUAD(localm), lportm, mport, HIPQUAD(remotem), fportm);
 
-		if (fportm != fport)
-			continue;
+	sin_setv4(htonl(localm), &ss);
 
-		if (remotem != ntohl(SIN4(faddr)->sin_addr.s_addr)) {
-			if (!opt_enabled(PROXY))
-				continue;
+	if (opt_enabled(FORWARD)) {
+		char ipbuf[MAX_IPLEN];
 
-			if (SIN4(faddr)->sin_addr.s_addr != SIN4(&proxy)->sin_addr.s_addr)
-				continue;
-
-			if (remotem == SIN4(&proxy)->sin_addr.s_addr)
-				continue;
-		}
+		if (fwd_request(sock, lport, lportm, fportm, &ss) == 0)
+			goto out_success;
 
-		sin_setv4(htonl(localm), &ss);
+		get_ip(&ss, ipbuf, sizeof(ipbuf));
 
-		if (opt_enabled(FORWARD)) {
-			char ipbuf[MAX_IPLEN];
+		debug("Forward to %s (%d %d) failed.", ipbuf, lportm, fportm);
+	}
 
-			if (fwd_request(sock, lport, lportm, fportm, &ss) == 0)
-				goto out_success;
+	ret = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os));
+	if (ret == 0) {
+		char ipbuf[MAX_IPLEN];
 
-			get_ip(&ss, ipbuf, sizeof(ipbuf));
+		sockprintf(sock, "%d , %d : USERID : %s : %s\r\n",
+			lport, fport, os, user);
 
-			debug("Forward to %s (%d %d) failed", ipbuf, lportm, fportm);
-		}
+		get_ip(faddr, ipbuf, sizeof(ipbuf));
 
-		ret = find_masq_entry(&ss, user, sizeof(user), os, sizeof(os));
-		if (ret == 0) {
-			char ipbuf[MAX_IPLEN];
-
-			sockprintf(sock, "%d , %d : USERID : %s : %s\r\n",
-				lport, fport, os, user);
-
-			get_ip(faddr, ipbuf, sizeof(ipbuf));
-
-			o_log(NORMAL,
-				"[%s] (Masqueraded) Successful lookup: %d , %d : %s",
-				ipbuf, lport, fport, user);
+		o_log(NORMAL,
+			"[%s] (Masqueraded) Successful lookup: %d , %d : %s",
+			ipbuf, lport, fport, user);
 
-			goto out_success;
-		}
+		goto out_success;
 	}
 
-	fclose(fp);
 	return (-1);
 
 out_success:
-	fclose(fp);
 	return (0);
 }