diff options
| author | David S. Miller <davem@davemloft.net> | 2009-06-29 22:22:31 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2009-06-29 22:22:31 -0400 |
| commit | 53bd9728bf9be7fc3b3147e821dbeb71d767c354 (patch) | |
| tree | 3e4dcda28ef94b6d67d24d22b4e1ec76f6fcd968 /net/ipv4 | |
| parent | bd46cb6cf11867130a41ea9546dd65688b71f3c2 (diff) | |
| parent | d6d3f08b0fd998b647a05540cedd11a067b72867 (diff) | |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6
Diffstat (limited to 'net/ipv4')
| -rw-r--r-- | net/ipv4/netfilter/nf_nat_helper.c | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c index 155c008626c8..09172a65d9b6 100644 --- a/net/ipv4/netfilter/nf_nat_helper.c +++ b/net/ipv4/netfilter/nf_nat_helper.c | |||
| @@ -191,7 +191,8 @@ nf_nat_mangle_tcp_packet(struct sk_buff *skb, | |||
| 191 | ct, ctinfo); | 191 | ct, ctinfo); |
| 192 | /* Tell TCP window tracking about seq change */ | 192 | /* Tell TCP window tracking about seq change */ |
| 193 | nf_conntrack_tcp_update(skb, ip_hdrlen(skb), | 193 | nf_conntrack_tcp_update(skb, ip_hdrlen(skb), |
| 194 | ct, CTINFO2DIR(ctinfo)); | 194 | ct, CTINFO2DIR(ctinfo), |
| 195 | (int)rep_len - (int)match_len); | ||
| 195 | 196 | ||
| 196 | nf_conntrack_event_cache(IPCT_NATSEQADJ, ct); | 197 | nf_conntrack_event_cache(IPCT_NATSEQADJ, ct); |
| 197 | } | 198 | } |
| @@ -377,6 +378,7 @@ nf_nat_seq_adjust(struct sk_buff *skb, | |||
| 377 | struct tcphdr *tcph; | 378 | struct tcphdr *tcph; |
| 378 | int dir; | 379 | int dir; |
| 379 | __be32 newseq, newack; | 380 | __be32 newseq, newack; |
| 381 | s16 seqoff, ackoff; | ||
| 380 | struct nf_conn_nat *nat = nfct_nat(ct); | 382 | struct nf_conn_nat *nat = nfct_nat(ct); |
| 381 | struct nf_nat_seq *this_way, *other_way; | 383 | struct nf_nat_seq *this_way, *other_way; |
| 382 | 384 | ||
| @@ -390,15 +392,18 @@ nf_nat_seq_adjust(struct sk_buff *skb, | |||
| 390 | 392 | ||
| 391 | tcph = (void *)skb->data + ip_hdrlen(skb); | 393 | tcph = (void *)skb->data + ip_hdrlen(skb); |
| 392 | if (after(ntohl(tcph->seq), this_way->correction_pos)) | 394 | if (after(ntohl(tcph->seq), this_way->correction_pos)) |
| 393 | newseq = htonl(ntohl(tcph->seq) + this_way->offset_after); | 395 | seqoff = this_way->offset_after; |
| 394 | else | 396 | else |
| 395 | newseq = htonl(ntohl(tcph->seq) + this_way->offset_before); | 397 | seqoff = this_way->offset_before; |
| 396 | 398 | ||
| 397 | if (after(ntohl(tcph->ack_seq) - other_way->offset_before, | 399 | if (after(ntohl(tcph->ack_seq) - other_way->offset_before, |
| 398 | other_way->correction_pos)) | 400 | other_way->correction_pos)) |
| 399 | newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_after); | 401 | ackoff = other_way->offset_after; |
| 400 | else | 402 | else |
| 401 | newack = htonl(ntohl(tcph->ack_seq) - other_way->offset_before); | 403 | ackoff = other_way->offset_before; |
| 404 | |||
| 405 | newseq = htonl(ntohl(tcph->seq) + seqoff); | ||
| 406 | newack = htonl(ntohl(tcph->ack_seq) - ackoff); | ||
| 402 | 407 | ||
| 403 | inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0); | 408 | inet_proto_csum_replace4(&tcph->check, skb, tcph->seq, newseq, 0); |
| 404 | inet_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0); | 409 | inet_proto_csum_replace4(&tcph->check, skb, tcph->ack_seq, newack, 0); |
| @@ -413,7 +418,7 @@ nf_nat_seq_adjust(struct sk_buff *skb, | |||
| 413 | if (!nf_nat_sack_adjust(skb, tcph, ct, ctinfo)) | 418 | if (!nf_nat_sack_adjust(skb, tcph, ct, ctinfo)) |
| 414 | return 0; | 419 | return 0; |
| 415 | 420 | ||
| 416 | nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir); | 421 | nf_conntrack_tcp_update(skb, ip_hdrlen(skb), ct, dir, seqoff); |
| 417 | 422 | ||
| 418 | return 1; | 423 | return 1; |
| 419 | } | 424 | } |