diff options
-rw-r--r-- | net/netfilter/nf_conntrack_ftp.c | 36 |
1 files changed, 6 insertions, 30 deletions
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c index 5efe65d4b3c0..9ad15191bb44 100644 --- a/net/netfilter/nf_conntrack_ftp.c +++ b/net/netfilter/nf_conntrack_ftp.c | |||
@@ -364,6 +364,7 @@ static int help(struct sk_buff **pskb, | |||
364 | unsigned int matchlen, matchoff; | 364 | unsigned int matchlen, matchoff; |
365 | struct nf_ct_ftp_master *ct_ftp_info = &nfct_help(ct)->help.ct_ftp_info; | 365 | struct nf_ct_ftp_master *ct_ftp_info = &nfct_help(ct)->help.ct_ftp_info; |
366 | struct nf_conntrack_expect *exp; | 366 | struct nf_conntrack_expect *exp; |
367 | union nf_conntrack_address *daddr; | ||
367 | struct nf_conntrack_man cmd = {}; | 368 | struct nf_conntrack_man cmd = {}; |
368 | unsigned int i; | 369 | unsigned int i; |
369 | int found = 0, ends_in_nl; | 370 | int found = 0, ends_in_nl; |
@@ -454,7 +455,7 @@ static int help(struct sk_buff **pskb, | |||
454 | /* We refer to the reverse direction ("!dir") tuples here, | 455 | /* We refer to the reverse direction ("!dir") tuples here, |
455 | * because we're expecting something in the other direction. | 456 | * because we're expecting something in the other direction. |
456 | * Doesn't matter unless NAT is happening. */ | 457 | * Doesn't matter unless NAT is happening. */ |
457 | exp->tuple.dst.u3 = ct->tuplehash[!dir].tuple.dst.u3; | 458 | daddr = &ct->tuplehash[!dir].tuple.dst.u3; |
458 | 459 | ||
459 | /* Update the ftp info */ | 460 | /* Update the ftp info */ |
460 | if ((cmd.l3num == ct->tuplehash[dir].tuple.src.l3num) && | 461 | if ((cmd.l3num == ct->tuplehash[dir].tuple.src.l3num) && |
@@ -483,37 +484,12 @@ static int help(struct sk_buff **pskb, | |||
483 | ret = NF_ACCEPT; | 484 | ret = NF_ACCEPT; |
484 | goto out_put_expect; | 485 | goto out_put_expect; |
485 | } | 486 | } |
486 | memcpy(&exp->tuple.dst.u3, &cmd.u3.all, | 487 | daddr = &cmd.u3; |
487 | sizeof(exp->tuple.dst.u3)); | ||
488 | } | 488 | } |
489 | 489 | ||
490 | exp->tuple.src.u3 = ct->tuplehash[!dir].tuple.src.u3; | 490 | nf_ct_expect_init(exp, cmd.l3num, |
491 | exp->tuple.src.l3num = cmd.l3num; | 491 | &ct->tuplehash[!dir].tuple.src.u3, daddr, |
492 | exp->tuple.src.u.tcp.port = 0; | 492 | IPPROTO_TCP, NULL, &cmd.u.tcp.port); |
493 | exp->tuple.dst.u.tcp.port = cmd.u.tcp.port; | ||
494 | exp->tuple.dst.protonum = IPPROTO_TCP; | ||
495 | |||
496 | exp->mask = (struct nf_conntrack_tuple) | ||
497 | { .src = { .l3num = 0xFFFF, | ||
498 | .u = { .tcp = { 0 }}, | ||
499 | }, | ||
500 | .dst = { .protonum = 0xFF, | ||
501 | .u = { .tcp = { __constant_htons(0xFFFF) }}, | ||
502 | }, | ||
503 | }; | ||
504 | if (cmd.l3num == PF_INET) { | ||
505 | exp->mask.src.u3.ip = htonl(0xFFFFFFFF); | ||
506 | exp->mask.dst.u3.ip = htonl(0xFFFFFFFF); | ||
507 | } else { | ||
508 | memset(exp->mask.src.u3.ip6, 0xFF, | ||
509 | sizeof(exp->mask.src.u3.ip6)); | ||
510 | memset(exp->mask.dst.u3.ip6, 0xFF, | ||
511 | sizeof(exp->mask.src.u3.ip6)); | ||
512 | } | ||
513 | |||
514 | exp->expectfn = NULL; | ||
515 | exp->helper = NULL; | ||
516 | exp->flags = 0; | ||
517 | 493 | ||
518 | /* Now, NAT might want to mangle the packet, and register the | 494 | /* Now, NAT might want to mangle the packet, and register the |
519 | * (possibly changed) expectation itself. */ | 495 | * (possibly changed) expectation itself. */ |