aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--net/netfilter/nf_conntrack_seqadj.c2
-rw-r--r--net/netfilter/nf_nat_irc.c32
2 files changed, 28 insertions, 6 deletions
diff --git a/net/netfilter/nf_conntrack_seqadj.c b/net/netfilter/nf_conntrack_seqadj.c
index b2d38da67822..f6e2ae91a80b 100644
--- a/net/netfilter/nf_conntrack_seqadj.c
+++ b/net/netfilter/nf_conntrack_seqadj.c
@@ -37,7 +37,7 @@ int nf_ct_seqadj_set(struct nf_conn *ct, enum ip_conntrack_info ctinfo,
37 return 0; 37 return 0;
38 38
39 if (unlikely(!seqadj)) { 39 if (unlikely(!seqadj)) {
40 WARN(1, "Wrong seqadj usage, missing nfct_seqadj_ext_add()\n"); 40 WARN_ONCE(1, "Missing nfct_seqadj_ext_add() setup call\n");
41 return 0; 41 return 0;
42 } 42 }
43 43
diff --git a/net/netfilter/nf_nat_irc.c b/net/netfilter/nf_nat_irc.c
index f02b3605823e..1fb2258c3535 100644
--- a/net/netfilter/nf_nat_irc.c
+++ b/net/netfilter/nf_nat_irc.c
@@ -34,10 +34,14 @@ static unsigned int help(struct sk_buff *skb,
34 struct nf_conntrack_expect *exp) 34 struct nf_conntrack_expect *exp)
35{ 35{
36 char buffer[sizeof("4294967296 65635")]; 36 char buffer[sizeof("4294967296 65635")];
37 struct nf_conn *ct = exp->master;
38 union nf_inet_addr newaddr;
37 u_int16_t port; 39 u_int16_t port;
38 unsigned int ret; 40 unsigned int ret;
39 41
40 /* Reply comes from server. */ 42 /* Reply comes from server. */
43 newaddr = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3;
44
41 exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port; 45 exp->saved_proto.tcp.port = exp->tuple.dst.u.tcp.port;
42 exp->dir = IP_CT_DIR_REPLY; 46 exp->dir = IP_CT_DIR_REPLY;
43 exp->expectfn = nf_nat_follow_master; 47 exp->expectfn = nf_nat_follow_master;
@@ -57,17 +61,35 @@ static unsigned int help(struct sk_buff *skb,
57 } 61 }
58 62
59 if (port == 0) { 63 if (port == 0) {
60 nf_ct_helper_log(skb, exp->master, "all ports in use"); 64 nf_ct_helper_log(skb, ct, "all ports in use");
61 return NF_DROP; 65 return NF_DROP;
62 } 66 }
63 67
64 ret = nf_nat_mangle_tcp_packet(skb, exp->master, ctinfo, 68 /* strlen("\1DCC CHAT chat AAAAAAAA P\1\n")=27
65 protoff, matchoff, matchlen, buffer, 69 * strlen("\1DCC SCHAT chat AAAAAAAA P\1\n")=28
66 strlen(buffer)); 70 * strlen("\1DCC SEND F AAAAAAAA P S\1\n")=26
71 * strlen("\1DCC MOVE F AAAAAAAA P S\1\n")=26
72 * strlen("\1DCC TSEND F AAAAAAAA P S\1\n")=27
73 *
74 * AAAAAAAAA: bound addr (1.0.0.0==16777216, min 8 digits,
75 * 255.255.255.255==4294967296, 10 digits)
76 * P: bound port (min 1 d, max 5d (65635))
77 * F: filename (min 1 d )
78 * S: size (min 1 d )
79 * 0x01, \n: terminators
80 */
81 /* AAA = "us", ie. where server normally talks to. */
82 snprintf(buffer, sizeof(buffer), "%u %u", ntohl(newaddr.ip), port);
83 pr_debug("nf_nat_irc: inserting '%s' == %pI4, port %u\n",
84 buffer, &newaddr.ip, port);
85
86 ret = nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff, matchoff,
87 matchlen, buffer, strlen(buffer));
67 if (ret != NF_ACCEPT) { 88 if (ret != NF_ACCEPT) {
68 nf_ct_helper_log(skb, exp->master, "cannot mangle packet"); 89 nf_ct_helper_log(skb, ct, "cannot mangle packet");
69 nf_ct_unexpect_related(exp); 90 nf_ct_unexpect_related(exp);
70 } 91 }
92
71 return ret; 93 return ret;
72} 94}
73 95
generated by cgit v1.2.2 (git 2.25.0) at 2025-06-03 13:51:06 -0400