aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/netfilter/nf_nat_ftp.c20
-rw-r--r--net/netfilter/nf_conntrack_ftp.c5
2 files changed, 8 insertions, 17 deletions
diff --git a/net/ipv4/netfilter/nf_nat_ftp.c b/net/ipv4/netfilter/nf_nat_ftp.c
index 751b59801755..e6bc8e5a72f1 100644
--- a/net/ipv4/netfilter/nf_nat_ftp.c
+++ b/net/ipv4/netfilter/nf_nat_ftp.c
@@ -40,8 +40,7 @@ mangle_rfc959_packet(struct sk_buff **pskb,
40 unsigned int matchoff, 40 unsigned int matchoff,
41 unsigned int matchlen, 41 unsigned int matchlen,
42 struct nf_conn *ct, 42 struct nf_conn *ct,
43 enum ip_conntrack_info ctinfo, 43 enum ip_conntrack_info ctinfo)
44 u32 *seq)
45{ 44{
46 char buffer[sizeof("nnn,nnn,nnn,nnn,nnn,nnn")]; 45 char buffer[sizeof("nnn,nnn,nnn,nnn,nnn,nnn")];
47 46
@@ -50,7 +49,6 @@ mangle_rfc959_packet(struct sk_buff **pskb,
50 49
51 DEBUGP("calling nf_nat_mangle_tcp_packet\n"); 50 DEBUGP("calling nf_nat_mangle_tcp_packet\n");
52 51
53 *seq += strlen(buffer) - matchlen;
54 return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 52 return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff,
55 matchlen, buffer, strlen(buffer)); 53 matchlen, buffer, strlen(buffer));
56} 54}
@@ -63,8 +61,7 @@ mangle_eprt_packet(struct sk_buff **pskb,
63 unsigned int matchoff, 61 unsigned int matchoff,
64 unsigned int matchlen, 62 unsigned int matchlen,
65 struct nf_conn *ct, 63 struct nf_conn *ct,
66 enum ip_conntrack_info ctinfo, 64 enum ip_conntrack_info ctinfo)
67 u32 *seq)
68{ 65{
69 char buffer[sizeof("|1|255.255.255.255|65535|")]; 66 char buffer[sizeof("|1|255.255.255.255|65535|")];
70 67
@@ -72,7 +69,6 @@ mangle_eprt_packet(struct sk_buff **pskb,
72 69
73 DEBUGP("calling nf_nat_mangle_tcp_packet\n"); 70 DEBUGP("calling nf_nat_mangle_tcp_packet\n");
74 71
75 *seq += strlen(buffer) - matchlen;
76 return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 72 return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff,
77 matchlen, buffer, strlen(buffer)); 73 matchlen, buffer, strlen(buffer));
78} 74}
@@ -85,8 +81,7 @@ mangle_epsv_packet(struct sk_buff **pskb,
85 unsigned int matchoff, 81 unsigned int matchoff,
86 unsigned int matchlen, 82 unsigned int matchlen,
87 struct nf_conn *ct, 83 struct nf_conn *ct,
88 enum ip_conntrack_info ctinfo, 84 enum ip_conntrack_info ctinfo)
89 u32 *seq)
90{ 85{
91 char buffer[sizeof("|||65535|")]; 86 char buffer[sizeof("|||65535|")];
92 87
@@ -94,14 +89,13 @@ mangle_epsv_packet(struct sk_buff **pskb,
94 89
95 DEBUGP("calling nf_nat_mangle_tcp_packet\n"); 90 DEBUGP("calling nf_nat_mangle_tcp_packet\n");
96 91
97 *seq += strlen(buffer) - matchlen;
98 return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 92 return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff,
99 matchlen, buffer, strlen(buffer)); 93 matchlen, buffer, strlen(buffer));
100} 94}
101 95
102static int (*mangle[])(struct sk_buff **, __be32, u_int16_t, 96static int (*mangle[])(struct sk_buff **, __be32, u_int16_t,
103 unsigned int, unsigned int, struct nf_conn *, 97 unsigned int, unsigned int, struct nf_conn *,
104 enum ip_conntrack_info, u32 *seq) 98 enum ip_conntrack_info)
105= { 99= {
106 [NF_CT_FTP_PORT] = mangle_rfc959_packet, 100 [NF_CT_FTP_PORT] = mangle_rfc959_packet,
107 [NF_CT_FTP_PASV] = mangle_rfc959_packet, 101 [NF_CT_FTP_PASV] = mangle_rfc959_packet,
@@ -116,8 +110,7 @@ static unsigned int nf_nat_ftp(struct sk_buff **pskb,
116 enum nf_ct_ftp_type type, 110 enum nf_ct_ftp_type type,
117 unsigned int matchoff, 111 unsigned int matchoff,
118 unsigned int matchlen, 112 unsigned int matchlen,
119 struct nf_conntrack_expect *exp, 113 struct nf_conntrack_expect *exp)
120 u32 *seq)
121{ 114{
122 __be32 newip; 115 __be32 newip;
123 u_int16_t port; 116 u_int16_t port;
@@ -145,8 +138,7 @@ static unsigned int nf_nat_ftp(struct sk_buff **pskb,
145 if (port == 0) 138 if (port == 0)
146 return NF_DROP; 139 return NF_DROP;
147 140
148 if (!mangle[type](pskb, newip, port, matchoff, matchlen, ct, ctinfo, 141 if (!mangle[type](pskb, newip, port, matchoff, matchlen, ct, ctinfo)) {
149 seq)) {
150 nf_conntrack_unexpect_related(exp); 142 nf_conntrack_unexpect_related(exp);
151 return NF_DROP; 143 return NF_DROP;
152 } 144 }
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c
index 4bb669c7780f..82db2aa53bfc 100644
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
@@ -48,8 +48,7 @@ unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb,
48 enum nf_ct_ftp_type type, 48 enum nf_ct_ftp_type type,
49 unsigned int matchoff, 49 unsigned int matchoff,
50 unsigned int matchlen, 50 unsigned int matchlen,
51 struct nf_conntrack_expect *exp, 51 struct nf_conntrack_expect *exp);
52 u32 *seq);
53EXPORT_SYMBOL_GPL(nf_nat_ftp_hook); 52EXPORT_SYMBOL_GPL(nf_nat_ftp_hook);
54 53
55#if 0 54#if 0
@@ -521,7 +520,7 @@ static int help(struct sk_buff **pskb,
521 nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook); 520 nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook);
522 if (nf_nat_ftp && ct->status & IPS_NAT_MASK) 521 if (nf_nat_ftp && ct->status & IPS_NAT_MASK)
523 ret = nf_nat_ftp(pskb, ctinfo, search[dir][i].ftptype, 522 ret = nf_nat_ftp(pskb, ctinfo, search[dir][i].ftptype,
524 matchoff, matchlen, exp, &seq); 523 matchoff, matchlen, exp);
525 else { 524 else {
526 /* Can't expect this? Best to drop packet now. */ 525 /* Can't expect this? Best to drop packet now. */
527 if (nf_conntrack_expect_related(exp) != 0) 526 if (nf_conntrack_expect_related(exp) != 0)
generated by cgit v1.2.2 (git 2.25.0) at 2025-01-20 04:41:13 -0500