Hi Dave!
This is the first of a two part patch.
Part one fixes confusing naming of some NAT helper data structures
(ct_ are part of ip_conntrack, exp_ are part of ip_conntrack_expect).
This patch is required to make the second apply, which fixes NAT helper
locking.
Please apply, thanks.
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/08/08 12:26:16+02:00 kaber@xxxxxxxxxxxx
# [NETFILTER]: Fix confusing naming in NAT-helpers
#
# Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
# Signed-off-by: Harald Welte <laforge@xxxxxxxxxxxxx>
#
# net/ipv4/netfilter/ip_nat_irc.c
# 2004/08/08 12:26:12+02:00 kaber@xxxxxxxxxxxx +9 -9
# [NETFILTER]: Fix confusing naming in NAT-helpers
#
# net/ipv4/netfilter/ip_nat_ftp.c
# 2004/08/08 12:26:12+02:00 kaber@xxxxxxxxxxxx +12 -12
# [NETFILTER]: Fix confusing naming in NAT-helpers
#
diff -Nru a/net/ipv4/netfilter/ip_nat_ftp.c b/net/ipv4/netfilter/ip_nat_ftp.c
--- a/net/ipv4/netfilter/ip_nat_ftp.c 2004-08-08 12:49:36 +02:00
+++ b/net/ipv4/netfilter/ip_nat_ftp.c 2004-08-08 12:49:36 +02:00
@@ -166,7 +166,7 @@
[IP_CT_FTP_EPSV] mangle_epsv_packet
};
-static int ftp_data_fixup(const struct ip_ct_ftp_expect *ct_ftp_info,
+static int ftp_data_fixup(const struct ip_ct_ftp_expect *exp_ftp_info,
struct ip_conntrack *ct,
struct sk_buff **pskb,
enum ip_conntrack_info ctinfo,
@@ -180,13 +180,13 @@
MUST_BE_LOCKED(&ip_ftp_lock);
DEBUGP("FTP_NAT: seq %u + %u in %u\n",
- expect->seq, ct_ftp_info->len,
+ expect->seq, exp_ftp_info->len,
ntohl(tcph->seq));
/* Change address inside packet to match way we're mapping
this connection. */
- if (ct_ftp_info->ftptype == IP_CT_FTP_PASV
- || ct_ftp_info->ftptype == IP_CT_FTP_EPSV) {
+ if (exp_ftp_info->ftptype == IP_CT_FTP_PASV
+ || exp_ftp_info->ftptype == IP_CT_FTP_EPSV) {
/* PASV/EPSV response: must be where client thinks server
is */
newip = ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip;
@@ -208,7 +208,7 @@
newtuple.src.u.tcp.port = expect->tuple.src.u.tcp.port;
/* Try to get same port: if not, try to change it. */
- for (port = ct_ftp_info->port; port != 0; port++) {
+ for (port = exp_ftp_info->port; port != 0; port++) {
newtuple.dst.u.tcp.port = htons(port);
if (ip_conntrack_change_expect(expect, &newtuple) == 0)
@@ -217,9 +217,9 @@
if (port == 0)
return 0;
- if (!mangle[ct_ftp_info->ftptype](pskb, newip, port,
+ if (!mangle[exp_ftp_info->ftptype](pskb, newip, port,
expect->seq - ntohl(tcph->seq),
- ct_ftp_info->len, ct, ctinfo))
+ exp_ftp_info->len, ct, ctinfo))
return 0;
return 1;
@@ -236,12 +236,12 @@
struct tcphdr *tcph = (void *)iph + iph->ihl*4;
unsigned int datalen;
int dir;
- struct ip_ct_ftp_expect *ct_ftp_info;
+ struct ip_ct_ftp_expect *exp_ftp_info;
if (!exp)
DEBUGP("ip_nat_ftp: no exp!!");
- ct_ftp_info = &exp->help.exp_ftp_info;
+ exp_ftp_info = &exp->help.exp_ftp_info;
/* Only mangle things once: original direction in POST_ROUTING
and reply direction on PRE_ROUTING. */
@@ -259,10 +259,10 @@
datalen = (*pskb)->len - iph->ihl * 4 - tcph->doff * 4;
LOCK_BH(&ip_ftp_lock);
/* If it's in the right range... */
- if (between(exp->seq + ct_ftp_info->len,
+ if (between(exp->seq + exp_ftp_info->len,
ntohl(tcph->seq),
ntohl(tcph->seq) + datalen)) {
- if (!ftp_data_fixup(ct_ftp_info, ct, pskb, ctinfo, exp)) {
+ if (!ftp_data_fixup(exp_ftp_info, ct, pskb, ctinfo, exp)) {
UNLOCK_BH(&ip_ftp_lock);
return NF_DROP;
}
@@ -271,7 +271,7 @@
It's a cracker being funky. */
if (net_ratelimit()) {
printk("FTP_NAT: partial packet %u/%u in %u/%u\n",
- exp->seq, ct_ftp_info->len,
+ exp->seq, exp_ftp_info->len,
ntohl(tcph->seq),
ntohl(tcph->seq) + datalen);
}
diff -Nru a/net/ipv4/netfilter/ip_nat_irc.c b/net/ipv4/netfilter/ip_nat_irc.c
--- a/net/ipv4/netfilter/ip_nat_irc.c 2004-08-08 12:49:36 +02:00
+++ b/net/ipv4/netfilter/ip_nat_irc.c 2004-08-08 12:49:36 +02:00
@@ -89,7 +89,7 @@
return ip_nat_setup_info(ct, &mr, hooknum);
}
-static int irc_data_fixup(const struct ip_ct_irc_expect *ct_irc_info,
+static int irc_data_fixup(const struct ip_ct_irc_expect *exp_irc_info,
struct ip_conntrack *ct,
struct sk_buff **pskb,
enum ip_conntrack_info ctinfo,
@@ -107,7 +107,7 @@
MUST_BE_LOCKED(&ip_irc_lock);
DEBUGP("IRC_NAT: info (seq %u + %u) in %u\n",
- expect->seq, ct_irc_info->len,
+ expect->seq, exp_irc_info->len,
ntohl(tcph->seq));
newip = ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip;
@@ -120,7 +120,7 @@
t = expect->tuple;
t.dst.ip = newip;
- for (port = ct_irc_info->port; port != 0; port++) {
+ for (port = exp_irc_info->port; port != 0; port++) {
t.dst.u.tcp.port = htons(port);
if (ip_conntrack_change_expect(expect, &t) == 0) {
DEBUGP("using port %d", port);
@@ -150,7 +150,7 @@
return ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
expect->seq - ntohl(tcph->seq),
- ct_irc_info->len, buffer,
+ exp_irc_info->len, buffer,
strlen(buffer));
}
@@ -165,12 +165,12 @@
struct tcphdr *tcph = (void *) iph + iph->ihl * 4;
unsigned int datalen;
int dir;
- struct ip_ct_irc_expect *ct_irc_info;
+ struct ip_ct_irc_expect *exp_irc_info;
if (!exp)
DEBUGP("ip_nat_irc: no exp!!");
- ct_irc_info = &exp->help.exp_irc_info;
+ exp_irc_info = &exp->help.exp_irc_info;
/* Only mangle things once: original direction in POST_ROUTING
and reply direction on PRE_ROUTING. */
@@ -189,10 +189,10 @@
datalen = (*pskb)->len - iph->ihl * 4 - tcph->doff * 4;
LOCK_BH(&ip_irc_lock);
/* Check wether the whole IP/address pattern is carried in the payload
*/
- if (between(exp->seq + ct_irc_info->len,
+ if (between(exp->seq + exp_irc_info->len,
ntohl(tcph->seq),
ntohl(tcph->seq) + datalen)) {
- if (!irc_data_fixup(ct_irc_info, ct, pskb, ctinfo, exp)) {
+ if (!irc_data_fixup(exp_irc_info, ct, pskb, ctinfo, exp)) {
UNLOCK_BH(&ip_irc_lock);
return NF_DROP;
}
@@ -202,7 +202,7 @@
if (net_ratelimit()) {
printk
("IRC_NAT: partial packet %u/%u in %u/%u\n",
- exp->seq, ct_irc_info->len,
+ exp->seq, exp_irc_info->len,
ntohl(tcph->seq),
ntohl(tcph->seq) + datalen);
}
--
- Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie
signature.asc
Description: Digital signature
|