[NETFILTER]: x_tables: add port of hashlimit match for IPv4 and IPv6

[linux-2.6-omap-h63xx.git] / net / netfilter / nf_conntrack_ftp.c

diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c
index 0c17a5bd112bb1792d32bffe662ece19d2987584..2d2350152b908b99d2aa6a8bc609f1cdc0798b2f 100644 (file)
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
@@ -26,6 +26,8 @@
 #include <net/tcp.h>
 
 #include <net/netfilter/nf_conntrack.h>
+#include <net/netfilter/nf_conntrack_expect.h>
+#include <net/netfilter/nf_conntrack_ecache.h>
 #include <net/netfilter/nf_conntrack_helper.h>
 #include <linux/netfilter/nf_conntrack_ftp.h>
 
@@ -367,9 +369,9 @@ static int help(struct sk_buff **pskb,
        struct ip_ct_ftp_master *ct_ftp_info = &nfct_help(ct)->help.ct_ftp_info;
        struct nf_conntrack_expect *exp;
        struct nf_conntrack_man cmd = {};
-
        unsigned int i;
        int found = 0, ends_in_nl;
+       typeof(nf_nat_ftp_hook) nf_nat_ftp;
 
        /* Until there's been traffic both ways, don't look in packets. */
        if (ctinfo != IP_CT_ESTABLISHED
@@ -518,9 +520,10 @@ static int help(struct sk_buff **pskb,
 
        /* Now, NAT might want to mangle the packet, and register the
         * (possibly changed) expectation itself. */
-       if (nf_nat_ftp_hook)
-               ret = nf_nat_ftp_hook(pskb, ctinfo, search[dir][i].ftptype,
-                                     matchoff, matchlen, exp, &seq);
+       nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook);
+       if (nf_nat_ftp)
+               ret = nf_nat_ftp(pskb, ctinfo, search[dir][i].ftptype,
+                                matchoff, matchlen, exp, &seq);
        else {
                /* Can't expect this?  Best to drop packet now. */
                if (nf_conntrack_expect_related(exp) != 0)
@@ -584,6 +587,7 @@ static int __init nf_conntrack_ftp_init(void)
                for (j = 0; j < 2; j++) {
                        ftp[i][j].tuple.src.u.tcp.port = htons(ports[i]);
                        ftp[i][j].tuple.dst.protonum = IPPROTO_TCP;
+                       ftp[i][j].mask.src.l3num = 0xFFFF;
                        ftp[i][j].mask.src.u.tcp.port = 0xFFFF;
                        ftp[i][j].mask.dst.protonum = 0xFF;
                        ftp[i][j].max_expected = 1;