X-Git-Url: http://pilppa.org/gitweb/?a=blobdiff_plain;f=net%2Fnetfilter%2Fnf_conntrack_ftp.c;h=82db2aa53bfce5acecac166f4d10e493dc2fe478;hb=9f9d76321659b5ebc9939101481f7c3ce228ea6e;hp=92a947168761ecec4ee3a7bbc16b891c487277d8;hpb=40b20c257a13c5a526ac540bc5e43d0fdf29792a;p=linux-2.6-omap-h63xx.git diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c index 92a94716876..82db2aa53bf 100644 --- a/net/netfilter/nf_conntrack_ftp.c +++ b/net/netfilter/nf_conntrack_ftp.c @@ -7,12 +7,6 @@ * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. - * - * 16 Dec 2003: Yasuyuki Kozakai @USAGI - * - enable working with Layer 3 protocol independent connection tracking. - * - track EPRT and EPSV commands with IPv6 address. - * - * Derived from net/ipv4/netfilter/ip_conntrack_ftp.c */ #include @@ -54,8 +48,7 @@ unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb, enum nf_ct_ftp_type type, unsigned int matchoff, unsigned int matchlen, - struct nf_conntrack_expect *exp, - u32 *seq); + struct nf_conntrack_expect *exp); EXPORT_SYMBOL_GPL(nf_nat_ftp_hook); #if 0 @@ -126,7 +119,7 @@ get_ipv6_addr(const char *src, size_t dlen, struct in6_addr *dst, u_int8_t term) } static int try_number(const char *data, size_t dlen, u_int32_t array[], - int array_size, char sep, char term) + int array_size, char sep, char term) { u_int32_t i, len; @@ -341,15 +334,17 @@ static void update_nl_seq(u32 nl_seq, struct nf_ct_ftp_master *info, int dir, if (info->seq_aft_nl[dir][i] == nl_seq) return; - if (oldest == info->seq_aft_nl_num[dir] - || before(info->seq_aft_nl[dir][i], oldest)) + if (oldest == info->seq_aft_nl_num[dir] || + before(info->seq_aft_nl[dir][i], + info->seq_aft_nl[dir][oldest])) oldest = i; } if (info->seq_aft_nl_num[dir] < NUM_SEQ_TO_REMEMBER) { info->seq_aft_nl[dir][info->seq_aft_nl_num[dir]++] = nl_seq; nf_conntrack_event_cache(IPCT_HELPINFO_VOLATILE, skb); - } else if (oldest != NUM_SEQ_TO_REMEMBER) { + } else if (oldest != NUM_SEQ_TO_REMEMBER && + after(nl_seq, info->seq_aft_nl[dir][oldest])) { info->seq_aft_nl[dir][oldest] = nl_seq; nf_conntrack_event_cache(IPCT_HELPINFO_VOLATILE, skb); } @@ -413,8 +408,8 @@ static int help(struct sk_buff **pskb, goto out_update_nl; } - /* Initialize IP/IPv6 addr to expected address (it's not mentioned - in EPSV responses) */ + /* Initialize IP/IPv6 addr to expected address (it's not mentioned + in EPSV responses) */ cmd.l3num = ct->tuplehash[dir].tuple.src.l3num; memcpy(cmd.u3.all, &ct->tuplehash[dir].tuple.src.u3.all, sizeof(cmd.u3.all)); @@ -466,11 +461,11 @@ static int help(struct sk_buff **pskb, memcmp(&cmd.u3.all, &ct->tuplehash[dir].tuple.src.u3.all, sizeof(cmd.u3.all))) { /* Enrico Scholz's passive FTP to partially RNAT'd ftp - server: it really wants us to connect to a - different IP address. Simply don't record it for - NAT. */ + server: it really wants us to connect to a + different IP address. Simply don't record it for + NAT. */ if (cmd.l3num == PF_INET) { - DEBUGP("conntrack_ftp: NOT RECORDING: " NIPQUAD_FMT " != " NIPQUAD_FMT "\n", + DEBUGP("conntrack_ftp: NOT RECORDING: " NIPQUAD_FMT " != " NIPQUAD_FMT "\n", NIPQUAD(cmd.u3.ip), NIPQUAD(ct->tuplehash[dir].tuple.src.u3.ip)); } else { @@ -525,7 +520,7 @@ static int help(struct sk_buff **pskb, nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook); if (nf_nat_ftp && ct->status & IPS_NAT_MASK) ret = nf_nat_ftp(pskb, ctinfo, search[dir][i].ftptype, - matchoff, matchlen, exp, &seq); + matchoff, matchlen, exp); else { /* Can't expect this? Best to drop packet now. */ if (nf_conntrack_expect_related(exp) != 0)