[PATCH] ctnetlink: Fix NAT info setting.

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] ctnetlink: Fix NAT info setting.
@ 2005-12-01 12:39 Marcus Sundberg
  2005-12-01 13:22 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 4+ messages in thread
From: Marcus Sundberg @ 2005-12-01 12:39 UTC (permalink / raw)
  To: Harald Welte; +Cc: Netfilter Development Mailinglist

[-- Attachment #1: Type: text/plain, Size: 386 bytes --]

Hi,

this patch fixes a latent bug with the NAT info setting in ctnetlink.
(Currently I believe it's never triggered, as NAT info can not be
 changed on existing conntracks)

//Marcus
-- 
---------------------------------------+--------------------------
  Marcus Sundberg <marcus@ingate.com>  | Firewalls with SIP & NAT
 Software Developer, Ingate Systems AB |  http://www.ingate.com/

[-- Attachment #2: ctnetlink-nat.diff --]
[-- Type: text/x-patch, Size: 1583 bytes --]

[NETFILTER] ctnetlink: Fix NAT info setting.

ip_nat_initialized() takes enum ip_nat_manip_type as it's second
argument, not a hook number. The current code was not only ugly,
but also broken as IP_NAT_MANIP_SRC != NF_IP_POST_ROUTING.

Signed-off-by: Marcus Sundberg <marcus@ingate.com>

--- linux-2.6.15-rc4/net/ipv4/netfilter/ip_conntrack_netlink.c	2005/12/01 12:25:50	1.1
+++ linux/net/ipv4/netfilter/ip_conntrack_netlink.c	2005/12/01 12:25:54
@@ -855,6 +855,7 @@ ctnetlink_change_status(struct ip_conntr
 		return -EINVAL;
 #else
 		unsigned int hooknum;
+		enum ip_nat_manip_type manip;
 		struct ip_nat_range range;
 
 		if (ctnetlink_parse_nat(cda, ct, &range) < 0)
@@ -867,17 +868,19 @@ ctnetlink_change_status(struct ip_conntr
 		/* This is tricky but it works. ip_nat_setup_info needs the
 		 * hook number as parameter, so let's do the correct 
 		 * conversion and run away */
-		if (status & IPS_SRC_NAT_DONE)
-			hooknum = NF_IP_POST_ROUTING; /* IP_NAT_MANIP_SRC */
-		else if (status & IPS_DST_NAT_DONE)
-			hooknum = NF_IP_PRE_ROUTING;  /* IP_NAT_MANIP_DST */
-		else 
+		if (status & IPS_SRC_NAT_DONE) {
+			hooknum = NF_IP_POST_ROUTING;
+			manip = IP_NAT_MANIP_SRC;
+		} else if (status & IPS_DST_NAT_DONE) {
+			hooknum = NF_IP_PRE_ROUTING;
+			manip = IP_NAT_MANIP_DST;
+		} else 
 			return -EINVAL; /* Missing NAT flags */
 
 		DEBUGP("NAT status: %lu\n", 
 		       status & (IPS_NAT_MASK | IPS_NAT_DONE_MASK));
 		
-		if (ip_nat_initialized(ct, hooknum))
+		if (ip_nat_initialized(ct, manip))
 			return -EEXIST;
 		ip_nat_setup_info(ct, &range, hooknum);
 

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] ctnetlink: Fix NAT info setting.
  2005-12-01 12:39 [PATCH] ctnetlink: Fix NAT info setting Marcus Sundberg
@ 2005-12-01 13:22 ` Pablo Neira Ayuso
  2005-12-01 13:38   ` Marcus Sundberg
  2005-12-04 15:36   ` Patrick McHardy
  0 siblings, 2 replies; 4+ messages in thread
From: Pablo Neira Ayuso @ 2005-12-01 13:22 UTC (permalink / raw)
  To: Marcus Sundberg; +Cc: Harald Welte, Netfilter Development Mailinglist

[-- Attachment #1: Type: text/plain, Size: 419 bytes --]

Marcus Sundberg wrote:
> [NETFILTER] ctnetlink: Fix NAT info setting.
> 
> ip_nat_initialized() takes enum ip_nat_manip_type as it's second
> argument, not a hook number. The current code was not only ugly,
> but also broken as IP_NAT_MANIP_SRC != NF_IP_POST_ROUTING.

Thanks for the bugfix but I don't like it, it's a bit bloated. Harald,
please submit the patch attached. It uses HOOK2MANIP macro instead.

-- 
Pablo

[-- Attachment #2: x.patch --]
[-- Type: text/plain, Size: 864 bytes --]

[NETFILTER] ip_nat_initialized takes wrong parameter

ip_nat_initialized() takes enum ip_nat_manip_type as it's second
argument, not a hook number.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Index: netfilter-2.6.14.git/net/ipv4/netfilter/ip_conntrack_netlink.c
===================================================================
--- netfilter-2.6.14.git.orig/net/ipv4/netfilter/ip_conntrack_netlink.c	2005-12-01 14:15:09.000000000 +0100
+++ netfilter-2.6.14.git/net/ipv4/netfilter/ip_conntrack_netlink.c	2005-12-01 14:16:44.000000000 +0100
@@ -876,7 +876,7 @@ ctnetlink_change_status(struct ip_conntr
 		DEBUGP("NAT status: %lu\n", 
 		       status & (IPS_NAT_MASK | IPS_NAT_DONE_MASK));
 		
-		if (ip_nat_initialized(ct, hooknum))
+		if (ip_nat_initialized(ct, HOOK2MANIP(hooknum)))
 			return -EEXIST;
 		ip_nat_setup_info(ct, &range, hooknum);
 

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] ctnetlink: Fix NAT info setting.
  2005-12-01 13:22 ` Pablo Neira Ayuso
@ 2005-12-01 13:38   ` Marcus Sundberg
  2005-12-04 15:36   ` Patrick McHardy
  1 sibling, 0 replies; 4+ messages in thread
From: Marcus Sundberg @ 2005-12-01 13:38 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: Harald Welte, Netfilter Development Mailinglist

Pablo Neira Ayuso wrote:
> Marcus Sundberg wrote:
> 
>>[NETFILTER] ctnetlink: Fix NAT info setting.
>>
>>ip_nat_initialized() takes enum ip_nat_manip_type as it's second
>>argument, not a hook number. The current code was not only ugly,
>>but also broken as IP_NAT_MANIP_SRC != NF_IP_POST_ROUTING.
> 
> Thanks for the bugfix but I don't like it, it's a bit bloated. Harald,
> please submit the patch attached. It uses HOOK2MANIP macro instead.

Ah, I wasn't aware of that macro. I agree that's a nicer fix.

//Marcus
-- 
---------------------------------------+--------------------------
  Marcus Sundberg <marcus@ingate.com>  | Firewalls with SIP & NAT
 Software Developer, Ingate Systems AB |  http://www.ingate.com/

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] ctnetlink: Fix NAT info setting.
  2005-12-01 13:22 ` Pablo Neira Ayuso
  2005-12-01 13:38   ` Marcus Sundberg
@ 2005-12-04 15:36   ` Patrick McHardy
  1 sibling, 0 replies; 4+ messages in thread
From: Patrick McHardy @ 2005-12-04 15:36 UTC (permalink / raw)
  To: Pablo Neira Ayuso
  Cc: Harald Welte, Netfilter Development Mailinglist, Marcus Sundberg

Pablo Neira Ayuso wrote:
> [NETFILTER] ip_nat_initialized takes wrong parameter
> 
> ip_nat_initialized() takes enum ip_nat_manip_type as it's second
> argument, not a hook number.

Applied, thanks Pablo and Marcus.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2005-12-04 15:36 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-12-01 12:39 [PATCH] ctnetlink: Fix NAT info setting Marcus Sundberg
2005-12-01 13:22 ` Pablo Neira Ayuso
2005-12-01 13:38   ` Marcus Sundberg
2005-12-04 15:36   ` Patrick McHardy

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.