From: Patrick McHardy <kaber@trash.net>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: Netfilter Development Mailinglist
<netfilter-devel@lists.netfilter.org>,
Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>
Subject: [NETFILTER 1/2]: nf_conntrack_ftp: don't call NAT helper for unNATed connections
Date: Sun, 05 Nov 2006 00:04:47 +0100 [thread overview]
Message-ID: <454D1C8F.5060302@trash.net> (raw)
[-- Attachment #1: Type: text/plain, Size: 136 bytes --]
Small fix to the FTP conntrack helper not to call the NAT
helper for IPv6 (or other unNATed) packets. On top of
the previous patches.
[-- Attachment #2: 01.diff --]
[-- Type: text/plain, Size: 1239 bytes --]
[NETFILTER]: nf_conntrack_ftp: don't call NAT helper for unNATed connections
Since both IPv4 and IPv6 are handled by the connection tracking helper but
only IPv4 supports NAT we must make sure not to call the NAT helper for
unNATed connections.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 49993257192a278f6dc7f288e6ef62059ba88762
tree 8bb4d24ab3b5a0325198c5fa0959d44b0841f9c7
parent aa3104784034fe4a9971de642e962c18b51f5a00
author Patrick McHardy <kaber@trash.net> Sat, 04 Nov 2006 21:29:22 +0100
committer Patrick McHardy <kaber@trash.net> Sat, 04 Nov 2006 21:29:22 +0100
net/netfilter/nf_conntrack_ftp.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c
index 10836fc..84b3f2a 100644
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
@@ -520,7 +520,7 @@ static int help(struct sk_buff **pskb,
/* Now, NAT might want to mangle the packet, and register the
* (possibly changed) expectation itself. */
- if (nf_nat_ftp_hook)
+ if (nf_nat_ftp_hook && ct->status & IPS_NAT_MASK)
ret = nf_nat_ftp_hook(pskb, ctinfo, search[dir][i].ftptype,
matchoff, matchlen, exp, &seq);
else {
next reply other threads:[~2006-11-04 23:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-04 23:04 Patrick McHardy [this message]
2006-11-04 23:58 ` [NETFILTER 3/*]: nf_conntrack/nf_nat: add TFTP helper port Patrick McHardy
2006-11-05 0:32 ` [NETFILTER 4/*]: nf_conntrack/nf_nat: add amanda " Patrick McHardy
2006-11-14 19:54 ` [PATCH] nf_conntrack/nf_nat: nf_conntrack_netlink fix Jozsef Kadlecsik
2006-11-15 5:14 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=454D1C8F.5060302@trash.net \
--to=kaber@trash.net \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter-devel@lists.netfilter.org \
--cc=yasuyuki.kozakai@toshiba.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.