[PATCH] ipt_helper.c

[PATCH] ipt_helper.c

[quadong]

Currently, if you tell iptables to match "-m helper ! --helper ftp" it
will match any packet from any helper other than FTP.  What it should do
is match any packet that is not from an FTP helper, included packets that
are not from any helper (packets from master connections).  Here's the
fix:

--- ipt_helper.c.old    2004-03-03 21:34:05.000000000 -0600
+++ ipt_helper.c        2004-03-04 14:34:17.709903456 -0600
@@ -48,7 +48,7 @@

        if (!ct->master) {
                DEBUGP("ipt_helper: conntrack %p has no master\n", ct);
-               return 0;
+               return info->invert;
        }

        exp = ct->master;

Re: [PATCH] ipt_helper.c

[Bill Davidsen]

quadong@users.sourceforge.net wrote:
> Currently, if you tell iptables to match "-m helper ! --helper ftp" it
> will match any packet from any helper other than FTP.  What it should do
> is match any packet that is not from an FTP helper, included packets that
> are not from any helper (packets from master connections).  Here's the
> fix:
> 
> --- ipt_helper.c.old    2004-03-03 21:34:05.000000000 -0600
> +++ ipt_helper.c        2004-03-04 14:34:17.709903456 -0600
> @@ -48,7 +48,7 @@
> 
>         if (!ct->master) {
>                 DEBUGP("ipt_helper: conntrack %p has no master\n", ct);
> -               return 0;
> +               return info->invert;
>         }
> 
>         exp = ct->master;

I think you can get the functionality you want with the current code, 
but can you get the current functionality which you feel is in error 
after applying your patch?