25b86e0546
When the packet size is changed by the FTP NAT helper, the connection tracking helper adjusts the sequence number of the newline character by the size difference. This is wrong because NAT sequence number adjustment happens after helpers are called, so the unadjusted number is compared to the already adjusted one. Based on report by YU, Haitao <yuhaitao@tsinghua.org.cn> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
44 lines
1.1 KiB
C
44 lines
1.1 KiB
C
#ifndef _NF_CONNTRACK_FTP_H
|
|
#define _NF_CONNTRACK_FTP_H
|
|
/* FTP tracking. */
|
|
|
|
/* This enum is exposed to userspace */
|
|
enum nf_ct_ftp_type
|
|
{
|
|
/* PORT command from client */
|
|
NF_CT_FTP_PORT,
|
|
/* PASV response from server */
|
|
NF_CT_FTP_PASV,
|
|
/* EPRT command from client */
|
|
NF_CT_FTP_EPRT,
|
|
/* EPSV response from server */
|
|
NF_CT_FTP_EPSV,
|
|
};
|
|
|
|
#ifdef __KERNEL__
|
|
|
|
#define FTP_PORT 21
|
|
|
|
#define NUM_SEQ_TO_REMEMBER 2
|
|
/* This structure exists only once per master */
|
|
struct nf_ct_ftp_master {
|
|
/* Valid seq positions for cmd matching after newline */
|
|
u_int32_t seq_aft_nl[IP_CT_DIR_MAX][NUM_SEQ_TO_REMEMBER];
|
|
/* 0 means seq_match_aft_nl not set */
|
|
int seq_aft_nl_num[IP_CT_DIR_MAX];
|
|
};
|
|
|
|
struct nf_conntrack_expect;
|
|
|
|
/* For NAT to hook in when we find a packet which describes what other
|
|
* connection we should expect. */
|
|
extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff **pskb,
|
|
enum ip_conntrack_info ctinfo,
|
|
enum nf_ct_ftp_type type,
|
|
unsigned int matchoff,
|
|
unsigned int matchlen,
|
|
struct nf_conntrack_expect *exp);
|
|
#endif /* __KERNEL__ */
|
|
|
|
#endif /* _NF_CONNTRACK_FTP_H */
|