[netfilter-cvslog] r3290 -
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter
yasuyuki at netfilter.org
yasuyuki at netfilter.org
Sat Nov 20 19:15:05 CET 2004
Author: yasuyuki at netfilter.org
Date: 2004-11-20 19:15:04 +0100 (Sat, 20 Nov 2004)
New Revision: 3290
Modified:
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_ftp.c
Log:
just cleanup.
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_ftp.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_ftp.c 2004-11-20 17:37:00 UTC (rev 3289)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/netfilter/nf_conntrack_ftp.c 2004-11-20 18:15:04 UTC (rev 3290)
@@ -307,7 +307,7 @@
if (length == 0)
return 0;
- DEBUGP("EPRT: Got IP or IPv6 address!\n");
+ DEBUGP("EPRT: Got IP address!\n");
/* Start offset includes initial "|1|", and trailing delimiter */
return get_port(data, 3 + length + 1, dlen, delim, &cmd->u.tcp.port);
}
@@ -399,13 +399,12 @@
unsigned int matchlen, matchoff;
struct nf_ct_ftp_master *ct_ftp_info = &ct->help->ct_ftp_info;
struct nf_conntrack_expect *exp;
+ struct nf_conntrack_man cmd = {};
struct nf_ct_ftp_expect *exp_ftp_info;
unsigned int i;
int found = 0;
- struct nf_conntrack_man cmd = {};
-
/* Until there's been traffic both ways, don't look in packets. */
if (ctinfo != NF_CT_ESTABLISHED
&& ctinfo != NF_CT_ESTABLISHED+NF_CT_IS_REPLY) {
@@ -524,6 +523,10 @@
.tuple.src.u3.ip6)));
}
+ /* Thanks to Cristiano Lincoln Mattos
+ <lincoln at cesar.org.br> for reporting this potential
+ problem (DMZ machines opening holes to internal
+ networks, or the packet filter itself). */
if (!loose) {
ret = NF_ACCEPT;
goto out;
More information about the netfilter-cvslog
mailing list