[netfilter-cvslog] r3786 - in
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6:
include/linux/netfilter net/ipv4/netfilter net/ipv6/netfilter
yasuyuki at netfilter.org
yasuyuki at netfilter.org
Fri Mar 11 17:27:45 CET 2005
Author: yasuyuki at netfilter.org
Date: 2005-03-11 17:27:45 +0100 (Fri, 11 Mar 2005)
New Revision: 3786
Modified:
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/include/linux/netfilter/nf_conntrack_helper.h
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
Log:
pass the offset to the transport protocol header to helper.
Signed-off-by: Yasuyuki KOZAKAI <yasuyuki.kozakai at toshiba.co.jp>
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/include/linux/netfilter/nf_conntrack_helper.h
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/include/linux/netfilter/nf_conntrack_helper.h 2005-03-11 11:08:16 UTC (rev 3785)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/include/linux/netfilter/nf_conntrack_helper.h 2005-03-11 16:27:45 UTC (rev 3786)
@@ -30,6 +30,7 @@
/* Function to call when data passes; return verdict, or -1 to
invalidate. */
int (*help)(struct sk_buff **pskb,
+ unsigned int protoff,
struct nf_conn *ct,
enum nf_conntrack_info conntrackinfo);
};
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c 2005-03-11 11:08:16 UTC (rev 3785)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c 2005-03-11 16:27:45 UTC (rev 3786)
@@ -157,13 +157,14 @@
struct nf_conn *ct;
enum nf_conntrack_info ctinfo;
- DEBUGP("ipv4_confirm\n");
-
/* This is where we call the helper: as the packet goes out. */
ct = nf_ct_get(*pskb, &ctinfo);
if (ct && ct->helper) {
unsigned int ret;
- ret = ct->helper->help(pskb, ct, ctinfo);
+ ret = ct->helper->help(pskb,
+ (*pskb)->nh.raw - (*pskb)->data
+ + (*pskb)->nh.iph->ihl*4,
+ ct, ctinfo);
if (ret != NF_ACCEPT)
return ret;
}
Modified: trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
===================================================================
--- trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c 2005-03-11 11:08:16 UTC (rev 3785)
+++ trunk/patch-o-matic-ng/nf_conntrack/linux-2.6/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c 2005-03-11 16:27:45 UTC (rev 3786)
@@ -188,8 +188,20 @@
/* This is where we call the helper: as the packet goes out. */
ct = nf_ct_get(*pskb, &ctinfo);
if (ct && ct->helper) {
- unsigned int ret;
- ret = ct->helper->help(pskb, ct, ctinfo);
+ unsigned int ret, protoff;
+ unsigned int extoff = (u8*)((*pskb)->nh.ipv6h + 1)
+ - (*pskb)->data;
+ unsigned char pnum = (*pskb)->nh.ipv6h->nexthdr;
+
+ protoff = nf_ct_ipv6_skip_exthdr(*pskb, extoff, &pnum,
+ (*pskb)->len - extoff);
+ if (protoff < 0 || protoff > (*pskb)->len ||
+ pnum == NEXTHDR_FRAGMENT) {
+ DEBUGP("proto header not found\n");
+ return NF_ACCEPT;
+ }
+
+ ret = ct->helper->help(pskb, protoff, ct, ctinfo);
if (ret != NF_ACCEPT)
return ret;
}
More information about the netfilter-cvslog
mailing list