mirror of
https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
synced 2024-10-20 02:19:01 +00:00
4acdbdbe50
If a connection tracking helper tells us to expect a connection, and we're already expecting that connection, we simply free the one they gave us and return success. The problem is that NAT helpers (eg. FTP) have to allocate the expectation first (to see what port is available) then rewrite the packet. If that rewrite fails, they try to remove the expectation, but it was freed in ip_conntrack_expect_related. This is one example of a larger problem: having registered the expectation, the pointer is no longer ours to use. Reference counting is needed for ctnetlink anyway, so introduce it now. To have a single "put" path, we need to grab the reference to the connection on creation, rather than open-coding it in the caller. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: David S. Miller <davem@davemloft.net>
68 lines
1.8 KiB
C
68 lines
1.8 KiB
C
/* (C) 2001-2002 Magnus Boden <mb@ozaba.mine.nu>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* Version: 0.0.7
|
|
*
|
|
* Thu 21 Mar 2002 Harald Welte <laforge@gnumonks.org>
|
|
* - Port to newnat API
|
|
*
|
|
* This module currently supports DNAT:
|
|
* iptables -t nat -A PREROUTING -d x.x.x.x -j DNAT --to-dest x.x.x.y
|
|
*
|
|
* and SNAT:
|
|
* iptables -t nat -A POSTROUTING { -j MASQUERADE , -j SNAT --to-source x.x.x.x }
|
|
*
|
|
* It has not been tested with
|
|
* -j SNAT --to-source x.x.x.x-x.x.x.y since I only have one external ip
|
|
* If you do test this please let me know if it works or not.
|
|
*
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/netfilter_ipv4.h>
|
|
#include <linux/ip.h>
|
|
#include <linux/udp.h>
|
|
|
|
#include <linux/netfilter.h>
|
|
#include <linux/netfilter_ipv4/ip_tables.h>
|
|
#include <linux/netfilter_ipv4/ip_conntrack_helper.h>
|
|
#include <linux/netfilter_ipv4/ip_conntrack_tftp.h>
|
|
#include <linux/netfilter_ipv4/ip_nat_helper.h>
|
|
#include <linux/netfilter_ipv4/ip_nat_rule.h>
|
|
#include <linux/moduleparam.h>
|
|
|
|
MODULE_AUTHOR("Magnus Boden <mb@ozaba.mine.nu>");
|
|
MODULE_DESCRIPTION("tftp NAT helper");
|
|
MODULE_LICENSE("GPL");
|
|
|
|
static unsigned int help(struct sk_buff **pskb,
|
|
enum ip_conntrack_info ctinfo,
|
|
struct ip_conntrack_expect *exp)
|
|
{
|
|
exp->saved_proto.udp.port = exp->tuple.dst.u.tcp.port;
|
|
exp->dir = IP_CT_DIR_REPLY;
|
|
exp->expectfn = ip_nat_follow_master;
|
|
if (ip_conntrack_expect_related(exp) != 0)
|
|
return NF_DROP;
|
|
return NF_ACCEPT;
|
|
}
|
|
|
|
static void __exit fini(void)
|
|
{
|
|
ip_nat_tftp_hook = NULL;
|
|
/* Make sure noone calls it, meanwhile. */
|
|
synchronize_net();
|
|
}
|
|
|
|
static int __init init(void)
|
|
{
|
|
BUG_ON(ip_nat_tftp_hook);
|
|
ip_nat_tftp_hook = help;
|
|
return 0;
|
|
}
|
|
|
|
module_init(init);
|
|
module_exit(fini);
|