|
List Info
Thread: : Netfilter fixes
|
|
| : Netfilter fixes |
 
Switzerland |
2007-05-24 17:02:06 |
Hi Dave,
following are a couple of netfilter patches, fixing newline
sequence number
tracking problems with the FTP helper and a few problems
with the H.323
helper, mostly related to tracking IPv6 connections.
Please apply, thanks.
include/linux/netfilter/nf_conntrack_ftp.h | 3 -
include/linux/netfilter/nf_conntrack_h323_types.h | 23
+-----------
net/ipv4/netfilter/nf_nat_ftp.c | 20
+++-------
net/ipv4/netfilter/nf_nat_h323.c | 6
+--
net/netfilter/nf_conntrack_ftp.c | 13
+++---
net/netfilter/nf_conntrack_h323_main.c | 41
+++++-----------------
net/netfilter/nf_conntrack_h323_types.c | 31
++++++----------
7 files changed, 44 insertions(+), 93 deletions(-)
Jing Min Zhao (5):
[NETFILTER]: nf_conntrack_h323: fix ASN.1 types
[NETFILTER]: nf_conntrack_h323: fix get_h225_addr()
for IPv6 address access
[NETFILTER]: nf_conntrack_h323: remove unnecessary
process of Information signal
[NETFILTER]: nf_conntrack_h323: add missing T.120
address in OLCA
[NETFILTER]: nf_nat_h323: call set_h225_addr instead
of set_h225_addr_hook
Patrick McHardy (2):
[NETFILTER]: nf_conntrack_ftp: fix newline sequence
number update
[NETFILTER]: nf_conntrack_ftp: fix newline sequence
number calculation
|
|
| : nf_conntrack_ftp: fix newline sequence
number calculation |
Switzerland |
2007-05-24 17:02:09 |
[NETFILTER]: nf_conntrack_ftp: fix newline sequence number
calculation
When the packet size is changed by the FTP NAT helper, the
connection
tracking helper adjusts the sequence number of the newline
character
by the size difference. This is wrong because NAT sequence
number
adjustment happens after helpers are called, so the
unadjusted number
is compared to the already adjusted one.
Based on report by YU, Haitao <yuhaitao tsinghua.org.cn>
Signed-off-by: Patrick McHardy <kabertrash.net>
---
commit 5dcf6ca671036446403108df0dbc025887e81fb4
tree 8a9e36277001fc9f4f6c2bf1d409f1c8a7c6964d
parent 5e09b4a295e2aed7cb6fe60f86bafba4d8e77836
author Patrick McHardy <kabertrash.net> Thu, 24 May
2007 23:49:57 +0200
committer Patrick McHardy <kabertrash.net> Thu, 24 May
2007 23:49:57 +0200
include/linux/netfilter/nf_conntrack_ftp.h | 3 +--
net/ipv4/netfilter/nf_nat_ftp.c | 20
++++++--------------
net/netfilter/nf_conntrack_ftp.c | 5 ++---
3 files changed, 9 insertions(+), 19 deletions(-)
diff --git a/include/linux/netfilter/nf_conntrack_ftp.h
b/include/linux/netfilter/nf_conntrack_ftp.h
index 81453ea..b7c360f 100644
--- a/include/linux/netfilter/nf_conntrack_ftp.h
+++ b/include/linux/netfilter/nf_conntrack_ftp.h
-37,8
+37,7 extern unsigned int (*nf_nat_ftp_hook)(struct
sk_buff **pskb,
enum nf_ct_ftp_type type,
unsigned int matchoff,
unsigned int matchlen,
- struct nf_conntrack_expect *exp,
- u32 *seq);
+ struct nf_conntrack_expect *exp);
#endif /* __KERNEL__ */
#endif /* _NF_CONNTRACK_FTP_H */
diff --git a/net/ipv4/netfilter/nf_nat_ftp.c
b/net/ipv4/netfilter/nf_nat_ftp.c
index 751b598..e6bc8e5 100644
--- a/net/ipv4/netfilter/nf_nat_ftp.c
+++ b/net/ipv4/netfilter/nf_nat_ftp.c
-40,8
+40,7 mangle_rfc959_packet(struct sk_buff **pskb,
unsigned int matchoff,
unsigned int matchlen,
struct nf_conn *ct,
- enum ip_conntrack_info ctinfo,
- u32 *seq)
+ enum ip_conntrack_info ctinfo)
{
char buffer[sizeof("nnn,nnn,nnn,nnn,nnn,nnn")];
-50,7
+49,6 mangle_rfc959_packet(struct sk_buff **pskb,
DEBUGP("calling nf_nat_mangle_tcp_packetn");
- *seq += strlen(buffer) - matchlen;
return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo,
matchoff,
matchlen, buffer, strlen(buffer));
}
-63,8
+61,7 mangle_eprt_packet(struct sk_buff **pskb,
unsigned int matchoff,
unsigned int matchlen,
struct nf_conn *ct,
- enum ip_conntrack_info ctinfo,
- u32 *seq)
+ enum ip_conntrack_info ctinfo)
{
char
buffer[sizeof("|1|255.255.255.255|65535|")];
-72,7
+69,6 mangle_eprt_packet(struct sk_buff **pskb,
DEBUGP("calling nf_nat_mangle_tcp_packetn");
- *seq += strlen(buffer) - matchlen;
return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo,
matchoff,
matchlen, buffer, strlen(buffer));
}
-85,8
+81,7 mangle_epsv_packet(struct sk_buff **pskb,
unsigned int matchoff,
unsigned int matchlen,
struct nf_conn *ct,
- enum ip_conntrack_info ctinfo,
- u32 *seq)
+ enum ip_conntrack_info ctinfo)
{
char buffer[sizeof("|||65535|")];
-94,14
+89,13 mangle_epsv_packet(struct sk_buff **pskb,
DEBUGP("calling nf_nat_mangle_tcp_packetn");
- *seq += strlen(buffer) - matchlen;
return nf_nat_mangle_tcp_packet(pskb, ct, ctinfo,
matchoff,
matchlen, buffer, strlen(buffer));
}
static int (*mangle[])(struct sk_buff **, __be32,
u_int16_t,
unsigned int, unsigned int, struct nf_conn *,
- enum ip_conntrack_info, u32 *seq)
+ enum ip_conntrack_info)
= {
[NF_CT_FTP_PORT] = mangle_rfc959_packet,
[NF_CT_FTP_PASV] = mangle_rfc959_packet,
-116,8
+110,7 static unsigned int nf_nat_ftp(struct sk_buff
**pskb,
enum nf_ct_ftp_type type,
unsigned int matchoff,
unsigned int matchlen,
- struct nf_conntrack_expect *exp,
- u32 *seq)
+ struct nf_conntrack_expect *exp)
{
__be32 newip;
u_int16_t port;
-145,8
+138,7 static unsigned int nf_nat_ftp(struct sk_buff
**pskb,
if (port == 0)
return NF_DROP;
- if (!mangle[type](pskb, newip, port, matchoff, matchlen,
ct, ctinfo,
- seq)) {
+ if (!mangle[type](pskb, newip, port, matchoff, matchlen,
ct, ctinfo)) {
nf_conntrack_unexpect_related(exp);
return NF_DROP;
}
diff --git a/net/netfilter/nf_conntrack_ftp.c
b/net/netfilter/nf_conntrack_ftp.c
index 3357642..09add2f 100644
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
-48,8
+48,7 unsigned int (*nf_nat_ftp_hook)(struct sk_buff
**pskb,
enum nf_ct_ftp_type type,
unsigned int matchoff,
unsigned int matchlen,
- struct nf_conntrack_expect *exp,
- u32 *seq);
+ struct nf_conntrack_expect *exp);
EXPORT_SYMBOL_GPL(nf_nat_ftp_hook);
#if 0
-521,7
+520,7 static int help(struct sk_buff **pskb,
nf_nat_ftp = rcu_dereference(nf_nat_ftp_hook);
if (nf_nat_ftp && ct->status &
IPS_NAT_MASK)
ret = nf_nat_ftp(pskb, ctinfo, search[dir][i].ftptype,
- matchoff, matchlen, exp, &seq);
+ matchoff, matchlen, exp);
else {
/* Can't expect this? Best to drop packet now. */
if (nf_conntrack_expect_related(exp) != 0)
|
|
| : nf_conntrack_h323: fix get_h225_addr()
for IPv6 address access |
Switzerland |
2007-05-24 17:02:11 |
|
|
| : nf_conntrack_h323: fix ASN.1 types |
Switzerland |
2007-05-24 17:02:10 |
[NETFILTER]: nf_conntrack_h323: fix ASN.1 types
1. Add support for decoding IPv6 address. I know it was
manually added in
the header file, but not in the template file. That
wouldn't work.
2. Add missing support for decoding T.120 address in OLCA.
3. Remove unnecessary decoding of Information signal.
Signed-off-by: Jing Min Zhao <zhaojingminvivecode.com>
Signed-off-by: Patrick McHardy <kabertrash.net>
---
commit bd086e2d746d2c730c5701b09a1198bf6d335287
tree 10f40e7fa3be7d93b4e6a39ffefad839c295b778
parent 5dcf6ca671036446403108df0dbc025887e81fb4
author Jing Min Zhao <zhaojingminvivecode.com> Thu, 24
May 2007 23:49:57 +0200
committer Patrick McHardy <kabertrash.net> Thu, 24 May
2007 23:49:57 +0200
include/linux/netfilter/nf_conntrack_h323_types.h | 23
++--------------
net/netfilter/nf_conntrack_h323_types.c | 31
+++++++++------------
2 files changed, 16 insertions(+), 38 deletions(-)
diff --git
a/include/linux/netfilter/nf_conntrack_h323_types.h
b/include/linux/netfilter/nf_conntrack_h323_types.h
index 38d74d5..f35b6b4 100644
--- a/include/linux/netfilter/nf_conntrack_h323_types.h
+++ b/include/linux/netfilter/nf_conntrack_h323_types.h
-1,4
+1,4
-/* Generated by Jing Min Zhao's ASN.1 parser, Apr 20 2006
+/* Generated by Jing Min Zhao's ASN.1 parser, May 16 2007
*
* Copyright (c) 2006 Jing Min Zhao <zhaojingminusers.sourceforge.net>
*
-12,7
+12,7 typedef struct TransportAddress_ipAddress { /*
SEQUENCE */
typedef struct TransportAddress_ip6Address { /* SEQUENCE
*/
int options; /* No use */
- unsigned ip6;
+ unsigned ip;
} TransportAddress_ip6Address;
typedef struct TransportAddress { /* CHOICE */
-364,23
+364,6 typedef struct Alerting_UUIE { /* SEQUENCE */
Alerting_UUIE_fastStart fastStart;
} Alerting_UUIE;
-typedef struct Information_UUIE_fastStart { /* SEQUENCE OF
*/
- int count;
- OpenLogicalChannel item[30];
-} Information_UUIE_fastStart;
-
-typedef struct Information_UUIE { /* SEQUENCE */
- enum {
- eInformation_UUIE_callIdentifier = (1 << 31),
- eInformation_UUIE_tokens = (1 << 30),
- eInformation_UUIE_cryptoTokens = (1 << 29),
- eInformation_UUIE_fastStart = (1 << 28),
- eInformation_UUIE_fastConnectRefused = (1 << 27),
- eInformation_UUIE_circuitInfo = (1 << 26),
- } options;
- Information_UUIE_fastStart fastStart;
-} Information_UUIE;
-
typedef struct FacilityReason { /* CHOICE */
enum {
eFacilityReason_routeCallToGatekeeper,
-471,7
+454,6 typedef struct H323_UU_PDU_h323_message_body { /*
CHOICE */
CallProceeding_UUIE callProceeding;
Connect_UUIE connect;
Alerting_UUIE alerting;
- Information_UUIE information;
Facility_UUIE facility;
Progress_UUIE progress;
};
-561,6
+543,7 typedef struct OpenLogicalChannelAck { /* SEQUENCE
*/
} options;
OpenLogicalChannelAck_reverseLogicalChannelParameters
reverseLogicalChannelParameters;
+ NetworkAccessParameters separateStack;
OpenLogicalChannelAck_forwardMultiplexAckParameters
forwardMultiplexAckParameters;
} OpenLogicalChannelAck;
diff --git a/net/netfilter/nf_conntrack_h323_types.c
b/net/netfilter/nf_conntrack_h323_types.c
index 4c6f8b3..3a21fdf 100644
--- a/net/netfilter/nf_conntrack_h323_types.c
+++ b/net/netfilter/nf_conntrack_h323_types.c
-1,4
+1,4
-/* Generated by Jing Min Zhao's ASN.1 parser, Apr 20 2006
+/* Generated by Jing Min Zhao's ASN.1 parser, May 16 2007
*
* Copyright (c) 2006 Jing Min Zhao <zhaojingminusers.sourceforge.net>
*
-37,7
+37,7 static field_t _TransportAddress_ipxAddress[] = { /*
SEQUENCE */
static field_t _TransportAddress_ip6Address[] = { /*
SEQUENCE */
{FNAME("ip") OCTSTR, FIXD, 16, 0, DECODE,
- offsetof(TransportAddress_ip6Address, ip6), NULL},
+ offsetof(TransportAddress_ip6Address, ip), NULL},
{FNAME("port") INT, WORD, 0, 0, SKIP, 0, NULL},
};
-67,7
+67,8 static field_t _TransportAddress[] = { /* CHOICE */
{FNAME("ipxAddress") SEQ, 0, 3, 3, SKIP, 0,
_TransportAddress_ipxAddress},
{FNAME("ip6Address") SEQ, 0, 2, 2, DECODE |
EXT,
- offsetof(TransportAddress, ip6Address),
_TransportAddress_ip6Address},
+ offsetof(TransportAddress, ip6Address),
+ _TransportAddress_ip6Address},
{FNAME("netBios") OCTSTR, FIXD, 16, 0, SKIP, 0,
NULL},
{FNAME("nsap") OCTSTR, 5, 1, 0, SKIP, 0, NULL},
{FNAME("nonStandardAddress") SEQ, 0, 2, 2, SKIP,
0,
-638,7
+639,8 static field_t _UnicastAddress_iPXAddress[] = { /*
SEQUENCE */
};
static field_t _UnicastAddress_iP6Address[] = { /* SEQUENCE
*/
- {FNAME("network") OCTSTR, FIXD, 16, 0, SKIP, 0,
NULL},
+ {FNAME("network") OCTSTR, FIXD, 16, 0, DECODE,
+ offsetof(UnicastAddress_iP6Address, network), NULL},
{FNAME("tsapIdentifier") INT, WORD, 0, 0, SKIP,
0, NULL},
};
-665,8
+667,8 static field_t _UnicastAddress[] = { /* CHOICE */
offsetof(UnicastAddress, iPAddress),
_UnicastAddress_iPAddress},
{FNAME("iPXAddress") SEQ, 0, 3, 3, SKIP | EXT,
0,
_UnicastAddress_iPXAddress},
- {FNAME("iP6Address") SEQ, 0, 2, 2, SKIP | EXT,
0,
- _UnicastAddress_iP6Address},
+ {FNAME("iP6Address") SEQ, 0, 2, 2, DECODE |
EXT,
+ offsetof(UnicastAddress, iP6Address),
_UnicastAddress_iP6Address},
{FNAME("netBios") OCTSTR, FIXD, 16, 0, SKIP, 0,
NULL},
{FNAME("iPSourceRouteAddress") SEQ, 0, 4, 4,
SKIP | EXT, 0,
_UnicastAddress_iPSourceRouteAddress},
-984,19
+986,12 static field_t _Alerting_UUIE[] = { /* SEQUENCE */
{FNAME("featureSet") SEQ, 3, 4, 4, SKIP | EXT |
OPT, 0, NULL},
};
-static field_t _Information_UUIE_fastStart[] = { /*
SEQUENCE OF */
- {FNAME("item") SEQ, 1, 3, 5, DECODE | OPEN |
EXT,
- sizeof(OpenLogicalChannel), _OpenLogicalChannel}
- ,
-};
-
static field_t _Information_UUIE[] = { /* SEQUENCE */
{FNAME("protocolIdentifier") OID, BYTE, 0, 0,
SKIP, 0, NULL},
{FNAME("callIdentifier") SEQ, 0, 1, 1, SKIP |
EXT, 0, NULL},
{FNAME("tokens") SEQOF, SEMI, 0, 0, SKIP | OPT,
0, NULL},
{FNAME("cryptoTokens") SEQOF, SEMI, 0, 0, SKIP |
OPT, 0, NULL},
- {FNAME("fastStart") SEQOF, SEMI, 0, 30, DECODE |
OPT,
- offsetof(Information_UUIE, fastStart),
_Information_UUIE_fastStart},
+ {FNAME("fastStart") SEQOF, SEMI, 0, 30, SKIP |
OPT, 0, NULL},
{FNAME("fastConnectRefused") NUL, FIXD, 0, 0,
SKIP | OPT, 0, NULL},
{FNAME("circuitInfo") SEQ, 3, 3, 3, SKIP | EXT |
OPT, 0, NULL},
};
-1343,9
+1338,7 static field_t _H323_UU_PDU_h323_message_body[] =
{ /* CHOICE */
offsetof(H323_UU_PDU_h323_message_body, connect),
_Connect_UUIE},
{FNAME("alerting") SEQ, 1, 3, 17, DECODE | EXT,
offsetof(H323_UU_PDU_h323_message_body, alerting),
_Alerting_UUIE},
- {FNAME("information") SEQ, 0, 1, 7, DECODE |
EXT,
- offsetof(H323_UU_PDU_h323_message_body, information),
- _Information_UUIE},
+ {FNAME("information") SEQ, 0, 1, 7, SKIP | EXT,
0, _Information_UUIE},
{FNAME("releaseComplete") SEQ, 1, 2, 11, SKIP |
EXT, 0,
_ReleaseComplete_UUIE},
{FNAME("facility") SEQ, 3, 5, 21, DECODE | EXT,
-1430,7
+1423,9 static field_t _OpenLogicalChannelAck[] = { /*
SEQUENCE */
DECODE | EXT | OPT, offsetof(OpenLogicalChannelAck,
reverseLogicalChannelParameters),
_OpenLogicalChannelAck_reverseLogicalChannelParameters},
- {FNAME("separateStack") SEQ, 2, 4, 5, SKIP | EXT
| OPT, 0, NULL},
+ {FNAME("separateStack") SEQ, 2, 4, 5, DECODE |
EXT | OPT,
+ offsetof(OpenLogicalChannelAck, separateStack),
+ _NetworkAccessParameters},
{FNAME("forwardMultiplexAckParameters") CHOICE,
0, 1, 1,
DECODE | EXT | OPT, offsetof(OpenLogicalChannelAck,
forwardMultiplexAckParameters),
|
|
| : nf_conntrack_h323: add missing T.120
address in OLCA |
Switzerland |
2007-05-24 17:02:14 |
[NETFILTER]: nf_conntrack_h323: add missing T.120 address in
OLCA
Add missing process of T.120 address in
OpenLogicalChannelAck signal.
Signed-off-by: Jing Min Zhao <zhaojingminvivecode.com>
Signed-off-by: Patrick McHardy <kabertrash.net>
---
commit 9a545fc8e2ac3c8c7bbb7315469d96bb4e7d8748
tree c06c911468eaf5c32531a940c5b740cdb41ab0fa
parent 6fdca918957ecf41e1b5c416df341cfa48080fcd
author Jing Min Zhao <zhaojingminvivecode.com> Thu, 24
May 2007 23:49:59 +0200
committer Patrick McHardy <kabertrash.net> Thu, 24 May
2007 23:49:59 +0200
net/netfilter/nf_conntrack_h323_main.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/net/netfilter/nf_conntrack_h323_main.c
b/net/netfilter/nf_conntrack_h323_main.c
index 6d668af..a1b95ac 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
-520,6
+520,16 static int process_olca(struct sk_buff **pskb,
struct nf_conn *ct,
}
}
+ if ((olca->options &
eOpenLogicalChannelAck_separateStack) &&
+ olca->separateStack.networkAddress.choice ==
+ eNetworkAccessParameters_networkAddress_localAreaAddress)
{
+ ret = expect_t120(pskb, ct, ctinfo, data, dataoff,
+ &olca->separateStack.networkAddress.
+ localAreaAddress);
+ if (ret < 0)
+ return -1;
+ }
+
return 0;
}
|
|
| : nf_nat_h323: call set_h225_addr
instead of set_h225_addr_hook |
Switzerland |
2007-05-24 17:02:15 |
[NETFILTER]: nf_nat_h323: call set_h225_addr instead of
set_h225_addr_hook
They're the same.
Signed-off-by: Jing Min Zhao <zhaojingminvivecode.com>
Signed-off-by: Patrick McHardy <kabertrash.net>
---
commit ed22d6f07f4ac4b69b915df2d1798e171b501a47
tree 1accab86c105558c5ac6a9c094ac6bc9aef3288d
parent 9a545fc8e2ac3c8c7bbb7315469d96bb4e7d8748
author Jing Min Zhao <zhaojingminvivecode.com> Thu, 24
May 2007 23:50:52 +0200
committer Patrick McHardy <kabertrash.net> Thu, 24 May
2007 23:50:52 +0200
net/ipv4/netfilter/nf_nat_h323.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/netfilter/nf_nat_h323.c
b/net/ipv4/netfilter/nf_nat_h323.c
index fcebc96..c5d2a2d 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
-455,9
+455,9 static int nat_q931(struct sk_buff **pskb, struct
nf_conn *ct,
if (idx > 0 &&
get_h225_addr(ct, *data, &taddr[0], &addr,
&port) &&
(ntohl(addr.ip) & 0xff000000) == 0x7f000000) {
- set_h225_addr_hook(pskb, data, 0, &taddr[0],
- &ct->tuplehash[!dir].tuple.dst.u3,
- info->sig_port[!dir]);
+ set_h225_addr(pskb, data, 0, &taddr[0],
+ &ct->tuplehash[!dir].tuple.dst.u3,
+ info->sig_port[!dir]);
}
} else {
nf_conntrack_unexpect_related(exp);
|
|
| : nf_conntrack_h323: remove unnecessary
process of Information signal |
Switzerland |
2007-05-24 17:02:13 |
[NETFILTER]: nf_conntrack_h323: remove unnecessary process
of Information signal
According to the implementation of H.323, it's not necessary
to check the
addresses in Information signals.
Signed-off-by: Jing Min Zhao <zhaojingminvivecode.com>
Signed-off-by: Patrick McHardy <kabertrash.net>
---
commit 6fdca918957ecf41e1b5c416df341cfa48080fcd
tree 16a0761c152686fb74b89e81d4d67d6a329ab540
parent e71d7c2a5a69f20bd077b91bcc240f7bada53e48
author Jing Min Zhao <zhaojingminvivecode.com> Thu, 24
May 2007 23:49:58 +0200
committer Patrick McHardy <kabertrash.net> Thu, 24 May
2007 23:49:58 +0200
net/netfilter/nf_conntrack_h323_main.c | 29
-----------------------------
1 files changed, 0 insertions(+), 29 deletions(-)
diff --git a/net/netfilter/nf_conntrack_h323_main.c
b/net/netfilter/nf_conntrack_h323_main.c
index 8bb99b3..6d668af 100644
--- a/net/netfilter/nf_conntrack_h323_main.c
+++ b/net/netfilter/nf_conntrack_h323_main.c
-977,30
+977,6 static int process_alerting(struct sk_buff **pskb,
struct nf_conn *ct,
}
/**********************************************************
******************/
-static int process_information(struct sk_buff **pskb,
- struct nf_conn *ct,
- enum ip_conntrack_info ctinfo,
- unsigned char **data, int dataoff,
- Information_UUIE *info)
-{
- int ret;
- int i;
-
- DEBUGP("nf_ct_q931: Informationn");
-
- if (info->options & eInformation_UUIE_fastStart) {
- for (i = 0; i < info->fastStart.count; i++) {
- ret = process_olc(pskb, ct, ctinfo, data, dataoff,
- &info->fastStart.item[i]);
- if (ret < 0)
- return -1;
- }
- }
-
- return 0;
-}
-
-/**********************************************************
******************/
static int process_facility(struct sk_buff **pskb, struct
nf_conn *ct,
enum ip_conntrack_info ctinfo,
unsigned char **data, int dataoff,
-1096,11
+1072,6 static int process_q931(struct sk_buff **pskb,
struct nf_conn *ct,
ret = process_alerting(pskb, ct, ctinfo, data, dataoff,
&pdu->h323_message_body.alerting);
break;
- case eH323_UU_PDU_h323_message_body_information:
- ret = process_information(pskb, ct, ctinfo, data,
dataoff,
- &pdu->h323_message_body.
- information);
- break;
case eH323_UU_PDU_h323_message_body_facility:
ret = process_facility(pskb, ct, ctinfo, data, dataoff,
&pdu->h323_message_body.facility);
|
|
| Re: : nf_conntrack_ftp: fix newline
sequence number calculation |
 
United States |
2007-05-24 18:41:59 |
From: Patrick McHardy <kabertrash.net>
Date: Fri, 25 May 2007 00:02:09 +0200 (MEST)
> [NETFILTER]: nf_conntrack_ftp: fix newline sequence
number calculation
>
> When the packet size is changed by the FTP NAT helper,
the connection
> tracking helper adjusts the sequence number of the
newline character
> by the size difference. This is wrong because NAT
sequence number
> adjustment happens after helpers are called, so the
unadjusted number
> is compared to the already adjusted one.
>
> Based on report by YU, Haitao <yuhaitaotsinghua.org.cn>
>
> Signed-off-by: Patrick McHardy <kabertrash.net>
Applied.
|
|
| Re: : nf_conntrack_h323: fix ASN.1 types |
United States |
2007-05-24 18:42:37 |
From: Patrick McHardy <kabertrash.net>
Date: Fri, 25 May 2007 00:02:10 +0200 (MEST)
> [NETFILTER]: nf_conntrack_h323: fix ASN.1 types
>
> 1. Add support for decoding IPv6 address. I know it was
manually added in
> the header file, but not in the template file. That
wouldn't work.
> 2. Add missing support for decoding T.120 address in
OLCA.
> 3. Remove unnecessary decoding of Information signal.
>
> Signed-off-by: Jing Min Zhao <zhaojingminvivecode.com>
> Signed-off-by: Patrick McHardy <kabertrash.net>
Applied.
|
|
| Re: : nf_conntrack_h323: fix
get_h225_addr() for IPv6 address access |
United States |
2007-05-24 18:43:16 |
From: Patrick McHardy <kabertrash.net>
Date: Fri, 25 May 2007 00:02:11 +0200 (MEST)
> [NETFILTER]: nf_conntrack_h323: fix get_h225_addr() for
IPv6 address access
>
> Update get_h225_addr() to meet the changes in ASN.1
types. It was using
> field ip6 to access IPv6 TransportAddress, it should be
ip according the
> ASN.1 definition.
>
> Signed-off-by: Jing Min Zhao <zhaojingminvivecode.com>
> Signed-off-by: Patrick McHardy <kabertrash.net>
Applied.
|
|
|
|