[people/teissler/ipfire-2.x.git] / src / patches / suse-2.6.27.31 / patches.fixes / fix-nf_conntrack_slp

From: Ludwig Nussel <lnussel@novell.com>
Subject: make nf_conntrack_slp actually work
References: bnc#470963

Acked-by: Jeff Mahoney <jeffm@suse.com>
---

 nf_conntrack_slp.c |   17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

--- a/net/netfilter/nf_conntrack_slp.c
+++ b/net/netfilter/nf_conntrack_slp.c
@@ -47,15 +47,15 @@ static int help(struct sk_buff *skb, uns
 		struct nf_conn *ct, enum ip_conntrack_info ctinfo)
 {
 	struct nf_conntrack_expect *exp;
-	struct iphdr *iph = ip_hdr(skb);
 	struct rtable *rt = skb->rtable;
 	struct in_device *in_dev;
 	__be32 mask = 0;
+	__be32 src = 0;
 
 	/* we're only interested in locally generated packets */
 	if (skb->sk == NULL)
 		goto out;
-	if (rt == NULL || !(rt->rt_flags & RTCF_BROADCAST))
+	if (rt == NULL || !(rt->rt_flags & (RTCF_MULTICAST|RTCF_BROADCAST)))
 		goto out;
 	if (CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL)
 		goto out;
@@ -64,15 +64,18 @@ static int help(struct sk_buff *skb, uns
 	in_dev = __in_dev_get_rcu(rt->u.dst.dev);
 	if (in_dev != NULL) {
 		for_primary_ifa(in_dev) {
-			if (ifa->ifa_broadcast == iph->daddr) {
-				mask = ifa->ifa_mask;
-				break;
-			}
+			/* this is a hack as slp uses multicast we can't match
+			 * the destination address to some broadcast address. So
+			 * just take the first one. Better would be to install
+			 * expectations for all addresses */
+			mask = ifa->ifa_mask;
+			src = ifa->ifa_broadcast;
+			break;
 		} endfor_ifa(in_dev);
 	}
 	rcu_read_unlock();
 
-	if (mask == 0)
+	if (mask == 0 || src == 0)
 		goto out;
 
 	exp = nf_ct_expect_alloc(ct);
@@ -80,6 +83,7 @@ static int help(struct sk_buff *skb, uns
 		goto out;
 
 	exp->tuple                = ct->tuplehash[IP_CT_DIR_REPLY].tuple;
+	exp->tuple.src.u3.ip      = src;
 	exp->tuple.src.u.udp.port = htons(SLP_PORT);
 
 	exp->mask.src.u3.ip       = mask;
Commit	Line	Data
00e5a55c BS	1	From: Ludwig Nussel <lnussel@novell.com>
	2	Subject: make nf_conntrack_slp actually work
	3	References: bnc#470963
	4
	5	Acked-by: Jeff Mahoney <jeffm@suse.com>
	6	---
	7
	8	nf_conntrack_slp.c \| 17 +++++++++++------
	9	1 file changed, 11 insertions(+), 6 deletions(-)
	10
	11	--- a/net/netfilter/nf_conntrack_slp.c
	12	+++ b/net/netfilter/nf_conntrack_slp.c
	13	@@ -47,15 +47,15 @@ static int help(struct sk_buff *skb, uns
	14	struct nf_conn *ct, enum ip_conntrack_info ctinfo)
	15	{
	16	struct nf_conntrack_expect *exp;
	17	- struct iphdr *iph = ip_hdr(skb);
	18	struct rtable *rt = skb->rtable;
	19	struct in_device *in_dev;
	20	__be32 mask = 0;
	21	+ __be32 src = 0;
	22
	23	/* we're only interested in locally generated packets */
	24	if (skb->sk == NULL)
	25	goto out;
	26	- if (rt == NULL \|\| !(rt->rt_flags & RTCF_BROADCAST))
	27	+ if (rt == NULL \|\| !(rt->rt_flags & (RTCF_MULTICAST\|RTCF_BROADCAST)))
	28	goto out;
	29	if (CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL)
	30	goto out;
	31	@@ -64,15 +64,18 @@ static int help(struct sk_buff *skb, uns
	32	in_dev = __in_dev_get_rcu(rt->u.dst.dev);
	33	if (in_dev != NULL) {
	34	for_primary_ifa(in_dev) {
	35	- if (ifa->ifa_broadcast == iph->daddr) {
	36	- mask = ifa->ifa_mask;
	37	- break;
	38	- }
	39	+ /* this is a hack as slp uses multicast we can't match
	40	+ * the destination address to some broadcast address. So
	41	+ * just take the first one. Better would be to install
	42	+ * expectations for all addresses */
	43	+ mask = ifa->ifa_mask;
	44	+ src = ifa->ifa_broadcast;
	45	+ break;
	46	} endfor_ifa(in_dev);
	47	}
	48	rcu_read_unlock();
	49
	50	- if (mask == 0)
	51	+ if (mask == 0 \|\| src == 0)
	52	goto out;
	53
	54	exp = nf_ct_expect_alloc(ct);
	55	@@ -80,6 +83,7 @@ static int help(struct sk_buff *skb, uns
	56	goto out;
	57
	58	exp->tuple = ct->tuplehash[IP_CT_DIR_REPLY].tuple;
	59	+ exp->tuple.src.u3.ip = src;
	60	exp->tuple.src.u.udp.port = htons(SLP_PORT);
	61
	62	exp->mask.src.u3.ip = mask;