]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | diff -urN linux-2.4.25/net/ipv4/netfilter/ip_nat_standalone.c linux-2.4.26/net/ipv4/netfilter/ip_nat_standalone.c |
2 | --- linux-2.4.25/net/ipv4/netfilter/ip_nat_standalone.c 2004-02-18 05:36:32.000000000 -0800 | |
3 | +++ linux-2.4.26/net/ipv4/netfilter/ip_nat_standalone.c 2004-04-14 06:05:41.000000000 -0700 | |
4 | @@ -114,7 +114,16 @@ | |
5 | WRITE_LOCK(&ip_nat_lock); | |
6 | /* Seen it before? This can happen for loopback, retrans, | |
7 | or local packets.. */ | |
8 | - if (!(info->initialized & (1 << maniptype))) { | |
9 | + if (!(info->initialized & (1 << maniptype)) | |
10 | +#ifndef CONFIG_IP_NF_NAT_LOCAL | |
11 | + /* If this session has already been confirmed we must not | |
12 | + * touch it again even if there is no mapping set up. | |
13 | + * Can only happen on local->local traffic with | |
14 | + * CONFIG_IP_NF_NAT_LOCAL disabled. | |
15 | + */ | |
16 | + && !(ct->status & IPS_CONFIRMED) | |
17 | +#endif | |
18 | + ) { | |
19 | unsigned int ret; | |
20 | ||
21 | if (ct->master | |
22 | diff -urN linux-2.4.25/net/ipv6/netfilter/ip6_tables.c linux-2.4.26/net/ipv6/netfilter/ip6_tables.c | |
23 | --- linux-2.4.25/net/ipv6/netfilter/ip6_tables.c 2004-02-18 05:36:32.000000000 -0800 | |
24 | +++ linux-2.4.26/net/ipv6/netfilter/ip6_tables.c 2004-04-14 06:05:41.000000000 -0700 | |
25 | @@ -1568,8 +1568,10 @@ | |
26 | u_int16_t datalen, | |
27 | int *hotdrop) | |
28 | { | |
29 | - const struct tcphdr *tcp = hdr; | |
30 | + const struct tcphdr *tcp; | |
31 | const struct ip6t_tcp *tcpinfo = matchinfo; | |
32 | + int tcpoff; | |
33 | + u8 nexthdr = skb->nh.ipv6h->nexthdr; | |
34 | ||
35 | /* To quote Alan: | |
36 | ||
37 | @@ -1590,6 +1592,24 @@ | |
38 | return 0; | |
39 | } | |
40 | ||
41 | + tcpoff = (u8*)(skb->nh.ipv6h + 1) - skb->data; | |
42 | + tcpoff = ipv6_skip_exthdr(skb, tcpoff, &nexthdr, skb->len - tcpoff); | |
43 | + if (tcpoff < 0 || tcpoff > skb->len) { | |
44 | + duprintf("tcp_match: cannot skip exthdr. Dropping.\n"); | |
45 | + *hotdrop = 1; | |
46 | + return 0; | |
47 | + } else if (nexthdr == IPPROTO_FRAGMENT) | |
48 | + return 0; | |
49 | + else if (nexthdr != IPPROTO_TCP || | |
50 | + skb->len - tcpoff < sizeof(struct tcphdr)) { | |
51 | + /* cannot be occured */ | |
52 | + duprintf("tcp_match: cannot get TCP header. Dropping.\n"); | |
53 | + *hotdrop = 1; | |
54 | + return 0; | |
55 | + } | |
56 | + | |
57 | + tcp = (struct tcphdr *)(skb->data + tcpoff); | |
58 | + | |
59 | /* FIXME: Try tcp doff >> packet len against various stacks --RR */ | |
60 | ||
61 | #define FWINVTCP(bool,invflg) ((bool) ^ !!(tcpinfo->invflags & invflg)) | |
62 | @@ -1640,8 +1660,10 @@ | |
63 | u_int16_t datalen, | |
64 | int *hotdrop) | |
65 | { | |
66 | - const struct udphdr *udp = hdr; | |
67 | + const struct udphdr *udp; | |
68 | const struct ip6t_udp *udpinfo = matchinfo; | |
69 | + int udpoff; | |
70 | + u8 nexthdr = skb->nh.ipv6h->nexthdr; | |
71 | ||
72 | if (offset == 0 && datalen < sizeof(struct udphdr)) { | |
73 | /* We've been asked to examine this packet, and we | |
74 | @@ -1651,6 +1673,23 @@ | |
75 | return 0; | |
76 | } | |
77 | ||
78 | + udpoff = (u8*)(skb->nh.ipv6h + 1) - skb->data; | |
79 | + udpoff = ipv6_skip_exthdr(skb, udpoff, &nexthdr, skb->len - udpoff); | |
80 | + if (udpoff < 0 || udpoff > skb->len) { | |
81 | + duprintf("udp_match: cannot skip exthdr. Dropping.\n"); | |
82 | + *hotdrop = 1; | |
83 | + return 0; | |
84 | + } else if (nexthdr == IPPROTO_FRAGMENT) | |
85 | + return 0; | |
86 | + else if (nexthdr != IPPROTO_UDP || | |
87 | + skb->len - udpoff < sizeof(struct udphdr)) { | |
88 | + duprintf("udp_match: cannot get UDP header. Dropping.\n"); | |
89 | + *hotdrop = 1; | |
90 | + return 0; | |
91 | + } | |
92 | + | |
93 | + udp = (struct udphdr *)(skb->data + udpoff); | |
94 | + | |
95 | /* Must not be a fragment. */ | |
96 | return !offset | |
97 | && port_match(udpinfo->spts[0], udpinfo->spts[1], |