src/patches/suse-2.6.27.25/patches.fixes/fix-nf_conntrack_slp

   1 From: Ludwig Nussel <lnussel@novell.com>
   2 Subject: make nf_conntrack_slp actually work
   3 References: bnc#470963
   4
   5 Acked-by: Jeff Mahoney <jeffm@suse.com>
   6 ---
   7
   8  nf_conntrack_slp.c |   17 +++++++++++------
   9  1 file changed, 11 insertions(+), 6 deletions(-)
  10
  11 --- a/net/netfilter/nf_conntrack_slp.c
  12 +++ b/net/netfilter/nf_conntrack_slp.c
  13 @@ -47,15 +47,15 @@ static int help(struct sk_buff *skb, uns
  14                 struct nf_conn *ct, enum ip_conntrack_info ctinfo)
  15  {
  16         struct nf_conntrack_expect *exp;
  17 -       struct iphdr *iph = ip_hdr(skb);
  18         struct rtable *rt = skb->rtable;
  19         struct in_device *in_dev;
  20         __be32 mask = 0;
  21 +       __be32 src = 0;
  22
  23         /* we're only interested in locally generated packets */
  24         if (skb->sk == NULL)
  25                 goto out;
  26 -       if (rt == NULL || !(rt->rt_flags & RTCF_BROADCAST))
  27 +       if (rt == NULL || !(rt->rt_flags & (RTCF_MULTICAST|RTCF_BROADCAST)))
  28                 goto out;
  29         if (CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL)
  30                 goto out;
  31 @@ -64,15 +64,18 @@ static int help(struct sk_buff *skb, uns
  32         in_dev = __in_dev_get_rcu(rt->u.dst.dev);
  33         if (in_dev != NULL) {
  34                 for_primary_ifa(in_dev) {
  35 -                       if (ifa->ifa_broadcast == iph->daddr) {
  36 -                               mask = ifa->ifa_mask;
  37 -                               break;
  38 -                       }
  39 +                       /* this is a hack as slp uses multicast we can't match
  40 +                        * the destination address to some broadcast address. So
  41 +                        * just take the first one. Better would be to install
  42 +                        * expectations for all addresses */
  43 +                       mask = ifa->ifa_mask;
  44 +                       src = ifa->ifa_broadcast;
  45 +                       break;
  46                 } endfor_ifa(in_dev);
  47         }
  48         rcu_read_unlock();
  49
  50 -       if (mask == 0)
  51 +       if (mask == 0 || src == 0)
  52                 goto out;
  53
  54         exp = nf_ct_expect_alloc(ct);
  55 @@ -80,6 +83,7 @@ static int help(struct sk_buff *skb, uns
  56                 goto out;
  57
  58         exp->tuple                = ct->tuplehash[IP_CT_DIR_REPLY].tuple;
  59 +       exp->tuple.src.u3.ip      = src;
  60         exp->tuple.src.u.udp.port = htons(SLP_PORT);
  61
  62         exp->mask.src.u3.ip       = mask;