diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/expect.c | 4 | ||||
| -rw-r--r-- | src/helpers/ftp.c | 2 | ||||
| -rw-r--r-- | src/helpers/rpc.c | 2 | ||||
| -rw-r--r-- | src/helpers/tns.c | 25 |
4 files changed, 23 insertions, 10 deletions
diff --git a/src/expect.c b/src/expect.c index eab9094..94c26bc 100644 --- a/src/expect.c +++ b/src/expect.c @@ -24,7 +24,8 @@ cthelper_expect_init(struct nf_expect *exp, struct nf_conntrack *master, uint32_t class, union nfct_attr_grp_addr *saddr, union nfct_attr_grp_addr *daddr, - uint8_t l4proto, uint16_t *sport, uint16_t *dport) + uint8_t l4proto, uint16_t *sport, uint16_t *dport, + uint32_t flags) { struct nf_conntrack *expected, *mask; @@ -151,6 +152,7 @@ cthelper_expect_init(struct nf_expect *exp, struct nf_conntrack *master, nfexp_set_attr(exp, ATTR_EXP_MASTER, master); nfexp_set_attr(exp, ATTR_EXP_EXPECTED, expected); nfexp_set_attr(exp, ATTR_EXP_MASK, mask); + nfexp_set_attr_u32(exp, ATTR_EXP_FLAGS, flags); nfct_destroy(expected); nfct_destroy(mask); diff --git a/src/helpers/ftp.c b/src/helpers/ftp.c index 2772199..962020b 100644 --- a/src/helpers/ftp.c +++ b/src/helpers/ftp.c @@ -544,7 +544,7 @@ ftp_helper_cb(struct pkt_buff *pkt, uint32_t protoff, cthelper_get_addr_src(myct->ct, !dir, &addr); if (cthelper_expect_init(exp, myct->ct, 0, &addr, &daddr, IPPROTO_TCP, - NULL, &cmd.u.port)) { + NULL, &cmd.u.port, 0)) { pr_debug("conntrack_ftp: failed to init expectation\n"); goto out_update_nl; } diff --git a/src/helpers/rpc.c b/src/helpers/rpc.c index 97c1b35..82493c2 100644 --- a/src/helpers/rpc.c +++ b/src/helpers/rpc.c @@ -423,7 +423,7 @@ rpc_helper_cb(struct pkt_buff *pkt, uint32_t protoff, if (cthelper_expect_init(exp, myct->ct, 0, &addr, &daddr, rpc_info->pm_prot, - NULL, &port)) { + NULL, &port, NF_CT_EXPECT_PERMANENT)) { pr_debug("RPC: failed to init expectation\n"); goto out_exp; } diff --git a/src/helpers/tns.c b/src/helpers/tns.c index c4bfb91..5833fea 100644 --- a/src/helpers/tns.c +++ b/src/helpers/tns.c @@ -132,9 +132,9 @@ find_pattern(struct pkt_buff *pkt, unsigned int dataoff, size_t dlen, { const char *data = (const char *)pktb_network_header(pkt) + dataoff + sizeof(struct tns_header); - int length, offset; + int length, offset, ret; uint32_t array[4]; - const char *p; + const char *p, *start; p = strstr(data, "("); if (!p) @@ -146,8 +146,9 @@ find_pattern(struct pkt_buff *pkt, unsigned int dataoff, size_t dlen, return 0; } + start = p + strlen("HOST="); offset = (int)(p - data) + strlen("HOST="); - *numoff = offset; + *numoff = offset + sizeof(struct tns_header); data += offset; length = try_number(data, dlen - offset, array, 4, '.', ')'); @@ -168,7 +169,12 @@ find_pattern(struct pkt_buff *pkt, unsigned int dataoff, size_t dlen, } p += strlen("PORT="); - return get_port(p, dlen - offset - length, ')', cmd); + ret = get_port(p, dlen - offset - length, ')', cmd); + if (ret == 0) + return 0; + + p += ret; + return (int)(p - start); } static inline uint16_t @@ -238,7 +244,11 @@ nf_nat_tns(struct pkt_buff *pkt, struct tns_header *tns, struct nf_expect *exp, return NF_DROP; buflen = snprintf(buffer, sizeof(buffer), - "%pI4)(PORT=%u)", &newip.ip, port); + "%u.%u.%u.%u)(PORT=%u)", + ((unsigned char *)&newip.ip)[0], + ((unsigned char *)&newip.ip)[1], + ((unsigned char *)&newip.ip)[2], + ((unsigned char *)&newip.ip)[3], port); if (!buflen) goto out; @@ -346,7 +356,7 @@ parse: if (cthelper_expect_init(exp, myct->ct, 0, &addr, &cmd.u3, IPPROTO_TCP, - NULL, &cmd.u.port)) { + NULL, &cmd.u.port, 0)) { pr_debug("TNS: failed to init expectation\n"); goto out_exp; } @@ -355,7 +365,8 @@ parse: * (possibly changed) expectation itself. */ if (nfct_get_attr_u32(myct->ct, ATTR_STATUS) & IPS_NAT_MASK) { - ret = nf_nat_tns(pkt, tns, exp, myct->ct, dir, numoff, numlen); + ret = nf_nat_tns(pkt, tns, exp, myct->ct, dir, + numoff + sizeof(struct tns_header), numlen); goto out_exp; } |