diff options
author | Patrick McHardy <kaber@trash.net> | 2012-08-26 17:14:01 (GMT) |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-08-30 01:00:12 (GMT) |
commit | 811927ccfe90fbfcfff5253ba7f95057f6cae692 (patch) | |
tree | c0e2606135bef4b786b3ee60126d02d64528c0a4 /net/netfilter/nf_conntrack_amanda.c | |
parent | 2b60af017880f7dc35d1fac65f48fc94f8a3c1ec (diff) | |
download | linux-fsl-qoriq-811927ccfe90fbfcfff5253ba7f95057f6cae692.tar.xz |
netfilter: nf_conntrack: restrict NAT helper invocation to IPv4
The NAT helpers currently only handle IPv4 packets correctly. Restrict
invocation of the helpers to IPv4 in preparation of IPv6 NAT.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter/nf_conntrack_amanda.c')
-rw-r--r-- | net/netfilter/nf_conntrack_amanda.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c index f2de8c5..184c0dc 100644 --- a/net/netfilter/nf_conntrack_amanda.c +++ b/net/netfilter/nf_conntrack_amanda.c @@ -154,7 +154,8 @@ static int amanda_help(struct sk_buff *skb, IPPROTO_TCP, NULL, &port); nf_nat_amanda = rcu_dereference(nf_nat_amanda_hook); - if (nf_nat_amanda && ct->status & IPS_NAT_MASK) + if (nf_nat_amanda && nf_ct_l3num(ct) == NFPROTO_IPV4 && + ct->status & IPS_NAT_MASK) ret = nf_nat_amanda(skb, ctinfo, off - dataoff, len, exp); else if (nf_ct_expect_related(exp) != 0) |