diff options
author | Patrick McHardy <kaber@trash.net> | 2012-08-26 17:14:01 (GMT) |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-08-30 01:00:12 (GMT) |
commit | 811927ccfe90fbfcfff5253ba7f95057f6cae692 (patch) | |
tree | c0e2606135bef4b786b3ee60126d02d64528c0a4 /net/netfilter/nf_conntrack_irc.c | |
parent | 2b60af017880f7dc35d1fac65f48fc94f8a3c1ec (diff) | |
download | linux-fsl-qoriq-811927ccfe90fbfcfff5253ba7f95057f6cae692.tar.xz |
netfilter: nf_conntrack: restrict NAT helper invocation to IPv4
The NAT helpers currently only handle IPv4 packets correctly. Restrict
invocation of the helpers to IPv4 in preparation of IPv6 NAT.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter/nf_conntrack_irc.c')
-rw-r--r-- | net/netfilter/nf_conntrack_irc.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c index 009c52c..e06dc2f 100644 --- a/net/netfilter/nf_conntrack_irc.c +++ b/net/netfilter/nf_conntrack_irc.c @@ -204,7 +204,8 @@ static int help(struct sk_buff *skb, unsigned int protoff, IPPROTO_TCP, NULL, &port); nf_nat_irc = rcu_dereference(nf_nat_irc_hook); - if (nf_nat_irc && ct->status & IPS_NAT_MASK) + if (nf_nat_irc && nf_ct_l3num(ct) == NFPROTO_IPV4 && + ct->status & IPS_NAT_MASK) ret = nf_nat_irc(skb, ctinfo, addr_beg_p - ib_ptr, addr_end_p - addr_beg_p, |