aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorFlorian Westphal2013-02-11 23:59:53 -0600
committerGreg Kroah-Hartman2013-05-11 15:53:55 -0500
commitfc27819bea8a7791c8a95e0db258389d3cb00887 (patch)
tree50daf85820ca36a20af2af7958d94d3b5fb66015 /net
parentcf75e569817b1311815cafe2ea39110e706479e0 (diff)
downloadkernel-video-fc27819bea8a7791c8a95e0db258389d3cb00887.tar.gz
kernel-video-fc27819bea8a7791c8a95e0db258389d3cb00887.tar.xz
kernel-video-fc27819bea8a7791c8a95e0db258389d3cb00887.zip
netfilter: nf_ct_helper: don't discard helper if it is actually the same
commit 6e2f0aa8cf8892868bf2c19349cb5d7c407f690d upstream. commit (32f5376 netfilter: nf_ct_helper: disable automatic helper re-assignment of different type) broke transparent proxy scenarios. For example, initial helper lookup might yield "ftp" (dport 21), while re-lookup after REDIRECT yields "ftp-2121". This causes the autoassign code to toss the ftp helper, even though these are just different instances of the same helper. Change the test to check for the helper function address instead of the helper address, as suggested by Pablo. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/nf_conntrack_helper.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
index 884f2b39319..91527d5ba01 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
@@ -236,7 +236,9 @@ int __nf_ct_try_assign_helper(struct nf_conn *ct, struct nf_conn *tmpl,
236 /* We only allow helper re-assignment of the same sort since 236 /* We only allow helper re-assignment of the same sort since
237 * we cannot reallocate the helper extension area. 237 * we cannot reallocate the helper extension area.
238 */ 238 */
239 if (help->helper != helper) { 239 struct nf_conntrack_helper *tmp = rcu_dereference(help->helper);
240
241 if (tmp && tmp->help != helper->help) {
240 RCU_INIT_POINTER(help->helper, NULL); 242 RCU_INIT_POINTER(help->helper, NULL);
241 goto out; 243 goto out;
242 } 244 }