LVS
lvs-devel
Google
 
Web LinuxVirtualServer.org

Re: [patch v2.2 3/4] [PATCH v2.1 3/4] IPVS: make FTP work with full NAT

To: Simon Horman <horms@xxxxxxxxxxxx>
Subject: Re: [patch v2.2 3/4] [PATCH v2.1 3/4] IPVS: make FTP work with full NAT support
Cc: lvs-devel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, netfilter@xxxxxxxxxxxxxxx, Wensong Zhang <wensong@xxxxxxxxxxxx>, Julius Volz <julius.volz@xxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>, Hannes Eder <heder@xxxxxxxxxx>, Netfilter Development Mailinglist <netfilter-devel@xxxxxxxxxxxxxxx>
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Sat, 01 May 2010 18:26:04 +0200
Simon Horman wrote:

> +#define FMT_TUPLE    "%u.%u.%u.%u:%u->%u.%u.%u.%u:%u/%u"
> +#define ARG_TUPLE(T) NIPQUAD((T)->src.u3.ip), ntohs((T)->src.u.all), \
> +                     NIPQUAD((T)->dst.u3.ip), ntohs((T)->dst.u.all), \
> +                     (T)->dst.protonum
> +
> +#define FMT_CONN     "%u.%u.%u.%u:%u->%u.%u.%u.%u:%u->%u.%u.%u.%u:%u/%u:%u"
> +#define ARG_CONN(C)  NIPQUAD((C)->caddr), ntohs((C)->cport), \
> +                     NIPQUAD((C)->vaddr), ntohs((C)->vport), \
> +                     NIPQUAD((C)->daddr), ntohs((C)->dport), \
> +                     (C)->protocol, (C)->state
>  

Please use the appropriate format string (%pI4) instead of NIPQUAD.

> +             buf_len = sprintf(buf, "%u,%u,%u,%u,%u,%u", NIPQUAD(from.ip),
> +                               (ntohs(port)>>8)&255, ntohs(port)&255);
> +
> +             ct = nf_ct_get(skb, &ctinfo);
> +             ret = nf_nat_mangle_tcp_packet(skb,
> +                                            ct,
> +                                            ctinfo,
> +                                            start-data,
> +                                            end-start,
> +                                            buf,
> +                                            buf_len);
> +
> +             if (ct && ct != &nf_conntrack_untracked)

ct is non-NULL, otherwise we'll crash in nf_nat_mangle_tcp_packet().
Are you sure you want to mangle untracked packets above? That doesn't
work when their are size changes.
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

<Prev in Thread] Current Thread [Next in Thread>