Re: [BUG] active ftp doesn't work since 2.6.9-rc1

[Harald Welte]

On Fri, Oct 01, 2004 at 03:22:48PM +0200, Harald Welte wrote:
> On Fri, Oct 01, 2004 at 01:12:01PM +0200, Vitezslav Samel wrote:
> > 	Hi!
> > 
> >   After upgrade to 2.6.9-rc3 on the firewall (with NAT), active ftp stopped
> > working. The first kernel, which doesn't work is 2.6.9-rc1.
> > Sympotms: passive ftp works O.K., active FTP doesn't open data
> > stream (and in logs there entries about invalid packets - using
> > iptables ... -m state --state INVALID -j LOG)

Please use the following (attached) fix:

DaveM: Please apply and push to Linus:

Thanks!


Fix NAT helper code to update TCP window tracking information
if it resizes payload (and thus alrers sequence numbers).

This patchlet was somehow lost during 2.4.x->2.6.x port of TCP 
window tracking :(

Signed-off-by: Harald Welte <laforge@xxxxxxxxxxxxx>

--- linux-2.6.9-rc3-plain/net/ipv4/netfilter/ip_nat_helper.c	2004-10-01 12:08:40.000000000 +0000
+++ linux-2.6.9-rc3-test/net/ipv4/netfilter/ip_nat_helper.c	2004-10-01 13:37:05.283639640 +0000
@@ -347,7 +347,7 @@
 	return 1;
 }
 
-/* TCP sequence number adjustment.  Returns true or false.  */
+/* TCP sequence number adjustment.  Returns 1 on success, 0 on failure */
 int
 ip_nat_seq_adjust(struct sk_buff **pskb, 
 		  struct ip_conntrack *ct, 
@@ -396,7 +396,12 @@
 	tcph->seq = newseq;
 	tcph->ack_seq = newack;
 
-	return ip_nat_sack_adjust(pskb, tcph, ct, ctinfo);
+	if (!ip_nat_sack_adjust(pskb, tcph, ct, ctinfo))
+		return 0;
+
+	ip_conntrack_tcp_update(*pskb, ct, dir);
+
+	return 1;
 }
 
 static inline int

-- 
- Harald Welte <laforge@xxxxxxxxxxxxx>             http://www.netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

Attachment: signature.asc
Description: Digital signature