patch-2.4.23 linux-2.4.23/net/ipv4/netfilter/ip_conntrack_irc.c

Next file: linux-2.4.23/net/ipv4/netfilter/ip_conntrack_proto_generic.c
Previous file: linux-2.4.23/net/ipv4/netfilter/ip_conntrack_core.c
Back to the patch index
Back to the overall index

Lines: 21
Date: 2003-11-28 10:26:21.000000000 -0800
Orig file: linux-2.4.22/net/ipv4/netfilter/ip_conntrack_irc.c
Orig date: 2003-08-25 04:44:44.000000000 -0700


diff -urN linux-2.4.22/net/ipv4/netfilter/ip_conntrack_irc.c linux-2.4.23/net/ipv4/netfilter/ip_conntrack_irc.c
@@ -192,7 +192,10 @@
 			DEBUGP("DCC bound ip/port: %u.%u.%u.%u:%u\n",
 				HIPQUAD(dcc_ip), dcc_port);
 
-			if (ct->tuplehash[dir].tuple.src.ip != htonl(dcc_ip)) {
+			/* dcc_ip can be the internal OR external (NAT'ed) IP
+			 * Tiago Sousa <mirage@kaotik.org> */
+			if (ct->tuplehash[dir].tuple.src.ip != htonl(dcc_ip)
+			    && ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip != htonl(dcc_ip)) {
 				if (net_ratelimit())
 					printk(KERN_WARNING
 						"Forged DCC command from "
@@ -218,7 +221,7 @@
 
 			exp->tuple = ((struct ip_conntrack_tuple)
 				{ { 0, { 0 } },
-				  { htonl(dcc_ip), { .tcp = { htons(dcc_port) } },
+				  { ct->tuplehash[dir].tuple.src.ip, { .tcp = { htons(dcc_port) } },
 				    IPPROTO_TCP }});
 			exp->mask = ((struct ip_conntrack_tuple)
 				{ { 0, { 0 } },

FUNET's LINUX-ADM group, linux-adm@nic.funet.fi

TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)