#endif /* _XT_LAYER7_H */
--- a/net/netfilter/xt_layer7.c
+++ b/net/netfilter/xt_layer7.c
-@@ -297,34 +297,36 @@ static int match_no_append(struct nf_con
+@@ -314,33 +314,35 @@ static int match_no_append(struct nf_con
}
/* add the new app data to the conntrack. Return number of bytes added. */
{
int length = 0, i;
- int oldlength = master_conntrack->layer7.app_data_len;
-
-- /* This is a fix for a race condition by Deti Fliegl. However, I'm not
-- clear on whether the race condition exists or whether this really
-- fixes it. I might just be being dense... Anyway, if it's not really
+-
+- /* This is a fix for a race condition by Deti Fliegl. However, I'm not
+- clear on whether the race condition exists or whether this really
+- fixes it. I might just be being dense... Anyway, if it's not really
- a fix, all it does is waste a very small amount of time. */
- if(!master_conntrack->layer7.app_data) return 0;
+ if (!target) return 0;
do case insensitivity). Add it to the end of the current data. */
- for(i = 0; i < maxdatalen-oldlength-1 &&
- i < appdatalen; i++) {
-+ for(i = 0; i < maxdatalen-offset-1 && i < len; i++) {
++ for(i = 0; i < maxdatalen-offset-1 && i < len; i++) {
if(app_data[i] != '\0') {
/* the kernel version of tolower mungs 'upper ascii' */
- master_conntrack->layer7.app_data[length+oldlength] =
+ target[length+offset] =
- isascii(app_data[i])?
+ isascii(app_data[i])?
tolower(app_data[i]) : app_data[i];
length++;
}
+
+ return length;
+}
-
-- master_conntrack->layer7.app_data[length+oldlength] = '\0';
-- master_conntrack->layer7.app_data_len = length + oldlength;
++
+/* add the new app data to the conntrack. Return number of bytes added. */
+static int add_data(struct nf_conn * master_conntrack,
+ char * app_data, int appdatalen)
+{
+ int length;
+- master_conntrack->layer7.app_data[length+oldlength] = '\0';
+- master_conntrack->layer7.app_data_len = length + oldlength;
+ length = add_datastr(master_conntrack->layer7.app_data, master_conntrack->layer7.app_data_len, app_data, appdatalen);
+ master_conntrack->layer7.app_data_len += length;
+
return length;
}
-
-@@ -411,7 +413,7 @@ match(const struct sk_buff *skbin,
+@@ -428,7 +430,7 @@ match(const struct sk_buff *skbin,
const struct xt_layer7_info * info = matchinfo;
enum ip_conntrack_info master_ctinfo, ctinfo;
struct nf_conn *master_conntrack, *conntrack;
unsigned int pattern_result, appdatalen;
regexp * comppattern;
-@@ -439,8 +441,8 @@ match(const struct sk_buff *skbin,
+@@ -456,8 +458,8 @@ match(const struct sk_buff *skbin,
master_conntrack = master_ct(master_conntrack);
/* if we've classified it or seen too many packets */
-- if(TOTAL_PACKETS > num_packets ||
+- if(total_acct_packets(master_conntrack) > num_packets ||
- master_conntrack->layer7.app_proto) {
-+ if(!info->pkt && (TOTAL_PACKETS > num_packets ||
++ if(!info->pkt && (total_acct_packets(master_conntrack) > num_packets ||
+ master_conntrack->layer7.app_proto)) {
- pattern_result = match_no_append(conntrack, master_conntrack,
+ pattern_result = match_no_append(conntrack, master_conntrack,
ctinfo, master_ctinfo, info);
-@@ -473,6 +475,25 @@ match(const struct sk_buff *skbin,
+@@ -490,6 +492,25 @@ match(const struct sk_buff *skbin,
/* the return value gets checked later, when we're ready to use it */
comppattern = compile_and_cache(info->pattern, info->protocol);
+ }
+
/* On the first packet of a connection, allocate space for app data */
- if(TOTAL_PACKETS == 1 && !skb->cb[0] &&
+ if(total_acct_packets(master_conntrack) == 1 && !skb->cb[0] &&
!master_conntrack->layer7.app_data){
projects / openwrt-10.03 / .git / blobdiff