summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Tham <tham@fidion.de>2019-02-18 09:55:46 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2019-02-27 10:46:39 +0100
commit4283428e492835cc1b4f5212ac7f0f6958c60584 (patch)
tree26c537c4bb34a5e9484bcee86253ce132e2c3f90
parentnetfilter: nft_compat: use .release_ops and remove list of extension (diff)
downloadlinux-4283428e492835cc1b4f5212ac7f0f6958c60584.tar.xz
linux-4283428e492835cc1b4f5212ac7f0f6958c60584.zip
netfilter: nf_conntrack_amanda: add support for STATE streams
The Amanda CONNECT command has been updated to establish an optional fourth connection [0]. Previously, a CONNECT command would look like: CONNECT DATA port0 MESG port1 INDEX port2 nf_conntrack_amanda analyses the CONNECT command string in order to learn the port numbers of the related DATA, MESG and INDEX streams. As of amanda v3.4, the CONNECT command can advertise an additional port: CONNECT DATA port0 MESG port1 INDEX port2 STATE port3 The new STATE stream is not handled, thus the connection on the STATE port cannot be established. The patch adds support for STATE streams to the amanda conntrack helper. I tested with max_expected = 3, leaving the other patch hunks unmodified. Amanda reports "connection refused" and aborts. After I set max_expected to 4, the backup completes successfully. [0] https://github.com/zmanda/amanda/commit/3b8384fc9f2941e2427f44c3aee29f561ed67894#diff-711e502fc81a65182c0954765b42919eR456 Signed-off-by: Florian Tham <tham@fidion.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/netfilter/nf_conntrack_amanda.c9
1 files changed, 7 insertions, 2 deletions
diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c
index 20edd589fe06..f2681ec5b5f6 100644
--- a/net/netfilter/nf_conntrack_amanda.c
+++ b/net/netfilter/nf_conntrack_amanda.c
@@ -54,6 +54,7 @@ enum amanda_strings {
SEARCH_DATA,
SEARCH_MESG,
SEARCH_INDEX,
+ SEARCH_STATE,
};
static struct {
@@ -81,6 +82,10 @@ static struct {
.string = "INDEX ",
.len = 6,
},
+ [SEARCH_STATE] = {
+ .string = "STATE ",
+ .len = 6,
+ },
};
static int amanda_help(struct sk_buff *skb,
@@ -124,7 +129,7 @@ static int amanda_help(struct sk_buff *skb,
goto out;
stop += start;
- for (i = SEARCH_DATA; i <= SEARCH_INDEX; i++) {
+ for (i = SEARCH_DATA; i <= SEARCH_STATE; i++) {
off = skb_find_text(skb, start, stop, search[i].ts);
if (off == UINT_MAX)
continue;
@@ -168,7 +173,7 @@ out:
}
static const struct nf_conntrack_expect_policy amanda_exp_policy = {
- .max_expected = 3,
+ .max_expected = 4,
.timeout = 180,
};