From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 18 Jun 2012 15:29:53 +0000 (+0200)
Subject: netfilter: nf_ct_helper: disable automatic helper re-assignment of different type
X-Git-Tag: v3.6-rc1~125^2~520^2~2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=32f5376003920a8bc1bd97c6cddcf42df0b6a833;p=pandora-kernel.git

netfilter: nf_ct_helper: disable automatic helper re-assignment of different type

This patch modifies __nf_ct_try_assign_helper in a way that invalidates support
for the following scenario:

1) attach the helper A for first time when the conntrack is created
2) attach new (different) helper B due to changes the reply tuple caused by NAT

eg. port redirection from TCP/21 to TCP/5060 with both FTP and SIP helpers
loaded, which seems to be a quite unorthodox scenario.

I can provide a more elaborated patch to support this scenario but explicit
helper attachment provides a better solution for this since now the use can
attach the helpers consistently, without relying on the automatic helper
lookup magic.

This patch fixes a possible out of bound zeroing of the conntrack helper
extension if the helper B uses more memory for its private data than
helper A.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

Reading git-diff-tree failed