From patchwork Fri Nov 15 20:09:29 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Oester X-Patchwork-Id: 291659 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id C6DFC2C008C for ; Sat, 16 Nov 2013 07:09:33 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753321Ab3KOUJb (ORCPT ); Fri, 15 Nov 2013 15:09:31 -0500 Received: from mail-pd0-f179.google.com ([209.85.192.179]:51113 "EHLO mail-pd0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753303Ab3KOUJb (ORCPT ); Fri, 15 Nov 2013 15:09:31 -0500 Received: by mail-pd0-f179.google.com with SMTP id r10so982814pdi.24 for ; Fri, 15 Nov 2013 12:09:30 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=H2rJ2eTtcBxWXZKPpyLTTvinlP4z189rYkWGx2c/G+4=; b=OuF0xXc9FHUz2qJkLTsTkgICqzOWK/kv+2sXRPrq8csjl0Lg3ywSnsazQlcU2Q+B1R +5gGs2NKvwNCHZCtUy6y/xSCRSfXhzQSrpDldfi4ogq4a2OoLSBD+4mNrrCm+p+7Op8E BxvjOfOQ65zu8bOBiyLZP7fgrPwRYPH8JDaf3nmIvIt1e5r10JwHDqIx8b/C5g/uY7pu Zxwb+S4qHUG0uwV6+0nbtlbqnZj3g3BZwzyM55pCM5jnnLn6RKZjUwBkBQXLCWnyJuNE 9vKzj60cQnXvvs6KMicdK9xNj9HxVdW16BxRuzccl6I9zUQnYlrG/x266dLiXKpSMePc BsNg== X-Gm-Message-State: ALoCoQnfGaQ32CRYHd9wSW7i+BCD6BI61c83hXWEauiD0EqttRUXGHJCZe5vcF6UChu4k1OJegvX X-Received: by 10.66.180.200 with SMTP id dq8mr8503375pac.104.1384546170596; Fri, 15 Nov 2013 12:09:30 -0800 (PST) Received: from home (cpe-98-154-84-14.socal.res.rr.com. [98.154.84.14]) by mx.google.com with ESMTPSA id gf5sm6363537pbc.22.2013.11.15.12.09.28 for (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 15 Nov 2013 12:09:29 -0800 (PST) Date: Fri, 15 Nov 2013 12:09:29 -0800 From: Phil Oester To: "Dawid Stawiarski - nazwa.pl" Cc: netfilter-devel@vger.kernel.org Subject: Re: linux 3.12 regression - snat problem with ftp helper Message-ID: <20131115200928.GA11322@home> References: <52862618.4030202@netart.pl> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <52862618.4030202@netart.pl> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org On Fri, Nov 15, 2013 at 02:48:08PM +0100, Dawid Stawiarski - nazwa.pl wrote: > hello, > > after upgrade to mainline kernel v. 3.12 our machines are not able > to connect to ftp service (from inside of the lxc containters). > Mainline kernel 3.11.8 works fine. > > in packet 8 host sends rewriten PORT command (with changed private > to public IP) - however the packet has incorrect sequence number > (should have 41). > the ftp server responds with SACK but the host resets the connection. Does the attached patch solve the problem for you? Phil diff --git a/net/netfilter/nf_conntrack_seqadj.c b/net/netfilter/nf_conntrack_seqadj.c index 5f9bfd0..17c1bcb 100644 --- a/net/netfilter/nf_conntrack_seqadj.c +++ b/net/netfilter/nf_conntrack_seqadj.c @@ -41,8 +41,8 @@ int nf_ct_seqadj_set(struct nf_conn *ct, enum ip_conntrack_info ctinfo, spin_lock_bh(&ct->lock); this_way = &seqadj->seq[dir]; if (this_way->offset_before == this_way->offset_after || - before(this_way->correction_pos, seq)) { - this_way->correction_pos = seq; + before(this_way->correction_pos, ntohl(seq))) { + this_way->correction_pos = ntohl(seq); this_way->offset_before = this_way->offset_after; this_way->offset_after += off; }