netfilter: nf_conntrack: restrict NAT helper invocation to IPv4

[mirror_ubuntu-bionic-kernel.git] / net / netfilter / nf_conntrack_tftp.c

diff --git a/net/netfilter/nf_conntrack_tftp.c b/net/netfilter/nf_conntrack_tftp.c
index 81fc61c052631300290c45d9d25ef57956b4ee62..9363e1c664668095b32c2a63634ebeb532b5a409 100644 (file)
--- a/net/netfilter/nf_conntrack_tftp.c
+++ b/net/netfilter/nf_conntrack_tftp.c
@@ -72,7 +72,8 @@ static int tftp_help(struct sk_buff *skb,
                nf_ct_dump_tuple(&exp->tuple);
 
                nf_nat_tftp = rcu_dereference(nf_nat_tftp_hook);
-               if (nf_nat_tftp && ct->status & IPS_NAT_MASK)
+               if (nf_nat_tftp && nf_ct_l3num(ct) == NFPROTO_IPV4 &&
+                   ct->status & IPS_NAT_MASK)
                        ret = nf_nat_tftp(skb, ctinfo, exp);
                else if (nf_ct_expect_related(exp) != 0)
                        ret = NF_DROP;