netfilter: pptp: attach nat extension when needed

[mirror_ubuntu-artful-kernel.git] / net / netfilter / nf_conntrack_pptp.c

diff --git a/net/netfilter/nf_conntrack_pptp.c b/net/netfilter/nf_conntrack_pptp.c
index 126031909fc7808a4c384476ddb42b8c790a3b59..6959e93063d4c957017b97e08dfca27b775461c2 100644 (file)
--- a/net/netfilter/nf_conntrack_pptp.c
+++ b/net/netfilter/nf_conntrack_pptp.c
@@ -263,7 +263,7 @@ out_unexpect_orig:
        goto out_put_both;
 }
 
-static inline int
+static int
 pptp_inbound_pkt(struct sk_buff *skb, unsigned int protoff,
                 struct PptpControlHeader *ctlh,
                 union pptp_ctrl_union *pptpReq,
@@ -391,7 +391,7 @@ invalid:
        return NF_ACCEPT;
 }
 
-static inline int
+static int
 pptp_outbound_pkt(struct sk_buff *skb, unsigned int protoff,
                  struct PptpControlHeader *ctlh,
                  union pptp_ctrl_union *pptpReq,
@@ -523,6 +523,14 @@ conntrack_pptp_help(struct sk_buff *skb, unsigned int protoff,
        int ret;
        u_int16_t msg;
 
+#if IS_ENABLED(CONFIG_NF_NAT)
+       if (!nf_ct_is_confirmed(ct) && (ct->status & IPS_NAT_MASK)) {
+               struct nf_conn_nat *nat = nf_ct_ext_find(ct, NF_CT_EXT_NAT);
+
+               if (!nat && !nf_ct_ext_add(ct, NF_CT_EXT_NAT, GFP_ATOMIC))
+                       return NF_DROP;
+       }
+#endif
        /* don't do any tracking before tcp handshake complete */
        if (ctinfo != IP_CT_ESTABLISHED && ctinfo != IP_CT_ESTABLISHED_REPLY)
                return NF_ACCEPT;