conntrack: Allow specified alg port numbers.

Algs can use variable control port numbers for servers. The main use case is a kind of feeble security measure; the thinking being by some is that it obscures the alg traffic. It is really not very effective, but the kernel has this capability. This patch mimics the capability. Signed-off-by: Darrell Ball <dlu998@gmail.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Aaron Conole <aconole@redhat.com>
2025-08-31 14:25:26 +00:00 · 2017-12-04 08:13:06 -08:00
parent 94e711433c
commit bd7d93f8b4
4 changed files with 36 additions and 21 deletions
--- a/lib/dpif-netdev.c
+++ b/lib/dpif-netdev.c
@@ -5629,8 +5629,8 @@ dp_execute_cb(void *aux_, struct dp_packet_batch *packets_,
        }

        conntrack_execute(&dp->conntrack, packets_, aux->flow->dl_type, force,
-                          commit, zone, setmark, setlabel, helper,
-                          nat_action_info_ref, now);
+                          commit, zone, setmark, setlabel, aux->flow->tp_src,
+                          aux->flow->tp_dst, helper, nat_action_info_ref, now);
        break;
    }