--- linux/net/ipv4/netfilter/ip_conntrack_ftp.c.orig	Wed Feb  7 12:45:20 2001
+++ linux/net/ipv4/netfilter/ip_conntrack_ftp.c	Wed Feb  7 13:35:26 2001
@@ -12,8 +12,8 @@
 DECLARE_LOCK(ip_ftp_lock);
 struct module *ip_conntrack_ftp = THIS_MODULE;
 
-#define SERVER_STRING "227 Entering Passive Mode ("
-#define CLIENT_STRING "PORT "
+#define SERVER_STRING "227 "
+#define CLIENT_STRING "PORT"
 
 #if 0
 #define DEBUGP printk
@@ -24,10 +24,21 @@
 static struct {
 	const char *pattern;
 	size_t plen;
+	char skip;
 	char term;
 } search[2] = {
-	[IP_CT_FTP_PORT] { CLIENT_STRING, sizeof(CLIENT_STRING) - 1, '\r' },
-	[IP_CT_FTP_PASV] { SERVER_STRING, sizeof(SERVER_STRING) - 1, ')' }
+	[IP_CT_FTP_PORT] {
+		CLIENT_STRING,
+		sizeof(CLIENT_STRING) - 1,
+		' ',
+		'\r' 
+	},
+	[IP_CT_FTP_PASV] {
+		SERVER_STRING,
+		sizeof(SERVER_STRING) - 1,
+		'(',
+		')' 
+	}
 };
 
 /* Returns 0, or length of numbers */
@@ -61,11 +72,13 @@
 /* Return 1 for match, 0 for accept, -1 for partial. */
 static int find_pattern(const char *data, size_t dlen,
 			const char *pattern, size_t plen,
-			char term,
+			char skip, char term,
 			unsigned int *numoff,
 			unsigned int *numlen,
 			u_int32_t array[6])
 {
+	size_t i;
+
 	if (dlen == 0)
 		return 0;
 
@@ -90,8 +103,18 @@
 		return 0;
 	}
 
-	*numoff = plen;
-	*numlen = try_number(data + plen, dlen - plen, array, term);
+	/* Now we've found the constant string, try to skip
+	   to the 'skip' character */
+
+	for(i = plen; (i < dlen) && (data[i] != skip); i++)
+		;
+	i++;	/* skip over the last character */
+
+	if(i >= dlen)
+		return 0;
+
+	*numoff = i;
+	*numlen = try_number(data + i, dlen - i, array, term);
 	if (!*numlen)
 		return -1;
 
@@ -165,7 +188,8 @@
 
 	switch (find_pattern(data, datalen,
 			     search[dir].pattern,
-			     search[dir].plen, search[dir].term,
+			     search[dir].plen,
+			     search[dir].skip, search[dir].term,
 			     &matchoff, &matchlen,
 			     array)) {
 	case -1: /* partial */