git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Fri, 7 Jul 2017 11:07:17 +0000 (13:07 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 17 Jul 2017 15:02:19 +0000 (17:02 +0200)
commit	7b62f8fba78b8b7a9f021ba512ce32cd8c372ae3
tree	6201ab9cf05ef4e22928dd0270dcf69ccf3b6abb	tree \| snapshot
parent	5733d89963a7ce149a2e86e7112bb1abbcf6b169	commit \| diff

netfilter: nat: fix src map lookup

When doing initial conversion to rhashtable I replaced the bucket
walk with a single rhashtable_lookup_fast().

When moving to rhlist I failed to properly walk the list of identical
tuples, but that is what is needed for this to work correctly.
The table contains the original tuples, so the reply tuples are all
distinct.

We currently decide that mapping is (not) in range only based on the
first entry, but in case its not we need to try the reply tuple of the
next entry until we either find an in-range mapping or we checked
all the entries.

This bug makes nat core attempt collision resolution while it might be
able to use the mapping as-is.

Fixes: 940f4f2c0a1c ("netfilter: nat: convert nat bysrc hash to rhashtable")
Reported-by: Jaco Kroon <jaco@uls.co.za>
Tested-by: Jaco Kroon <jaco@uls.co.za>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>