]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 70d72af) | patch
netfilter: nf_nat: don't check for port change on ICMP tuples
authorUlrich Weber <ulrich.weber@sophos.com>
Thu, 25 Oct 2012 05:34:45 +0000 (05:34 +0000)
committerPablo Neira Ayuso <pablo@netfilter.org>
Sun, 28 Oct 2012 21:43:34 +0000 (22:43 +0100)
commit9f9213fa8859d52531a99dbcae1977d235ac237f
treea065f4023c55b9d65d9dfe7786e84e15a39d890ftree | snapshot
parent70d72afdc0dee6375cf5a13182d6d0fffef57185commit | diff
netfilter: nf_nat: don't check for port change on ICMP tuples

ICMP tuples have id in src and type/code in dst.
So comparing src.u.all with dst.u.all will always fail here
and ip_xfrm_me_harder() is called for every ICMP packet,
even if there was no NAT.

Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv4/netfilter/iptable_nat.c diff | blob | history
net/ipv6/netfilter/ip6table_nat.c diff | blob | history
Linux Kernel Source Tree.