]> git.karo-electronics.de Git - karo-tx-linux.git/commit
projects / karo-tx-linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b3e991e) | patch
netfilter: nf_nat: don't check for port change on ICMP tuples
authorUlrich Weber <ulrich.weber@sophos.com>
Thu, 25 Oct 2012 05:34:45 +0000 (05:34 +0000)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 26 Nov 2012 19:37:48 +0000 (11:37 -0800)
commita39bdce2f2a9aebda1b9438c4b2e91c0dd507a34
treea673b6e766711591f4e54bca916de7e5f799cf71tree | snapshot
parentb3e991ea9222c3ec71d74b37d105cea115055c4dcommit | diff
netfilter: nf_nat: don't check for port change on ICMP tuples

commit 38fe36a248ec3228f8e6507955d7ceb0432d2000 upstream.

ICMP tuples have id in src and type/code in dst.
So comparing src.u.all with dst.u.all will always fail here
and ip_xfrm_me_harder() is called for every ICMP packet,
even if there was no NAT.

Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/ipv4/netfilter/nf_nat_standalone.c diff | blob | history
Linux kernel for KaRo TX COM modules