From: Patrick McHardy Date: Fri, 23 Dec 2011 13:01:26 +0000 (+0100) Subject: netfilter: nf_nat: remove obsolete check in nf_nat_mangle_udp_packet() X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=0af051baa8444b7453235552911a353fc7b9bee7;p=linux-beck.git netfilter: nf_nat: remove obsolete check in nf_nat_mangle_udp_packet() The packet size check originates from a time when UDP helpers could accidentally mangle incorrect packets (NEWNAT) and is unnecessary nowadays since the conntrack helpers invoke the NAT helpers for the proper packet directly. Signed-off-by: Patrick McHardy Signed-off-by: Pablo Neira Ayuso --- diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c index 049e8b7c3188..af65958f6308 100644 --- a/net/ipv4/netfilter/nf_nat_helper.c +++ b/net/ipv4/netfilter/nf_nat_helper.c @@ -253,12 +253,6 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb, struct udphdr *udph; int datalen, oldlen; - /* UDP helpers might accidentally mangle the wrong packet */ - iph = ip_hdr(skb); - if (skb->len < iph->ihl*4 + sizeof(*udph) + - match_offset + match_len) - return 0; - if (!skb_make_writable(skb, skb->len)) return 0;