Skip to content

Commit

Permalink
netfilter: nf_nat: remove obsolete check in nf_nat_mangle_udp_packet()
Browse files Browse the repository at this point in the history 
The packet size check originates from a time when UDP helpers could
accidentally mangle incorrect packets (NEWNAT) and is unnecessary
nowadays since the conntrack helpers invoke the NAT helpers for the
proper packet directly.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  • Loading branch information
Patrick McHardy authored and Pablo Neira Ayuso committed Dec 23, 2011
1 parent 40cfb70 commit 0af051b
Showing 1 changed file with 0 additions and 6 deletions.
6 changes: 0 additions & 6 deletions net/ipv4/netfilter/nf_nat_helper.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -253,12 +253,6 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb,
struct udphdr *udph;
int datalen, oldlen;

/* UDP helpers might accidentally mangle the wrong packet */
iph = ip_hdr(skb);
if (skb->len < iph->ihl*4 + sizeof(*udph) +
match_offset + match_len)
return 0;

if (!skb_make_writable(skb, skb->len))
return 0;

Expand Down

0 comments on commit 0af051b

Please sign in to comment.