Skip to content

Commit

Permalink
[NETFILTER]: Fix check whether dst_entry needs to be released after NAT
Browse files Browse the repository at this point in the history 
After DNAT the original dst_entry needs to be released if present
so the packet doesn't skip input routing with its new address. The
current check for DNAT in ip_nat_in is reversed and checks for SNAT.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Patrick McHardy authored and David S. Miller committed Feb 5, 2006
1 parent 0047c65 commit 7918d21
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions net/ipv4/netfilter/ip_nat_standalone.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -209,8 +209,8 @@ ip_nat_in(unsigned int hooknum,
&& (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) {
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);

if (ct->tuplehash[dir].tuple.src.ip !=
ct->tuplehash[!dir].tuple.dst.ip) {
if (ct->tuplehash[dir].tuple.dst.ip !=
ct->tuplehash[!dir].tuple.src.ip) {
dst_release((*pskb)->dst);
(*pskb)->dst = NULL;
}
Expand Down

0 comments on commit 7918d21

Please sign in to comment.