From 9cdb339e28276398d4c268def5a2b96d5878bfa5 Mon Sep 17 00:00:00 2001
From: Patrick McHardy <kaber@trash.net>
Date: Mon, 14 Apr 2008 11:15:50 +0200
Subject: [PATCH] --- yaml --- r: 90704 b: refs/heads/master c:
 42cf800c240fa845e9c154429d70d62750e65b64 h: refs/heads/master v: v3

---
 [refs]                                       |  2 +-
 trunk/net/ipv4/netfilter/nf_nat_standalone.c | 15 +--------------
 2 files changed, 2 insertions(+), 15 deletions(-)

diff --git a/[refs] b/[refs]
index 71530d29dfd2..257cc6941cb3 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 9d908a69a32e0171eb5eeac93f2f46ffa4190573
+refs/heads/master: 42cf800c240fa845e9c154429d70d62750e65b64
diff --git a/trunk/net/ipv4/netfilter/nf_nat_standalone.c b/trunk/net/ipv4/netfilter/nf_nat_standalone.c
index 4a3e0f85db97..c362f672755a 100644
--- a/trunk/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/trunk/net/ipv4/netfilter/nf_nat_standalone.c
@@ -93,21 +93,8 @@ nf_nat_fn(unsigned int hooknum,
 	   have dropped it.  Hence it's the user's responsibilty to
 	   packet filter it out, or implement conntrack/NAT for that
 	   protocol. 8) --RR */
-	if (!ct) {
-		/* Exception: ICMP redirect to new connection (not in
-		   hash table yet).  We must not let this through, in
-		   case we're doing NAT to the same network. */
-		if (ip_hdr(skb)->protocol == IPPROTO_ICMP) {
-			struct icmphdr _hdr, *hp;
-
-			hp = skb_header_pointer(skb, ip_hdrlen(skb),
-						sizeof(_hdr), &_hdr);
-			if (hp != NULL &&
-			    hp->type == ICMP_REDIRECT)
-				return NF_DROP;
-		}
+	if (!ct)
 		return NF_ACCEPT;
-	}
 
 	/* Don't try to NAT if this packet is not conntracked */
 	if (ct == &nf_conntrack_untracked)