Skip to content

Commit

Permalink
[NETFILTER]: nf_nat: fix MASQUERADE crash on device down
Browse files Browse the repository at this point in the history 
Check the return value of nfct_nat() in device_cmp(), we might very well
have non NAT conntrack entries as well (Netfilter bugzilla #528).

Signed-off-by: Martin Josefsson <gandalf@wlug.westbo.se>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Martin Josefsson authored and David S. Miller committed Jan 4, 2007
1 parent c9386cf commit bbdc176
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion net/ipv4/netfilter/ipt_MASQUERADE.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,10 +127,13 @@ masquerade_target(struct sk_buff **pskb,
static inline int
device_cmp(struct ip_conntrack *i, void *ifindex)
{
int ret;
#ifdef CONFIG_NF_NAT_NEEDED
struct nf_conn_nat *nat = nfct_nat(i);

if (!nat)
return 0;
#endif
int ret;

read_lock_bh(&masq_lock);
#ifdef CONFIG_NF_NAT_NEEDED
Expand Down

0 comments on commit bbdc176

Please sign in to comment.