From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 03/04]: nf_nat: fix hanging connections when loading the NAT module
Date: Tue, 9 Jan 2007 17:29:56 +0100 (MET) [thread overview]
Message-ID: <20070109162956.6229.17261.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20070109162952.6229.79602.sendpatchset@localhost.localdomain>
[NETFILTER]: nf_nat: fix hanging connections when loading the NAT module
When loading the NAT module, existing connection tracking entries don't
have room for NAT information allocated and packets are dropped, causing
hanging connections. They really should be entered into the NAT table
as NULL mappings, but the current allocation scheme doesn't allow this.
For now simply accept those packets to avoid the hanging connections.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 36e2c322ad2424a161b8a2a89c251dc9c71764bb
tree e70f4a11972c8dbe079fef2c75a73e8266c95940
parent 21f6325bc6e8e439cafcdc8d114d3c72743374a3
author Patrick McHardy <kaber@trash.net> Tue, 09 Jan 2007 14:00:45 +0100
committer Patrick McHardy <kaber@trash.net> Tue, 09 Jan 2007 14:00:45 +0100
net/ipv4/netfilter/nf_nat_standalone.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index 730a7a4..00d6dea 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -123,7 +123,7 @@ nf_nat_fn(unsigned int hooknum,
nat = nfct_nat(ct);
if (!nat)
- return NF_DROP;
+ return NF_ACCEPT;
switch (ctinfo) {
case IP_CT_RELATED:
next prev parent reply other threads:[~2007-01-09 16:29 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-09 16:29 [NETFILTER 00/04]: Netfilter fixes Patrick McHardy
2007-01-09 16:29 ` [NETFILTER 01/04]: nf_conntrack_ipv6: fix crash when handling fragments Patrick McHardy
2007-01-09 16:29 ` [NETFILTER 02/04]: arp_tables: fix userspace compilation Patrick McHardy
2007-01-09 16:29 ` Patrick McHardy [this message]
2007-01-09 16:29 ` [NETFILTER 04/04]: tcp conntrack: fix IP_CT_TCP_FLAG_CLOSE_INIT value Patrick McHardy
2007-01-09 22:35 ` [NETFILTER 00/04]: Netfilter fixes David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070109162956.6229.17261.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.