From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752593AbZHXOBa (ORCPT ); Mon, 24 Aug 2009 10:01:30 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1752473AbZHXOB0 (ORCPT ); Mon, 24 Aug 2009 10:01:26 -0400 Received: from daemonizer.de ([87.230.16.230]:49325 "EHLO daemonizer.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752451AbZHXOBZ (ORCPT ); Mon, 24 Aug 2009 10:01:25 -0400 X-Greylist: delayed 2698 seconds by postgrey-1.27 at vger.kernel.org; Mon, 24 Aug 2009 10:01:25 EDT From: Maximilian Engelhardt To: "linux-kernel" , netdev Subject: Logic for SNAT persistent handling introduced in 2.6.30 is inverted Date: Mon, 24 Aug 2009 15:16:12 +0200 User-Agent: KMail/1.11.4 (Linux/2.6.31-rc6; KDE/4.2.4; i686; ; ) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart8693016.B4IW8bsRdp"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200908241516.16544.maxi@daemonizer.de> X-Spam-Score: -4.0 (----) X-Spam-Report: No, hits=-4.0 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.2.3 * -1.8 ALL_TRUSTED Passed through trusted hosts only via SMTP * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1% * [score: 0.0000] * 0.4 AWL AWL: From: address is in the auto white-list Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --nextPart8693016.B4IW8bsRdp Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Kernel 2.6.30 introduced a patch [1] for the persistent option in the=20 netfilter SNAT target. This is exactly what we need here so I had a quick l= ook=20 at the code and noticed that the patch is wrong. The logic is simply invert= ed. The patch below fixes this. Also note that because of this the default behavior of the SNAT target has= =20 changed since kernel 2.6.30 as it now ignores the destination IP in choosin= g=20 the source IP for nating (which should only be the case if the persistent=20 option is set). =2D-- net/ipv4/netfilter/nf_nat_core.c.orig 2009-08-24 14:44:00.00000= 0000=20 +0200 +++ net/ipv4/netfilter/nf_nat_core.c 2009-08-24 14:44:43.000000000 +0200 @@ -212,7 +212,7 @@ find_best_ips_proto(struct nf_conntrack_ maxip =3D ntohl(range->max_ip); j =3D jhash_2words((__force u32)tuple->src.u3.ip, range->flags & IP_NAT_RANGE_PERSISTENT ? =2D (__force u32)tuple->dst.u3.ip : 0, 0); + 0 : (__force u32)tuple->dst.u3.ip, 0); j =3D ((u64)j * (maxip - minip + 1)) >> 32; *var_ipp =3D htonl(minip + j); } Signed-off-by: Maximilian Engelhardt Greetings, Maximilian Engelhardt [1]=20 http://git.eu.kernel.org/?p=3Dlinux/kernel/git/torvalds/linux-2.6.git;a=3Dc= ommitdiff;h=3D98d500d66cb7940747b424b245fc6a51ecfbf005 --nextPart8693016.B4IW8bsRdp Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQIcBAABCgAGBQJKkpKcAAoJEIHqZH0kK9IVvL0QALs8a2z4o9DBhqVX7M+3GcaP Grt9b9u5c2iypxl1U2KZjfqlCxWtwEzU4WqWlaIo69SsUpA17Ymy657Ib3JQ5Ml0 Gpvt12dvRnpNTLzWQjL79ihUEQ3tlYOT+FBabk+D2df5AlGeu3pnvGmR1V8RlcdW AGZTswx7/kpn/y1vtYW7FriaA4/WiHJZR3ooYIkTbrWSG0lrHbYHx95dAOs9sSdt 8Sy+cSM0LDY1wARYlC7BIEcY/UnVlQPOuRyPBVelHCdv7Wm+0K5wwGy+yLyF43fF N53tgpfTA+BhtWIWB6uUQoJS+FumudMBl8G+4Sk4A5rnd0DM2qPud7eyQCNwhehD 287C1ZMDO9N0H7FTx2qc337CIDL1kSMoimmgfhNJxA8SrVToRNH+OjOQuNx3/Esa ejYGW2jjY6AFG3d/5GAhBmryWpJAjZlaqCtOMOzMD/fMhpJvD26i/xhx0cStDz/a 3JiDfLJ3G4TbE7xEHjS6TVFuh/zzMXz0zRLkvWckOwWo8QNRFoTL+q5m9EAt//Kl ZC+gTcz5/AoUQaROeuL7SM7CIyhxgXdit9RLG2CZ0I7x+RbPzzYyq5N75TuFec0o rA/lwia3ed/ENEMNP0wxX8k8ULCuY07fGybg5HHAZhJnXuUiadNibyGMrbMp4if1 vOQuGLMM8+cCdgoQGs/f =jr5j -----END PGP SIGNATURE----- --nextPart8693016.B4IW8bsRdp--