From: Patrick McHardy <kaber@trash.net>
To: Phil Oester <kernel@linuxace.com>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: [PATCH] pptp conntrack broken when non-modular
Date: Mon, 19 Dec 2005 11:18:00 +0100 [thread overview]
Message-ID: <43A688D8.4050200@trash.net> (raw)
In-Reply-To: <43A67D33.70005@trash.net>
[-- Attachment #1: Type: text/plain, Size: 836 bytes --]
Patrick McHardy wrote:
> Phil Oester wrote:
>
>> The GRE protocol helper of PPTP does not get properly registered
>> when it is built in, because ip_nat_proto_gre_init runs prior to
>> ip_nat_init, so ip_nat_protos is unitialized when ip_nat_proto_gre_init
>> tries to register protocol 47.
>>
>> Changing ip_nat_protocol_register to unconditionally register solves
>> half the problem. But then when ip_nat_init does run, it overwrites
>> the registration with ip_nat_unknown_protocol. So the second
>> part of the fix is to change ip_nat_init not to overwrite previously
>> registered protos.
>
>
> I think the correct fix is to change the initialisation order so
> the NAT core comes before protocol helpers. I'm going to look into
> this.
This patch fixes the problem by changing the init order.
I'll try to get it in 2.6.15.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1429 bytes --]
[NETFILTER]: Fix NAT init order
As noticed by Phil Oester, the GRE NAT protocol helper is initialized
before the NAT core, which makes registration fail.
Change the linking order to make NAT be initialized first.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 87704c86b3406255a2b68b1d1a68ff72baa6177e
tree 349f73319574ccb3a02acaefab7cec8edaa798f6
parent afe1ec2b866d310f47db2f368f1f4a7b4961ffed
author Patrick McHardy <kaber@trash.net> Mon, 19 Dec 2005 11:17:20 +0100
committer Patrick McHardy <kaber@trash.net> Mon, 19 Dec 2005 11:17:20 +0100
net/ipv4/netfilter/Makefile | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 058c48e..d0a447e 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -12,6 +12,7 @@ ip_nat_pptp-objs := ip_nat_helper_pptp.o
# connection tracking
obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o
+obj-$(CONFIG_IP_NF_NAT) += ip_nat.o
# conntrack netlink interface
obj-$(CONFIG_IP_NF_CONNTRACK_NETLINK) += ip_conntrack_netlink.o
@@ -41,7 +42,7 @@ obj-$(CONFIG_IP_NF_IPTABLES) += ip_table
# the three instances of ip_tables
obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o
obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o
-obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o ip_nat.o
+obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o
obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o
# matches
prev parent reply other threads:[~2005-12-19 10:18 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-18 19:48 [PATCH] pptp conntrack broken when non-modular Phil Oester
2005-12-19 9:28 ` Patrick McHardy
2005-12-19 10:18 ` Patrick McHardy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43A688D8.4050200@trash.net \
--to=kaber@trash.net \
--cc=kernel@linuxace.com \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.