[NETFILTER]: nf_conntrack_ftp: don't call NAT helper for unNATed connections Since both IPv4 and IPv6 are handled by the connection tracking helper but only IPv4 supports NAT we must make sure not to call the NAT helper for unNATed connections. Signed-off-by: Patrick McHardy --- commit 49993257192a278f6dc7f288e6ef62059ba88762 tree 8bb4d24ab3b5a0325198c5fa0959d44b0841f9c7 parent aa3104784034fe4a9971de642e962c18b51f5a00 author Patrick McHardy Sat, 04 Nov 2006 21:29:22 +0100 committer Patrick McHardy Sat, 04 Nov 2006 21:29:22 +0100 net/netfilter/nf_conntrack_ftp.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c index 10836fc..84b3f2a 100644 --- a/net/netfilter/nf_conntrack_ftp.c +++ b/net/netfilter/nf_conntrack_ftp.c @@ -520,7 +520,7 @@ static int help(struct sk_buff **pskb, /* Now, NAT might want to mangle the packet, and register the * (possibly changed) expectation itself. */ - if (nf_nat_ftp_hook) + if (nf_nat_ftp_hook && ct->status & IPS_NAT_MASK) ret = nf_nat_ftp_hook(pskb, ctinfo, search[dir][i].ftptype, matchoff, matchlen, exp, &seq); else {