From: Patrick McHardy <kaber@trash.net>
To: Stephen Hemminger <shemminger@vyatta.com>
Cc: David Miller <davem@davemloft.net>,
netdev@vger.kernel.org, netfilter-devel@vger.kernel.org
Subject: Re: NAT regression in next tree
Date: Fri, 19 Feb 2010 08:06:22 +0100 [thread overview]
Message-ID: <4B7E386E.4070502@trash.net> (raw)
In-Reply-To: <20100218215106.557be6b0@nehalam>
[-- Attachment #1: Type: text/plain, Size: 991 bytes --]
Stephen Hemminger wrote:
> On Fri, 19 Feb 2010 06:45:43 +0100
> Patrick McHardy <kaber@trash.net> wrote:
>
>> Stephen Hemminger wrote:
>>> Something in net-next tree broke bridging of virtual nets.
>>> My local VM's can no longer access external networks.
>>>
>>> It is a NAT problem. One of the recent netfilter changes is causing
>>> the packets to not have there source address rewritten.
>>>
>>> I see:
>>> VM1 -- 192.168.100.0/24 -- HOST -- 192.168.1.0/24 -- ROUTER
>>> virbr0 eth0
>>>
>>> Even a simple ping from VM1 doesn't get responded to because
>>> the 192.168.100.X source address is not getting rewritten.
>> I'll try to reproduce it locally. What is the HEAD of the broken
>> tree you're running?
>
> commit 37ee3d5b3e979a168536e7e2f15bd1e769cb4122
> Author: Patrick McHardy <kaber@trash.net>
> Date: Thu Feb 18 19:04:44 2010 +0100
>
> netfilter: nf_defrag_ipv4: fix compilation error with NF_CONNTRACK=n
This patch should fix it.
[-- Attachment #2: x --]
[-- Type: text/plain, Size: 1085 bytes --]
commit 4bac6b180771f7ef5275b1a6d88e630ca3a3d6f0
Author: Patrick McHardy <kaber@trash.net>
Date: Fri Feb 19 08:03:28 2010 +0100
netfilter: restore POST_ROUTING hook in NF_HOOK_COND
Commit 2249065 ("netfilter: get rid of the grossness in netfilter.h")
inverted the logic for conditional hook invocation, breaking the
POST_ROUTING hook invoked by ip_output().
Correct the logic and remove an unnecessary initialization.
Reported-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 7007945..89341c3 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -212,8 +212,9 @@ NF_HOOK_COND(uint8_t pf, unsigned int hook, struct sk_buff *skb,
struct net_device *in, struct net_device *out,
int (*okfn)(struct sk_buff *), bool cond)
{
- int ret = 1;
- if (cond ||
+ int ret;
+
+ if (!cond ||
(ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, INT_MIN) == 1))
ret = okfn(skb);
return ret;
next prev parent reply other threads:[~2010-02-19 7:06 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-17 1:36 Recent change to net-next broke KVM bridging Stephen Hemminger
2010-02-17 14:26 ` Arnd Bergmann
2010-02-19 1:36 ` NAT regression in next tree Stephen Hemminger
2010-02-19 5:45 ` Patrick McHardy
2010-02-19 5:51 ` Stephen Hemminger
2010-02-19 7:06 ` Patrick McHardy [this message]
2010-02-19 7:20 ` Eric Dumazet
2010-02-19 7:27 ` Patrick McHardy
2010-02-19 18:11 ` Stephen Hemminger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4B7E386E.4070502@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=shemminger@vyatta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.