From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, Patrick McHardy <kaber@trash.net>,
netfilter-devel@vger.kernel.org
Subject: netfilter 03/05: ctnetlink: allow changing NAT sequence adjustment in creation
Date: Mon, 9 Feb 2009 17:39:31 +0100 (MET) [thread overview]
Message-ID: <20090209163930.13918.91017.sendpatchset@x2.localnet> (raw)
In-Reply-To: <20090209163926.13918.96177.sendpatchset@x2.localnet>
commit 028cf4480479685d7768bfdd6afe3f7bf9545b39
Author: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon Feb 9 14:25:52 2009 +0100
netfilter: ctnetlink: allow changing NAT sequence adjustment in creation
This patch fixes an inconsistency in the current ctnetlink code
since NAT sequence adjustment bit can only be updated but not set
in the conntrack entry creation.
This patch is used by conntrackd to successfully recover newly
created entries that represent connections with helpers and NAT
payload mangling.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index c32a7e8..9051bb4 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1215,6 +1215,16 @@ ctnetlink_create_conntrack(struct nlattr *cda[],
}
}
+#ifdef CONFIG_NF_NAT_NEEDED
+ if (cda[CTA_NAT_SEQ_ADJ_ORIG] || cda[CTA_NAT_SEQ_ADJ_REPLY]) {
+ err = ctnetlink_change_nat_seq_adj(ct, cda);
+ if (err < 0) {
+ rcu_read_unlock();
+ goto err;
+ }
+ }
+#endif
+
if (cda[CTA_PROTOINFO]) {
err = ctnetlink_change_protoinfo(ct, cda);
if (err < 0) {
next prev parent reply other threads:[~2009-02-09 16:39 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-09 16:39 netfilter 00/05: netfilter fixes Patrick McHardy
2009-02-09 16:39 ` netfilter 01/05: fix tuple inversion for Node information request Patrick McHardy
2009-02-09 16:39 ` netfilter 02/05: nf_conntrack_ipv6: don't track ICMPv6 negotiation message Patrick McHardy
2009-02-09 16:39 ` Patrick McHardy [this message]
2009-02-09 16:39 ` netfilter 04/05: ctnetlink: fix echo if not subscribed to any multicast group Patrick McHardy
2009-02-09 16:39 ` netfilter 05/05: xt_sctp: sctp chunk mapping doesn't work Patrick McHardy
2009-02-09 22:32 ` netfilter 00/05: netfilter fixes David Miller
2009-02-09 22:47 ` Patrick McHardy
2009-02-09 23:18 ` David Miller
2009-02-09 23:36 ` Patrick McHardy
2009-02-10 0:28 ` David Miller
2009-02-10 0:31 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090209163930.13918.91017.sendpatchset@x2.localnet \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).