diff options
author | Patrick McHardy <kaber@trash.net> | 2008-10-14 14:56:59 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-10-14 14:56:59 -0400 |
commit | 38f7ac3eb7206ffd1201c14baba832d7e363de0a (patch) | |
tree | cd195d19a0c16f3cd59f4afe0526a86c1db5322d /net/ipv4 | |
parent | 485013717020cd8961337309e359d6cef43d6022 (diff) |
netfilter: restore lost #ifdef guarding defrag exception
Nir Tzachar <nir.tzachar@gmail.com> reported a warning when sending
fragments over loopback with NAT:
[ 6658.338121] WARNING: at net/ipv4/netfilter/nf_nat_standalone.c:89 nf_nat_fn+0x33/0x155()
The reason is that defragmentation is skipped for already tracked connections.
This is wrong in combination with NAT and ip_conntrack actually had some ifdefs
to avoid this behaviour when NAT is compiled in.
The entire "optimization" may seem a bit silly, for now simply restoring the
lost #ifdef is the easiest solution until we can come up with something better.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/netfilter/nf_defrag_ipv4.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/nf_defrag_ipv4.c b/net/ipv4/netfilter/nf_defrag_ipv4.c index aa2c50a180f..fa2d6b6fc3e 100644 --- a/net/ipv4/netfilter/nf_defrag_ipv4.c +++ b/net/ipv4/netfilter/nf_defrag_ipv4.c | |||
@@ -41,12 +41,13 @@ static unsigned int ipv4_conntrack_defrag(unsigned int hooknum, | |||
41 | int (*okfn)(struct sk_buff *)) | 41 | int (*okfn)(struct sk_buff *)) |
42 | { | 42 | { |
43 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) | 43 | #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) |
44 | #if !defined(CONFIG_NF_NAT) && !defined(CONFIG_NF_NAT_MODULE) | ||
44 | /* Previously seen (loopback)? Ignore. Do this before | 45 | /* Previously seen (loopback)? Ignore. Do this before |
45 | fragment check. */ | 46 | fragment check. */ |
46 | if (skb->nfct) | 47 | if (skb->nfct) |
47 | return NF_ACCEPT; | 48 | return NF_ACCEPT; |
48 | #endif | 49 | #endif |
49 | 50 | #endif | |
50 | /* Gather fragments. */ | 51 | /* Gather fragments. */ |
51 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { | 52 | if (ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET)) { |
52 | if (nf_ct_ipv4_gather_frags(skb, | 53 | if (nf_ct_ipv4_gather_frags(skb, |