aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2007-01-09 17:33:49 -0500
committerDavid S. Miller <davem@davemloft.net>2007-01-09 17:33:49 -0500
commitffed53d25bf36efb0571f7d9109f2e95df7f8b33 (patch)
tree2246205ca5576959e5d978d88d882fcda0f4100e
parent8c82d8df7060221f131c9ca5352fb613c14f857a (diff)
[NETFILTER]: nf_nat: fix hanging connections when loading the NAT module
When loading the NAT module, existing connection tracking entries don't have room for NAT information allocated and packets are dropped, causing hanging connections. They really should be entered into the NAT table as NULL mappings, but the current allocation scheme doesn't allow this. For now simply accept those packets to avoid the hanging connections. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/netfilter/nf_nat_standalone.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index 730a7a44c883..00d6dea9f7f3 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -123,7 +123,7 @@ nf_nat_fn(unsigned int hooknum,
123 123
124 nat = nfct_nat(ct); 124 nat = nfct_nat(ct);
125 if (!nat) 125 if (!nat)
126 return NF_DROP; 126 return NF_ACCEPT;
127 127
128 switch (ctinfo) { 128 switch (ctinfo) {
129 case IP_CT_RELATED: 129 case IP_CT_RELATED: