diff options
author | Patrick McHardy <kaber@trash.net> | 2007-01-26 04:06:47 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2007-01-26 04:06:47 -0500 |
commit | c72c6b2a291bb6c61b1546d116784a79e15a6c29 (patch) | |
tree | 3e7369188a531b805908e1a200e76126af914af9 | |
parent | e89862f4c5b3c4ac9afcd8cb1365d2f1e16ddc3b (diff) |
[NETFILTER]: nf_nat: fix ICMP translation with statically linked conntrack
When nf_nat/nf_conntrack_ipv4 are linked statically, nf_nat is initialized
before nf_conntrack_ipv4, which makes the nf_ct_l3proto_find_get(AF_INET)
call during nf_nat initialization return the generic l3proto instead of
the AF_INET specific one. This breaks ICMP error translation since the
generic protocol always initializes the IPs in the tuple to 0.
Change the linking order and put nf_conntrack_ipv4 first.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/netfilter/Makefile | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile index 15e741aeb291..16d177b71bf8 100644 --- a/net/ipv4/netfilter/Makefile +++ b/net/ipv4/netfilter/Makefile | |||
@@ -4,6 +4,14 @@ | |||
4 | 4 | ||
5 | # objects for the standalone - connection tracking / NAT | 5 | # objects for the standalone - connection tracking / NAT |
6 | ip_conntrack-objs := ip_conntrack_standalone.o ip_conntrack_core.o ip_conntrack_proto_generic.o ip_conntrack_proto_tcp.o ip_conntrack_proto_udp.o ip_conntrack_proto_icmp.o | 6 | ip_conntrack-objs := ip_conntrack_standalone.o ip_conntrack_core.o ip_conntrack_proto_generic.o ip_conntrack_proto_tcp.o ip_conntrack_proto_udp.o ip_conntrack_proto_icmp.o |
7 | # objects for l3 independent conntrack | ||
8 | nf_conntrack_ipv4-objs := nf_conntrack_l3proto_ipv4.o nf_conntrack_proto_icmp.o | ||
9 | ifeq ($(CONFIG_NF_CONNTRACK_PROC_COMPAT),y) | ||
10 | ifeq ($(CONFIG_PROC_FS),y) | ||
11 | nf_conntrack_ipv4-objs += nf_conntrack_l3proto_ipv4_compat.o | ||
12 | endif | ||
13 | endif | ||
14 | |||
7 | ip_nat-objs := ip_nat_core.o ip_nat_helper.o ip_nat_proto_unknown.o ip_nat_proto_tcp.o ip_nat_proto_udp.o ip_nat_proto_icmp.o | 15 | ip_nat-objs := ip_nat_core.o ip_nat_helper.o ip_nat_proto_unknown.o ip_nat_proto_tcp.o ip_nat_proto_udp.o ip_nat_proto_icmp.o |
8 | nf_nat-objs := nf_nat_core.o nf_nat_helper.o nf_nat_proto_unknown.o nf_nat_proto_tcp.o nf_nat_proto_udp.o nf_nat_proto_icmp.o | 16 | nf_nat-objs := nf_nat_core.o nf_nat_helper.o nf_nat_proto_unknown.o nf_nat_proto_tcp.o nf_nat_proto_udp.o nf_nat_proto_icmp.o |
9 | ifneq ($(CONFIG_NF_NAT),) | 17 | ifneq ($(CONFIG_NF_NAT),) |
@@ -20,6 +28,8 @@ ip_nat_h323-objs := ip_nat_helper_h323.o | |||
20 | 28 | ||
21 | # connection tracking | 29 | # connection tracking |
22 | obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o | 30 | obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o |
31 | obj-$(CONFIG_NF_CONNTRACK_IPV4) += nf_conntrack_ipv4.o | ||
32 | |||
23 | obj-$(CONFIG_IP_NF_NAT) += ip_nat.o | 33 | obj-$(CONFIG_IP_NF_NAT) += ip_nat.o |
24 | obj-$(CONFIG_NF_NAT) += nf_nat.o | 34 | obj-$(CONFIG_NF_NAT) += nf_nat.o |
25 | 35 | ||
@@ -106,13 +116,3 @@ obj-$(CONFIG_IP_NF_ARPFILTER) += arptable_filter.o | |||
106 | 116 | ||
107 | obj-$(CONFIG_IP_NF_QUEUE) += ip_queue.o | 117 | obj-$(CONFIG_IP_NF_QUEUE) += ip_queue.o |
108 | 118 | ||
109 | # objects for l3 independent conntrack | ||
110 | nf_conntrack_ipv4-objs := nf_conntrack_l3proto_ipv4.o nf_conntrack_proto_icmp.o | ||
111 | ifeq ($(CONFIG_NF_CONNTRACK_PROC_COMPAT),y) | ||
112 | ifeq ($(CONFIG_PROC_FS),y) | ||
113 | nf_conntrack_ipv4-objs += nf_conntrack_l3proto_ipv4_compat.o | ||
114 | endif | ||
115 | endif | ||
116 | |||
117 | # l3 independent conntrack | ||
118 | obj-$(CONFIG_NF_CONNTRACK_IPV4) += nf_conntrack_ipv4.o | ||