aboutsummaryrefslogtreecommitdiffstats
path: root/include/net
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2008-04-14 05:15:51 -0400
committerPatrick McHardy <kaber@trash.net>2008-04-14 05:15:51 -0400
commit8c87238b726e543f8af4bdb4296020a328df4744 (patch)
treed6c74123cfdd8ccd784f8383446a19d260c9bddf /include/net
parent42cf800c240fa845e9c154429d70d62750e65b64 (diff)
[NETFILTER]: nf_nat: don't add NAT extension for confirmed conntracks
Adding extensions to confirmed conntracks is not allowed to avoid races on reallocation. Don't setup NAT for confirmed conntracks in case NAT module is loaded late. The has one side-effect, the connections existing before the NAT module was loaded won't enter the bysource hash. The only case where this actually makes a difference is in case of SNAT to a multirange where the IP before NAT is also part of the range. Since old connections don't enter the bysource hash the first new connection from the IP will have a new address selected. This shouldn't matter at all. Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/netfilter/nf_nat_rule.h3
1 files changed, 0 insertions, 3 deletions
diff --git a/include/net/netfilter/nf_nat_rule.h b/include/net/netfilter/nf_nat_rule.h
index 75d1825031d7..e4a18ae361c6 100644
--- a/include/net/netfilter/nf_nat_rule.h
+++ b/include/net/netfilter/nf_nat_rule.h
@@ -14,7 +14,4 @@ extern int nf_nat_rule_find(struct sk_buff *skb,
14 14
15extern unsigned int 15extern unsigned int
16alloc_null_binding(struct nf_conn *ct, unsigned int hooknum); 16alloc_null_binding(struct nf_conn *ct, unsigned int hooknum);
17
18extern unsigned int
19alloc_null_binding_confirmed(struct nf_conn *ct, unsigned int hooknum);
20#endif /* _NF_NAT_RULE_H */ 17#endif /* _NF_NAT_RULE_H */