diff options
author | David S. Miller <davem@davemloft.net> | 2014-02-19 13:12:53 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-02-19 13:12:53 -0500 |
commit | 2e99c07fbe9d823147190753b4d762ec1e31202e (patch) | |
tree | 138c8ed4e6726392f5846fb5ef2c5e6916d84740 /net/ipv4 | |
parent | 960dfc4eb23a28495276b02604d7458e0e1a1ed8 (diff) | |
parent | 0eba801b64cc8284d9024c7ece30415a2b981a72 (diff) |
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
Pablo Neira Ayuso says:
====================
Netfilter fixes for net
The following patchset contains Netfilter fixes for your net tree,
they are:
* Fix nf_trace in nftables if XT_TRACE=n, from Florian Westphal.
* Don't use the fast payload operation in nf_tables if the length is
not power of 2 or it is not aligned, from Nikolay Aleksandrov.
* Fix missing break statement the inet flavour of nft_reject, which
results in evaluating IPv4 packets with the IPv6 evaluation routine,
from Patrick McHardy.
* Fix wrong kconfig symbol in nft_meta to match the routing realm,
from Paul Bolle.
* Allocate the NAT null binding when creating new conntracks via
ctnetlink to avoid that several packets race at initializing the
the conntrack NAT extension, original patch from Florian Westphal,
revisited version from me.
* Fix DNAT handling in the snmp NAT helper, the same handling was being
done for SNAT and DNAT and 2.4 already contains that fix, from
Francois-Xavier Le Bail.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/ip_output.c | 3 | ||||
-rw-r--r-- | net/ipv4/netfilter/nf_nat_snmp_basic.c | 4 |
2 files changed, 2 insertions, 5 deletions
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 8971780aec7c..73c6b63bba74 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c | |||
@@ -422,9 +422,6 @@ static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from) | |||
422 | to->tc_index = from->tc_index; | 422 | to->tc_index = from->tc_index; |
423 | #endif | 423 | #endif |
424 | nf_copy(to, from); | 424 | nf_copy(to, from); |
425 | #if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) | ||
426 | to->nf_trace = from->nf_trace; | ||
427 | #endif | ||
428 | #if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE) | 425 | #if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE) |
429 | to->ipvs_property = from->ipvs_property; | 426 | to->ipvs_property = from->ipvs_property; |
430 | #endif | 427 | #endif |
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c index d551e31b416e..7c676671329d 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic.c +++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c | |||
@@ -1198,8 +1198,8 @@ static int snmp_translate(struct nf_conn *ct, | |||
1198 | map.to = NOCT1(&ct->tuplehash[!dir].tuple.dst.u3.ip); | 1198 | map.to = NOCT1(&ct->tuplehash[!dir].tuple.dst.u3.ip); |
1199 | } else { | 1199 | } else { |
1200 | /* DNAT replies */ | 1200 | /* DNAT replies */ |
1201 | map.from = NOCT1(&ct->tuplehash[dir].tuple.src.u3.ip); | 1201 | map.from = NOCT1(&ct->tuplehash[!dir].tuple.src.u3.ip); |
1202 | map.to = NOCT1(&ct->tuplehash[!dir].tuple.dst.u3.ip); | 1202 | map.to = NOCT1(&ct->tuplehash[dir].tuple.dst.u3.ip); |
1203 | } | 1203 | } |
1204 | 1204 | ||
1205 | if (map.from == map.to) | 1205 | if (map.from == map.to) |