netfilter: ipt_CLUSTERIP: remove "no conntrack!"

When a packet is meant to be handled by another node of the cluster, silently drop it instead of flooding kernel log. Note : INVALID packets are also dropped without notice. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Eric Dumazet <eric.dumazet@gmail.com> 2011-01-18 10:27:56 -0500
committer: Patrick McHardy <kaber@trash.net> 2011-01-18 10:27:56 -0500
commit: 94d117a1c78df38abdea0c09ef00c205b923b567 (patch)
tree: dae2d28e1627c95fd785cdb960bc9eb2b8b2838d /net
parent: a8fc0d9b3401cb5e42a437293db383998290157d (diff)
1 files changed, 1 insertions, 6 deletions
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 1e26a4897655..403ca57f6011 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -300,13 +300,8 @@ clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par)
         * that the ->target() function isn't called after ->destroy() */
        ct = nf_ct_get(skb, &ctinfo);
-        if (ct == NULL) {
+        if (ct == NULL)
-                pr_info("no conntrack!\n");
-                        /* FIXME: need to drop invalid ones, since replies
-                         * to outgoing connections of other nodes will be
-                         * marked as INVALID */
                return NF_DROP;
-        }
        /* special case: ICMP error handling. conntrack distinguishes between
         * error messages (RELATED) and information requests (see below) */
author	Eric Dumazet <eric.dumazet@gmail.com>	2011-01-18 10:27:56 -0500
committer	Patrick McHardy <kaber@trash.net>	2011-01-18 10:27:56 -0500
commit	94d117a1c78df38abdea0c09ef00c205b923b567 (patch)
tree	dae2d28e1627c95fd785cdb960bc9eb2b8b2838d /net
parent	a8fc0d9b3401cb5e42a437293db383998290157d (diff)