8b83bc77bf
With the introduction of 'rustynat' in 2.6.11, the old tricks of preventing NAT of 'untracked' connections (e.g. NOTRACK target in 'raw' table) are no longer sufficient. The ip_conntrack_untracked.status |= IPS_NAT_DONE_MASK effectively prevents iteration of the 'nat' table, but doesn't prevent nat_packet() to be executed. Since nr_manips is gone in 'rustynat', nat_packet() now implicitly thinks that it has to do NAT on the packet. This patch fixes that problem by explicitly checking for ip_conntrack_untracked in ip_nat_fn(). Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
||
|---|---|---|
| .. | ||
| ipvs | ||
| netfilter | ||
| af_inet.c | ||
| ah4.c | ||
| arp.c | ||
| datagram.c | ||
| devinet.c | ||
| esp4.c | ||
| fib_frontend.c | ||
| fib_hash.c | ||
| fib_lookup.h | ||
| fib_rules.c | ||
| fib_semantics.c | ||
| fib_trie.c | ||
| icmp.c | ||
| igmp.c | ||
| inetpeer.c | ||
| ip_forward.c | ||
| ip_fragment.c | ||
| ip_gre.c | ||
| ip_input.c | ||
| ip_options.c | ||
| ip_output.c | ||
| ip_sockglue.c | ||
| ipcomp.c | ||
| ipconfig.c | ||
| ipip.c | ||
| ipmr.c | ||
| Kconfig | ||
| Makefile | ||
| multipath_drr.c | ||
| multipath_random.c | ||
| multipath_rr.c | ||
| multipath_wrandom.c | ||
| multipath.c | ||
| proc.c | ||
| protocol.c | ||
| raw.c | ||
| route.c | ||
| syncookies.c | ||
| sysctl_net_ipv4.c | ||
| tcp_bic.c | ||
| tcp_cong.c | ||
| tcp_diag.c | ||
| tcp_highspeed.c | ||
| tcp_htcp.c | ||
| tcp_hybla.c | ||
| tcp_input.c | ||
| tcp_ipv4.c | ||
| tcp_minisocks.c | ||
| tcp_output.c | ||
| tcp_scalable.c | ||
| tcp_timer.c | ||
| tcp_vegas.c | ||
| tcp_westwood.c | ||
| tcp.c | ||
| udp.c | ||
| xfrm4_input.c | ||
| xfrm4_output.c | ||
| xfrm4_policy.c | ||
| xfrm4_state.c | ||
| xfrm4_tunnel.c | ||