Commit 7918d212 authored Feb 04, 2006 by Patrick McHardy Committed by David S. Miller Feb 04, 2006

[NETFILTER]: Fix check whether dst_entry needs to be released after NAT



After DNAT the original dst_entry needs to be released if present
so the packet doesn't skip input routing with its new address. The
current check for DNAT in ip_nat_in is reversed and checks for SNAT.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent 0047c65a

net/ipv4/netfilter/ip_nat_standalone.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -209,8 +209,8 @@ ip_nat_in(unsigned int hooknum,
		&& (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) {
		enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);

		if (ct->tuplehash[dir].tuple.src.ip !=
		ct->tuplehash[!dir].tuple.dst.ip) {
		if (ct->tuplehash[dir].tuple.dst.ip !=
		ct->tuplehash[!dir].tuple.src.ip) {
		dst_release((*pskb)->dst);
		(*pskb)->dst = NULL;
		}