Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9174c153 authored by Alexey Dobriyan's avatar Alexey Dobriyan Committed by Patrick McHardy
Browse files

netfilter: netns nf_conntrack: fixup DNAT in netns 



Signed-off-by: default avatarAlexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 0c4c9288

net/ipv4/netfilter/nf_nat_rule.c

+3 −3
Original line number Diff line number Diff line
@@ -91,13 +91,13 @@ static unsigned int ipt_snat_target(struct sk_buff *skb, 
}



/* Before 2.6.11 we did implicit source NAT if required. Warn about change. */

static void warn_if_extra_mangle(__be32 dstip, __be32 srcip)

static void warn_if_extra_mangle(struct net *net, __be32 dstip, __be32 srcip)

{

	static int warned = 0;

	struct flowi fl = { .nl_u = { .ip4_u = { .daddr = dstip } } };

	struct rtable *rt;



	if (ip_route_output_key(&init_net, &rt, &fl) != 0)

	if (ip_route_output_key(net, &rt, &fl) != 0)

		return;



	if (rt->rt_src != srcip && !warned) {
@@ -130,7 +130,7 @@ static unsigned int ipt_dnat_target(struct sk_buff *skb, 


	if (hooknum == NF_INET_LOCAL_OUT &&

	    mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)

		warn_if_extra_mangle(ip_hdr(skb)->daddr,

		warn_if_extra_mangle(dev_net(out), ip_hdr(skb)->daddr,

				     mr->range[0].min_ip);



	return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST);