]> bbs.cooldavid.org Git - net-next-2.6.git/commit
git://bbs.cooldavid.org / net-next-2.6.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0d79641) | patch
nf_nat: restrict ICMP translation for embedded header
authorJulian Anastasov <ja@ssi.bg>
Mon, 11 Oct 2010 08:23:07 +0000 (11:23 +0300)
committerSimon Horman <horms@verge.net.au>
Thu, 21 Oct 2010 11:30:02 +0000 (13:30 +0200)
commitb0aeef30433ea6854e985c2e9842fa19f51b95cc
treeaedeebe5ef7cc56abece7bd103fb6229179a11bdtree | snapshot (tar.bz2 tar.gz zip)
parent0d79641a96d612aaa6d57a4d4f521d7ed9c9ccddcommit | diff
nf_nat: restrict ICMP translation for embedded header

  Skip ICMP translation of embedded protocol header
if NAT bits are not set. Needed for IPVS to see the original
embedded addresses because for IPVS traffic the IPS_SRC_NAT_BIT
and IPS_DST_NAT_BIT bits are not set. It happens when IPVS performs
DNAT for client packets after using nf_conntrack_alter_reply
to expect replies from real server.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
net/ipv4/netfilter/nf_nat_core.c diff | blob | blame | history
Clone of davem's net-next-2.6 tree