patch-2.4.4 linux/net/ipv4/netfilter/ip_nat_standalone.c
Next file: linux/net/ipv4/netfilter/ipchains_core.c
Previous file: linux/net/ipv4/netfilter/ip_nat_rule.c
Back to the patch index
Back to the overall index
- Lines: 44
- Date:
Fri Apr 27 14:15:01 2001
- Orig file:
v2.4.3/linux/net/ipv4/netfilter/ip_nat_standalone.c
- Orig date:
Sat Feb 3 11:45:55 2001
diff -u --recursive --new-file v2.4.3/linux/net/ipv4/netfilter/ip_nat_standalone.c linux/net/ipv4/netfilter/ip_nat_standalone.c
@@ -64,21 +64,25 @@
(*pskb)->nfcache |= NFC_UNKNOWN;
/* If we had a hardware checksum before, it's now invalid */
- if ((*pskb)->pkt_type != PACKET_LOOPBACK)
+ if ((*pskb)->ip_summed == CHECKSUM_HW)
(*pskb)->ip_summed = CHECKSUM_NONE;
ct = ip_conntrack_get(*pskb, &ctinfo);
- /* Can't track? Maybe out of memory: this would make NAT
- unreliable. */
+ /* Can't track? It's not due to stress, or conntrack would
+ have dropped it. Hence it's the user's responsibilty to
+ packet filter it out, or implement conntrack/NAT for that
+ protocol. 8) --RR */
if (!ct) {
- if (net_ratelimit())
- printk(KERN_DEBUG "NAT: %u dropping untracked packet %p %u %u.%u.%u.%u -> %u.%u.%u.%u\n",
- hooknum,
- *pskb,
- (*pskb)->nh.iph->protocol,
- NIPQUAD((*pskb)->nh.iph->saddr),
- NIPQUAD((*pskb)->nh.iph->daddr));
- return NF_DROP;
+ /* Exception: ICMP redirect to new connection (not in
+ hash table yet). We must not let this through, in
+ case we're doing NAT to the same network. */
+ struct iphdr *iph = (*pskb)->nh.iph;
+ struct icmphdr *hdr = (struct icmphdr *)
+ ((u_int32_t *)iph + iph->ihl);
+ if (iph->protocol == IPPROTO_ICMP
+ && hdr->type == ICMP_REDIRECT)
+ return NF_DROP;
+ return NF_ACCEPT;
}
switch (ctinfo) {
@@ -336,3 +340,6 @@
EXPORT_SYMBOL(ip_nat_expect_register);
EXPORT_SYMBOL(ip_nat_expect_unregister);
EXPORT_SYMBOL(ip_nat_cheat_check);
+EXPORT_SYMBOL(ip_nat_mangle_tcp_packet);
+EXPORT_SYMBOL(ip_nat_seq_adjust);
+EXPORT_SYMBOL(ip_nat_delete_sack);
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)