patch-2.4.22 linux-2.4.22/net/ipv4/netfilter/ip_nat_core.c
Next file: linux-2.4.22/net/ipv4/netfilter/ip_nat_ftp.c
Previous file: linux-2.4.22/net/ipv4/netfilter/ip_nat_amanda.c
Back to the patch index
Back to the overall index
- Lines: 47
- Date:
2003-08-25 04:44:44.000000000 -0700
- Orig file:
linux-2.4.21/net/ipv4/netfilter/ip_nat_core.c
- Orig date:
2003-06-13 07:51:39.000000000 -0700
diff -urN linux-2.4.21/net/ipv4/netfilter/ip_nat_core.c linux-2.4.22/net/ipv4/netfilter/ip_nat_core.c
@@ -756,6 +756,11 @@
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
int is_tcp = (*pskb)->nh.iph->protocol == IPPROTO_TCP;
+ /* Skip everything and don't call helpers if there are no
+ * manips for this connection */
+ if (info->num_manips == 0)
+ return NF_ACCEPT;
+
/* Need nat lock to protect against modification, but neither
conntrack (referenced) and helper (deleted with
synchronize_bh()) can vanish. */
@@ -796,6 +801,7 @@
struct ip_conntrack_expect *exp = NULL;
struct list_head *cur_item;
int ret = NF_ACCEPT;
+ int helper_called = 0;
DEBUGP("do_bindings: helper existing for (%p)\n", ct);
@@ -814,19 +820,21 @@
continue;
if (exp_for_packet(exp, pskb)) {
- /* FIXME: May be true multiple times in the case of UDP!! */
- DEBUGP("calling nat helper (exp=%p) for packet\n",
- exp);
+ /* FIXME: May be true multiple times in the
+ * case of UDP!! */
+ DEBUGP("calling nat helper (exp=%p) for packet\n", exp);
ret = helper->help(ct, exp, info, ctinfo,
hooknum, pskb);
if (ret != NF_ACCEPT) {
READ_UNLOCK(&ip_conntrack_lock);
return ret;
}
+ helper_called = 1;
}
}
- /* Helper might want to manip the packet even when there is no expectation */
- if (!exp && helper->flags & IP_NAT_HELPER_F_ALWAYS) {
+ /* Helper might want to manip the packet even when there is no
+ * matching expectation for this packet */
+ if (!helper_called && helper->flags & IP_NAT_HELPER_F_ALWAYS) {
DEBUGP("calling nat helper for packet without expectation\n");
ret = helper->help(ct, NULL, info, ctinfo,
hooknum, pskb);
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)