Hi Dave! This fixes a bug with MASQUERADE and nat helpers. The fix applies to both net-2.6.14 and Linus' current git tree.
I'll send a 2.4.31 version of the patch directly to Marcelo (will Cc you). Please apply, thanks. -- - Harald Welte <[EMAIL PROTECTED]> http://netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
[NETFILTER] Inherit masq_index to slave connections
masq_index is used for cleanup in case the interface address changes
(such as a dialup ppp link with dynamic addreses). Without this patch,
slave connections are not evicted in such a case, since they don't inherit
masq_index.
Signed-off-by: Harald Welte <[EMAIL PROTECTED]>
---
commit bd4123d85f932f9bd60da9d2ed3523dc7b792075
tree a0218fc4d42630d33d99b4167f6dccf209cfd091
parent f00815c7d2b718eccbc3e7ec77592faff45e9ccc
author laforge <[EMAIL PROTECTED]> Sa, 30 Jul 2005 15:35:35 +0200
committer laforge <[EMAIL PROTECTED]> Sa, 30 Jul 2005 15:35:35 +0200
net/ipv4/netfilter/ip_conntrack_core.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c
b/net/ipv4/netfilter/ip_conntrack_core.c
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -726,6 +726,11 @@ init_conntrack(struct ip_conntrack_tuple
#if CONFIG_IP_NF_CONNTRACK_MARK
conntrack->mark = exp->master->mark;
#endif
+#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
+ defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
+ /* this is ugly, but there is no other place where to put it */
+ conntrack->nat.masq_index = exp->master->nat.masq_index;
+#endif
nf_conntrack_get(&conntrack->master->ct_general);
CONNTRACK_STAT_INC(expect_new);
} else {
pgpeh1dvC3YZ8.pgp
Description: PGP signature
