Harald Welte wrote:
> On Sun, Aug 07, 2005 at 08:42:56PM +0200, Patrick McHardy wrote:
>
>>The conntrack reference is manually attached to locally generated ICMP
>>errors and icmp_reply_translation() doesn't check if NAT mappings have
>>been set up but simply replaces IP/port by what is stored in the
>>untracked conntrack entry, which is all 0's.
>
> ah, manually attached references, I forgot about them.
>
> Looking at the latest traces Vladimir sent me, there is another case,
> too.
Yes, but nat_packet checks if manips have actually been set up before
touching the packet. This can never happen for the untracked entry
because it is initialized with IPS_NAT_DONE_MASK in ip_nat_core.
I guess we can remove this now:
/* Initialize fake conntrack so that NAT will skip it */
ip_conntrack_untracked.status |= IPS_NAT_DONE_MASK;
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
