Jan Engelhardt wrote:
I see — so this patch is needed, seems like it?
===
commit 0d3f177a94aadedf9fd26f230d473e636eb0553c
Author: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
Date: Tue Mar 11 20:40:05 2008 +0100
[NETFILTER]: nf_nat: autoload IPv4 connection tracking
Without this patch, the generic L3 tracker would kick in
if nf_conntrack_ipv4 was not loaded before nf_nat, which
would lead to translation problems with ICMP errors.
Signed-off-by: Jan Engelhardt <jengelh@xxxxxxxxxxxxxxx>
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 9c8aa8d..a9de065 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -657,7 +657,12 @@ static int __init nf_nat_init(void)
/* Initialize fake conntrack so that NAT will skip it */
nf_conntrack_untracked.status |= IPS_NAT_DONE_MASK;
- l3proto = nf_ct_l3proto_find_get((u_int16_t)AF_INET);
+ if (nf_ct_l3proto_try_module_get(AF_INET) < 0)
+ printk(KERN_INFO KBUILD_MODNAME ": Could not load connection "
+ "tracking for l3proto %u, using generic L3 tracking "
+ "only.\n", AF_INET);
+
+ l3proto = __nf_ct_l3proto_find(AF_INET);
Actually I think this should be a hard error, NAT doesn't
work without IPv4 conntrack. The easiest fix seems to add
a need_ipv4_conntrack() "call" to the init function.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
