Am 13.10.2010 21:21, schrieb Patrick McHardy: > Am 11.10.2010 10:23, schrieb Julian Anastasov: >> >> Skip ICMP translation of embedded protocol header >> if NAT bits are not set. Needed for IPVS to see the original >> embedded addresses because for IPVS traffic the IPS_SRC_NAT_BIT >> and IPS_DST_NAT_BIT bits are not set. It happens when IPVS performs >> DNAT for client packets after using nf_conntrack_alter_reply >> to expect replies from real server. >> >> Signed-off-by: Julian Anastasov <ja@xxxxxx> >> --- >> >> I'm not very familiar with this code, so this change >> must not be considered as trivial. May be there was a >> reason the embedded header to be translated before the NAT >> bits are set? > > This seems OK to me, but I need to think about it a bit more, > this code is subtle. I think this change is fine, it does not apply to the current tree anymore however. Could you please send me an updated version against the nf-next-2.6.git tree? Thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
