On Thu, Oct 21, 2010 at 01:15:15PM +0200, Patrick McHardy wrote: > Am 13.10.2010 21:21, schrieb Patrick McHardy: > > Am 11.10.2010 10:23, schrieb Julian Anastasov: > >> > >> Skip ICMP translation of embedded protocol header > >> if NAT bits are not set. Needed for IPVS to see the original > >> embedded addresses because for IPVS traffic the IPS_SRC_NAT_BIT > >> and IPS_DST_NAT_BIT bits are not set. It happens when IPVS performs > >> DNAT for client packets after using nf_conntrack_alter_reply > >> to expect replies from real server. > >> > >> Signed-off-by: Julian Anastasov <ja@xxxxxx> > >> --- > >> > >> I'm not very familiar with this code, so this change > >> must not be considered as trivial. May be there was a > >> reason the embedded header to be translated before the NAT > >> bits are set? > > > > This seems OK to me, but I need to think about it a bit more, > > this code is subtle. > > I think this change is fine, it does not apply to the current tree > anymore however. Could you please send me an updated version > against the nf-next-2.6.git tree? Thanks! I can handle this and include it in my next pull request. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
