On Mon, Nov 15, 2010 at 7:07 PM, Patrick McHardy <kaber@xxxxxxxxx> wrote: > On 15.11.2010 05:48, Changli Gao wrote: >> If SNAT isn't done, the wrong info maybe got by the other cts. >> >> As the filter table is after DNAT table, the packets dropped in filter >> table also bother bysource hash table. >> >> Signed-off-by: Changli Gao <xiaosuo@xxxxxxxxx> >> --- >> net/ipv4/netfilter/nf_nat_core.c | 18 +++++++++++------- >> 1 file changed, 11 insertions(+), 7 deletions(-) >> diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c >> index c04787c..51ce55a 100644 >> --- a/net/ipv4/netfilter/nf_nat_core.c >> +++ b/net/ipv4/netfilter/nf_nat_core.c >> @@ -545,11 +550,10 @@ static void nf_nat_move_storage(void *new, void *old) >> struct nf_conn_nat *old_nat = old; >> struct nf_conn *ct = old_nat->ct; >> >> - if (!ct || !(ct->status & IPS_NAT_DONE_MASK)) >> + if (!ct || !(ct->status & IPS_SRC_NAT_DONE)) >> return; >> >> spin_lock_bh(&nf_nat_lock); >> - new_nat->ct = ct; > > Why are you removing this? > nf_ct_ext uses __krealloc() to enlarge memory, so the content has been copied already. -- Regards, Changli Gao(xiaosuo@xxxxxxxxx) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
