On Tue, Jan 18, 2011 at 10:17 PM, Patrick McHardy <kaber@xxxxxxxxx> wrote:
>> net/ipv4/netfilter/nf_nat_core.c | 18 +++++++++++-------
>> 1 file changed, 11 insertions(+), 7 deletions(-)
>> diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
>> index c04787c..51ce55a 100644
>> --- a/net/ipv4/netfilter/nf_nat_core.c
>> +++ b/net/ipv4/netfilter/nf_nat_core.c
>> @@ -221,7 +221,14 @@ get_unique_tuple(struct nf_conntrack_tuple *tuple,
>> manips not an issue. */
>> if (maniptype == IP_NAT_MANIP_SRC &&
>> !(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) {
>> - if (find_appropriate_src(net, zone, orig_tuple, tuple, range)) {
>> + /* try the original tuple first */
>
> This doesn't seem to be related to the hashing change. Please describe
> the intention behind this change.
Currently, we add the ct at the head of the corresponding bucket of
the source hash table after DNAT is done, so when we do SNAT, the
original ct will be tried first. This change is used to keep this
behavior.
>
>> + if (in_range(orig_tuple, range)) {
>> + if (!nf_nat_used_tuple(orig_tuple, ct)) {
>> + *tuple = *orig_tuple;
>> + return;
>> + }
>> + } else if (find_appropriate_src(net, zone, orig_tuple, tuple,
>> + range)) {
>> pr_debug("get_unique_tuple: Found current src map\n");
>> if (!nf_nat_used_tuple(tuple, ct))
>> return;
>
>
>
--
Regards,
Changli Gao(xiaosuo@xxxxxxxxx)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
