On Fri, Feb 08, 2019 at 04:39:52PM +0100, Florian Westphal wrote: > Sander Eikelenboom bisected a NAT related regression down > to the l4proto->manip_pkt indirection removal. > > I forgot that ICMP(v6) errors (e.g. PKTTOOBIG) can be set as related > to the existing conntrack entry. > > Therefore, when passing the skb to nf_nat_ipv4/6_manip_pkt(), that > ended up calling the wrong l4 manip function, as tuple->dst.protonum > is the original flows l4 protocol (TCP, UDP, etc). > > Set the dst protocol field to ICMP(v6), we already have a private copy > of the tuple due to the inversion of src/dst. Applied, thanks.
