linux-sg2042/net
Harald Welte 8b83bc77bf [PATCH] don't try to do any NAT on untracked connections
With the introduction of 'rustynat' in 2.6.11, the old tricks of preventing
NAT of 'untracked' connections (e.g. NOTRACK target in 'raw' table) are no
longer sufficient.

The ip_conntrack_untracked.status |= IPS_NAT_DONE_MASK effectively
prevents iteration of the 'nat' table, but doesn't prevent nat_packet()
to be executed.  Since nr_manips is gone in 'rustynat', nat_packet() now
implicitly thinks that it has to do NAT on the packet.

This patch fixes that problem by explicitly checking for
ip_conntrack_untracked in ip_nat_fn().

Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-08 11:48:28 -07:00
..
802 [NET]: __be'ify *_type_trans() 2005-07-12 12:08:43 -07:00
8021q [VLAN]: Fix early vlan adding leads to not functional device 2005-07-12 12:13:49 -07:00
appletalk [ATALK] aarp: replace schedule_timeout() with msleep() 2005-06-22 22:11:44 -07:00
atm [ATM]: Trivial spelling fix patch for net/Kconfig 2005-07-19 13:56:53 -07:00
ax25 [AX25] Introduce ax25_type_trans 2005-04-24 18:53:06 -07:00
bluetooth [Bluetooth] Add direction and timestamp to stack internal events 2005-08-06 12:36:54 +02:00
bridge [NET]: BRIDGE_EBT_ARPREPLY must depend on INET 2005-07-19 14:00:13 -07:00
core [NET] Fix too aggressive backoff in dst garbage collection 2005-07-30 17:47:25 -07:00
decnet [NET]: move config options out to individual protocols 2005-07-11 21:13:56 -07:00
econet [NET]: move config options out to individual protocols 2005-07-11 21:13:56 -07:00
ethernet [NET]: __be'ify *_type_trans() 2005-07-12 12:08:43 -07:00
ipv4 [PATCH] don't try to do any NAT on untracked connections 2005-08-08 11:48:28 -07:00
ipv6 [NET]: fix oops after tunnel module unload 2005-07-30 17:46:44 -07:00
ipx [NET]: move config options out to individual protocols 2005-07-11 21:13:56 -07:00
irda [NET]: Transform skb_queue_len() binary tests into skb_queue_empty() 2005-07-08 14:57:23 -07:00
key [IPSEC]: Add XFRM_STATE_NOPMTUDISC flag 2005-06-20 13:21:43 -07:00
lapb [NET]: move config options out to individual protocols 2005-07-11 21:13:56 -07:00
llc [NET]: Transform skb_queue_len() binary tests into skb_queue_empty() 2005-07-08 14:57:23 -07:00
netlink [NETLINK]: Fix "nocast type" warnings 2005-07-18 13:35:43 -07:00
netrom Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
packet [NETFILTER]: Revert nf_reset change 2005-07-12 11:57:52 -07:00
rose Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
rxrpc [PATCH] Cleanup patch for process freezing 2005-06-25 17:10:13 -07:00
sched [EMATCH]: Remove feature ifdefs in meta ematch. 2005-07-24 19:44:23 -07:00
sctp [SCTP]: Fix potential null pointer dereference while handling an icmp error 2005-07-18 13:44:10 -07:00
sunrpc [PATCH] coverity: sunrpc/xprt task null check 2005-07-07 18:23:47 -07:00
unix [NET]: move config options out to individual protocols 2005-07-11 21:13:56 -07:00
wanrouter [NET]: __be'ify *_type_trans() 2005-07-12 12:08:43 -07:00
x25 [NET]: move config options out to individual protocols 2005-07-11 21:13:56 -07:00
xfrm [XFRM]: Fix possible overflow of sock->sk_policy 2005-07-26 15:43:17 -07:00
Kconfig [NET]: Kconfig: NETCONSOLE and NETPOLL together 2005-07-18 13:45:12 -07:00
Makefile Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
TUNABLE Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
compat.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
nonet.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
socket.c [NET]: dont use strlen() but the result from a prior sprintf() 2005-06-22 14:32:51 -07:00
sysctl_net.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00