diff options
author | Paul Mackerras <paulus@samba.org> | 2006-02-24 14:05:47 +1100 |
---|---|---|
committer | Paul Mackerras <paulus@samba.org> | 2006-02-24 14:05:47 +1100 |
commit | a00428f5b149e36b8225b2a0812742a6dfb07b8c (patch) | |
tree | a78869cd67cf78a0eb091fb0ea5d397734bd6738 /net/ipv4/netfilter/ip_nat_standalone.c | |
parent | 774fee58c465ea1c7e9775e347ec307bcf2deeb3 (diff) | |
parent | fb5c594c2acc441f0d2d8f457484a0e0e9285db3 (diff) | |
download | op-kernel-dev-a00428f5b149e36b8225b2a0812742a6dfb07b8c.zip op-kernel-dev-a00428f5b149e36b8225b2a0812742a6dfb07b8c.tar.gz |
Merge ../powerpc-merge
Diffstat (limited to 'net/ipv4/netfilter/ip_nat_standalone.c')
-rw-r--r-- | net/ipv4/netfilter/ip_nat_standalone.c | 22 |
1 files changed, 8 insertions, 14 deletions
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c index 92c5499..ab1f88f 100644 --- a/net/ipv4/netfilter/ip_nat_standalone.c +++ b/net/ipv4/netfilter/ip_nat_standalone.c @@ -200,20 +200,14 @@ ip_nat_in(unsigned int hooknum, const struct net_device *out, int (*okfn)(struct sk_buff *)) { - struct ip_conntrack *ct; - enum ip_conntrack_info ctinfo; unsigned int ret; + u_int32_t daddr = (*pskb)->nh.iph->daddr; ret = ip_nat_fn(hooknum, pskb, in, out, okfn); if (ret != NF_DROP && ret != NF_STOLEN - && (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) { - enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); - - if (ct->tuplehash[dir].tuple.dst.ip != - ct->tuplehash[!dir].tuple.src.ip) { - dst_release((*pskb)->dst); - (*pskb)->dst = NULL; - } + && daddr != (*pskb)->nh.iph->daddr) { + dst_release((*pskb)->dst); + (*pskb)->dst = NULL; } return ret; } @@ -235,19 +229,19 @@ ip_nat_out(unsigned int hooknum, return NF_ACCEPT; ret = ip_nat_fn(hooknum, pskb, in, out, okfn); +#ifdef CONFIG_XFRM if (ret != NF_DROP && ret != NF_STOLEN && (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) { enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo); if (ct->tuplehash[dir].tuple.src.ip != ct->tuplehash[!dir].tuple.dst.ip -#ifdef CONFIG_XFRM || ct->tuplehash[dir].tuple.src.u.all != ct->tuplehash[!dir].tuple.dst.u.all -#endif ) - return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP; + return ip_xfrm_me_harder(pskb) == 0 ? ret : NF_DROP; } +#endif return ret; } @@ -276,7 +270,7 @@ ip_nat_local_fn(unsigned int hooknum, ct->tuplehash[!dir].tuple.src.ip #ifdef CONFIG_XFRM || ct->tuplehash[dir].tuple.dst.u.all != - ct->tuplehash[dir].tuple.src.u.all + ct->tuplehash[!dir].tuple.src.u.all #endif ) return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP; |