mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-08-21 00:10:09 +00:00
8c87238b72
Adding extensions to confirmed conntracks is not allowed to avoid races on reallocation. Don't setup NAT for confirmed conntracks in case NAT module is loaded late. The has one side-effect, the connections existing before the NAT module was loaded won't enter the bysource hash. The only case where this actually makes a difference is in case of SNAT to a multirange where the IP before NAT is also part of the range. Since old connections don't enter the bysource hash the first new connection from the IP will have a new address selected. This shouldn't matter at all. Signed-off-by: Patrick McHardy <kaber@trash.net>
17 lines
536 B
C
17 lines
536 B
C
#ifndef _NF_NAT_RULE_H
|
|
#define _NF_NAT_RULE_H
|
|
#include <net/netfilter/nf_conntrack.h>
|
|
#include <net/netfilter/nf_nat.h>
|
|
#include <linux/netfilter_ipv4/ip_tables.h>
|
|
|
|
extern int nf_nat_rule_init(void) __init;
|
|
extern void nf_nat_rule_cleanup(void);
|
|
extern int nf_nat_rule_find(struct sk_buff *skb,
|
|
unsigned int hooknum,
|
|
const struct net_device *in,
|
|
const struct net_device *out,
|
|
struct nf_conn *ct);
|
|
|
|
extern unsigned int
|
|
alloc_null_binding(struct nf_conn *ct, unsigned int hooknum);
|
|
#endif /* _NF_NAT_RULE_H */
|