]> err.no Git - linux-2.6/commitdiff
[NETFILTER]: Fix check whether dst_entry needs to be released after NAT
authorPatrick McHardy <kaber@trash.net>
Sat, 4 Feb 2006 10:19:46 +0000 (02:19 -0800)
committerDavid S. Miller <davem@sunset.davemloft.net>
Sun, 5 Feb 2006 07:51:29 +0000 (23:51 -0800)
After DNAT the original dst_entry needs to be released if present
so the packet doesn't skip input routing with its new address. The
current check for DNAT in ip_nat_in is reversed and checks for SNAT.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/netfilter/ip_nat_standalone.c

index ad438fb185b8943dfafde63c13fcbb405a5caf46..92c54999a19d023d049af354123b096839757aad 100644 (file)
@@ -209,8 +209,8 @@ ip_nat_in(unsigned int hooknum,
            && (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) {
                enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
 
-               if (ct->tuplehash[dir].tuple.src.ip !=
-                   ct->tuplehash[!dir].tuple.dst.ip) {
+               if (ct->tuplehash[dir].tuple.dst.ip !=
+                   ct->tuplehash[!dir].tuple.src.ip) {
                        dst_release((*pskb)->dst);
                        (*pskb)->dst = NULL;
                }