From: Patrick McHardy Date: Tue, 9 Jan 2007 22:33:49 +0000 (-0800) Subject: [NETFILTER]: nf_nat: fix hanging connections when loading the NAT module X-Git-Tag: v2.6.20-rc5~29^2~4 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ffed53d25bf36efb0571f7d9109f2e95df7f8b33;p=linux-2.6 [NETFILTER]: nf_nat: fix hanging connections when loading the NAT module When loading the NAT module, existing connection tracking entries don't have room for NAT information allocated and packets are dropped, causing hanging connections. They really should be entered into the NAT table as NULL mappings, but the current allocation scheme doesn't allow this. For now simply accept those packets to avoid the hanging connections. Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c index 730a7a44c8..00d6dea9f7 100644 --- a/net/ipv4/netfilter/nf_nat_standalone.c +++ b/net/ipv4/netfilter/nf_nat_standalone.c @@ -123,7 +123,7 @@ nf_nat_fn(unsigned int hooknum, nat = nfct_nat(ct); if (!nat) - return NF_DROP; + return NF_ACCEPT; switch (ctinfo) { case IP_CT_RELATED: