From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 7 Jun 2012 11:31:25 +0000 (+0200)
Subject: netfilter: nfnetlink_queue: add NAT TCP sequence adjustment if packet mangled
X-Git-Tag: v3.6-rc1~125^2~529^2~2
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c88f87cb27ad09086940bdd3e6955e5325ec89a;p=pandora-kernel.git

netfilter: nfnetlink_queue: add NAT TCP sequence adjustment if packet mangled

User-space programs that receive traffic via NFQUEUE may mangle packets.
If NAT is enabled, this usually puzzles sequence tracking, leading to
traffic disruptions.

With this patch, nfnl_queue will make the corresponding NAT TCP sequence
adjustment if:

1) The packet has been mangled,
2) the NFQA_CFG_F_CONNTRACK flag has been set, and
3) NAT is detected.

There are some records on the Internet complaning about this issue:
http://stackoverflow.com/questions/260757/packet-mangling-utilities-besides-iptables

By now, we only support TCP since we have no helpers for DCCP or SCTP.
Better to add this if we ever have some helper over those layer 4 protocols.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

Reading git-diff-tree failed