pandora: defconfig: update

[pandora-kernel.git] / net / ipv4 / netfilter / nf_nat_standalone.c

diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index a6e606e..e32b542 100644 (file)
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -194,7 +194,8 @@ nf_nat_out(unsigned int hooknum,
 
                if ((ct->tuplehash[dir].tuple.src.u3.ip !=
                     ct->tuplehash[!dir].tuple.dst.u3.ip) ||
-                   (ct->tuplehash[dir].tuple.src.u.all !=
+                   (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP &&
+                    ct->tuplehash[dir].tuple.src.u.all !=
                     ct->tuplehash[!dir].tuple.dst.u.all)
                   )
                        return ip_xfrm_me_harder(skb) == 0 ? ret : NF_DROP;
@@ -230,7 +231,8 @@ nf_nat_local_fn(unsigned int hooknum,
                                ret = NF_DROP;
                }
 #ifdef CONFIG_XFRM
-               else if (ct->tuplehash[dir].tuple.dst.u.all !=
+               else if (ct->tuplehash[dir].tuple.dst.protonum != IPPROTO_ICMP &&
+                        ct->tuplehash[dir].tuple.dst.u.all !=
                         ct->tuplehash[!dir].tuple.src.u.all)
                        if (ip_xfrm_me_harder(skb))
                                ret = NF_DROP;
@@ -284,7 +286,7 @@ static int __init nf_nat_standalone_init(void)
 
 #ifdef CONFIG_XFRM
        BUG_ON(ip_nat_decode_session != NULL);
-       rcu_assign_pointer(ip_nat_decode_session, nat_decode_session);
+       RCU_INIT_POINTER(ip_nat_decode_session, nat_decode_session);
 #endif
        ret = nf_nat_rule_init();
        if (ret < 0) {
@@ -302,7 +304,7 @@ static int __init nf_nat_standalone_init(void)
        nf_nat_rule_cleanup();
  cleanup_decode_session:
 #ifdef CONFIG_XFRM
-       rcu_assign_pointer(ip_nat_decode_session, NULL);
+       RCU_INIT_POINTER(ip_nat_decode_session, NULL);
        synchronize_net();
 #endif
        return ret;
@@ -313,7 +315,7 @@ static void __exit nf_nat_standalone_fini(void)
        nf_unregister_hooks(nf_nat_ops, ARRAY_SIZE(nf_nat_ops));
        nf_nat_rule_cleanup();
 #ifdef CONFIG_XFRM
-       rcu_assign_pointer(ip_nat_decode_session, NULL);
+       RCU_INIT_POINTER(ip_nat_decode_session, NULL);
        synchronize_net();
 #endif
        /* Conntrack caches are unregistered in nf_conntrack_cleanup */