Pandora Sourcecodes - pandora-kernel.git/commit

author	Patrick McHardy <kaber@trash.net>
	Mon, 25 Apr 2005 01:41:38 +0000 (18:41 -0700)
committer	David S. Miller <davem@davemloft.net>
	Mon, 25 Apr 2005 01:41:38 +0000 (18:41 -0700)
commit	e281e3ac2b6c294d672034909883e7bb9e649ac7
tree	0a7a13aa6ecaddf030a8ec5deecce87ee424aae7	tree \| snapshot
parent	8e293ada7d6aaee43dd56a8077b83577dd108667	commit \| diff

[NETFILTER]: Fix NAT sequence number adjustment

The NAT changes in 2.6.11 changed the position where helpers
are called and perform packet mangling. Before 2.6.11, a NAT
helper was called before the packet was NATed and had its
sequence number adjusted. Since 2.6.11, the helpers get packets
with already adjusted sequence numbers.

This breaks sequence number adjustment, adjust_tcp_sequence()
needs the original sequence number to determine whether
a packet was a retransmission and to store it for further
corrections. It can't be reconstructed without more information
than available, so this patch restores the old order by
calling helpers from a new conntrack hook two priorities
below ip_conntrack_confirm() and adjusting the sequence number
from a new NAT hook one priority below ip_conntrack_confirm().

Tracked down by Phil Oester <kernel@linuxace.com>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/netfilter_ipv4.h		diff \| blob \| history
net/ipv4/netfilter/ip_conntrack_standalone.c		diff \| blob \| history
net/ipv4/netfilter/ip_nat_core.c		diff \| blob \| history
net/ipv4/netfilter/ip_nat_standalone.c		diff \| blob \| history