Pandora Sourcecodes - pandora-kernel.git/commit

author	Patrick McHardy <kaber@trash.net>
	Tue, 6 Sep 2005 22:09:43 +0000 (15:09 -0700)
committer	David S. Miller <davem@davemloft.net>
	Tue, 6 Sep 2005 22:09:43 +0000 (15:09 -0700)
commit	03486a4f838c55481317fca5ac2e7d12550a4fb7
tree	9c5e5cd835102d67198e5fd1c6756f3b0de65a2c	tree \| snapshot
parent	31c913e7fd48000163a88cfe10383fd3be20910e	commit \| diff

[NETFILTER]: Handle NAT module load race

When the NAT module is loaded when connections are already confirmed
it must not change their tuples anymore. This is especially important
with CONFIG_NETFILTER_DEBUG, the netfilter listhelp functions will
refuse to remove an entry from a list when it can not be found on
the list, so when a changed tuple hashes to a new bucket the entry
is kept in the list until and after the conntrack is freed.

Allocate the exact conntrack tuple for NAT for already confirmed
connections or drop them if that fails.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

include/linux/netfilter_ipv4/ip_nat_rule.h		diff \| blob \| history
net/ipv4/netfilter/ip_nat_rule.c		diff \| blob \| history
net/ipv4/netfilter/ip_nat_standalone.c		diff \| blob \| history