summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2006-02-04 02:19:46 -0800
committerDavid S. Miller <davem@sunset.davemloft.net>2006-02-04 23:51:29 -0800
commit7918d212df31fb7ddfb317c5a8dccdcec647d754 (patch)
treef3742fc5901dc7a367d6b6d6d47b09782c01eb43 /net
parent0047c65a60fa3b6607b55e058ea6a89f39cb3f28 (diff)
downloadlinux-3.10-7918d212df31fb7ddfb317c5a8dccdcec647d754.tar.gz
linux-3.10-7918d212df31fb7ddfb317c5a8dccdcec647d754.tar.bz2
linux-3.10-7918d212df31fb7ddfb317c5a8dccdcec647d754.zip
[NETFILTER]: Fix check whether dst_entry needs to be released after NAT
After DNAT the original dst_entry needs to be released if present so the packet doesn't skip input routing with its new address. The current check for DNAT in ip_nat_in is reversed and checks for SNAT. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/netfilter/ip_nat_standalone.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index ad438fb185b..92c54999a19 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -209,8 +209,8 @@ ip_nat_in(unsigned int hooknum,
&& (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) {
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
- if (ct->tuplehash[dir].tuple.src.ip !=
- ct->tuplehash[!dir].tuple.dst.ip) {
+ if (ct->tuplehash[dir].tuple.dst.ip !=
+ ct->tuplehash[!dir].tuple.src.ip) {
dst_release((*pskb)->dst);
(*pskb)->dst = NULL;
}