linux/net/ipv4
Jozsef Kadlecsik f9dd09c7f7 netfilter: nf_nat: fix NAT issue in 2.6.30.4+
Vitezslav Samel discovered that since 2.6.30.4+ active FTP can not work
over NAT. The "cause" of the problem was a fix of unacknowledged data
detection with NAT (commit a3a9f79e36).
However, actually, that fix uncovered a long standing bug in TCP conntrack:
when NAT was enabled, we simply updated the max of the right edge of
the segments we have seen (td_end), by the offset NAT produced with
changing IP/port in the data. However, we did not update the other parameter
(td_maxend) which is affected by the NAT offset. Thus that could drift
away from the correct value and thus resulted breaking active FTP.

The patch below fixes the issue by *not* updating the conntrack parameters
from NAT, but instead taking into account the NAT offsets in conntrack in a
consistent way. (Updating from NAT would be more harder and expensive because
it'd need to re-calculate parameters we already calculated in conntrack.)

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-06 00:43:42 -08:00
..
netfilter netfilter: nf_nat: fix NAT issue in 2.6.30.4+ 2009-11-06 00:43:42 -08:00
af_inet.c net: Use sk_mark for routing lookup in more places 2009-10-01 15:16:49 -07:00
ah4.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
arp.c net: make neigh_ops constant 2009-09-01 17:40:57 -07:00
cipso_ipv4.c netlabel: Label incoming TCP connections correctly in SELinux 2009-03-28 15:01:36 +11:00
datagram.c mib: add net to IP_INC_STATS_BH 2008-07-16 20:20:11 -07:00
devinet.c ipv4: arp_notify address list bug 2009-10-07 03:18:17 -07:00
esp4.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
fib_frontend.c net: Fix RPF to work with policy routing 2009-10-29 22:49:12 -07:00
fib_hash.c ipv4: cleanup - remove two unused parameters from fib_semantic_match(). 2009-05-18 15:16:37 -07:00
fib_lookup.h ipv4: cleanup - remove two unused parameters from fib_semantic_match(). 2009-05-18 15:16:37 -07:00
fib_rules.c net: Remove unused parameter from fill method in fib_rules_ops. 2009-05-20 17:26:23 -07:00
fib_semantics.c ipv4: cleanup - remove two unused parameters from fib_semantic_match(). 2009-05-18 15:16:37 -07:00
fib_trie.c fib_trie: resize rework 2009-08-28 23:57:15 -07:00
icmp.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
igmp.c bonding: remap muticast addresses without using dev_close() and dev_open() 2009-09-15 02:37:40 -07:00
inet_connection_sock.c tcp: reduce SYN-ACK retrans for TCP_DEFER_ACCEPT 2009-10-19 19:19:03 -07:00
inet_diag.c net: correct off-by-one write allocations reports 2009-06-18 00:29:12 -07:00
inet_fragment.c inet fragments: fix sparse warning: context imbalance 2009-02-26 23:13:35 -08:00
inet_hashtables.c net: move bsockets outside of read only beginning of struct inet_hashinfo 2009-02-01 12:31:33 -08:00
inet_lro.c include/net net/ - csum_partial - remove unnecessary casts 2008-11-19 15:44:53 -08:00
inet_timewait_sock.c tcp: fix premature termination of FIN_WAIT2 time-wait sockets 2009-08-29 00:00:35 -07:00
inetpeer.c net: clean up net/ipv4/ah4.c esp4.c fib_semantics.c inet_connection_sock.c inetpeer.c ip_output.c 2008-11-03 00:23:42 -08:00
ip_forward.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
ip_fragment.c ipv4: Use frag list abstraction interfaces. 2009-06-09 00:19:37 -07:00
ip_gre.c gre: Fix dev_addr clobbering for gretap 2009-10-30 12:28:07 -07:00
ip_input.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
ip_options.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
ip_output.c net: Use sk_mark for routing lookup in more places 2009-10-01 15:16:49 -07:00
ip_sockglue.c net: Fix IP_MULTICAST_IF 2009-10-19 21:34:20 -07:00
ipcomp.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
ipconfig.c ipv4: teach ipconfig about the MTU option in DHCP 2009-05-19 15:36:17 -07:00
ipip.c tunnel: eliminate recursion field 2009-09-24 15:39:22 -07:00
ipmr.c net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
Kconfig ipv4: update ARPD help text 2009-06-13 23:36:32 -07:00
Makefile IPVS: Move IPVS to net/netfilter/ipvs 2008-10-07 08:38:24 +11:00
netfilter.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
proc.c snmp: add missing counters for RFC 4293 2009-04-27 02:45:02 -07:00
protocol.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
raw.c AF_RAW: Augment raw_send_hdrinc to expand skb to fit iphdr->ihl (v2) 2009-10-29 01:09:58 -07:00
route.c net: Fix RPF to work with policy routing 2009-10-29 22:49:12 -07:00
syncookies.c percpu: clean up percpu variable definitions 2009-06-24 15:13:48 +09:00
sysctl_net_ipv4.c sysctl: remove "struct file *" argument of ->proc_handler 2009-09-24 07:21:04 -07:00
tcp_bic.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_cong.c Networking: use CAP_NET_ADMIN when deciding to call request_module 2009-08-14 11:18:34 +10:00
tcp_cubic.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_diag.c net: inet_diag_handler structs can be const 2008-11-19 15:43:27 -08:00
tcp_highspeed.c
tcp_htcp.c htcp: merge icsk_ca_state compare 2009-03-02 03:00:14 -08:00
tcp_hybla.c tcp: Fix tcp_hybla zero congestion window growth with small rho and large cwnd. 2008-10-07 15:58:17 -07:00
tcp_illinois.c
tcp_input.c tcp: fix ssthresh u16 leftover 2009-09-15 01:30:10 -07:00
tcp_ipv4.c tcp: fix ssthresh u16 leftover 2009-09-15 01:30:10 -07:00
tcp_lp.c
tcp_minisocks.c tcp: accept socket after TCP_DEFER_ACCEPT period 2009-10-19 19:19:01 -07:00
tcp_output.c IPv4 TCP fails to send window scale option when window scale is zero 2009-10-01 15:14:51 -07:00
tcp_probe.c tcp: '< 0' test on unsigned 2009-03-13 16:05:14 -07:00
tcp_scalable.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_timer.c Revert Backoff [v3]: Calculate TCP's connection close threshold as a time value. 2009-09-01 02:45:47 -07:00
tcp_vegas.c tcp: tcp_vegas ssthresh bugfix 2009-05-25 22:44:59 -07:00
tcp_vegas.h
tcp_veno.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp_westwood.c
tcp_yeah.c tcp: add helper for AI algorithm 2009-03-02 03:00:15 -08:00
tcp.c net: use WARN() for the WARN_ON in commit b6b39e8f3f 2009-10-22 21:37:56 -07:00
tunnel4.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udp.c net: fix sk_forward_alloc corruption 2009-10-30 12:25:12 -07:00
udplite.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
xfrm4_input.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm4_mode_beet.c ipsec: Interfamily IPSec BEET 2008-08-06 02:39:30 -07:00
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm4_output.c net: skb->dst accessors 2009-06-03 02:51:04 -07:00
xfrm4_policy.c xfrm4: fix build when SYSCTLs are disabled 2009-08-04 20:18:33 -07:00
xfrm4_state.c xfrm: remove useless forward declarations 2008-11-25 01:05:54 -08:00
xfrm4_tunnel.c [IPCOMP]: Fix reception of incompressible packets 2008-01-31 19:27:24 -08:00