[NETFILTER]: Fix check whether dst_entry needs to be released after NAT
After DNAT the original dst_entry needs to be released if present so the packet doesn't skip input routing with its new address. The current check for DNAT in ip_nat_in is reversed and checks for SNAT. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
0047c65a60
commit
7918d212df
@ -209,8 +209,8 @@ ip_nat_in(unsigned int hooknum,
|
|||||||
&& (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) {
|
&& (ct = ip_conntrack_get(*pskb, &ctinfo)) != NULL) {
|
||||||
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
|
enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
|
||||||
|
|
||||||
if (ct->tuplehash[dir].tuple.src.ip !=
|
if (ct->tuplehash[dir].tuple.dst.ip !=
|
||||||
ct->tuplehash[!dir].tuple.dst.ip) {
|
ct->tuplehash[!dir].tuple.src.ip) {
|
||||||
dst_release((*pskb)->dst);
|
dst_release((*pskb)->dst);
|
||||||
(*pskb)->dst = NULL;
|
(*pskb)->dst = NULL;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user