linux/net/ipv4
Harald Welte 8b83bc77bf [PATCH] don't try to do any NAT on untracked connections
With the introduction of 'rustynat' in 2.6.11, the old tricks of preventing
NAT of 'untracked' connections (e.g. NOTRACK target in 'raw' table) are no
longer sufficient.

The ip_conntrack_untracked.status |= IPS_NAT_DONE_MASK effectively
prevents iteration of the 'nat' table, but doesn't prevent nat_packet()
to be executed.  Since nr_manips is gone in 'rustynat', nat_packet() now
implicitly thinks that it has to do NAT on the packet.

This patch fixes that problem by explicitly checking for
ip_conntrack_untracked in ip_nat_fn().

Signed-off-by: Harald Welte <laforge@netfilter.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2005-08-08 11:48:28 -07:00
..
ipvs [NET]: move config options out to individual protocols 2005-07-11 21:13:56 -07:00
netfilter [PATCH] don't try to do any NAT on untracked connections 2005-08-08 11:48:28 -07:00
af_inet.c [IPV4]: Fix up lots of little whitespace indentation stuff in fib_trie. 2005-07-19 14:01:51 -07:00
ah4.c [IPSEC]: Add xfrm_init_state 2005-06-20 13:18:08 -07:00
arp.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
datagram.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
devinet.c [PATCH] create a kstrdup library function 2005-06-23 09:45:18 -07:00
esp4.c [IPSEC]: Add xfrm_init_state 2005-06-20 13:18:08 -07:00
fib_frontend.c [NETLINK]: fib_lookup() via netlink 2005-06-20 13:36:39 -07:00
fib_hash.c [NETLINK]: Correctly set NLM_F_MULTI without checking the pid 2005-06-18 22:54:12 -07:00
fib_lookup.h [NETLINK]: Correctly set NLM_F_MULTI without checking the pid 2005-06-18 22:54:12 -07:00
fib_rules.c [NETLINK]: Correctly set NLM_F_MULTI without checking the pid 2005-06-18 22:54:12 -07:00
fib_semantics.c [IPV4]: Fix memory leak during fib_info hash expansion. 2005-08-05 04:12:48 -07:00
fib_trie.c [IPV4]: Fix up lots of little whitespace indentation stuff in fib_trie. 2005-07-19 14:01:51 -07:00
icmp.c [IPV4]: Apply sysctl_icmp_echo_ignore_broadcasts to ICMP_TIMESTAMP as well. 2005-07-08 17:34:46 -07:00
igmp.c [IPV4]: fix IPv4 leave-group group matching 2005-07-08 17:48:38 -07:00
inetpeer.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ip_forward.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ip_fragment.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ip_gre.c [NET]: fix oops after tunnel module unload 2005-07-30 17:46:44 -07:00
ip_input.c [IPV4]: Snmpv2 Mib IP counter ipInAddrErrors support 2005-06-28 13:06:23 -07:00
ip_options.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
ip_output.c [NETFILTER]: Revert nf_reset change 2005-07-12 11:57:52 -07:00
ip_sockglue.c [IPV4]: multicast API "join" issues 2005-07-08 17:39:23 -07:00
ipcomp.c [IPSEC]: Add xfrm_init_state 2005-06-20 13:18:08 -07:00
ipconfig.c [IPV4]: ipconfig.c: fix dhcp timeout behaviour 2005-06-28 13:21:12 -07:00
ipip.c [NET]: fix oops after tunnel module unload 2005-07-30 17:46:44 -07:00
ipmr.c [NET]: Spelling mistakes threshoulds -> thresholds 2005-07-30 17:41:59 -07:00
Kconfig [IPV4]: Fix Kconfig syntax error 2005-07-27 13:00:04 -07:00
Makefile [NET]: Move in_aton from net/ipv4/utils.c to net/core/utils.c 2005-07-27 15:24:42 -07:00
multipath_drr.c [IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13 14:29:06 -07:00
multipath_random.c [IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13 14:29:06 -07:00
multipath_rr.c [IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13 14:29:06 -07:00
multipath_wrandom.c [IPV4]: Multipath modules need a license to prevent kernel tainting. 2005-06-13 14:29:06 -07:00
multipath.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
proc.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
protocol.c [PATCH] update Ross Biro bouncing email address 2005-05-05 16:36:49 -07:00
raw.c [IPV4]: [4/4] signed vs unsigned cleanup in net/ipv4/raw.c 2005-06-18 23:00:34 -07:00
route.c [IPV4]: Prevent oops when printing martian source 2005-07-11 21:01:42 -07:00
syncookies.c [NET] Rename open_request to request_sock 2005-06-18 22:47:21 -07:00
sysctl_net_ipv4.c [TCP]: Add pluggable congestion control algorithm infrastructure. 2005-06-23 12:19:55 -07:00
tcp_bic.c [TCP]: Add TCP BIC congestion control module. 2005-06-23 12:23:25 -07:00
tcp_cong.c [TCP]: Allow choosing TCP congestion control via sockopt. 2005-06-23 20:37:36 -07:00
tcp_diag.c [TCP]: Report congestion control algorithm in tcp_diag. 2005-06-23 12:21:28 -07:00
tcp_highspeed.c [TCP]: Add High Speed TCP congestion control module. 2005-06-23 12:24:58 -07:00
tcp_htcp.c [TCP]: Add H-TCP congestion control module. 2005-06-23 12:28:11 -07:00
tcp_hybla.c [TCP]: Add TCP Hybla congestion control module. 2005-06-23 12:26:34 -07:00
tcp_input.c [NET]: Transform skb_queue_len() binary tests into skb_queue_empty() 2005-07-08 14:57:23 -07:00
tcp_ipv4.c [TCP]: Move to new TSO segmenting scheme. 2005-07-05 15:24:38 -07:00
tcp_minisocks.c [TCP]: Add pluggable congestion control algorithm infrastructure. 2005-06-23 12:19:55 -07:00
tcp_output.c [PATCH] tcp: fix TSO cwnd caching bug 2005-08-04 21:43:14 -07:00
tcp_scalable.c [TCP]: Add Scalable TCP congestion control module. 2005-06-23 12:29:07 -07:00
tcp_timer.c [NET]: Transform skb_queue_len() binary tests into skb_queue_empty() 2005-07-08 14:57:23 -07:00
tcp_vegas.c [TCP]: Add TCP Vegas congestion control module. 2005-06-23 12:27:19 -07:00
tcp_westwood.c [TCP]: Add TCP Westwood congestion control module. 2005-06-23 12:24:09 -07:00
tcp.c [NET]: Transform skb_queue_len() binary tests into skb_queue_empty() 2005-07-08 14:57:23 -07:00
udp.c [IPV4]: Fix BUG() in 2.6.x, udp_poll(), fragments + CONFIG_HIGHMEM 2005-05-30 15:50:15 -07:00
xfrm4_input.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
xfrm4_output.c [IPSEC]: Add XFRM_STATE_NOPMTUDISC flag 2005-06-20 13:21:43 -07:00
xfrm4_policy.c [IPSEC]: Store idev entries 2005-05-03 16:27:10 -07:00
xfrm4_state.c [IPSEC]: Add XFRM_STATE_NOPMTUDISC flag 2005-06-20 13:21:43 -07:00
xfrm4_tunnel.c [NET]: Make ipip/ip6_tunnel independant of XFRM 2005-07-19 14:03:34 -07:00