Skip to content

Commit

Permalink
[NETFILTER]: nf_nat: fix hanging connections when loading the NAT module
Browse files Browse the repository at this point in the history 
When loading the NAT module, existing connection tracking entries don't
have room for NAT information allocated and packets are dropped, causing
hanging connections. They really should be entered into the NAT table
as NULL mappings, but the current allocation scheme doesn't allow this.

For now simply accept those packets to avoid the hanging connections.

Signed-off-by: Patrick McHardy <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
  • Loading branch information
@kaber @davem330
kaber authored and davem330 committed Jan 9, 2007
1 parent 8c82d8d commit ffed53d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion net/ipv4/netfilter/nf_nat_standalone.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ nf_nat_fn(unsigned int hooknum,

nat = nfct_nat(ct);
if (!nat)
return NF_DROP;
return NF_ACCEPT;

switch (ctinfo) {
case IP_CT_RELATED:
Expand Down

0 comments on commit ffed53d

Please sign in to comment.