Skip to content

Commit

Permalink
net: vrf: Fix NAT within a VRF
Browse files Browse the repository at this point in the history 
Connection tracking with VRF is broken because the pass through the VRF
device drops the connection tracking info. Removing the call to nf_reset
allows DNAT and MASQUERADE to work across interfaces within a VRF.

Fixes: 73e20b7 ("net: vrf: Add support for PREROUTING rules on vrf device")
Signed-off-by: David Ahern <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
  • Loading branch information
@davem330
David Ahern authored and davem330 committed Dec 17, 2016
1 parent 8a9f5fd commit a0f37ef
Showing 1 changed file with 0 additions and 2 deletions.
2 changes: 0 additions & 2 deletions drivers/net/vrf.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -849,8 +849,6 @@ static struct sk_buff *vrf_rcv_nfhook(u8 pf, unsigned int hook,
{
struct net *net = dev_net(dev);

nf_reset(skb);

if (NF_HOOK(pf, hook, net, NULL, skb, dev, NULL, vrf_rcv_finish) < 0)
skb = NULL; /* kfree_skb(skb) handled by nf code */

Expand Down

0 comments on commit a0f37ef

Please sign in to comment.