[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 31 Jul 2010 20:47:31 +0800
From: Changli Gao <xiaosuo@...il.com>
To: Jan Engelhardt <jengelh@...ozas.de>
Cc: Patrick McHardy <kaber@...sh.net>,
"David S. Miller" <davem@...emloft.net>,
netfilter-devel@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH 1/2] nf_nat: make unique_tuple return void
On Sat, Jul 31, 2010 at 7:54 PM, Jan Engelhardt <jengelh@...ozas.de> wrote:
> On Saturday 2010-07-31 04:15, Changli Gao wrote:
>
>>the only user of unique_tuple() get_unique_tuple() doesn't care about the
>>return value of unique_tuple(), so make unique_tuple() return void (nothing).
>
> Shouldn't the callers (get_unique_tuple in nf_nat_core.c) ideally
> return NF_DROP or something such that connections that cannot be
> uniquely mangled be rejected rather than forwarded without mangling?
>
220/* Manipulate the tuple into the range given. For NF_INET_POST_ROUTING,
221 * we change the source to map into the range. For NF_INET_PRE_ROUTING
222 * and NF_INET_LOCAL_OUT, we change the destination to map into the
223 * range. It might not be possible to get a unique tuple, but we try.
224 * At worst (or if we race), we will end up with a final duplicate in
225 * __ip_conntrack_confirm and drop the packet. */
226static void
227get_unique_tuple(struct nf_conntrack_tuple *tuple,
228 const struct nf_conntrack_tuple *orig_tuple,
229 const struct nf_nat_range *range,
230 struct nf_conn *ct,
231 enum nf_nat_manip_type maniptype)
the above is the comment for get_unique_tuple(). So no connection is
forwarded without mangling.
--
Regards,
Changli Gao(xiaosuo@...il.com)
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists