lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 Jan 2011 15:51:04 +0100 From: Patrick McHardy <kaber@...sh.net> To: Changli Gao <xiaosuo@...il.com> CC: "David S. Miller" <davem@...emloft.net>, netfilter-devel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH resend] netfilter: place in source hash after SNAT is done Am 19.01.2011 01:03, schrieb Changli Gao: > On Tue, Jan 18, 2011 at 10:17 PM, Patrick McHardy <kaber@...sh.net> wrote: >>> net/ipv4/netfilter/nf_nat_core.c | 18 +++++++++++------- >>> 1 file changed, 11 insertions(+), 7 deletions(-) >>> diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c >>> index c04787c..51ce55a 100644 >>> --- a/net/ipv4/netfilter/nf_nat_core.c >>> +++ b/net/ipv4/netfilter/nf_nat_core.c >>> @@ -221,7 +221,14 @@ get_unique_tuple(struct nf_conntrack_tuple *tuple, >>> manips not an issue. */ >>> if (maniptype == IP_NAT_MANIP_SRC && >>> !(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) { >>> - if (find_appropriate_src(net, zone, orig_tuple, tuple, range)) { >>> + /* try the original tuple first */ >> >> This doesn't seem to be related to the hashing change. Please describe >> the intention behind this change. > > Currently, we add the ct at the head of the corresponding bucket of > the source hash table after DNAT is done, so when we do SNAT, the > original ct will be tried first. This change is used to keep this > behavior. Thanks for the explanation, applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists