summaryrefslogtreecommitdiffstats
path: root/Documentation/HOWTO
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2008-08-18 21:30:55 -0700
committerDavid S. Miller <davem@davemloft.net>2008-08-18 21:30:55 -0700
commit1575e7ea018fec992b94a12a1a491ce693ae9eac (patch)
tree5a93c71ea8ac0cb1ad0703c0ee03cd52aa268707 /Documentation/HOWTO
parent46faec9858e8943226464dac50e205bf210d9174 (diff)
downloadkernel-crypto-1575e7ea018fec992b94a12a1a491ce693ae9eac.tar.gz
kernel-crypto-1575e7ea018fec992b94a12a1a491ce693ae9eac.tar.xz
kernel-crypto-1575e7ea018fec992b94a12a1a491ce693ae9eac.zip
netfilter: ctnetlink: fix double helper assignation for NAT'ed conntracks
If we create a conntrack that has NAT handlings and a helper, the helper is assigned twice. This happens because nf_nat_setup_info() - via nf_conntrack_alter_reply() - sets the helper before ctnetlink, which indeed does not check if the conntrack already has a helper as it thinks that it is a brand new conntrack. The fix moves the helper assignation before the set of the status flags. This avoids a bogus assertion in __nf_ct_ext_add (if netfilter assertions are enabled) which checks that the conntrack must not be confirmed. This problem was introduced in 2.6.23 with the netfilter extension infrastructure. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'Documentation/HOWTO')
0 files changed, 0 insertions, 0 deletions