nf_nat: restrict ICMP translation for embedded header - linux - Various Linux trees of dubious usefulness

diff options

author	Julian Anastasov <ja@ssi.bg>	2010-10-11 11:23:07 +0300
committer	Simon Horman <horms@verge.net.au>	2010-10-21 13:30:02 +0200
commit	b0aeef30433ea6854e985c2e9842fa19f51b95cc (patch)
tree	aedeebe5ef7cc56abece7bd103fb6229179a11bd /net/netfilter
parent	0d79641a96d612aaa6d57a4d4f521d7ed9c9ccdd (diff)
download	linux-b0aeef30433ea6854e985c2e9842fa19f51b95cc.tar.gz

nf_nat: restrict ICMP translation for embedded header

 	Skip ICMP translation of embedded protocol header
if NAT bits are not set. Needed for IPVS to see the original
embedded addresses because for IPVS traffic the IPS_SRC_NAT_BIT
and IPS_DST_NAT_BIT bits are not set. It happens when IPVS performs
DNAT for client packets after using nf_conntrack_alter_reply
to expect replies from real server.

Signed-off-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>

Diffstat (limited to 'net/netfilter')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: