projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6d1fafc) | patch
netfilter: nf_nat: Handle routing changes in MASQUERADE target
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Fri, 30 Nov 2012 12:37:26 +0000 (12:37 +0000)
committerPablo Neira Ayuso <pablo@netfilter.org>
Mon, 3 Dec 2012 14:14:20 +0000 (15:14 +0100)
commita0ecb85a2c3af73c63b6d44ce82aea52347ccf55
tree41b54a39fabf0bda2bf3ea601154b36076d7b1d6tree | snapshot (tar.gz zip)
parent6d1fafcaecaa2e66eb9861a39d22fc7380ce6f78commit | diff
netfilter: nf_nat: Handle routing changes in MASQUERADE target

When the route changes (backup default route, VPNs) which affect a
masqueraded target, the packets were sent out with the outdated source
address. The patch addresses the issue by comparing the outgoing interface
directly with the masqueraded interface in the nat table.

Events are inefficient in this case, because it'd require adding route
events to the network core and then scanning the whole conntrack table
and re-checking the route for all entry.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nf_nat.h diff | blob | blame | history
net/ipv4/netfilter/iptable_nat.c diff | blob | blame | history
net/ipv6/netfilter/ip6table_nat.c diff | blob | blame | history