netfilter: nf_nat: remove obsolete check in nf_nat_mangle_udp_packet()
authorPatrick McHardy <kaber@trash.net>
Fri, 23 Dec 2011 13:01:26 +0000 (14:01 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Fri, 23 Dec 2011 13:36:46 +0000 (14:36 +0100)
The packet size check originates from a time when UDP helpers could
accidentally mangle incorrect packets (NEWNAT) and is unnecessary
nowadays since the conntrack helpers invoke the NAT helpers for the
proper packet directly.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/ipv4/netfilter/nf_nat_helper.c

index 049e8b7c318842f0c9a191b2d46ec6ef6e1caeb1..af65958f630877b2c92150b77ed5b82a5d7567be 100644 (file)
@@ -253,12 +253,6 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb,
        struct udphdr *udph;
        int datalen, oldlen;
 
-       /* UDP helpers might accidentally mangle the wrong packet */
-       iph = ip_hdr(skb);
-       if (skb->len < iph->ihl*4 + sizeof(*udph) +
-                              match_offset + match_len)
-               return 0;
-
        if (!skb_make_writable(skb, skb->len))
                return 0;