[PATCH 2.6 7/9]: associate locally generated icmp errors with
conntrack of original packet
Patrick McHardy
kaber at trash.net
Mon Nov 15 22:45:19 CET 2004
This patch changes icmp.c to associate locally generated icmp errors
with the conntrack of the original packet. This is necessary to fix
an information leak with these packets. A conntrack entry is put in the
hash tables when the packet passes POSTROUTING/LOCAL_IN, when an icmp
error is generated before this the conntrack of the inner packet can't
be found and it isn't NATed back to the original packet.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 07.diff
Type: text/x-patch
Size: 4965 bytes
Desc: not available
Url : /pipermail/netfilter-devel/attachments/20041115/87b8b51a/07.bin
More information about the netfilter-devel
mailing list