New ROUTE patch does not work with conntrack+nat disabled
KOVACS Krisztian
hidden at balabit.hu
Thu Jan 20 14:58:21 CET 2005
Hi,
2005-01-20, cs keltezéssel 14.23-kor Krzysztof Oledzki ezt írta:
> This is the problematic part of the code:
> + /* Set up fake conntrack (stolen from raw.patch):
> + - to never be deleted, not in any hashes */
> + atomic_set(&route_tee_track.ct_general.use, 1);
> + /* - and look it like as a confirmed connection */
> + set_bit(IPS_CONFIRMED_BIT, &route_tee_track.status);
> + /* - and prepare the ctinfo field for REJECT/NAT. */
> + route_tee_track.infos[IP_CT_NEW].master =
> + route_tee_track.infos[IP_CT_RELATED].master =
> + route_tee_track.infos[IP_CT_RELATED + IP_CT_IS_REPLY].master =
> + &route_tee_track.ct_general;
> + /* Initialize fake conntrack so that NAT will skip it */
> + route_tee_track.nat.info.initialized |=
> + (1 << IP_NAT_MANIP_SRC) | (1 << IP_NAT_MANIP_DST);
> +
Put #ifdef around the problematic code (setting info.initialized) like
this:
#ifdef CONFIG_IP_NF_NAT_NEEDED
route_tee_track.nat.info.initialized |=
(1 << IP_NAT_MANIP_SRC) | (1 << IP_NAT_MANIP_DST);
#endif
--
Regards,
Krisztian Kovacs
More information about the netfilter-devel
mailing list