[NETFILTER -stable]: nf_conntrack: don't track locally generated special ICMP error

Adrian Bunk bunk at stusta.de
Mon Jul 23 00:48:05 CEST 2007


On Tue, Jul 17, 2007 at 05:25:10PM +0200, Patrick McHardy wrote:
> Attached are two patches (stable.diff, applies to stable-2.6.21 and
> stable-2.6.22 and 2.6.16.diff for stable-2.6.16) fixing incorrect
> conntrack association of ICMP errors generated in response to INVALID
> packets, causing incorrect address translation in combination with NAT.
> 
> Please apply, thanks.

Thanks, applied to 2.6.16.

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed




More information about the netfilter-devel mailing list