[NETFILTER -stable]: nf_conntrack: don't track locally generated special ICMP error

Adrian Bunk bunk at stusta.de
Mon Jul 23 00:48:05 CEST 2007

On Tue, Jul 17, 2007 at 05:25:10PM +0200, Patrick McHardy wrote:
> Attached are two patches (stable.diff, applies to stable-2.6.21 and
> stable-2.6.22 and 2.6.16.diff for stable-2.6.16) fixing incorrect
> conntrack association of ICMP errors generated in response to INVALID
> packets, causing incorrect address translation in combination with NAT.
> Please apply, thanks.

Thanks, applied to 2.6.16.



       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

More information about the netfilter-devel mailing list