From b37392c5af5110befa7da7cc88e6f3e77e5f632d Mon Sep 17 00:00:00 2001 From: Rusty Russell <rusty@rustcorp.com.au> Date: Mon, 3 Nov 2003 19:32:55 -0800 Subject: [PATCH] [NETFILTER]: get_unique_tuple doesn't always return unique tuple. get_unique_tuple doesn't check that the tuple is unique if it finds a hash_by_src match. --- net/ipv4/netfilter/ip_nat_core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c index a6a427dbbe27..04714407965e 100644 --- a/net/ipv4/netfilter/ip_nat_core.c +++ b/net/ipv4/netfilter/ip_nat_core.c @@ -421,7 +421,8 @@ get_unique_tuple(struct ip_conntrack_tuple *tuple, *tuple = ((struct ip_conntrack_tuple) { *manip, orig_tuple->dst }); DEBUGP("get_unique_tuple: Found current src map\n"); - return 1; + if (!ip_nat_used_tuple(tuple, conntrack)) + return 1; } } -- 2.30.9