From b37392c5af5110befa7da7cc88e6f3e77e5f632d Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Mon, 3 Nov 2003 19:32:55 -0800
Subject: [PATCH] [NETFILTER]: get_unique_tuple doesn't always return unique
 tuple.

get_unique_tuple doesn't check that the tuple is unique if it finds
a hash_by_src match.
---
 net/ipv4/netfilter/ip_nat_core.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
index a6a427dbbe27..04714407965e 100644
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -421,7 +421,8 @@ get_unique_tuple(struct ip_conntrack_tuple *tuple,
 			*tuple = ((struct ip_conntrack_tuple)
 				  { *manip, orig_tuple->dst });
 			DEBUGP("get_unique_tuple: Found current src map\n");
-			return 1;
+			if (!ip_nat_used_tuple(tuple, conntrack))
+				return 1;
 		}
 	}
 
-- 
2.30.9