[NETFILTER]: get_unique_tuple doesn't always return unique tuple.

get_unique_tuple doesn't check that the tuple is unique if it finds a hash_by_src match.

[NETFILTER]: get_unique_tuple doesn't always return unique tuple.
get_unique_tuple doesn't check that the tuple is unique if it finds a hash_by_src match.
b37392c5 · Rusty Russell · David S. Miller · 1ce50eb4 · b37392c5
Commit b37392c5 authored Nov 03, 2003 by Rusty Russell Committed by David S. Miller Nov 03, 2003
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

net/ipv4/netfilter/ip_nat_core.c net/ipv4/netfilter/ip_nat_core.c +2 -1

No files found.
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -421,7 +421,8 @@ get_unique_tuple(struct ip_conntrack_tuple *tuple,
 			*tuple = ((struct ip_conntrack_tuple)
 				  { *manip, orig_tuple->dst });
 			DEBUGP("get_unique_tuple: Found current src map\n");
-			return 1;
+			if (!ip_nat_used_tuple(tuple, conntrack))
+				return 1;
 		}
 	}