[NETFILTER]: Fix DELETE_LIST oopses.

We've now narrowed down the issue of kernel oopses in combination with 'LIST_DELETE' syslog messages happening in certain setups. Apparently people who do not enable CONFIG_IP_NF_NAT_LOCAL and do DNAT/REDIRECT and want to connect locally from the gateway via DNAT to the DNAT'ed address experience the bug ;) Patch courtesy of KOVACS Krisztian and Henrik Nordstrom

[NETFILTER]: Fix DELETE_LIST oopses.
We've now narrowed down the issue of kernel oopses in combination with 'LIST_DELETE' syslog messages happening in certain setups. Apparently people who do not enable CONFIG_IP_NF_NAT_LOCAL and do DNAT/REDIRECT and want to connect locally from the gateway via DNAT to the DNAT'ed address experience the bug ;) Patch courtesy of KOVACS Krisztian and Henrik Nordstrom
faf1633b · Harald Welte · David S. Miller · 9faae0e1 · faf1633b
Commit faf1633b authored Mar 29, 2004 by Harald Welte Committed by David S. Miller Mar 29, 2004
Hide whitespace changes
Inline Side-by-side

Showing with 10 additions and 1 deletion

net/ipv4/netfilter/ip_nat_standalone.c net/ipv4/netfilter/ip_nat_standalone.c +10 -1

No files found.
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -124,7 +124,16 @@ ip_nat_fn(unsigned int hooknum,
 		WRITE_LOCK(&ip_nat_lock);
 		/* Seen it before?  This can happen for loopback, retrans,
 		   or local packets.. */
-		if (!(info->initialized & (1 << maniptype))) {
+		if (!(info->initialized & (1 << maniptype))
+#ifndef CONFIG_IP_NF_NAT_LOCAL
+		    /* If this session has already been confirmed we must not
+		     * touch it again even if there is no mapping set up.
+		     * Can only happen on local->local traffic with
+		     * CONFIG_IP_NF_NAT_LOCAL disabled.
+		     */
+		    && !(ct->status & IPS_CONFIRMED)
+#endif
+		    ) {
 			unsigned int ret;

 			if (ct->master