summaryrefslogtreecommitdiff
path: root/lib/argv_split.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2016-07-11 17:28:54 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2016-07-12 16:28:41 +0200
commit590b52e10d410e1439ae86be9fe19d75fdab628b (patch)
treee0e1e36ad37f71cd7d071932ea826b3c0a6f9465 /lib/argv_split.c
parent4edfa9d0bf9ee9c34ee58b80ea1f146677497de9 (diff)
netfilter: conntrack: skip clash resolution if nat is in place
The clash resolution is not easy to apply if the NAT table is registered. Even if no NAT rules are installed, the nul-binding ensures that a unique tuple is used, thus, the packet that loses race gets a different source port number, as described by: http://marc.info/?l=netfilter-devel&m=146818011604484&w=2 Clash resolution with NAT is also problematic if addresses/port range ports are used since the conntrack that wins race may describe a different mangling that we may have earlier applied to the packet via nf_nat_setup_info(). Fixes: 71d8c47fc653 ("netfilter: conntrack: introduce clash resolution on insertion race") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Tested-by: Marc Dionne <marc.c.dionne@gmail.com>
Diffstat (limited to 'lib/argv_split.c')
0 files changed, 0 insertions, 0 deletions