Mailing List Archive: iptables: Devel

[NETFILTER -stable]: nf_conntrack: don't track locally generated special ICMP error

Index | Next | Previous | View Threaded

kaber at trash

Jul 17, 2007, 8:25 AM

Post #1 of 2 (648 views)
Permalink

[NETFILTER -stable]: nf_conntrack: don't track locally generated special ICMP error

Attached are two patches (stable.diff, applies to stable-2.6.21 and
stable-2.6.22 and 2.6.16.diff for stable-2.6.16) fixing incorrect
conntrack association of ICMP errors generated in response to INVALID
packets, causing incorrect address translation in combination with NAT.

Please apply, thanks.

Attachments:

stable.diff (2.50 KB)

2.6.16.diff (2.52 KB)

bunk at stusta

Jul 22, 2007, 3:48 PM

Post #2 of 2 (602 views)
Permalink

Re: [NETFILTER -stable]: nf_conntrack: don't track locally generated special ICMP error [In reply to]

On Tue, Jul 17, 2007 at 05:25:10PM +0200, Patrick McHardy wrote:
> Attached are two patches (stable.diff, applies to stable-2.6.21 and
> stable-2.6.22 and 2.6.16.diff for stable-2.6.16) fixing incorrect
> conntrack association of ICMP errors generated in response to INVALID
> packets, causing incorrect address translation in combination with NAT.
>
> Please apply, thanks.

Thanks, applied to 2.6.16.

cu
Adrian

--

"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads