Commit 87461060 authored by Harald Welte's avatar Harald Welte Committed by Hideaki Yoshifuji

[NETFILTER]: NAT range calculation fix.

This patch fixes a logic bug in NAT range calculations, which also
causes a large slowdown when ICMP floods go through NAT.

Author: Karlis Peisenieks
parent df428c06
...@@ -157,8 +157,8 @@ in_range(const struct ip_conntrack_tuple *tuple, ...@@ -157,8 +157,8 @@ in_range(const struct ip_conntrack_tuple *tuple,
continue; continue;
} }
if ((mr->range[i].flags & IP_NAT_RANGE_PROTO_SPECIFIED) if (!(mr->range[i].flags & IP_NAT_RANGE_PROTO_SPECIFIED)
&& proto->in_range(&newtuple, IP_NAT_MANIP_SRC, || proto->in_range(&newtuple, IP_NAT_MANIP_SRC,
&mr->range[i].min, &mr->range[i].max)) &mr->range[i].min, &mr->range[i].max))
return 1; return 1;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment