-
- Downloads
netfilter: nfnetlink_queue: add NAT TCP sequence adjustment if packet mangled
User-space programs that receive traffic via NFQUEUE may mangle packets. If NAT is enabled, this usually puzzles sequence tracking, leading to traffic disruptions. With this patch, nfnl_queue will make the corresponding NAT TCP sequence adjustment if: 1) The packet has been mangled, 2) the NFQA_CFG_F_CONNTRACK flag has been set, and 3) NAT is detected. There are some records on the Internet complaning about this issue: http://stackoverflow.com/questions/260757/packet-mangling-utilities-besides-iptables By now, we only support TCP since we have no helpers for DCCP or SCTP. Better to add this if we ever have some helper over those layer 4 protocols. Signed-off-by:Pablo Neira Ayuso <pablo@netfilter.org>
Showing
- include/linux/netfilter.h 2 additions, 0 deletionsinclude/linux/netfilter.h
- include/net/netfilter/nf_nat_helper.h 4 additions, 0 deletionsinclude/net/netfilter/nf_nat_helper.h
- net/ipv4/netfilter/nf_nat_helper.c 13 additions, 0 deletionsnet/ipv4/netfilter/nf_nat_helper.c
- net/netfilter/nf_conntrack_netlink.c 4 additions, 0 deletionsnet/netfilter/nf_conntrack_netlink.c
- net/netfilter/nfnetlink_queue.c 11 additions, 8 deletionsnet/netfilter/nfnetlink_queue.c
Loading
Please register or sign in to comment