linux/net/ipv4
Jozsef Kadlecsik f9dd09c7f7 netfilter: nf_nat: fix NAT issue in 2.6.30.4+
Vitezslav Samel discovered that since 2.6.30.4+ active FTP can not work
over NAT. The "cause" of the problem was a fix of unacknowledged data
detection with NAT (commit a3a9f79e36).
However, actually, that fix uncovered a long standing bug in TCP conntrack:
when NAT was enabled, we simply updated the max of the right edge of
the segments we have seen (td_end), by the offset NAT produced with
changing IP/port in the data. However, we did not update the other parameter
(td_maxend) which is affected by the NAT offset. Thus that could drift
away from the correct value and thus resulted breaking active FTP.

The patch below fixes the issue by *not* updating the conntrack parameters
from NAT, but instead taking into account the NAT offsets in conntrack in a
consistent way. (Updating from NAT would be more harder and expensive because
it'd need to re-calculate parameters we already calculated in conntrack.)

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2009-11-06 00:43:42 -08:00
..
netfilter netfilter: nf_nat: fix NAT issue in 2.6.30.4+ 2009-11-06 00:43:42 -08:00
af_inet.c net: Use sk_mark for routing lookup in more places 2009-10-01 15:16:49 -07:00
ah4.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
arp.c net: make neigh_ops constant 2009-09-01 17:40:57 -07:00
cipso_ipv4.c
datagram.c
devinet.c ipv4: arp_notify address list bug 2009-10-07 03:18:17 -07:00
esp4.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
fib_frontend.c net: Fix RPF to work with policy routing 2009-10-29 22:49:12 -07:00
fib_hash.c
fib_lookup.h
fib_rules.c
fib_semantics.c
fib_trie.c fib_trie: resize rework 2009-08-28 23:57:15 -07:00
icmp.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
igmp.c bonding: remap muticast addresses without using dev_close() and dev_open() 2009-09-15 02:37:40 -07:00
inet_connection_sock.c tcp: reduce SYN-ACK retrans for TCP_DEFER_ACCEPT 2009-10-19 19:19:03 -07:00
inet_diag.c net: correct off-by-one write allocations reports 2009-06-18 00:29:12 -07:00
inet_fragment.c
inet_hashtables.c
inet_lro.c
inet_timewait_sock.c tcp: fix premature termination of FIN_WAIT2 time-wait sockets 2009-08-29 00:00:35 -07:00
inetpeer.c
ip_forward.c
ip_fragment.c
ip_gre.c gre: Fix dev_addr clobbering for gretap 2009-10-30 12:28:07 -07:00
ip_input.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
ip_options.c
ip_output.c net: Use sk_mark for routing lookup in more places 2009-10-01 15:16:49 -07:00
ip_sockglue.c net: Fix IP_MULTICAST_IF 2009-10-19 21:34:20 -07:00
ipcomp.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
ipconfig.c
ipip.c tunnel: eliminate recursion field 2009-09-24 15:39:22 -07:00
ipmr.c net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
Kconfig
Makefile
netfilter.c
proc.c
protocol.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
raw.c AF_RAW: Augment raw_send_hdrinc to expand skb to fit iphdr->ihl (v2) 2009-10-29 01:09:58 -07:00
route.c net: Fix RPF to work with policy routing 2009-10-29 22:49:12 -07:00
syncookies.c percpu: clean up percpu variable definitions 2009-06-24 15:13:48 +09:00
sysctl_net_ipv4.c sysctl: remove "struct file *" argument of ->proc_handler 2009-09-24 07:21:04 -07:00
tcp_bic.c
tcp_cong.c Networking: use CAP_NET_ADMIN when deciding to call request_module 2009-08-14 11:18:34 +10:00
tcp_cubic.c
tcp_diag.c
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: fix ssthresh u16 leftover 2009-09-15 01:30:10 -07:00
tcp_ipv4.c tcp: fix ssthresh u16 leftover 2009-09-15 01:30:10 -07:00
tcp_lp.c
tcp_minisocks.c tcp: accept socket after TCP_DEFER_ACCEPT period 2009-10-19 19:19:01 -07:00
tcp_output.c IPv4 TCP fails to send window scale option when window scale is zero 2009-10-01 15:14:51 -07:00
tcp_probe.c
tcp_scalable.c
tcp_timer.c Revert Backoff [v3]: Calculate TCP's connection close threshold as a time value. 2009-09-01 02:45:47 -07:00
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tcp.c net: use WARN() for the WARN_ON in commit b6b39e8f3f 2009-10-22 21:37:56 -07:00
tunnel4.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udp.c net: fix sk_forward_alloc corruption 2009-10-30 12:25:12 -07:00
udplite.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c xfrm4: fix build when SYSCTLs are disabled 2009-08-04 20:18:33 -07:00
xfrm4_state.c
xfrm4_tunnel.c