commit | 38fe36a248ec3228f8e6507955d7ceb0432d2000 | [log] [tgz] |
---|---|---|
author | Ulrich Weber <ulrich.weber@sophos.com> | Thu Oct 25 05:34:45 2012 +0000 |
committer | Pablo Neira Ayuso <pablo@netfilter.org> | Sun Oct 28 22:43:34 2012 +0100 |
tree | a065f4023c55b9d65d9dfe7786e84e15a39d890f | |
parent | bbb5823cf742a7e955f35c7d891e4e936944c33a [diff] |
netfilter: nf_nat: don't check for port change on ICMP tuples ICMP tuples have id in src and type/code in dst. So comparing src.u.all with dst.u.all will always fail here and ip_xfrm_me_harder() is called for every ICMP packet, even if there was no NAT. Signed-off-by: Ulrich Weber <ulrich.weber@sophos.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>