diff options
author | Florian Westphal <fw@strlen.de> | 2015-05-20 13:42:25 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-05-20 13:51:25 +0200 |
commit | faecbb45ebefb20260ad4a631e011e93c896cb73 (patch) | |
tree | b03c38d28eb48c1ee2f64abb43338f7457ec95ad /include | |
parent | netfilter: ensure number of counters is >0 in do_replace() (diff) | |
download | linux-faecbb45ebefb20260ad4a631e011e93c896cb73.tar.xz linux-faecbb45ebefb20260ad4a631e011e93c896cb73.zip |
Revert "netfilter: bridge: query conntrack about skb dnat"
This reverts commit c055d5b03bb4cb69d349d787c9787c0383abd8b2.
There are two issues:
'dnat_took_place' made me think that this is related to
-j DNAT/MASQUERADE.
But thats only one part of the story. This is also relevant for SNAT
when we undo snat translation in reverse/reply direction.
Furthermore, I originally wanted to do this mainly to avoid
storing ipv6 addresses once we make DNAT/REDIRECT work
for ipv6 on bridges.
However, I forgot about SNPT/DNPT which is stateless.
So we can't escape storing address for ipv6 anyway. Might as
well do it for ipv4 too.
Reported-and-tested-by: Bernhard Thaler <bernhard.thaler@wvnet.at>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/skbuff.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 66e374d62f64..f15154a879c7 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -176,6 +176,7 @@ struct nf_bridge_info { struct net_device *physindev; struct net_device *physoutdev; char neigh_header[8]; + __be32 ipv4_daddr; }; #endif |