diff options
author | Florian Westphal <fw@strlen.de> | 2013-02-12 06:59:53 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@gnumonks.org> | 2013-02-12 23:20:46 +0100 |
commit | 6e2f0aa8cf8892868bf2c19349cb5d7c407f690d (patch) | |
tree | 9cf81b07af02e67f2efd036b5100a0dd36036a20 /net/ipv6 | |
parent | netfilter: ctnetlink: don't permit ct creation with random tuple (diff) | |
download | linux-6e2f0aa8cf8892868bf2c19349cb5d7c407f690d.tar.xz linux-6e2f0aa8cf8892868bf2c19349cb5d7c407f690d.zip |
netfilter: nf_ct_helper: don't discard helper if it is actually the same
commit (32f5376 netfilter: nf_ct_helper: disable automatic helper
re-assignment of different type) broke transparent proxy scenarios.
For example, initial helper lookup might yield "ftp" (dport 21),
while re-lookup after REDIRECT yields "ftp-2121".
This causes the autoassign code to toss the ftp helper, even
though these are just different instances of the same helper.
Change the test to check for the helper function address instead
of the helper address, as suggested by Pablo.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
Diffstat (limited to 'net/ipv6')
0 files changed, 0 insertions, 0 deletions