[NETFILTER]: Fix NAT leak with fragmented packets, missing conntrack put in ip_copy_m...

author Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>

Tue, 3 Feb 2004 02:26:40 +0000 (18:26 -0800)

committer Linus Torvalds <torvalds@home.osdl.org>

Tue, 3 Feb 2004 02:26:40 +0000 (18:26 -0800)
author Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Tue, 3 Feb 2004 02:26:40 +0000 (18:26 -0800)
committer Linus Torvalds <torvalds@home.osdl.org>
Tue, 3 Feb 2004 02:26:40 +0000 (18:26 -0800)
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c

index 04e792bd1c512196c31a43cd751d422a8e6617d2..2adc6cc7994b460e384c4e9fbf0a79284d32dee3 100644 (file)
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -414,6 +414,7 @@ static void ip_copy_metadata(struct sk_buff *to, struct sk_buff *from)
         to->nfmark = from->nfmark;
         to->nfcache = from->nfcache;
         /* Connection association is same as pre-frag packet */
+       nf_conntrack_put(to->nfct);
         to->nfct = from->nfct;
         nf_conntrack_get(to->nfct);
  #ifdef CONFIG_BRIDGE_NETFILTER
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
	Tue, 3 Feb 2004 02:26:40 +0000 (18:26 -0800)
committer	Linus Torvalds <torvalds@home.osdl.org>
	Tue, 3 Feb 2004 02:26:40 +0000 (18:26 -0800)