Commit c72c6b2a291bb6c61b1546d116784a79e15a6c29
Committed by
David S. Miller
David S. Miller
1 parent
e89862f4c5
[NETFILTER]: nf_nat: fix ICMP translation with statically linked conntrack
When nf_nat/nf_conntrack_ipv4 are linked statically, nf_nat is initialized before nf_conntrack_ipv4, which makes the nf_ct_l3proto_find_get(AF_INET) call during nf_nat initialization return the generic l3proto instead of the AF_INET specific one. This breaks ICMP error translation since the generic protocol always initializes the IPs in the tuple to 0. Change the linking order and put nf_conntrack_ipv4 first. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Showing 1 changed file with 10 additions and 10 deletions Side-by-side Diff
net/ipv4/netfilter/Makefile
| ... | ... | @@ -4,6 +4,14 @@ |
| 4 | 4 | |
| 5 | 5 | # objects for the standalone - connection tracking / NAT |
| 6 | 6 | ip_conntrack-objs := ip_conntrack_standalone.o ip_conntrack_core.o ip_conntrack_proto_generic.o ip_conntrack_proto_tcp.o ip_conntrack_proto_udp.o ip_conntrack_proto_icmp.o |
| 7 | +# objects for l3 independent conntrack | |
| 8 | +nf_conntrack_ipv4-objs := nf_conntrack_l3proto_ipv4.o nf_conntrack_proto_icmp.o | |
| 9 | +ifeq ($(CONFIG_NF_CONNTRACK_PROC_COMPAT),y) | |
| 10 | +ifeq ($(CONFIG_PROC_FS),y) | |
| 11 | +nf_conntrack_ipv4-objs += nf_conntrack_l3proto_ipv4_compat.o | |
| 12 | +endif | |
| 13 | +endif | |
| 14 | + | |
| 7 | 15 | ip_nat-objs := ip_nat_core.o ip_nat_helper.o ip_nat_proto_unknown.o ip_nat_proto_tcp.o ip_nat_proto_udp.o ip_nat_proto_icmp.o |
| 8 | 16 | nf_nat-objs := nf_nat_core.o nf_nat_helper.o nf_nat_proto_unknown.o nf_nat_proto_tcp.o nf_nat_proto_udp.o nf_nat_proto_icmp.o |
| 9 | 17 | ifneq ($(CONFIG_NF_NAT),) |
| ... | ... | @@ -20,6 +28,8 @@ |
| 20 | 28 | |
| 21 | 29 | # connection tracking |
| 22 | 30 | obj-$(CONFIG_IP_NF_CONNTRACK) += ip_conntrack.o |
| 31 | +obj-$(CONFIG_NF_CONNTRACK_IPV4) += nf_conntrack_ipv4.o | |
| 32 | + | |
| 23 | 33 | obj-$(CONFIG_IP_NF_NAT) += ip_nat.o |
| 24 | 34 | obj-$(CONFIG_NF_NAT) += nf_nat.o |
| 25 | 35 | |
| ... | ... | @@ -105,15 +115,4 @@ |
| 105 | 115 | obj-$(CONFIG_IP_NF_ARPFILTER) += arptable_filter.o |
| 106 | 116 | |
| 107 | 117 | obj-$(CONFIG_IP_NF_QUEUE) += ip_queue.o |
| 108 | - | |
| 109 | -# objects for l3 independent conntrack | |
| 110 | -nf_conntrack_ipv4-objs := nf_conntrack_l3proto_ipv4.o nf_conntrack_proto_icmp.o | |
| 111 | -ifeq ($(CONFIG_NF_CONNTRACK_PROC_COMPAT),y) | |
| 112 | -ifeq ($(CONFIG_PROC_FS),y) | |
| 113 | -nf_conntrack_ipv4-objs += nf_conntrack_l3proto_ipv4_compat.o | |
| 114 | -endif | |
| 115 | -endif | |
| 116 | - | |
| 117 | -# l3 independent conntrack | |
| 118 | -obj-$(CONFIG_NF_CONNTRACK_IPV4) += nf_conntrack_ipv4.o |