[NETFILTER]: nf_conntrack_pptp: fix NAT setup of expected GRE connections
authorPatrick McHardy <kaber@trash.net>
Fri, 26 Jan 2007 09:07:59 +0000 (01:07 -0800)
committerDavid S. Miller <davem@davemloft.net>
Fri, 26 Jan 2007 09:07:59 +0000 (01:07 -0800)
When an expected connection arrives, the NAT helper should be called to
set up NAT similar to the master connection. The PPTP conntrack helper
incorrectly checks whether the _expected_ connection has NAT setup before
calling the NAT helper (which is never the case), instead of checkeing
whether the _master_ connection is NATed.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/netfilter/nf_conntrack_pptp.c

index f0ff00e0d05210a479cccea7ac1548a3f2ee84ac..c59df3bc2bbd41d2c0a3239670c6ef6aa8ab5abb 100644 (file)
@@ -113,7 +113,7 @@ static void pptp_expectfn(struct nf_conn *ct,
 
        rcu_read_lock();
        nf_nat_pptp_expectfn = rcu_dereference(nf_nat_pptp_hook_expectfn);
 
        rcu_read_lock();
        nf_nat_pptp_expectfn = rcu_dereference(nf_nat_pptp_hook_expectfn);
-       if (nf_nat_pptp_expectfn && ct->status & IPS_NAT_MASK)
+       if (nf_nat_pptp_expectfn && ct->master->status & IPS_NAT_MASK)
                nf_nat_pptp_expectfn(ct, exp);
        else {
                struct nf_conntrack_tuple inv_t;
                nf_nat_pptp_expectfn(ct, exp);
        else {
                struct nf_conntrack_tuple inv_t;