| Submitter | Tomasz Bursztyka |
|---|---|
| Date | Nov. 16, 2012, 7:42 a.m. |
| Message ID | <1353051779-21341-1-git-send-email-tomasz.bursztyka@linux.intel.com> |
| Download | mbox | patch |
| Permalink | /patch/199504/ |
| State | Accepted |
| Headers | show |
Comments
On Fri, Nov 16, 2012 at 09:42:59AM +0200, Tomasz Bursztyka wrote: > A left-over from IPv4 NAT which was not detected at first since > CONFIG_NETFILTER_DEBUG was not enabled when compiling. Applied, thanks for your quick reply Tomasz. Note that I've renamed nf_tables-experiments branch to nf_tables8, so the former does not exist anymore. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Patch
diff --git a/net/ipv6/netfilter/nft_chain_nat_ipv6.c b/net/ipv6/netfilter/nft_chain_nat_ipv6.c index c585807..bc2f351 100644 --- a/net/ipv6/netfilter/nft_chain_nat_ipv6.c +++ b/net/ipv6/netfilter/nft_chain_nat_ipv6.c @@ -45,8 +45,6 @@ static unsigned int nf_nat_ipv6_fn(const struct nf_hook_ops *ops, if (ct == NULL || nf_ct_is_untracked(ct)) return NF_ACCEPT; - NF_CT_ASSERT(!(ip_hdr(skb)->frag_off & htons(IP_MF | IP_OFFSET))); - nat = nfct_nat(ct); if (nat == NULL) { /* Conntrack module was loaded late, can't add extension. */
A left-over from IPv4 NAT which was not detected at first since CONFIG_NETFILTER_DEBUG was not enabled when compiling. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> --- net/ipv6/netfilter/nft_chain_nat_ipv6.c | 2 -- 1 file changed, 2 deletions(-)