Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

对于5元组没有变化的连接,前后两次SNAT出接口变化后,CT表无法及时删除失效的跟踪连接,导致新的NAT会话失败 #19

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

对于5元组没有变化的连接,前后两次SNAT出接口变化后,CT表无法及时删除失效的跟踪连接,导致新的NAT会话失败 #19

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions xt_FULLCONENAT.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -467,6 +467,7 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p
struct nf_conn *ct;
enum ip_conntrack_info ctinfo;
struct nf_conntrack_tuple *ct_tuple, *ct_tuple_origin;
struct nf_conn_nat *nat;

struct net_device *net_dev;

Expand Down Expand Up @@ -496,6 +497,7 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p
ct = nf_ct_get(skb, &ctinfo);
net = nf_ct_net(ct);
zone = nf_ct_zone(ct);
nat = nfct_nat(ct);

memset(&newrange.min_addr, 0, sizeof(newrange.min_addr));
memset(&newrange.max_addr, 0, sizeof(newrange.max_addr));
Expand Down Expand Up @@ -590,6 +592,8 @@ static unsigned int fullconenat_tg(struct sk_buff *skb, const struct xt_action_p
}
}

nat->masq_index = ifindex;

new_ip = get_device_ip(skb->dev);
newrange.min_addr.ip = new_ip;
newrange.max_addr.ip = new_ip;
Expand Down