diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2010-03-25 11:17:26 +0100 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-03-25 11:17:26 +0100 |
commit | 9c13886665c43600bd0af4b38e33c654e648e078 (patch) | |
tree | edbcf36e1861c0c65ef0d1f0c0c1324da79d2f53 /ipc | |
parent | 55e0d7cf279177dfe320f54816320558bc370f24 (diff) |
netfilter: ip6table_raw: fix table priority
The order of the IPv6 raw table is currently reversed, that makes impossible
to use the NOTRACK target in IPv6: for example if someone enters
ip6tables -t raw -A PREROUTING -p tcp --dport 80 -j NOTRACK
and if we receive fragmented packets then the first fragment will be
untracked and thus skip nf_ct_frag6_gather (and conntrack), while all
subsequent fragments enter nf_ct_frag6_gather and reassembly will never
successfully be finished.
Singed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'ipc')
0 files changed, 0 insertions, 0 deletions