[NETFILTER]: ctnetlink: add support for NAT sequence adjustments

The combination of NAT and helpers may produce TCP sequence adjustments. In failover setups, this information needs to be replicated in order to achieve a successful recovery of mangled, related connections. This patch is particularly useful for conntrackd, see: http://people.netfilter.org/pablo/conntrack-tools/ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2007-12-17 22:28:00 -0800
committer: David S. Miller <davem@davemloft.net> 2008-01-28 14:58:50 -0800
commit: 13eae15a244bb29beaa47bf86a24fd29ca7f8a4c (patch)
tree: 27a1a1e6498033c5aa440ced5242016fd808c560 /net/ipv4
parent: 170080645dac61816455afad807ffeb326ce79e8 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index 53f79a310b4..d24f3d94739 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -20,6 +20,7 @@
 #include <linux/netfilter_ipv4.h>
 #include <net/netfilter/nf_conntrack.h>
 #include <net/netfilter/nf_conntrack_helper.h>
+#include <net/netfilter/nf_conntrack_ecache.h>
 #include <net/netfilter/nf_conntrack_expect.h>
 #include <net/netfilter/nf_nat.h>
 #include <net/netfilter/nf_nat_protocol.h>
@@ -191,6 +192,8 @@ nf_nat_mangle_tcp_packet(struct sk_buff *skb,
 		/* Tell TCP window tracking about seq change */
 		nf_conntrack_tcp_update(skb, ip_hdrlen(skb),
 					ct, CTINFO2DIR(ctinfo));
+
+		nf_conntrack_event_cache(IPCT_NATSEQADJ, skb);
 	}
 	return 1;
 }
author	Pablo Neira Ayuso <pablo@netfilter.org>	2007-12-17 22:28:00 -0800
committer	David S. Miller <davem@davemloft.net>	2008-01-28 14:58:50 -0800
commit	13eae15a244bb29beaa47bf86a24fd29ca7f8a4c (patch)
tree	27a1a1e6498033c5aa440ced5242016fd808c560 /net/ipv4
parent	170080645dac61816455afad807ffeb326ce79e8 (diff)