git://ftp.safe.ca / safe / jmp / linux-2.6 / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
[NETFILTER]: Call POST_ROUTING hook before fragmentation
[safe/jmp/linux-2.6] / net / ipv4 / netfilter / ip_nat_standalone.c
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index 30cd4e1..f04111f 100644 (file)
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -190,23 +190,6 @@ ip_nat_out(unsigned int hooknum,
            || (*pskb)->nh.iph->ihl * 4 < sizeof(struct iphdr))
                return NF_ACCEPT;
 
-       /* We can hit fragment here; forwarded packets get
-          defragmented by connection tracking coming in, then
-          fragmented (grr) by the forward code.
-
-          In future: If we have nfct != NULL, AND we have NAT
-          initialized, AND there is no helper, then we can do full
-          NAPT on the head, and IP-address-only NAT on the rest.
-
-          I'm starting to have nightmares about fragments.  */
-
-       if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
-               *pskb = ip_ct_gather_frags(*pskb, IP_DEFRAG_NAT_OUT);
-
-               if (!*pskb)
-                       return NF_STOLEN;
-       }
-
        return ip_nat_fn(hooknum, pskb, in, out, okfn);
 }
 
Full containers within linux kernel