[NETFILTER]: NAT range calculation fix.

This patch fixes a logic bug in NAT range calculations, which also causes a large slowdown when ICMP floods go through NAT. Author: Karlis Peisenieks
author: Harald Welte <laforge@netfilter.org> 2003-09-03 14:09:48 -0700
committer: Hideaki Yoshifuji <yoshfuji@linux-ipv6.org> 2003-09-03 14:09:48 -0700
commit: 874610601f16fa55e49ffc218e60c22aa42f759d (patch)
tree: fefdc1fb764a96c7e541d054a3a8f22e6aec2a9d
parent: df428c064ee55f80b0e1e37ade3a6f102f50ab2b (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
index a9f726b10a46..249c8e66f5aa 100644
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -157,8 +157,8 @@ in_range(const struct ip_conntrack_tuple *tuple,
 				continue;
 		}
 
-		if ((mr->range[i].flags & IP_NAT_RANGE_PROTO_SPECIFIED)
-		    && proto->in_range(&newtuple, IP_NAT_MANIP_SRC,
+		if (!(mr->range[i].flags & IP_NAT_RANGE_PROTO_SPECIFIED)
+		    || proto->in_range(&newtuple, IP_NAT_MANIP_SRC,
 				       &mr->range[i].min, &mr->range[i].max))
 			return 1;
 	}
author	Harald Welte <laforge@netfilter.org>	2003-09-03 14:09:48 -0700
committer	Hideaki Yoshifuji <yoshfuji@linux-ipv6.org>	2003-09-03 14:09:48 -0700
commit	874610601f16fa55e49ffc218e60c22aa42f759d (patch)
tree	fefdc1fb764a96c7e541d054a3a8f22e6aec2a9d
parent	df428c064ee55f80b0e1e37ade3a6f102f50ab2b (diff)