[NETFILTER]: Handle NAT module load race
[linux-3.10.git] / net / ipv4 / netfilter / ip_nat_rule.c
index 60d70fa41a156a63bd4abb9a04a894297a8fa0d7..cb66b8bddeb3d63eb2ef23ee359a2491c6511c63 100644 (file)
@@ -255,6 +255,27 @@ alloc_null_binding(struct ip_conntrack *conntrack,
        return ip_nat_setup_info(conntrack, &range, hooknum);
 }
 
+unsigned int
+alloc_null_binding_confirmed(struct ip_conntrack *conntrack,
+                             struct ip_nat_info *info,
+                             unsigned int hooknum)
+{
+       u_int32_t ip
+               = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
+                  ? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.ip
+                  : conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip);
+       u_int16_t all
+               = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
+                  ? conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.all
+                  : conntrack->tuplehash[IP_CT_DIR_REPLY].tuple.src.u.all);
+       struct ip_nat_range range
+               = { IP_NAT_RANGE_MAP_IPS, ip, ip, { all }, { all } };
+
+       DEBUGP("Allocating NULL binding for confirmed %p (%u.%u.%u.%u)\n",
+              conntrack, NIPQUAD(ip));
+       return ip_nat_setup_info(conntrack, &range, hooknum);
+}
+
 int ip_nat_rule_find(struct sk_buff **pskb,
                     unsigned int hooknum,
                     const struct net_device *in,