[NETFILTER]: nf_nat: fix hanging connections when loading the NAT module

When loading the NAT module, existing connection tracking entries don't
have room for NAT information allocated and packets are dropped, causing
hanging connections. They really should be entered into the NAT table
as NULL mappings, but the current allocation scheme doesn't allow this.

For now simply accept those packets to avoid the hanging connections.

Signed-off-by: Patrick McHardy <[email protected]>
Signed-off-by: David S. Miller <[email protected]>

diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index 730a7a44c883f0247c40e84348c8c953859b15c6..00d6dea9f7f3440aa1b6369a09f790e87e6ef72d 100644 (file)
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -123,7 +123,7 @@ nf_nat_fn(unsigned int hooknum,
 
        nat = nfct_nat(ct);
        if (!nat)
-               return NF_DROP;
+               return NF_ACCEPT;
 
        switch (ctinfo) {
        case IP_CT_RELATED: