Revert "netfilter: bridge: query conntrack about skb dnat"
authorFlorian Westphal <fw@strlen.de>
Wed, 20 May 2015 11:42:25 +0000 (13:42 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Wed, 20 May 2015 11:51:25 +0000 (13:51 +0200)
commitfaecbb45ebefb20260ad4a631e011e93c896cb73
treeb03c38d28eb48c1ee2f64abb43338f7457ec95ad
parent1086bbe97a074844188c6c988fa0b1a98c3ccbb9
Revert "netfilter: bridge: query conntrack about skb dnat"

This reverts commit c055d5b03bb4cb69d349d787c9787c0383abd8b2.

There are two issues:
'dnat_took_place' made me think that this is related to
-j DNAT/MASQUERADE.

But thats only one part of the story.  This is also relevant for SNAT
when we undo snat translation in reverse/reply direction.

Furthermore, I originally wanted to do this mainly to avoid
storing ipv6 addresses once we make DNAT/REDIRECT work
for ipv6 on bridges.

However, I forgot about SNPT/DNPT which is stateless.

So we can't escape storing address for ipv6 anyway. Might as
well do it for ipv4 too.

Reported-and-tested-by: Bernhard Thaler <bernhard.thaler@wvnet.at>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/linux/skbuff.h
net/bridge/br_netfilter.c