8c87238b72
Adding extensions to confirmed conntracks is not allowed to avoid races on reallocation. Don't setup NAT for confirmed conntracks in case NAT module is loaded late. The has one side-effect, the connections existing before the NAT module was loaded won't enter the bysource hash. The only case where this actually makes a difference is in case of SNAT to a multirange where the IP before NAT is also part of the range. Since old connections don't enter the bysource hash the first new connection from the IP will have a new address selected. This shouldn't matter at all. Signed-off-by: Patrick McHardy <kaber@trash.net> |
||
|---|---|---|
| .. | ||
| ipv4 | ||
| ipv6 | ||
| nf_conntrack_core.h | ||
| nf_conntrack_ecache.h | ||
| nf_conntrack_expect.h | ||
| nf_conntrack_extend.h | ||
| nf_conntrack_helper.h | ||
| nf_conntrack_l3proto.h | ||
| nf_conntrack_l4proto.h | ||
| nf_conntrack_tuple.h | ||
| nf_conntrack.h | ||
| nf_log.h | ||
| nf_nat_core.h | ||
| nf_nat_helper.h | ||
| nf_nat_protocol.h | ||
| nf_nat_rule.h | ||
| nf_nat.h | ||
| nf_queue.h | ||
| xt_rateest.h | ||