From ffed53d25bf36efb0571f7d9109f2e95df7f8b33 Mon Sep 17 00:00:00 2001
From: Patrick McHardy <kaber@trash.net>
Date: Tue, 9 Jan 2007 14:33:49 -0800
Subject: [PATCH] [NETFILTER]: nf_nat: fix hanging connections when loading the
 NAT module

When loading the NAT module, existing connection tracking entries don't
have room for NAT information allocated and packets are dropped, causing
hanging connections. They really should be entered into the NAT table
as NULL mappings, but the current allocation scheme doesn't allow this.

For now simply accept those packets to avoid the hanging connections.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
 net/ipv4/netfilter/nf_nat_standalone.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index 730a7a44c883f0..00d6dea9f7f344 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -123,7 +123,7 @@ nf_nat_fn(unsigned int hooknum,
 
 	nat = nfct_nat(ct);
 	if (!nat)
-		return NF_DROP;
+		return NF_ACCEPT;
 
 	switch (ctinfo) {
 	case IP_CT_RELATED:
-- 
GitLab