netfilter: nat: avoid use of nf_conn_nat extension

successful insert into the bysource hash sets IPS_SRC_NAT_DONE status bit so we can check that instead of presence of nat extension which requires extra deref. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2017-03-28 10:31:03 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-04-06 22:01:42 +0200
commit: 6e699867f84c0f358fed233fe6162173aca28e04 (patch)
tree: 28372ccf2da90f7faf02809c21e7a77c943c3478 /net/netfilter/nf_conntrack_core.c
parent: cba81cc4c95fefa4805163bb19c0f43d2a8ca52c (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 3d621b8d7b8a..bcf1d2a6539e 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -706,7 +706,7 @@ static int nf_ct_resolve_clash(struct net *net, struct sk_buff *skb,
 
 	l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct));
 	if (l4proto->allow_clash &&
-	    !nfct_nat(ct) &&
+	    ((ct->status & IPS_NAT_DONE_MASK) == 0) &&
 	    !nf_ct_is_dying(ct) &&
 	    atomic_inc_not_zero(&ct->ct_general.use)) {
 		enum ip_conntrack_info oldinfo;
author	Florian Westphal <fw@strlen.de>	2017-03-28 10:31:03 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-04-06 22:01:42 +0200
commit	6e699867f84c0f358fed233fe6162173aca28e04 (patch)
tree	28372ccf2da90f7faf02809c21e7a77c943c3478 /net/netfilter/nf_conntrack_core.c
parent	cba81cc4c95fefa4805163bb19c0f43d2a8ca52c (diff)