netfilter: nat: avoid use of nf_conn_nat extension

commit 6e699867f84c0f358fed233fe6162173aca28e04 upstream. successful insert into the bysource hash sets IPS_SRC_NAT_DONE status bit so we can check that instead of presence of nat extension which requires extra deref. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Florian Westphal <fw@strlen.de> 2017-03-28 10:31:03 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2017-11-18 11:22:24 +0100
commit: 25db12f1c584263f96e07cbeec3af75be3416baa (patch)
tree: 820cf8878c64137510836d8edb63ea046b694d2f /net/netfilter/nf_conntrack_core.c
parent: fd1ca9fea458ca5a846aa6e5f2203e7091be6107 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index ed9ce7c63252..750b8bf13e60 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -689,7 +689,7 @@ static int nf_ct_resolve_clash(struct net *net, struct sk_buff *skb,
 
 	l4proto = __nf_ct_l4proto_find(nf_ct_l3num(ct), nf_ct_protonum(ct));
 	if (l4proto->allow_clash &&
-	    !nfct_nat(ct) &&
+	    ((ct->status & IPS_NAT_DONE_MASK) == 0) &&
 	    !nf_ct_is_dying(ct) &&
 	    atomic_inc_not_zero(&ct->ct_general.use)) {
 		nf_ct_acct_merge(ct, ctinfo, (struct nf_conn *)skb->nfct);
author	Florian Westphal <fw@strlen.de>	2017-03-28 10:31:03 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2017-11-18 11:22:24 +0100
commit	25db12f1c584263f96e07cbeec3af75be3416baa (patch)
tree	820cf8878c64137510836d8edb63ea046b694d2f /net/netfilter/nf_conntrack_core.c
parent	fd1ca9fea458ca5a846aa6e5f2203e7091be6107 (diff)