[PATCH 3/3] netfilter: nat: don't assign a null snat rule to bridged traffic if no matching

From: Xiaoping Fan In some case, bridged packet will come back again for routing. When bridge netfilter is enabled, a null snat rule is assigned to bridged packet if no matching in nat chain. Then nat rule matching is skipped when packet comes back for routing. This result in private IP address e

[PATCH 2/3] netfilter: nat: snat created in route process just apply to routed traffic

From: Xiaoping Fan In some situations, packet goes through Linux twice, one for bridging, another for routing. If snat is created in bridging process, that means snat rule only matches bridged traffic. If snat is created in routing process, that means snat rule only matches routed traffic. If we

[PATCH 1/3] netfilter: nat: update hash bucket if nat changed after ct confirmed

From: Xiaoping Fan In some situations, NAT information is created after connection is confirmed. Since 5 tuple for reply direction is changed when creating NAT information, so we need to update hash bucket of connection. Signed-off-by: Xiaoping Fan --- include/net/netfilter/nf_conntrack.h | 5