Fabian Bläse <fabian@xxxxxxxxx> wrote:
> To avoid unnecessary translations, I suggested the direction-specific checks.
> Another option is to simplify them to:
>
> if (!(ct->status & IPS_NAT_MASK)) { … }
Yes, you can update the test from
if (!ct || !(ct->status & IPS_SRC_NAT)) {
to
if (!ct || !(ct->status & IPS_NAT_MASK)) {
Not related to your change:
I suspect there is a very small risk that kcsan could report a data
race here, given ct->status can be modified on other CPU.
But maybe, while at it, replace this with
READ_ONCE(ct->status) & ...
> Correct — the change not only fixes SNAT-in-reply handling, but also adds
> proper handling for DNAT in the reply direction, which was missing entirely.
> I will update the commit message to reflect this.
Thanks!
