From: Patrick McHardy <kaber@trash.net>
To: davem@davemloft.net
Cc: netfilter-devel@lists.netfilter.org, Patrick McHardy <kaber@trash.net>
Subject: [NETFILTER 02/05]: Fix routing of REJECT target generated packets in output chain
Date: Thu, 4 Jan 2007 19:38:23 +0100 (MET) [thread overview]
Message-ID: <20070104183823.18369.30449.sendpatchset@localhost.localdomain> (raw)
In-Reply-To: <20070104183820.18369.3658.sendpatchset@localhost.localdomain>
[NETFILTER]: Fix routing of REJECT target generated packets in output chain
Packets generated by the REJECT target in the output chain have a local
destination address and a foreign source address. Make sure not to use
the foreign source address for the output route lookup.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit d07cae9fdafe28018fc58dadf7ae5666b324e4e3
tree f60015bbfd8da9d62479f10cc35328f71f20a792
parent 50d2d72a7a584d3562c320c0d3a0f529c4c02e45
author Patrick McHardy <kaber@trash.net> Thu, 04 Jan 2007 19:25:53 +0100
committer Patrick McHardy <kaber@trash.net> Thu, 04 Jan 2007 19:25:53 +0100
net/ipv4/netfilter.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index a689660..c47ce70 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -15,16 +15,19 @@ int ip_route_me_harder(struct sk_buff **
struct flowi fl = {};
struct dst_entry *odst;
unsigned int hh_len;
+ unsigned int type;
+ type = inet_addr_type(iph->saddr);
if (addr_type == RTN_UNSPEC)
- addr_type = inet_addr_type(iph->saddr);
+ addr_type = type;
/* some non-standard hacks like ipt_REJECT.c:send_reset() can cause
* packets with foreign saddr to appear on the NF_IP_LOCAL_OUT hook.
*/
if (addr_type == RTN_LOCAL) {
fl.nl_u.ip4_u.daddr = iph->daddr;
- fl.nl_u.ip4_u.saddr = iph->saddr;
+ if (type == RTN_LOCAL)
+ fl.nl_u.ip4_u.saddr = iph->saddr;
fl.nl_u.ip4_u.tos = RT_TOS(iph->tos);
fl.oif = (*pskb)->sk ? (*pskb)->sk->sk_bound_dev_if : 0;
fl.mark = (*pskb)->mark;
next prev parent reply other threads:[~2007-01-04 18:38 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-01-04 18:38 [NETFILTER 00/05]: Netfilter fixes Patrick McHardy
2007-01-04 18:38 ` [NETFILTER 01/05]: compat offsets size change Patrick McHardy
2007-01-04 20:14 ` David Miller
2007-01-04 18:38 ` Patrick McHardy [this message]
2007-01-04 20:15 ` [NETFILTER 02/05]: Fix routing of REJECT target generated packets in output chain David Miller
2007-01-04 18:38 ` [NETFILTER 03/05]: New connection tracking is not EXPERIMENTAL anymore Patrick McHardy
2007-01-04 20:16 ` David Miller
2007-01-04 18:38 ` [NETFILTER 04/05]: nf_nat: fix MASQUERADE crash on device down Patrick McHardy
2007-01-04 20:17 ` David Miller
2007-01-04 18:38 ` [NETFILTER 05/05]: ebtables: don't compute gap before checking struct type Patrick McHardy
2007-01-04 20:18 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070104183823.18369.30449.sendpatchset@localhost.localdomain \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.