[PATCH 4/5]: Apply PRE_ROUTING manips in LOCAL_OUT for locally generated icm p errors p errors

[PATCH 4/5]: Apply PRE_ROUTING manips in LOCAL_OUT for locally generated icm p errors p errors

[Patrick McHardy]

[-- Attachment #1: Type: text/plain, Size: 144 bytes --]

Locally generated ICMP errors never hit PRE_ROUTING, apply their
manips in LOCAL_OUT. Fixes invalid addresses ICMP errors for SNATed
packets.



[-- Attachment #2: 04.diff --]
[-- Type: text/x-patch, Size: 1529 bytes --]

# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2004/11/27 13:26:24+01:00 kaber@coreworks.de 
#   [NETFILTER]: Apply PRE_ROUTING manips in LOCAL_OUT for locally generated icmp errors
#   
#   Locally generated ICMP errors never hit PRE_ROUTING. Fixes invalid
#   addressed ICMP errors for SNATed packets.
#   
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
# net/ipv4/netfilter/ip_nat_core.c
#   2004/11/27 13:26:17+01:00 kaber@coreworks.de +8 -0
#   [NETFILTER]: Apply PRE_ROUTING manips in LOCAL_OUT for locally generated icmp errors
#   
#   Locally generated ICMP errors never hit PRE_ROUTING. Fixes invalid
#   addressed ICMP errors for SNATed packets.
#   
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
diff -Nru a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
--- a/net/ipv4/netfilter/ip_nat_core.c	2004-11-27 13:37:53 +01:00
+++ b/net/ipv4/netfilter/ip_nat_core.c	2004-11-27 13:37:53 +01:00
@@ -880,6 +880,14 @@
 		/* Mapping the inner packet is just like a normal packet, except
 		 * it was never src/dst reversed, so where we would normally
 		 * apply a dst manip, we apply a src, and vice versa. */
+
+		/* Only true for forwarded packets, locally generated packets
+		 * never hit PRE_ROUTING, we need to apply their PRE_ROUTING
+		 * manips in LOCAL_OUT. */
+		if (hooknum == NF_IP_LOCAL_OUT &&
+		    info->manips[i].hooknum == NF_IP_PRE_ROUTING)
+			hooknum = info->manips[i].hooknum;
+
 		if (info->manips[i].hooknum != hooknum)
 			continue;