[PATCH 2.6 4/5]: Apply PRE_ROUTING manips in LOCAL_OUT for locally generated icmp errors

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 2.6 4/5]: Apply PRE_ROUTING manips in LOCAL_OUT for locally generated icmp errors
@ 2004-11-28 23:29 Patrick McHardy
  0 siblings, 0 replies; only message in thread
From: Patrick McHardy @ 2004-11-28 23:29 UTC (permalink / raw)
  To: David S. Miller; +Cc: Netfilter Development Mailinglist

[-- Attachment #1: Type: text/plain, Size: 324 bytes --]

Locally generated ICMP errors to a non-local IP never hit PRE_ROUTING,
their PRE_ROUTING manips need to be applied in LOCAL_OUT. ICMP errors
for localhost have them applied twice with this patch, but it doesn't
break anything and the next patch avoids it again. Fixes incorrectly
addressed ICMP errors for SNATed packets.



[-- Attachment #2: 04.diff --]
[-- Type: text/x-patch, Size: 1529 bytes --]

# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
#   2004/11/27 13:26:24+01:00 kaber@coreworks.de 
#   [NETFILTER]: Apply PRE_ROUTING manips in LOCAL_OUT for locally generated icmp errors
#   
#   Locally generated ICMP errors never hit PRE_ROUTING. Fixes invalid
#   addressed ICMP errors for SNATed packets.
#   
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
# net/ipv4/netfilter/ip_nat_core.c
#   2004/11/27 13:26:17+01:00 kaber@coreworks.de +8 -0
#   [NETFILTER]: Apply PRE_ROUTING manips in LOCAL_OUT for locally generated icmp errors
#   
#   Locally generated ICMP errors never hit PRE_ROUTING. Fixes invalid
#   addressed ICMP errors for SNATed packets.
#   
#   Signed-off-by: Patrick McHardy <kaber@trash.net>
# 
diff -Nru a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
--- a/net/ipv4/netfilter/ip_nat_core.c	2004-11-28 21:36:49 +01:00
+++ b/net/ipv4/netfilter/ip_nat_core.c	2004-11-28 21:36:49 +01:00
@@ -880,6 +880,14 @@
 		/* Mapping the inner packet is just like a normal packet, except
 		 * it was never src/dst reversed, so where we would normally
 		 * apply a dst manip, we apply a src, and vice versa. */
+
+		/* Only true for forwarded packets, locally generated packets
+		 * never hit PRE_ROUTING, we need to apply their PRE_ROUTING
+		 * manips in LOCAL_OUT. */
+		if (hooknum == NF_IP_LOCAL_OUT &&
+		    info->manips[i].hooknum == NF_IP_PRE_ROUTING)
+			hooknum = info->manips[i].hooknum;
+
 		if (info->manips[i].hooknum != hooknum)
 			continue;
 

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2004-11-28 23:29 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-11-28 23:29 [PATCH 2.6 4/5]: Apply PRE_ROUTING manips in LOCAL_OUT for locally generated icmp errors Patrick McHardy

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.