From: Patrick McHardy <kaber@trash.net>
To: "David S. Miller" <davem@davemloft.net>
Cc: Netfilter Development Mailinglist
<netfilter-devel@lists.netfilter.org>,
stable@kernel.org
Subject: [NETFILTER 4/4]: Fix DHCP + MASQUERADE problem
Date: Tue, 13 Sep 2005 09:37:22 +0200 [thread overview]
Message-ID: <432681B2.8090908@trash.net> (raw)
[-- Attachment #1: Type: text/plain, Size: 213 bytes --]
This is the fix for the DHCP+MASQUERADE regression.
@the -stable people: please apply this patch to -stable.
To avoid confusion, only this patch (4/4) is meant for
-stable, the first three patches were not CCed.
[-- Attachment #2: 04.diff --]
[-- Type: text/x-patch, Size: 1604 bytes --]
[NETFILTER]: Fix DHCP + MASQUERADE problem
In 2.6.13-rcX the MASQUERADE target was changed not to exclude local
packets for better source address consistency. This breaks DHCP clients
using UDP sockets when the DHCP requests are caught by a MASQUERADE rule
because the MASQUERADE target drops packets when no address is configured
on the outgoing interface. This patch makes it ignore packets with a
source address of 0.
Thanks to Rusty for this suggestion.
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
commit 5048a58f5d9643ca88593cda13433006599b77d3
tree fec8093ebdf5c8f44c87492fadcedbb7ad40f6ae
parent 9af9e2ec732d00e62b458b46829bc696987d68af
author Patrick McHardy <kaber@trash.net> Tue, 13 Sep 2005 09:32:06 +0200
committer Patrick McHardy <kaber@trash.net> Tue, 13 Sep 2005 09:32:06 +0200
net/ipv4/netfilter/ipt_MASQUERADE.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -90,6 +90,12 @@ masquerade_target(struct sk_buff **pskb,
IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
|| ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
+ /* Source address is 0.0.0.0 - locally generated packet that is
+ * probably not supposed to be masqueraded.
+ */
+ if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip == 0)
+ return NF_ACCEPT;
+
mr = targinfo;
rt = (struct rtable *)(*pskb)->dst;
newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
next reply other threads:[~2005-09-13 7:37 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-13 7:37 Patrick McHardy [this message]
2005-09-13 20:49 ` [NETFILTER 4/4]: Fix DHCP + MASQUERADE problem David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=432681B2.8090908@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netfilter-devel@lists.netfilter.org \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.