tags/2.6.13-4/1017_2_netfilter-fix-dhcp-masquerade-problem.patch

From stable-bounces@linux.kernel.org  Tue Sep 13 00:37:52 2005
Date: Tue, 13 Sep 2005 09:37:22 +0200
From: Patrick McHardy <kaber@trash.net>
To: "David S. Miller" <davem@davemloft.net>
Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>,
        stable@kernel.org
Subject: [NETFILTER]: Fix DHCP + MASQUERADE problem

In 2.6.13-rcX the MASQUERADE target was changed not to exclude local
packets for better source address consistency. This breaks DHCP clients
using UDP sockets when the DHCP requests are caught by a MASQUERADE rule
because the MASQUERADE target drops packets when no address is configured
on the outgoing interface. This patch makes it ignore packets with a
source address of 0.

Thanks to Rusty for this suggestion.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Chris Wright <chrisw@osdl.org>
---
 net/ipv4/netfilter/ipt_MASQUERADE.c |    6 ++++++
 1 files changed, 6 insertions(+)

Index: linux-2.6.13.y/net/ipv4/netfilter/ipt_MASQUERADE.c
===================================================================
--- linux-2.6.13.y.orig/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ linux-2.6.13.y/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -95,6 +95,12 @@ masquerade_target(struct sk_buff **pskb,
        IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
                            || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
 
+       /* Source address is 0.0.0.0 - locally generated packet that is
+        * probably not supposed to be masqueraded.
+        */
+       if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip == 0)
+               return NF_ACCEPT;
+
        mr = targinfo;
        rt = (struct rtable *)(*pskb)->dst;
        newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
1	From stable-bounces@linux.kernel.org Tue Sep 13 00:37:52 2005
2	Date: Tue, 13 Sep 2005 09:37:22 +0200
3	From: Patrick McHardy <kaber@trash.net>
4	To: "David S. Miller" <davem@davemloft.net>
5	Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>,
6	stable@kernel.org
7	Subject: [NETFILTER]: Fix DHCP + MASQUERADE problem
8
9	In 2.6.13-rcX the MASQUERADE target was changed not to exclude local
10	packets for better source address consistency. This breaks DHCP clients
11	using UDP sockets when the DHCP requests are caught by a MASQUERADE rule
12	because the MASQUERADE target drops packets when no address is configured
13	on the outgoing interface. This patch makes it ignore packets with a
14	source address of 0.
15
16	Thanks to Rusty for this suggestion.
17
18	Signed-off-by: Patrick McHardy <kaber@trash.net>
19	Signed-off-by: Chris Wright <chrisw@osdl.org>
20	---
21	net/ipv4/netfilter/ipt_MASQUERADE.c \| 6 ++++++
22	1 files changed, 6 insertions(+)
23
24	Index: linux-2.6.13.y/net/ipv4/netfilter/ipt_MASQUERADE.c
25	===================================================================
26	--- linux-2.6.13.y.orig/net/ipv4/netfilter/ipt_MASQUERADE.c
27	+++ linux-2.6.13.y/net/ipv4/netfilter/ipt_MASQUERADE.c
28	@@ -95,6 +95,12 @@ masquerade_target(struct sk_buff **pskb,
29	IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW \|\| ctinfo == IP_CT_RELATED
30	\|\| ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
31
32	+ /* Source address is 0.0.0.0 - locally generated packet that is
33	+ * probably not supposed to be masqueraded.
34	+ */
35	+ if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip == 0)
36	+ return NF_ACCEPT;
37	+
38	mr = targinfo;
39	rt = (struct rtable )(pskb)->dst;
40	newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);