Commit adcb5ad1 authored Sep 13, 2005 by Patrick McHardy Committed by David S. Miller Sep 13, 2005

[NETFILTER]: Fix DHCP + MASQUERADE problem



In 2.6.13-rcX the MASQUERADE target was changed not to exclude local
packets for better source address consistency. This breaks DHCP clients
using UDP sockets when the DHCP requests are caught by a MASQUERADE rule
because the MASQUERADE target drops packets when no address is configured
on the outgoing interface. This patch makes it ignore packets with a
source address of 0.

Thanks to Rusty for this suggestion.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent cd0bf2d7

net/ipv4/netfilter/ipt_MASQUERADE.c

+6 −0

Original line number	Diff line number	Diff line
		@@ -90,6 +90,12 @@ masquerade_target(struct sk_buff **pskb,
		IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW \|\| ctinfo == IP_CT_RELATED
		\|\| ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));

		/* Source address is 0.0.0.0 - locally generated packet that is
		* probably not supposed to be masqueraded.
		*/
		if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip == 0)
		return NF_ACCEPT;

		mr = targinfo;
		rt = (struct rtable )(pskb)->dst;
		newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);