--- /dev/null
+From stable-bounces@linux.kernel.org Tue Sep 13 00:37:52 2005
+Date: Tue, 13 Sep 2005 09:37:22 +0200
+From: Patrick McHardy <kaber@trash.net>
+To: "David S. Miller" <davem@davemloft.net>
+Cc: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>,
+ stable@kernel.org
+Subject: [NETFILTER]: Fix DHCP + MASQUERADE problem
+
+In 2.6.13-rcX the MASQUERADE target was changed not to exclude local
+packets for better source address consistency. This breaks DHCP clients
+using UDP sockets when the DHCP requests are caught by a MASQUERADE rule
+because the MASQUERADE target drops packets when no address is configured
+on the outgoing interface. This patch makes it ignore packets with a
+source address of 0.
+
+Thanks to Rusty for this suggestion.
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Chris Wright <chrisw@osdl.org>
+---
+ net/ipv4/netfilter/ipt_MASQUERADE.c | 6 ++++++
+ 1 files changed, 6 insertions(+)
+
+Index: linux-2.6.13.y/net/ipv4/netfilter/ipt_MASQUERADE.c
+===================================================================
+--- linux-2.6.13.y.orig/net/ipv4/netfilter/ipt_MASQUERADE.c
++++ linux-2.6.13.y/net/ipv4/netfilter/ipt_MASQUERADE.c
+@@ -95,6 +95,12 @@ masquerade_target(struct sk_buff **pskb,
+ IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
+ || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
+
++ /* Source address is 0.0.0.0 - locally generated packet that is
++ * probably not supposed to be masqueraded.
++ */
++ if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip == 0)
++ return NF_ACCEPT;
++
+ mr = targinfo;
+ rt = (struct rtable *)(*pskb)->dst;
+ newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE);
projects / thirdparty / kernel / stable-queue.git / commitdiff
