From 422859bf8d5e41c78b9f24588711d68086f21dcf Mon Sep 17 00:00:00 2001 From: Chris Wright Date: Tue, 13 Sep 2005 09:45:52 -0700 Subject: [PATCH] Add fix for DHCP + MASQUERADE problem --- ...etfilter-fix-dhcp-masquerade-problem.patch | 40 +++++++++++++++++++ queue/series | 1 + 2 files changed, 41 insertions(+) create mode 100644 queue/netfilter-fix-dhcp-masquerade-problem.patch diff --git a/queue/netfilter-fix-dhcp-masquerade-problem.patch b/queue/netfilter-fix-dhcp-masquerade-problem.patch new file mode 100644 index 00000000000..05230d81b3e --- /dev/null +++ b/queue/netfilter-fix-dhcp-masquerade-problem.patch @@ -0,0 +1,40 @@ +From stable-bounces@linux.kernel.org Tue Sep 13 00:37:52 2005 +Date: Tue, 13 Sep 2005 09:37:22 +0200 +From: Patrick McHardy +To: "David S. Miller" +Cc: Netfilter Development Mailinglist , + stable@kernel.org +Subject: [NETFILTER]: Fix DHCP + MASQUERADE problem + +In 2.6.13-rcX the MASQUERADE target was changed not to exclude local +packets for better source address consistency. This breaks DHCP clients +using UDP sockets when the DHCP requests are caught by a MASQUERADE rule +because the MASQUERADE target drops packets when no address is configured +on the outgoing interface. This patch makes it ignore packets with a +source address of 0. + +Thanks to Rusty for this suggestion. + +Signed-off-by: Patrick McHardy +Signed-off-by: Chris Wright +--- + net/ipv4/netfilter/ipt_MASQUERADE.c | 6 ++++++ + 1 files changed, 6 insertions(+) + +Index: linux-2.6.13.y/net/ipv4/netfilter/ipt_MASQUERADE.c +=================================================================== +--- linux-2.6.13.y.orig/net/ipv4/netfilter/ipt_MASQUERADE.c ++++ linux-2.6.13.y/net/ipv4/netfilter/ipt_MASQUERADE.c +@@ -95,6 +95,12 @@ masquerade_target(struct sk_buff **pskb, + IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED + || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY)); + ++ /* Source address is 0.0.0.0 - locally generated packet that is ++ * probably not supposed to be masqueraded. ++ */ ++ if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.ip == 0) ++ return NF_ACCEPT; ++ + mr = targinfo; + rt = (struct rtable *)(*pskb)->dst; + newsrc = inet_select_addr(out, rt->rt_gateway, RT_SCOPE_UNIVERSE); diff --git a/queue/series b/queue/series index d59e0c94718..868badb0d68 100644 --- a/queue/series +++ b/queue/series @@ -2,3 +2,4 @@ forcedeth-init-link-settings-in-nv_open.patch hpt366-write-dword-not-byte-for-ROM-resource.patch sungem-enable-and-map-pci-rom-properly.patch sunhme-enable-and-map-pci-rom-properly.patch +netfilter-fix-dhcp-masquerade-problem.patch -- 2.47.3