patch-2.4.23 linux-2.4.23/net/ipv4/netfilter/ipt_MASQUERADE.c
Next file: linux-2.4.23/net/ipv4/netfilter/ipt_REDIRECT.c
Previous file: linux-2.4.23/net/ipv4/netfilter/ipt_LOG.c
Back to the patch index
Back to the overall index
- Lines: 25
- Date:
2003-11-28 10:26:21.000000000 -0800
- Orig file:
linux-2.4.22/net/ipv4/netfilter/ipt_MASQUERADE.c
- Orig date:
2001-09-30 12:26:08.000000000 -0700
diff -urN linux-2.4.22/net/ipv4/netfilter/ipt_MASQUERADE.c linux-2.4.23/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -87,13 +87,21 @@
key.dst = (*pskb)->nh.iph->daddr;
key.src = 0; /* Unknown: that's what we're trying to establish */
key.tos = RT_TOS((*pskb)->nh.iph->tos)|RTO_CONN;
- key.oif = out->ifindex;
+ key.oif = 0;
#ifdef CONFIG_IP_ROUTE_FWMARK
key.fwmark = (*pskb)->nfmark;
#endif
if (ip_route_output_key(&rt, &key) != 0) {
- /* Shouldn't happen */
- printk("MASQUERADE: No route: Rusty's brain broke!\n");
+ /* Funky routing can do this. */
+ if (net_ratelimit())
+ printk("MASQUERADE:"
+ " No route: Rusty's brain broke!\n");
+ return NF_DROP;
+ }
+ if (rt->u.dst.dev != out) {
+ if (net_ratelimit())
+ printk("MASQUERADE:"
+ " Route sent us somewhere else.\n");
return NF_DROP;
}
FUNET's LINUX-ADM group, linux-adm@nic.funet.fi
TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)