patch-2.4.23 linux-2.4.23/net/ipv4/netfilter/ipt_MASQUERADE.c

Next file: linux-2.4.23/net/ipv4/netfilter/ipt_REDIRECT.c
Previous file: linux-2.4.23/net/ipv4/netfilter/ipt_LOG.c
Back to the patch index
Back to the overall index

Lines: 25
Date: 2003-11-28 10:26:21.000000000 -0800
Orig file: linux-2.4.22/net/ipv4/netfilter/ipt_MASQUERADE.c
Orig date: 2001-09-30 12:26:08.000000000 -0700


diff -urN linux-2.4.22/net/ipv4/netfilter/ipt_MASQUERADE.c linux-2.4.23/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -87,13 +87,21 @@
 	key.dst = (*pskb)->nh.iph->daddr;
 	key.src = 0; /* Unknown: that's what we're trying to establish */
 	key.tos = RT_TOS((*pskb)->nh.iph->tos)|RTO_CONN;
-	key.oif = out->ifindex;
+	key.oif = 0;
 #ifdef CONFIG_IP_ROUTE_FWMARK
 	key.fwmark = (*pskb)->nfmark;
 #endif
 	if (ip_route_output_key(&rt, &key) != 0) {
-		/* Shouldn't happen */
-		printk("MASQUERADE: No route: Rusty's brain broke!\n");
+                /* Funky routing can do this. */
+                if (net_ratelimit())
+                        printk("MASQUERADE:"
+                               " No route: Rusty's brain broke!\n");
+                return NF_DROP;
+        }
+        if (rt->u.dst.dev != out) {
+                if (net_ratelimit())
+                        printk("MASQUERADE:"
+                               " Route sent us somewhere else.\n");
 		return NF_DROP;
 	}

FUNET's LINUX-ADM group, linux-adm@nic.funet.fi

TCL-scripts by Sam Shen (who was at: slshen@lbl.gov)