Linux kernel source tree https://git.amat.us/linux/atom/net/ipv4/netfilter?h=v2.6.13.2 2005-09-17T01:01:57Z 2005-09-17T01:01:57Z Patrick McHardy kaber@trash.net 2005-09-13T07:37:22Z urn:sha1:504b891bc7cc7fb76e3000b5fe91ca491eb773c5 In 2.6.13-rcX the MASQUERADE target was changed not to exclude local packets for better source address consistency. This breaks DHCP clients using UDP sockets when the DHCP requests are caught by a MASQUERADE rule because the MASQUERADE target drops packets when no address is configured on the outgoing interface. This patch makes it ignore packets with a source address of 0. Thanks to Rusty for this suggestion. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Chris Wright <chrisw@osdl.org> 2005-08-23T17:10:35Z Patrick McHardy kaber@trash.net 2005-08-23T17:10:35Z urn:sha1:66a79a19a7c582efd99bb143c3a59fbda006eb39 The checksum needs to be filled in on output, after mangling a packet ip_summed needs to be reset. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2005-08-21T00:40:41Z Patrick McHardy kaber@trash.net 2005-08-21T00:40:41Z urn:sha1:7e71af49d46e4c25f17a2c8f53d62ffd14f01007 Most importantly, remove bogus BUG() in receive path. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2005-08-21T00:39:15Z Patrick McHardy kaber@trash.net 2005-08-21T00:39:15Z urn:sha1:f93592ff4fa4a55aa7640d435fa93338e190294d Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2005-08-21T00:38:40Z Patrick McHardy kaber@trash.net 2005-08-21T00:38:40Z urn:sha1:fd841326d73096ad79be9c3fa348f9ad04541cc2 An incorrect check made it bail out before doing anything. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2005-08-08T18:48:28Z Harald Welte laforge@netfilter.org 2005-08-08T09:50:55Z urn:sha1:8b83bc77bf77cc8459cb94e52b08e775104c4c48 With the introduction of 'rustynat' in 2.6.11, the old tricks of preventing NAT of 'untracked' connections (e.g. NOTRACK target in 'raw' table) are no longer sufficient. The ip_conntrack_untracked.status |= IPS_NAT_DONE_MASK effectively prevents iteration of the 'nat' table, but doesn't prevent nat_packet() to be executed. Since nr_manips is gone in 'rustynat', nat_packet() now implicitly thinks that it has to do NAT on the packet. This patch fixes that problem by explicitly checking for ip_conntrack_untracked in ip_nat_fn(). Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org> 2005-07-31T00:44:07Z Harald Welte laforge@netfilter.org 2005-07-31T00:44:07Z urn:sha1:1f494c0e040b001cf844280910d04ba7ebdc2898 masq_index is used for cleanup in case the interface address changes (such as a dialup ppp link with dynamic addreses). Without this patch, slave connections are not evicted in such a case, since they don't inherit masq_index. Signed-off-by: Harald Welte <laforge@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2005-07-27T21:46:03Z Nick Sillik n.sillik@temple.edu 2005-07-27T21:46:03Z urn:sha1:7cee432a22bb328ea7a4012dacc5a3471fabeb07 Signed-off-by: Nick Sillik <n.sillik@temple.edu> Signed-off-by: David S. Miller <davem@davemloft.net> 2005-07-22T19:51:38Z Patrick McHardy kaber@trash.net 2005-07-22T19:51:38Z urn:sha1:74bb421da7f39e70ab636ad46ef85ea1178786c5 Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2005-07-22T19:51:03Z Patrick McHardy kaber@trash.net 2005-07-22T19:51:03Z urn:sha1:21f930e4abdcb9649f26e5b959c14dddee4e600b Fixes a crash when unloading ip_conntrack. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>