diff options
author | Changli Gao <xiaosuo@gmail.com> | 2010-05-29 14:26:59 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-06-02 06:51:34 -0700 |
commit | 33c29dde7d04dc0ec0edb649d20ccf1351c13a06 (patch) | |
tree | 29c06e00942fc07554ebb918d7702d22eb8c7ff3 | |
parent | e3fe8558c7fc182972c3d947d88744482111f304 (diff) | |
download | op-kernel-dev-33c29dde7d04dc0ec0edb649d20ccf1351c13a06.zip op-kernel-dev-33c29dde7d04dc0ec0edb649d20ccf1351c13a06.tar.gz |
act_nat: fix the wrong checksum when addr isn't in old_addr/mask
fix the wrong checksum when addr isn't in old_addr/mask
For TCP and UDP packets, when addr isn't in old_addr/mask we don't do SNAT or
DNAT, and we should not update layer 4 checksum.
Signed-off-by: Changli Gao <xiaosuo@gmail.com>
----
net/sched/act_nat.c | 4 ++++
1 file changed, 4 insertions(+)
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/sched/act_nat.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/net/sched/act_nat.c b/net/sched/act_nat.c index d885ba3..5709494 100644 --- a/net/sched/act_nat.c +++ b/net/sched/act_nat.c @@ -159,6 +159,9 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a, iph->daddr = new_addr; csum_replace4(&iph->check, addr, new_addr); + } else if ((iph->frag_off & htons(IP_OFFSET)) || + iph->protocol != IPPROTO_ICMP) { + goto out; } ihl = iph->ihl * 4; @@ -247,6 +250,7 @@ static int tcf_nat(struct sk_buff *skb, struct tc_action *a, break; } +out: return action; drop: |