[NETFILTER]: Release dst_entry in PRE_ROUTING after NAT

Fixes NAT on loopback. Signed-off-by: Patrick McHardy <kaber@trash.net>

[NETFILTER]: Release dst_entry in PRE_ROUTING after NAT
Fixes NAT on loopback. Signed-off-by: Patrick McHardy <kaber@trash.net>
0b79316c · Patrick McHardy · David S. Miller · 946cead0 · 0b79316c
Commit 0b79316c authored Nov 27, 2004 by Patrick McHardy Committed by David S. Miller Nov 27, 2004
Show whitespace changes
Inline Side-by-side

Showing with 24 additions and 1 deletion

net/ipv4/netfilter/ip_nat_standalone.c net/ipv4/netfilter/ip_nat_standalone.c +24 -1

No files found.
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -179,6 +179,29 @@ ip_nat_fn(unsigned int hooknum,
 	return do_bindings(ct, ctinfo, info, hooknum, pskb);
 }

+static unsigned int
+ip_nat_in(unsigned int hooknum,
+          struct sk_buff **pskb,
+          const struct net_device *in,
+          const struct net_device *out,
+          int (*okfn)(struct sk_buff *))
+{
+	u_int32_t saddr, daddr;
+	unsigned int ret;
+
+	saddr = (*pskb)->nh.iph->saddr;
+	daddr = (*pskb)->nh.iph->daddr;
+
+	ret = ip_nat_fn(hooknum, pskb, in, out, okfn);
+	if (ret != NF_DROP && ret != NF_STOLEN
+	    && ((*pskb)->nh.iph->saddr != saddr
+	        || (*pskb)->nh.iph->daddr != daddr)) {
+		dst_release((*pskb)->dst);
+		(*pskb)->dst = NULL;
+	}
+	return ret;
+}
+
 static unsigned int
 ip_nat_out(unsigned int hooknum,
 	   struct sk_buff **pskb,
@@ -243,7 +266,7 @@ ip_nat_local_fn(unsigned int hooknum,

 /* Before packet filtering, change destination */
 static struct nf_hook_ops ip_nat_in_ops = {
-	.hook		= ip_nat_fn,
+	.hook		= ip_nat_in,
 	.owner		= THIS_MODULE,
 	.pf		= PF_INET,
 	.hooknum	= NF_IP_PRE_ROUTING,