Re: IP Masq In 2.2.14pre1

Juanjo Ciarlante (jjo@mendoza.gov.ar)
Tue, 26 Oct 1999 20:41:45 -0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Shawn Leas: "RE: Question on FFS support"
Previous message: sergey@memco.com: "How to hack it up ( Was: Anyway to mknod from kernel?)"

--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii

On Tue, Oct 26, 1999 at 06:37:24PM -0400, Rob Schmaling wrote:
> IP Masquerade apears not to be working in 2.2.14pre1. make oldconfig used
> from a masq-functional 2.2.13 x86 SMP machine. I've attached config for
> 2.2.14pre1.
>
> ip_forward is enabled, and ipchains forward 192.168.1.0/24 <internal
Yap... 14pre1 has my (incorrect) patch merged.
Backing out ip_forward changes (patch -R ... < masq.unpatch) should do it.
Also try attached patch (patch < masq.patch) by Joseph Gooch
which correctly deals with masq addresses used.

Regards

-- 
-- Juanjo       http://juanjox.kernelnotes.org/
            ... because there IS an OS that CAN follow your power 

--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="masq.patch"

diff -ru linux-2.2.13-vanilla/net/ipv4/ip_forward.c linux-2.2.13-ipmasq/net/ipv4/ip_forward.c
--- linux-2.2.13-vanilla/net/ipv4/ip_forward.c	Wed Oct 20 18:02:28 1999
+++ linux-2.2.13-ipmasq/net/ipv4/ip_forward.c	Sun Oct 24 14:07:41 1999
@@ -10,6 +10,7 @@
  * Authors:	see ip.c
  *
  * Fixes:
+ *		Joseph Gooch	:	Removed maddr selection for ip_masq, now done in ip_masq.c
  *		Many		:	Split from ip.c , see ip_input.c for 
  *					history.
  *		Dave Gregorich	:	NULL ip_rt_put fix for multicast 
@@ -168,7 +169,6 @@
 		 *	and skip the firewall checks
 		 */
 		if (iph->protocol == IPPROTO_ICMP) {
-			__u32 maddr;
 #ifdef CONFIG_IP_MASQUERADE_ICMP
 			struct icmphdr *icmph = (struct icmphdr *)((char*)iph + (iph->ihl << 2));
 			if ((icmph->type==ICMP_DEST_UNREACH)||
@@ -176,8 +176,7 @@
 			    (icmph->type==ICMP_TIME_EXCEEDED))
 			{
 #endif
-				maddr = rt->rt_src;
-				fw_res = ip_fw_masq_icmp(&skb, maddr);
+				fw_res = ip_fw_masquerade(&skb, 0);
 			        if (fw_res < 0) {
 					kfree_skb(skb);
 					return -1;
@@ -187,7 +186,7 @@
 					/* ICMP matched - skip firewall */
 					goto skip_call_fw_firewall;
 #ifdef CONFIG_IP_MASQUERADE_ICMP
-			       }
+			}
 #endif				
 		}
 		if (rt->rt_flags&RTCF_MASQ)
@@ -219,15 +218,11 @@
 	 */
 	if (!(IPCB(skb)->flags&IPSKB_MASQUERADED) &&
 	    (fw_res==FW_MASQUERADE || rt->rt_flags&RTCF_MASQ)) {
-		u32 maddr;
+		u32 maddr = 0;
 
 #ifdef CONFIG_IP_ROUTE_NAT
 		maddr = (rt->rt_flags&RTCF_MASQ) ? rt->rt_src_map : 0;
-
-		if (maddr == 0)
 #endif
-			maddr = rt->rt_src;
-
 			if (ip_fw_masquerade(&skb, maddr) < 0) {
 				kfree_skb(skb);
 				return -1;
diff -ru linux-2.2.13-vanilla/net/ipv4/ip_masq.c linux-2.2.13-ipmasq/net/ipv4/ip_masq.c
--- linux-2.2.13-vanilla/net/ipv4/ip_masq.c	Wed Oct 20 17:59:59 1999
+++ linux-2.2.13-ipmasq/net/ipv4/ip_masq.c	Sun Oct 24 14:09:28 1999
@@ -10,6 +10,9 @@
  *	See ip_fw.c for original log
  *
  * Fixes:
+ *	Joseph Gooch		:	Modified ip_fw_masquerade() to do a ip_route_output()
+ *	 (help by Dan Drown)	:	to choose the proper local address.
+ *	 (and Alexey)		:
  *	Juan Jose Ciarlante	:	Modularized application masquerading (see ip_masq_app.c)
  *	Juan Jose Ciarlante	:	New struct ip_masq_seq that holds output/input delta seq.
  *	Juan Jose Ciarlante	:	Added hashed lookup by proto,maddr,mport and proto,saddr,sport
@@ -1141,6 +1144,22 @@
 		return -1;
 	}
 
+	/* Lets determine our maddr now, shall we? */
+	if (maddr == 0) {
+		struct rtable *rt;
+		struct rtable *skb_rt = (struct rtable*)skb->dst;
+		struct device *skb_dev = skb_rt->u.dst.dev;
+
+		if (ip_route_output(&rt, iph->daddr, 0, RT_TOS(iph->tos)|RTO_CONN, skb_dev?skb_dev->ifindex:0)) {
+			/* Fallback on old method */
+			maddr = inet_select_addr(skb_dev, skb_rt->rt_gateway, RT_SCOPE_UNIVERSE);
+		} else {
+			/* Route lookup succeeded */
+			maddr = rt->rt_src;
+			ip_rt_put(rt);
+		}
+	}
+
 	switch (iph->protocol) {
 	case IPPROTO_ICMP:
 		return(ip_fw_masq_icmp(skb_p, maddr));
diff -ru linux-2.2.13-vanilla/net/ipv4/ip_masq_user.c linux-2.2.13-ipmasq/net/ipv4/ip_masq_user.c
--- linux-2.2.13-vanilla/net/ipv4/ip_masq_user.c	Wed Oct 20 17:59:59 1999
+++ linux-2.2.13-ipmasq/net/ipv4/ip_masq_user.c	Sat Oct 23 00:25:48 1999
@@ -100,7 +100,7 @@
 		return ret;
 	}
 	dev = rt->u.dst.dev;
-	ums->maddr = ip_masq_select_addr(dev, rt->rt_gateway, RT_SCOPE_UNIVERSE);
+	ums->maddr = rt->rt_src;  /* Per Alexey */
 
 	IP_MASQ_DEBUG(1-debug, "did setup maddr=%lX\n", ntohl(ums->maddr));
 	ip_rt_put(rt);

--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="masq.unpatch"

--- linux/net/ipv4/ip_forward.c.dist	Sun Mar 21 12:22:00 1999
+++ linux/net/ipv4/ip_forward.c	Wed Oct 20 15:16:58 1999
@@ -176,7 +176,7 @@
 			    (icmph->type==ICMP_TIME_EXCEEDED))
 			{
 #endif
-				maddr = inet_select_addr(dev2, rt->rt_gateway, RT_SCOPE_UNIVERSE);
+				maddr = rt->rt_src;
 				fw_res = ip_fw_masq_icmp(&skb, maddr);
 			        if (fw_res < 0) {
 					kfree_skb(skb);
@@ -226,7 +226,7 @@
 
 		if (maddr == 0)
 #endif
-			maddr = inet_select_addr(dev2, rt->rt_gateway, RT_SCOPE_UNIVERSE);
+			maddr = rt->rt_src;
 
 			if (ip_fw_masquerade(&skb, maddr) < 0) {
 				kfree_skb(skb);

--pWyiEgJYm5f9v55/--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Shawn Leas: "RE: Question on FFS support"
Previous message: sergey@memco.com: "How to hack it up ( Was: Anyway to mknod from kernel?)"