Displaying 2 results from an estimated 2 matches for "icmp_reply_translation".
2003 Feb 26
2
[Bug 55] ICMP translation problem with local NAT
...* if the connection is not initiated, but accepted
As SNAT happens at NF_IP_POST_ROUTING, reply translation will be performed
at NF_IP_PRE_ROUTING. The following DEBUG output shows what happens (enabled
DEBUGP at the top of ip_nat_core.c):
icmp reply translation, ct=c3617480, hooknum=0, ctinfo=4
icmp_reply_translation: translating error c396f260 hook 0 dir REPLY, num_manips=2
icmp_reply: manip 0 dir ORIG hook 4
icmp_reply: manip 1 dir REPLY hook 0
icmp_reply: outer DST -> 192.168.131.124
As it seems the inner manip is not called, as it is registered to hook 4
(POST_ROUTING, ORIG)
As POST_ROUTING will never...
2002 May 08
0
Security Advisory
...te the reply ourselves.
+ */
+static inline int
+map_innards(unsigned int maniphook, unsigned int hooknum)
+{
+ return (maniphook =3D=3D opposite_hook[hooknum]
+ || (hooknum =3D=3D NF_IP_LOCAL_OUT
+ && HOOK2MANIP(maniphook) =3D=3D IP_NAT_MANIP_SRC));
+}
+
unsigned int
icmp_reply_translation(struct sk_buff *skb,
struct ip_conntrack *conntrack,
@@ -837,7 +849,7 @@
packet, except it was never src/dst reversed, so
where we would normally apply a dst manip, we apply
a src, and vice versa. */
- if (info->manips[i].hooknum =3D=3D opposite_hook[hooknum]) {
+ i...