--- linux-2.2.14/net/ipv4/route.c Tue Jan 4 19:12:26 2000
+++ linux/net/ipv4/route.c Thu Apr 27 16:30:23 2000
@@ -52,6 +52,7 @@
* Tobias Ringstrom : Uninitialized res.type in ip_route_output_slow.
* Vladimir V. Ivanov : IP rule info (flowid) is really useful.
* Marc Boucher : routing by fwmark
+ * Rene Mayrhofer : valid packet rejected bug in ip_route_input_slow
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -93,6 +94,9 @@
#ifdef CONFIG_SYSCTL
#include <linux/sysctl.h>
#endif
+#ifdef CONFIG_IP_MASQUERADE
+#include <net/ip_masq.h>
+#endif
#define IP_MAX_MTU 0xFFF0
@@ -1182,8 +1186,28 @@
int result;
result = fib_validate_source(saddr, daddr, tos, loopback_dev.ifindex,
dev, &spec_dst, &itag);
- if (result < 0)
+ if (result < 0) {
+#ifdef CONFIG_IP_MASQUERADE
+ /*
+ * Is this packet going to be demasqueraded ?
+ * In that case, fib_validate_source returns an error when there is no
+ * default route for packets coming from loopback and rp_filter is
+ * activated for the interface that the returning packet has been
+ * recieved on.
+ * But in such a special case (a combination of source-based routing
+ * and masquerading), the returning packet is indeed valid. It will
+ * get demasqueraded later on.
+ */
+ {
+ struct sk_buff *tmp = skb;
+ if(ip_fw_demasquerade(&tmp) <= 0) {
+ goto martian_source;
+ }
+ }
+#else
goto martian_source;
+#endif
+ }
if (result)
flags |= RTCF_DIRECTSRC;
spec_dst = daddr;