Hello,
When redirecting, the destination address is replaced by the first
ip-address on the receiving interface.
If the packet originally was sent to the second ip-address (or third,
fourth, etc..), this patch doesn't change the destination ip.
============
--- linux.orig/net/ipv4/netfilter/ipt_REDIRECT.c
+++ linux/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -78,7 +78,21 @@
rcu_read_lock();
indev = __in_dev_get_rcu((*pskb)->dev);
if (indev && (ifa = indev->ifa_list))
+ {
+ struct in_ifaddr *ifa_cur; // interface ip-list cursor
+
+ // set current destination ip
+ newdst = ((struct iphdr*)skb_network_header(*pskb))->daddr;
+
+ // iterate through interface ip list
+ for (ifa_cur = ifa; ifa_cur; ifa_cur = ifa_cur->ifa_next)
+ if (newdst == ifa_cur->ifa_local)
+ goto newdst_is_local;
+
+ // set new destination to first ip of this interface
newdst = ifa->ifa_local;
+ }
+ newdst_is_local:
rcu_read_unlock();
if (!newdst)
============
Kind regards,
Bas van Sisseren
--
Bas van Sisseren <bas@xxxxxxxxxxxxxxxxx>
Quarantainenet
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
