On Tue, Jan 14, 2020 at 10:03:50AM +0200, Eyal Birger wrote:
> Commit 8303b7e8f018 ("netfilter: nat: fix spurious connection timeouts")
> made nf_nat_icmp_reply_translation() use icmp_manip_pkt() as the l4
> manipulation function for the outer packet on ICMP errors.
>
> However, icmp_manip_pkt() assumes the packet has an 'id' field which
> is not correct for all types of ICMP messages.
>
> This is not correct for ICMP error packets, and leads to bogus bytes
> being written the ICMP header, which can be wrongfully regarded as
> 'length' bytes by RFC 4884 compliant receivers.
>
> Fix by assigning the 'id' field only for ICMP messages that have this
> semantic.
Applied, thanks.
