3 files changed, 10 insertions, 5 deletions

diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index 5ac15379a0cf..e2005c6810a4 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -8,7 +8,7 @@
 #include <net/ip.h>
 
 /* route_me_harder function, used by iptable_nat, iptable_mangle + ip_queue */
-int ip_route_me_harder(struct sk_buff **pskb)
+int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
 {
         struct iphdr *iph = (*pskb)->nh.iph;
         struct rtable *rt;
@@ -16,10 +16,13 @@ int ip_route_me_harder(struct sk_buff **pskb)
         struct dst_entry *odst;
         unsigned int hh_len;
 
+        if (addr_type == RTN_UNSPEC)
+                addr_type = inet_addr_type(iph->saddr);
+
         /* some non-standard hacks like ipt_REJECT.c:send_reset() can cause
          * packets with foreign saddr to appear on the NF_IP_LOCAL_OUT hook.
          */
-        if (inet_addr_type(iph->saddr) == RTN_LOCAL) {
+        if (addr_type == RTN_LOCAL) {
                 fl.nl_u.ip4_u.daddr = iph->daddr;
                 fl.nl_u.ip4_u.saddr = iph->saddr;
                 fl.nl_u.ip4_u.tos = RT_TOS(iph->tos);
@@ -156,7 +159,7 @@ static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info)
                 if (!(iph->tos == rt_info->tos
                       && iph->daddr == rt_info->daddr
                       && iph->saddr == rt_info->saddr))
-                        return ip_route_me_harder(pskb);
+                        return ip_route_me_harder(pskb, RTN_UNSPEC);
         }
         return 0;
 }
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index 021395b67463..d85d2de50449 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -265,7 +265,8 @@ ip_nat_local_fn(unsigned int hooknum,
                        ct->tuplehash[!dir].tuple.src.u.all
 #endif
                     )
-                        return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;
+                        if (ip_route_me_harder(pskb, RTN_UNSPEC))
+                                ret = NF_DROP;
         }
         return ret;
 }
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index e62ea2bb9c0a..b91f3582359b 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -157,7 +157,8 @@ ipt_local_hook(unsigned int hook,
                 || (*pskb)->nfmark != nfmark
 #endif
                 || (*pskb)->nh.iph->tos != tos))
-                return ip_route_me_harder(pskb) == 0 ? ret : NF_DROP;
+                if (ip_route_me_harder(pskb, RTN_UNSPEC))
+                        ret = NF_DROP;
 
         return ret;
 }